Zero-day Exploit in Microsoft Imaging Software

There’s a new zero-day exploit (meaning it was found out in the "wild" first, not by a researcher) for the graphics engine behind IE, Windows Explorer, and the Windows Picture and Fax Viewer. There’s no patch yet, so think twice about web sites you don’t trust or pictures you get via email. All you have to do to get exploited is go to a web site with a special image file or open a *folder* with a special image file in it. You don’t even have to open the image itself.

This is a worst-case scenario for Microsoft.

If you haven't given Firefox a try yet, today might be a good day to do so.

Buzzzzzzzzzzzzzzzzzzzzzzzzzzz

Let's play a game called "spot the typo":

http://www.smarthome.com/13091.html

Did you find it? Need a hint?

Those mints would give you the biggest caffeine buzz EVER. Coffee is just the gateway drug.

New TSA Guidelines

As only The Onion could present them.

The Security Threat of Unchecked Presidential Power

This is a very interesting post by Bruce Schneier about domestic spying/wiretapping and the legal voodoo the Bush administration used to authorize it.

Its Electric... Coffee Coffee Coffee...

This one has to be straight out of a movie or something.

I went out this morning to pick up a couple of packages being held at the post office, and decided to stop on the way home and get some coffee. Got the coffee, drove home, pulled into our parking space and got ready to get out of the car. I opened the car door, picked up the coffee, slid out the side, reached for the car door to shut it, and...

ZAAAPPP!!!!

The biggest static shock EVAR. My hand automatically clenched shut, squishing the coffee cup it was holding, and...

AAAAHHGHGHHGH!!!!!

In summary, coffee is hot.

I plan to sue Coffee People for making the coffee too hot, and Nissan for making the vehicle too... um... staticish. And probably New Balance as well, for insulating me too well when I stepped out of the vehicle.

UIUC VIPs

This afternoon I attended a one-hour meeting at Intel of UIUC alumni with several UIUC VIPs, including the new chancellor Richard Hermann, the Interim Dean of Engineering Ilesanmi Adesida, and the ECE Department Chair Dick Blahut. In case you didn't think UIUC cared about Intel, or vise versa, there's apparently just under 300 UIUC alumni at the Intel Oregon campuses alone. Of course, only about 30 of them showed up today.

The meeting had some standard "UIUC is a great engineering school" talk and such, including a discussion about midwest modesty and how UIUC isn't known quite as much as MIT, Berkley, Stanford, etc. because UIUC doesn't brag as much. This led to the most interesting thing I think I learned, which is that UIUC is apparently a *very* highly respected university name in China, of all places.

A Philosophical Question

If a tree falls in the woods, and a VW Bus is there to break its fall, did it lose any value?

Thanks Sam for donating your beloved vehicle to this eternal debate.

Password Safe

Got a lot of passwords? Accessing a lot of web sites, e-commerce sites, encrypted .zip files, password-protected financial software, etc? Then you might want to check out Password Safe. Written by the author of the (in)famous Applied Cryptography book (as well as several other cryptography books), Bruce Schneier, this open-source project is intended to give you a pseudo-safe place to keep all the passwords you need, protected under a master password. This way the master password is the only one you really need to remember. It even gives you the ability to generate (pseudo-)random passwords to save, eliminating the possibility of you choosing a poor (cryptographically) password that is easy to remember. The database file it generates is encrypted but fully transferable, so you can copy it to another system and use Password Safe or another program that is compatible to use it there as well (i.e. to synchronize between a home PC and a work computer).

Mozilla Firefox 1.5 released

Mozilla Firefox 1.5 (final) was released a couple days ago. If you haven't tried Firefox yet, this might be a good time to do so. Improvements can be found here, and a rediculously detailed list of new features and fixed bugs can be found here.

Email: The Anti-Productivity

Ever see those anti-drug commercials where they'd show some teenager working really hard and becoming an amazing basketball player, or ballerina, or whatever? Well if you're wondering why I haven't posted here for a while, its because I've been exploring my anti-productivity: Email.

