Pete Shanahan's Shack

Posting from the WordPress application on the iPad

pete — Mon, 23 Jan 2012 14:30:09 +0000

This is just a simple little test of the WordPress application for the iPad. It seems quite nice and easy to work with. Hopefully it will prompt me to post more than once a year.

Raw data

pete — Tue, 10 Jan 2012 22:19:28 +0000

Most of the times you experience data it has been massaged, interpreted and analyzed. This is a side effect of having so much data to process, and also having an agenda.

We see papers regularly, with attached shiny graphs and tables. ehmmm, yeah, nice shiny graphs; pretty distracting, but not actually revealing the underlying information.

What I want is a link under every one of those damned graphs linking to the raw data.

Not much to ask for – raw unfiltered research data. I mean really??

iPhones, activation and identifiers

pete — Wed, 09 Nov 2011 22:26:56 +0000

As I was talking to my mother on my phone this evening it was literally taken from my hand. My sister is currently in hospital, and I was reassuring her that things were going to be OK. When the phone was stolen, she literally was about to have a heart attack until I could get to a phone and call her back to reassure her that nothing had happened.

It was an iPhone. You cannot use an iPhone without activating it with Apple.

I want it to scream to the world that it was stolen. Every time it is able to make a data connection it should recognize that it is stolen and say ‘fuck you, I’m not working until you return me to my proper owner’. That’s what I want.

If a developer ever finds an iPhone 4S that returns a device identifier of efd79415f51aa99472c5149aa46b0897def18f9b, then know that it is stolen, and that they should return it to a cop-shop.

portable UI tip #1

pete — Fri, 15 Apr 2011 08:44:25 +0000

if there is a blinking caret in the field then show a keyboard. There is nothing more annoying than having to ‘repick’ the text field that is currently active, with the blinking caret

what are you thinking android? focus is something explicit, not implicit. You do not have to have an active control on a form at all times. that and the fact that the keyboard is very tough to get rid of when you want to.

Ubuntu netbook edition… Not for amateurs

pete — Sun, 06 Mar 2011 15:59:36 +0000

So this afternoon I was at a friend’s house trying to get his ubuntu netbook working with a broadband dongle. It just refused to connect, and on failure displayed a notification dialog that basically read ‘did not work’. Once this dialog appears, the only way to reattempt a connection is to unplug and replug the broadband dongle, as ‘networkmanager’ disables the connection when it fails.

There were logs – the fine syslog.log file, which is almost completely useless for diagnosing the failure in the connection – it seems to be telling me that the connection succeeded, but then was immediately disconnected. About as useful as a slap in the face with a wet haddock.

armed with my iPhone I first attempted to ensure that the connection details were correct. The management tool added the settings, so I immediately did not trust them. Google pointed out some options, but every time the connection failed there was another 30+ second delay unplugging, replugging and reentering the PIN (it ignored the pin option in the network manager configuration).

I fired up my laptop running Windows. It installed the management tool, I looked at the settings, shouted at both the Internet and the ubuntu configuration, both of which were telling complete lies about the settings. Here’s a hint for all you mobile broadband providers – make the settings easily findable using google – there is a lot of outdated and completely invalid information out there that makes this an issue.

so, ultimately, a problem that I struggled with for quite a while under ubuntu was solved in less that 30 seconds under windows, and yet another reason why I think that NetworkManager is a thing of satanic horror that makes using computers under Linux a complete pain in the arse. This ‘solution’ is probably the singularly worst example of dumbing down configuration to the point when something goes wrong, it is practically impossible to diagnose or fix the problem.

In this case, I will have to say… progressive disclosure is a good potential solution to complicated user interfaces. The complete excision of all forms of configuration into the magical tool of automagic only works if it works all the time, and as a friend is fond of saying “If you design a system that it cannot fail then the first thing that happens is that it will.”

Securely loading libraries (Linux)

pete — Wed, 25 Aug 2010 22:39:47 +0000

Now that I’ve said loading libraries in Linux is insecure, let’s just cursorily examine how that is…

I require a digitally signed .so. Being a decent sort of chap, I’ve decided to allow it to exist in a foo.so.signature file, alongside the library foo.so. it means that I don’t need to add it to the binary in another section of the .so. This generally complicates signature checking – you need to check the signature of the binary, while excluding the section containing the signature, which could itself be a mechanism for getting code into the system. This can be ameliorated by enforcing a size restriction on the signature section, but have you seen some of the code these days? it’s really fricking small.

the standard mechanism for loading foo.so, is to use the dlopen() call. Once you have completed this call any .init section of the library has been executed. you are pwned.

