Posted by skelter
Wed, 29 Oct 2008 15:14:00 GMT
As Microsoft slowly improves its software, the viruses still target human fallibility.
My father just spent a few weeks without a fully-functioning workstation because of virus-infested Microsoft software.
This morning I got a virus sent from the comcast.net ISP, titled “Your Statement number: 330709.”
In it, we see a short message like this
Good evening
As you requested, we are sending you this report with details on your account transactions made between 9/1/2008 and 10/28/2008.
Untill we meet again
Nora Connell
Attachment: Details.zip
That details.zip is the problem. Let’s take a look at it.
~/tmp $ mv Details.zip virus/
~/tmp $ cd virus/
~/tmp/virus $ ls
Details.zip
~/tmp/virus $ unzip Details.zip
Archive: Details.zip
inflating: Details.doc .exe
~/tmp/virus $
I didn’t change or screw up the formatting. The file in the zip contains enough spaces to attempt to dis-associate the .exe extension from the rest of the Details.doc_ _ _ _ _ _ _ _ _ _ _ _ _ _ _.exe name. It’s a dirty trick, but that’s what the bad guys do. What does Details.doc.exe do? It’s most likely a trojan. f-propt, updated today (29-Oct-2008) did not find anything, but Kaspersky Labs viruslist.com identifies it as “Worm.Win32.AutoRun.rkt”. This appears to be a fresh variant, and I haven’t found a clear description of what it does. It’s 38k. Autorun indicates it probably copies it self to usb sticks, zip drives, etc. “rkt” looks suspiciously like an abbreviation for rootkit which is a mechanism for a hacker to take over the infected machine.
Also see this site
and f-secure’s description of Autorun
How is the human tricked, here? Microsoft Windows software presents an icon that appears to be a document but is really an executable program. The action for opening a document and running a program are the same.
I remember in my younger days how I found UNIX to be paranoid, with its “executable” permission. It was just right.
Tags Anybodybutmicrosoft, Microsoft | no comments
Posted by skelter
Tue, 28 Oct 2008 03:24:00 GMT
Today was supposed to be get-home-early-and-stirfry-pork-broccoli.
I’m working on a new deploy mechanism. We have 20-25 servers that we need to be able to one-click-install-and-configure the front two-thirds of a J2EE software stack, including IIS->Resin running on Windows, JBoss on Linux. My predecessor has a mouse-trap-game of ant scripts involving telnet to do it. “As long as nothing goes wrong, it works every time.”
Read more...
Posted in Software Development | Tags jmx, resin | no comments
Posted by skelter
Mon, 27 Oct 2008 20:24:00 GMT
Not finding an available commons-exec module in the maven repos, but found one by criticalsection.org. Thanks guys!
<!-- dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-exec</artifactId>
<version>1.0.0-SNAPSHOT</version>
</dependency -->
<dependency>
<groupId>org.criticalsection.commons-exec</groupId>
<artifactId>commons-exec</artifactId>
<version>1.0-cs-01</version>
</dependency>
Posted in Software Development | no comments
Posted by skelter
Mon, 27 Oct 2008 16:02:00 GMT
Evaluating wicket via a maven quickstart.
Read more...
Posted in Software Development | no comments
Posted by skelter
Fri, 17 Oct 2008 16:20:00 GMT
I now have a real-time peek into heap and non-heap memory usage on a production server. PermGen dooms us.
Posted in Software Development | no comments
Posted by skelter
Thu, 16 Oct 2008 22:49:00 GMT
There’s learning idioms and there’s learning idioms.
Learning idioms, as in gaining knowledge of idioms, in a natural language as well as programming language. I don’t know that it is a specific skill, but it is definitely a general quality that is very useful in becoming productive in a new language. I have to think the two are related.
Made me think if idioms of learning. Will have to contemplate this. Generalized learning idioms might be useful in AI, but then might be useful in the real world, too, especially if you like to over-think things.
Posted in Software Development | no comments
Posted by skelter
Thu, 16 Oct 2008 22:46:00 GMT
wrap up some straggler blog notes about nfsf.
git: Version control very popular among the presentorgencia? (presentatti?) seemed uncomfortably unstructured, but will have to look into it.
Brian Geotz’s are always great, and the Java Memory Model talk was worth the time. This will become more important as we look at things like terracotta.
Architecture and Scaling by Ken Sipe inspired me to set up the scaling lab at work and get some real numbers out of our application.
Leading Agile Projects by David Hussman. I think what I need next in my career is some bone-head manager training. My people leading and direction skills are not geared to what I am having to deal with at work right now.
Ted Neward was using the Komodo editor in a pinch during his magic show act.
In the roundtable/grilling/QA, one of the presenters mentioned Bill Gates going on a reading weekend. I thought this was a full week. I was right, and it even has a name:Think Week.
I need to google a bunch of things, including
- VisualVM for a much more humane and luxurious interface to your vm.
- BTrace dynamic trace tool for Java
- the Hawthorne effect
- Ceremony vs. Essence blog posts by Stu Hollaway
- youtube Mythbusters: CPU/GPU,
- Kingdom of Nouns
- InfoQ podcsts
I’ll update this post with links as I go.
Did you know you can just randomly put curly braces in a Java class, outside of a method. Uhh. Kind of a party trick. I’m not sure if it’s gross or not.
Posted in Software Development | Tags NFJS | no comments
Posted by skelter
Tue, 14 Oct 2008 21:00:00 GMT
I have now had two APC UPS’s fail on me. Not battery failure, I mean the electronics die. Very frustrating.
I’ll try Tripplite and will avoid APC UPS’s.
I don’t need this. I have a life and I have things to do.
Tags APC, sucks, UPS | no comments
Posted by skelter
Tue, 14 Oct 2008 16:41:00 GMT
I am playing with Terracotta clustering, the way it should be: on different machines.
Obstacle 1 - Binding to non-localhost address
- edit top level tc-config.xml <server> entry to bind to the public address
- Add a server line to the ClusteredHelloWorld/tc-config.xml to specify the server at that address
Obstacle 2 - Remote terracotta admin console access
Solution:
- Double check that the RMI stubs handed out are pointing to the resolvable hostname and not localhost or myhostname.local. See this helpful blog on hostname resolution on linux
- Enable authentication. admin console reports a timeout, but you are able to telnet to the port just fine, ruling out firewall issues. Server’s jmx is apparently handing out stubs, but still no joy. Turn on authentication and make sure the properties are set up, and admin console will prompt you for a username and password. See terracotta’s jmx guide. Would be nice if admin console helped diagnose this.
Conclusion - promising
Got the HelloClusteredWorld example going on two different machines hitting the same cluster. It’s a brain-dead hammering of a clustered object so I can see some performance grief, but it seems to be working find. This looks very promising. I am going to have to try some non-trivial prototypes.
Next stop: learn about ehcache.
Posted in Software Development | Tags Terracotta | no comments
Posted by skelter
Tue, 14 Oct 2008 16:18:00 GMT
My last year (1995) at Texas A&M University computer science, I had the pleasure of taking a seminar guided by Dr. Childs. One of the things he mentioned was coming was network memory. Your program will be able to address memory locations that refer to memory not on your machine, but over the network on a different machine.
Today, 2008, I am playing with Terracotta at work. It is intriguing. While the fallacies of network computing still apply, this is an interesting approach to clustering an object graph.
It is a wonderful time to be a developer. It is still profitable. The technology makes leaps on an almost overwhelming pace which increase my productivity. My children will probably never know CORBA, DCOM/COM+/OLE.
Posted in Software Development | Tags clustering, Terracotta | no comments