What is our obsession with email? Why do we do so much of it? How much of it do we actually READ? For example, I've gotten about 70 emails within the last 24 hours that I kept (meaning they are not spam). That's not counting my work email, which is what I spend most of my time actually caring about. Out of those 70 emails, I think I fully read about 5 of them, skimmed about 50 of them, and totally ignored the rest.

Anyway, for anyone looking for some tips on how to keep productivity up without ignoring email altogether, here's a few tips. I particularily like the suggestion to change your email client to only check for new mail every hour or so. You can always force it to check now if you need to (like before running off to a meeting).

My name is Jason, and my anti-productivity is Email.

Start Your Engines!

I feel like it's finally race day, after a long time of preparing, tuning up, fixing little dents, getting my act together, etc. Today was my first day out at Intel, and while I didn't really do anything useful (and probably won't for a little while), it was exciting to finally get started. After spending all morning in an introductory class talking about the history of the company, legal issues, harassment, etc, I finally got to go meet with my boss and got my own little cubicle space. After that it was off to a class to pick up my laptop (yes, a CLASS). This laptop is enough to make most people drool by the way... it's a spiffy little IBM Thinkpad with all the bells and whistles... oof. Plus I got a nice backpack to carry it in, a docking station, keyboard, mouse, and the biggest frickin LCD monitor to go with it. I guess I can't complain about equipment this way.

Now I guess it's time to learn a whole bunch and try to find my way through the maze of "what the..."'s into a new job.

Budget Cuts Pulled from House

It seems that the uproar over funding cuts to programs like Medicaid, food stamps, and student loans has paid off, since House leaders pulled the budget-cutting bill from consideration yesterday. This is good news, and means that we'll be reevaluating the budget and hopefully fill it with moral considerations. Perhaps we won't damn the poor and help the rich after all.

Sony-BMG CDs install software without your knowledge or permission

The Electronic Frontier Foundation (EFF) has confirmed that Sony-BMG includes software called XCP2 on at least 19 CDs currently shipping. The software is installed immediately when you insert the disc into your computer and cannot be (easily) removed or even FOUND afterwards. The software has been classified by much of the tech community as a "rootkit," meaning a set of tools installed by an unwanted hacker after access has been granted in order to help control the system. Sony has supposedly released an "uninstaller" for the rootkit, but it apparently is difficult to use and might not even work fully. It should also be noted that the software is ineffective, since it indiscriminately hides anything that starts with $sys$, including from itself. Therefore, if you are trying to rip the CD to mp3, which is what the rootkit is designed to prevent, you simply have to rename your software. This technique has also been used already for other nefarious purposes, including cheating in video games.

This EFF article lists the 19 known CDs that include the rootkit, as well as instructions on how to identify CDs that have the XCP2 software on it. I would suggest avoiding these CDs.

A VERY technical discussion of the rootkit can be found here.

Why you should use something other than Internet Explorer

Here's an interesting site that describes some of the reasons for alternative web browsing software (such as Firefox, Opera, and Apple Safari). Even if you are a die-hard MS Internet Explorer fan, you should encourage these alternate browsers to continue their work, and perhaps try them out from time to time. Why? Competition! Between 2001 and 2004 there was virtually ZERO development done on web browsers, and Internet Explorer is just NOW finally working on a new version with new security and enhanced usability features. Have you ever used tabbed browsing? If not, you REALLY don't know what you're missing! Read more about it here. Does your browser support live bookmarks? Do you know what RSS and ATOM feeds are? You should learn! See what live bookmarks can do for you here.

The problem with a lack of competition is that nobody knows what they are MISSING! Try something different today, you'll be surprised.

My Friend Ruggy

In case anyone is interested in what I've been doing with my nice vacation prior to starting my new job, there it is. Fun, huh?