You need to open() the file, open() the signature. Compare the signature to the content of the file (you can use mmap(MAP_PRIVATE) to ensure that changes to the underlying file do not affect the contents of your memory. Then you re implement dlopen(), alowing it to take either a file descriptor or a raw handle to memory and a size… it’s your call

Feckers, not making linux secure by default… oh, wait, this has existed since before linux…

Security is an ever developing process. the APIs need to evolve with the threats.

Is that a DLL in your pocket…

pete — Tue, 24 Aug 2010 22:10:23 +0000

Shock! Horror! Bug found where Windows applications will open DLLs that are in the current working directory of a process!

Except it’s not a bug. It’s by design, and it’s existed since NT.

Microsoft is being smacked in the head by a required feature of Windows due to the initial weakness of the LoadLibrary call. If you don’t specify a path to the file to load, it uses the standard library search path.

Dear god, you would think that this was news. It is not news, nor has it been since the goddamned operating system shipped. Granted, the issue is severe, but the fact of the matter is if an application is executed using a working directory that isn’t under your control, then what can you do? if there are libraries in the same directory that launched the program that happen to share the name of system libraries then you’re hosed.

Hey, guess what asshole, if you link a linux binary with a search path containing ‘.’, then you get the same problem. It’s just as well that nobody links their binaries with -R. …. eh?

The documentation is blatant in this regard. I’ve known it was a security issue since I first learned of the LoadLibrary call, as any even half decent developer should have known when they started using the damned function.

The rule is simple. Resolve the full path to a library before you load it. Validate that it ‘looks right’ at that point. Then load it.

BTW .init section in .so files – so totally a security hole. You can’t dlopen a file to determine if it’s good without executing the .init code. Game over man, game f**king over!

My .init code does a setenv(“LD_LIBRARY_PATH”, “.” + getenv(“LD_LIBRARY_PATH”)) … now piss off and write secure code for once…

Controller or Mouse?

pete — Tue, 17 Aug 2010 17:40:44 +0000

Following the purchase of a shiny new Xbox360, I transferred all the licenses and state from my old one to this one. This was accomplished using a 16GB USB stick (a feature added in the last xbox update which is great IMHO). Everything seemed to transfer without a hitch and I was up and using the new system almost immediately. I’ve been enjoying the blessed quiet of the new system, and the larger capacity hard drive allows the adding of an almost unlimited number of game images, which speeds up loading significantly.

Then I fired up Halo 3 – before you laugh, I still haven’t finished it. My single player save game was in some crazy state where upon loading I was immediately booted back to the startup screen. I had to restart the game from scratch, which is not pleasant to say the least.

Replaying the game has been a chore – mind you a lot of things that were difficult first time round are significantly simpler this time – it simply is by virtue of the fact that I’m replaying it.

The issue I have is the messy inaccuracy of the controller as a targeting device. I must simply not really be used to it or something, as I find it cumbersome and generally significantly less accurate than the mouse and keyboard options that I use on the PC.

Does anyone have any advice on the topic? Should I just be trying harder, or is there an option where I can use a mouse and keyboard with the 360? Or will I have to simply suck it up and practice until my hands bleed?

Is it just me….

pete — Wed, 14 Jul 2010 18:56:29 +0000

Or did Apple make a colossal blunder releasing the iPhone 4 before it had been completely tested? The more details of issues that are being reported seems to lead me to this conclusion. Of course I have absolutely no evidence that this is the case, merely having a hunch that this may be the issue. There is a good chance that the lost iPhone caused the acceleration of the schedule for it’s release, preventing a lot of the ‘fit and finish’ work that usually comes with apple products.

New toys..

pete — Sat, 01 May 2010 19:13:53 +0000

Woohoo! This new toy is awesome
- Posted using BlogPress from my iPad

Location:Forest Lawn Ave,Stamford,United States