While my family was preparing for a nice get-together back home (sorry I couldn’t make it, I’ll be there in August!), I spent my Saturday putting together my new bookcase from Ikea and preparing for a special night out on the town. I had it all planned out. A nice, fun dinner at the Bubba Gump Shrimp co., take in a movie (the new Charlie and the Chocolate Factory at the local IMAX), and then perhaps, but only if I got reeeeeallly lucky, some fireworks while experiencing the ferris wheel at Navy Pier. A little cheesy, yes, but fun nevertheless. And I’ve lived in/around Chicago for over three years now and only been to Navy Pier once or twice before.

So we got to the restaurant only to find that it was going to be a 45 minute wait. And even though we were two hours early, that was still cutting it close. My hopes fell, along with the darkening clouds indicative of a sure-fire rain shower coming our way. We found another place just in time, but the wait there turned out to be almost as long. I was getting pretty down until the Anheuser-Busch promotion guy came over and offered some free beer (apologies to my cousin, but I don’t think she minds anymore). Well dinner went fine and we made it out just in time for the movie. It was spectacular. The big IMAX screen was a little imposing…not used to seeing movies 40,000 times the size of a regular television set…but still good.

And then came the finishing touch. The ferris wheel. Of course, once we got tickets I ran like a little kid to go get an icee while others waited in line. Had it not been for a couple other people that managed to time it perfectly and actually go back to the end of the line one time, it would not have worked out nearly as well. We wanted to be on the ferris wheel at the same time the fireworks started. 7.5 minutes is how long it takes to go around once and we hard boarded just seconds before they were scheduled to start. As the ferris wheel passed its first 1/4 turn, I was worried that they wouldn’t start, despite it being time. It had to work out, it had to. Then, just as we were nearing perhaps 3/8 of the way around, the first fireworks rocketed into the sky. Ah, perfection. There was only one thing left to do. As the ferris wheel reached the apex, I reached into my pocket and wrapped my fingers around a small package, lifting it out delicately and deftly. I then presented to her…a simple lollipop that she had seen earlier and I had picked up when I went back to get my icee. ;)

What a great night.

I learned on Slashdot this morning that there is a new exploitable bug with USB. I’ve always wanted to be able to just plug in a usb key and have it run autohack.bat. ;)

But, SPI come on…what kind of responsible disclosure is this?! A quote on eWeek from your CTO?! Not to mention openly admitting that you haven’t informed Microsoft of the issue yet (even though it is a hardware issue) and then proceeding to promote your talk at Black Hat next week! Come on, SPI…I thought you were better than that. Or is this just some sort of security bug premature disclosure because you got so excited about finding a bug, you just couldn’t control yourself?

Code Red or Poison

I scored 10 out of 13. I’m a survivor. How’d you do?

Time for another…ppphhssssshhhhttt

This is extremely frightening - Greasemonkey allows a malicious site to read any file on your computer! You’re only vulnerable for the sites listed in your included pages, but of course by default this is “*” - every site, unless the author has changed it. I knew there was a reason I never enabled scripts for all sites.

Javascript, ajax, xmlrpc, etc seems like the next ripple in the ever-widening pool of web application security. (How poetic…)

Update: lol, there’s already nomoremonkey apparel. Poor little frowny guy.

Bummer…I was one of the people to receive the feedlounge alpha invite, but for some reason I didn’t get it until 5pm tonight…and it was sent out this morning. There were more than 175 replies in the first 10 minutes, so it’s probably not too likely I’ll be doing any alpha-testing soon.

Next time…next time I tell ya, I’ll be ready. user:~$ tail –follow=name /var/log/mail.log | grep feedlounge

I came across a fairly large lists of hosts I had to paste into a document tonight, some of which were in contiguous ip ranges, but all of which were listed as single ip’s. For example, I had

192.168.1.1 192.168.1.8 192.168.10.3 192.168.1.9 192.168.1.10 192.168.10.2 192.168.1.2 192.168.10.1

and I wanted

192.168.1.1-2 192.168.1.8-10 192.168.10.1-3

See…it’s a little bit cleaner, isn’t it? So what better to do than put on some music to code by, grab a Hacker-Pschorr, and start doing a little shell scripting. An hour or two later, I whipped out this little sucker below. (in which I already found and corrected a bug while writing this post…) So, needless to say, you’re on your own with the code and I assume no responsibility. ;) Just make a file name hostlist with the list of ip addresses (doesn’t need to be sorted or even unique), and run the shell script and it will output the condensed list. Need I say how much I love automation. :)

Like others, I woke up to find my Bloglines feed empty!

It seems the subscriptions are still there, though, since being the inquisitive person I am I clicked on the “feeds” link and it loaded every single entry from my n-hundred subscriptions…

Guess I don’t have to worry about it coming back, since it’ll take me a while to comb through that!

Their devs must be asleep cuz I don’t see the lovely bloglines plumber around anywhere…

Update: They’re back!

Once, in a post long, long ago, I reminded myself how to compile xkey, a lovely tool for snooping on open X servers, but not necessarily a standard part of every distribution. ;) It was easy enough last time:

1

gcc -g -v -Wall -L/usr/X11R6/lib -lX11 -lXtst xkey.c -o xkey

But for various reasons, I needed to compile it statically. Being a novice programmer, I simply tagged a

1

-static

onto the end of the command. However, that only resulted in various undefined reference errors to such functions as ‘XQueryTree’, ‘XSelectInput’, ‘XOpenDisplay’, and ‘XLookupString’…which means that the X11 libs/includes were not being referenced properly. Tossing a

1

-I/usr/X11R6/include

in didn’t help things any. After googling around for a while, I was reminded that gcc can be very picky with respect to the order of its arguments. By placing the source filename before the lib arguments, I got a little bit closer. I was now only getting one error - undefined reference to `pthread_equal’.

Granted, I had no clue what that meant, but once again google to the rescue and all I needed to do was add a -lpthread (duh) to the libs. So the final command to make a static compilation of xkey.c is this.

1	gcc -g -v xkey.c -L/usr/X11R6/lib -lX11 -lXtst -lpthread -Wall -static -o xkey

Now I have a handy binary I can easily use on a system without the proper headers even if it is 30 times as large!

I think the pictures speak for themselves… The Cupcake Incident

Well as I mentioned yesterday, I got to go to an early private screening of Wedding Crashers last night. Somebody that Stacey works with managed to get tickets somehow and couldn’t use them, so thanks to her we were able to get in. Apparently, this is a fairly common occurence, and I even found a site that lists screening give-aways. Of course, you have to live in a fairly large city to be privy to these types of events.

So anyway, the movie. Overall I laughed my butt off through the entire thing. Go see it! It’s everything you’re anticipating. (Aren’t I great at movie reviews?)

I expected the “wedding crashing” part to play more of a role in the movie, but it turns out that is primarily background information. The movie itself does actually have a story line and it’s not just Owen Wilson and Vince Vaughn getting wasted at weddings. I must say, though, that I was very impressed with the montages. They were done extremely well - good music, good camera work, etc. Both Owen and Vince also play extremely well off of each other and it really shows in the first scene of the movie. They’ve got a great back-and-forth between them that continues throughout the movie. And keep your eyes open for a surprise here or there too (now you have to see it to know what I’m talking about).

In any case, it’s good. It’s funny. Go see it.