Frivolous Lawsuit

This blows my mind.

There's a guy in Minnesota suing David Copperfield and David Blaine (well known magicians) because they are allegedly stealing his godly powers in order to perform their magic acts. His lawsuit requires that they either demonstrate to him (privately and discretely) how they perform all their tricks, or pay him 10% royalties on their past and future earnings (MILLIONS of dollars). All the good details are over at The True Stella Awards (named in honor of Stella Liebeck, the woman famous for spilling burning hot coffee on herself and then suing McDonald's). Note that this is the current sample issue, so the link will refer to something else in a few weeks when the author releases another Stella Award.

Just to promote Randy Cassingham, the author of The True Stella Awards, you should also check out his weekly This Is True newsletter, with short stories of bizarre/stupid people. I've been a subscriber since 1997 or so, and it never fails to amuse me every Friday when it comes out.

Notebook Computer Battery Life

Got a laptop? Ever use it running on the battery? Then you probably want to read Tom's Hardware Guide's Squeezing More Life Out of Your Notebook's Battery (parts one and two). Part one should be more helpful to someone who doesn't have a laptop yet and wishes to purchase one, as it talks more about the hardware features. Part two discusses ways to help on a laptop you already have and talks about activities that affect the battery life. Some things should be obvious, like watching a DVD reduces battery life. Other things aren't quite as obvious, such as the fact that more system memory (RAM) actually increases your battery life. This is because the system uses the hard disk to compensate for not having enough memory (the basic end-result of a concept called virtual memory), and the amount of power required to maintain RAM is insignificant compared to the amount of power used by the dark side... er... I mean the hard disk. The end of part two includes a 10 tips to extend battery life list.

Holey Teeth Batman!

0

That's how many trick-or-treaters came to our door this year.

3

That's how many gigantic bags of candy we bought this year.

Sugar

That's the first ingredient on every piece of candy in those bags.

1000000

That's how many cavities I intend to get in the next week or so.

Anybody see a problem here?

New Job

Well, it's official. I gots me a job at Intel, doing security evaluation and verification for their desktop products. I should be starting in 2-3 weeks, at which point I suppose I will have finally crossed over into the realm of middle-class white-collar America. Oof.

I'm excited actually, having worked as a contractor at Intel for a year I know somewhat what is happening within the company looking forward for the next year or so. I think they are overcoming some of the problems they had in 2004 (cancelled products, losing ground in the server market to AMD, etc.), and the technology I'll be working on is cutting edge stuff, so that's neat. The position is not unrelated to Linux either, since Intel hardware products are for the most part operating-system independent and Linux gives you good low-level control over a system. Also, as I understand it, Intel encourages their employees to move around every few years (internally) so you don't get too saturated in a single project.

I suppose on the downside is the added responsibility that comes with a full-time engineering position at the 53rd company on the Fortune 500. Being an hourly contractor has its own benefits, the main one of which is being able to take time off (almost) whenever you want with the only consequence being not getting paid. The working philosophy at Intel seems to be "Work hard, play hard," so I think they know how to take it easy.

We'll see how it goes :-)

Costume Idea Zone

Can't figure out what to be for Halloween? Check out the Costume Idea Zone. I like "Darth Brooks" personally.

The Best Science Photographs of 2005

Visions of Science has their 2005 winners up (with larger versions of the pictures over at BBC and National Geographic). I particularily like the mosquito hatching.

The Fragile Internet

I would guess not too many people in North America noticed (presumably being asleep), but late last night two separate Tier 1 (or "backbone") ISPs had major connectivity problems. Level 3 and Verio are both Tier 1 ISPs, which means they are two of the relatively few companies that provide portions of the "core" of the Internet. The Internet is designed in such a way as to be able to route around outages such as what happened last night, but any time a Tier 1 ISP has connectivity problems is a problem for everyone. Plus, anyone who's Tier 2 ISP buys transit from that particular Tier 1 ISP will find the Internet much smaller than usual.

The two providers were only down for about an hour, but the fallout of such a significant event is probably still happening. The system will recover from the event though, so that's not the real problem. The real problem is that Level 3 is having serious problems. Just a few weeks ago Level 3 turned off their peering point with Cogent Communications, another Tier 1 ISP, because of some undisclosed contract dispute, effectively disconnecting their customers from anything on Cogent's network. It has since been turned back on, but the incident put focus on a good question: What happens when the Internet, widely regarded as the world's future communication tool and essential to business, disintegrates because of a dispute or problem between two core companies?

I Can(n't) Stop at Any Time!

Yup, bad habits aren't my fault again. Well, maybe starting them is, but getting rid of bad habits is apparently harder that previously thought. It's my brain's fault, after all.

At least, that's what researchers at MIT found in rats.

Touchdown for Team No-Personal-Responsibility!

Damn the Poor, Help the Rich!

Got your attention? Good.

Sounds like our government is at it again, this time we're going to cut spending on programs that help the poor, particularily the people most affected by the gulf hurricanes, and we're going to simultaneously push through some more tax breaks for the wealthy. Because, you know, that'll help the poor suffering people in the gulf. Somehow.

Sometimes I think more effort is spent helping those playing golf, not those in the gulf.

Sojourners has more information, including a way to call your senators and representative and tell them to show moral responsibility in the budget. And don't let anyone convince you that this is somehow going to benefit anyone except the wealthy.

OpenDocument and Microsoft

I've been following the developments of Massachusetts choosing to support Adobe Acrobat (PDF) and OpenDocument formats and NOT Microsoft's XML format for public documents (NOTE: OpenDocument and Microsoft's new format are *BOTH* XML schemas, but have different licensing stipulations). It's a rather interesting case, and seems to highlight the fact that people are fed up with proprietary file formats that limit what you can do with your own creation. In particular, Massachusetts is arguing that the closed and/or limited formats provided by Microsoft are threatening Massachusetts' sovereignty, which is a bit strange at first. However, if you think about it, what would happen if Microsoft went out of business? What would happen to all those documents produced by the government? How would the people access them? What if, rather than going out of business, Microsoft simply decides one day to stop supporting their formats? Or perhaps they change the licensing requirements even further, preventing products from accessing documents in the future? With an open format even if a specific product goes out of business or stops support, another product can be used or created to support it.

Microsoft Word .doc files have frustrated third-party developers for a long time, given that the format is closed and thus has to be reverse-engineered in order to create an interface. Lack of compatibility with MS Word is probably the most often-cited reason for not using OpenOffice.org, and yet this is really Microsoft's fault, not OpenOffice.org's. Microsoft claims to have solved this issue with their XML schema, which is probably what they intend to replace the .doc format with. However, there are several licensing problems with the XML schema Microsoft has created that exclude sub-licensing, which is important to open-source products. Many people seem to think Microsoft did this on purpose to create good PR about an open format, while excluding their current primary competition, open-source products like OpenOffice.org.

It will be interesting to see if other government bodies choose to follow Massachusetts toward open standards.

Here's a link to the FAQ from Massachusetts' Information Technology Division, a Groklaw story about Microsoft's complaining, and a couple of articles [1 and 2] that describes the decision fairly well.

Fall Spider 2

Fall Spider

Caught this picture this morning off our deck.

Sometimes the media makes me MAD

This is rediculous. Tonight I open up my web browser (Firefox!) to my home page, which is a My Yahoo! page with AP Top Stories on it, and I see the headline "FBI Examines Computers in Cheney's Office". Now I don't particularily like Vice President Cheney, but that does not give the media the right to create rediculous sensationalism about a story that HAS NOTHING TO DO WITH DICK CHENEY!! The only reason this story is tied at all to Mr. Cheney is because the FBI agent under investigation (for sending classified information to Filipino officials) USED to work in Cheney's office several years ago and the FBI searches for possible past violations as well as current ones.

Grr.

God's Politics

Picked up an interesting book tonight at Powell's called God's Politics, by Jim Wallis. The basic premise of the book is that American politicians, whether they be Republicans or Democrats, conservatives or liberals, are missing the point of religious issues by either perverting religious beliefs and focusing on key issues to pursue their agenda (such as focusing on abortion without tackling AIDS or people dying from the war in Iraq, as the "religious Right" are), or ignoring religious beliefs altogether and not allowing the various faiths of most Americans to play a role in politics at all (as the "secular left" are).

Very interesting read so far, the author is an editor for Sojourners magazine and apparently quite active both in evangelical Christianity and politics. He also comments every once in a while on the polarization of religion/secularism that mainstream media performs, something which I personally hate to see. Just tonight the local news, KGW, had a story about a group of "Christians" from a church in Kansas came all the way to Beaverton to protest Southridge High School's debate over the play The Laramie Project. Unfortunately, I can't find a link to the article, but here's a related article from when the whole issue began [Edit: here's the article]. Now why did they have to go to all the trouble to label them Christians? Why not a more appropriate label, like "self-righteous judgmental compassionless bigots", who rather than showing anger at the fact that a human being who was created in the image of God was murdered, instead chose to focus on the fact that he was gay.

The introduction to God's Politics talks about Sojourners' campaign before the 2004 elections calling for people to realize that "God Is Not a Republican. Or a Democrat." Their campaign led to an ad that was published in more than 50 newspapers across the country. Here's a link to the ad itself [PDF].

This book has stirred up strange emotions in me so far. More than anything, it makes me wish that I was more active, more civic, more vocal about what I truly believe, what Jesus actually teaches us in the Bible, rather than what I have learned to associate with Christianity through the media and through popular beliefs. Christianity is NOT the same as being an American! While both are perhaps good in concept, we as a country are not following either ideology.

Kernel Hacker

Today I became an elite Linux Kernel hacker.

Okay, maybe not. But I did get my first patch accepted into the mainline Linux kernel, trivial though it may be. Today I spent a bunch more time learning about various parts of the Linux kernel, including learning more about the kernel and userspace implementations of raw sockets, since I'm interested in extending bonding to have an ICMP (ping) monitoring mechanism. But enough of that jargon.

No luck so far on the job hunt, I try to spend at least an hour every day searching, though it tends to get boring very quickly since the jobs all start sounding the same.

Hurricane Katrina Blog

Jess and I have been following a blog from a friend of hers living in New Orleans: Hurricane Katrina Evacuation. It is strange hearing the accounts from a friend, since we're so far away and disconnected from the events.

Saddle Mountain

Here's a nice panorama from the top of Saddle Mountain in the coastal range of Oregon. I took this using our FujiFilm FinePix 3800 (PDF) and a tripod and then stitching it together with AutoStitch and some massaging from the Gimp.

Freedom... kinda

Well, it's my first day as an unemployed netizen :-) I suppose it's a bit of a mixed blessing, since I have the freedom to do whatever I want, and yet I know I need to find a job soon. Weird. And what better to do on your first day of unemployment than BLOG!

Yesterday was strange, it was my last day at Intel, and right then on my last day I got an invitation to meet with the manager of the development group I've been testing for all along. Apparently they're looking to fill a couple positions and I got rave reviews from the developers I've been working with, but he wasn't sure I was a good fit for now. I guess it can't be all that bad since it never hurts to have a face-to-face with another manager! I just wish it was a little more clear what I should be doing.

In the mean time I'm continuing to try to learn more about the Linux kernel and try to demonstrate some of my development abilities since that's what I want to do. Right now I'm looking at adding functionality to the Channel Bonding driver, since that's what I worked on the most while at Intel, so I'm picking my way through the Linux TCP/IP stack.

My old computer has been resurrected from the dead after removing a bad memory stick (down to 384MB of memory from 512MB) and a dead hard drive (the 250GB drive died, so I had to swap my 40GB drive back in). I'll have to see if the dead drive is still under warranty, since it's a shame to lose a fairly new 250GB drive.

Phantom Bridge

Jess and I went hiking this weekend in an area southeast of Portland in the Cascades. This picture is a panoramic stitched together from 6 separate pictures I took at the top of a place called Phantom Bridge. On the left side you can see Mount Jefferson, and peaking out behind some trees on the far right side you can see Three Sisters.

Dead computer

Well, my five-year-old custom-built computer finally bit the dust tonight, it seems to have some memory problems and/or motherboard problems. Since the computer is so old, it's probably not worth trying to fix, since the cost of compatible parts is probably as much as buying a new computer. Sigh.

It's interesting how disposable computers are now. I have to wonder how long until we have a computer recycling "crisis." Greenpeace just released a report on how China and India are getting tons of the world's computer junk, creating these toxic computer landfills. Traditional CRT monitors (not LCD flat-panels) have a lot of lead in them, for example. On the other side of things, groups like Portland's very own FreeGeek take old used computer equipment, pull the working pieces out, and give away the resulting working (though old) systems loaded with Linux to people for free in exchange for volunteer work. Hard to beat that deal!

Garden State

Saw a good movie tonight, called Garden State, with Zack Braff and Natalie Portman in it. It's really just a movie about life, about how screwed up most people are in some way or another, and how sometimes instead of trying to be "happy" it's better to be "okay." Highly recommended movie.

Blue Like... Rock?

I started reading a book called Blue Like Jazz by Donald Miller today. The book was sent to us by a friend who read it and noticed it was all about Portland. It's kind of a strange book, more a collection of memoirs than anything, but memoirs relevant to life, God, love, purpose, etc. It's interesting, in his second chapter Don talks about how people are almost always motivated by selfish reasons, from the criminal to the pastor.

Do I think you should sell all your possessions and live as some sort of homeless nomad? No, I believe that command was for that individual because Jesus knew his heart and knew that was what kept him separated from God. But I do believe we need to think about why we have possessions and what purpose they serve. If your wealth isn't for God, then what purpose does it serve?

I listen a lot to alternative and rock bands, groups like Linkin Park, Staind, Puddle of Mudd, etc, because I feel like they have so much raw emotion in them about the world we live in. In the introduction to his book, Don talks about not liking Jazz until he stood outside watching a guy play the saxophone for 15 minutes straight without opening his eyes. The idea is you can't truely love something until you see someone else love it first. I wonder at that, since I listen to rock all the time, but not so much because the music is pleasing. It's more because the music is mad. Do I have to see someone raving mad playing rock before I like it?

First Post

It seems you can't avoid blogs these days, so if you can't beat 'em, join 'em! This is my opportunity to ramble on about life, strife, and wife, as well as link to pictures, web sites, etc, that I think are cool.

If all goes well, I should publish here a couple times a week, and might even get Jess to contribute :-)

I'll start by promoting FireFox, as I intend to do periodically. If you haven't tried it yet (instead of Internet Explorer), give it a spin.

This week has been hard on us. I've been pursuing a permanent position at Intel and had four (yes *four*) different interviews for one position this week. It's a bit stressful. In addition, Jess and I have been "exploring" different possibilities in transportation, since the single car thing is getting a little old. Portland has some of the best public transportation in the nation, and all of it seems to bypass our poor little apartment (unless you're trying to go downtown, in which case it's really easy).

On a more positive note, we've been exploring a church in SE Portland called Imago Dei, and for the first time since leaving Illinois we think we've found a church that excites us! We'll see what happens...

I've been experimenting with some more "advanced" features of The Gimp, an Open Source image editor similar to Photoshop, so I thought I'd share one of my experiments. The picture to the right is one Jess took at Washington Park in Portland, with some layer magic by The Gimp.