Uncategorized – Page 2 – Tales from the Crypto


Zero-day sessions at Tech-Ed.

Okay, so I’m really talking about the TechEd keynotes here, not sessions on zero-day attacks.  The keynotes were on the day before the first day, hence “zero day”.

While I didn’t recognise the actress that they dragged out to impress us, because I never watched “24”, she was far nicer eye-candy than the MS execs, so I guess that MS got their money’s worth.

My big complaint – a company that has repeatedly expressed concern over staff turnover, is asking us to believe that they can advise us, their customers, how to be “people ready”?  I’m not sure I can get behind that.

That, and they had the guy from Groove, Ray Ozzie, stand up and give us a twenty minute talk about his history prior to Microsoft, and telling us that his staff has used Groove to improve medical conditions in a remote region of Afghanistan.  All good stuff, but I still have no over-arching view of what Groove does.

Some day, I think Microsoft ought to put up a list of all of their products, and a single paragraph that explains what the product does.  Something like this:

IIS: “It’s a Web server, and comes bundled with Web-style remote execution services like ASP, ASP.NET”

IE: “It’s a Web browser”

Sharepoint: “It’s a web site that your team goes to when they want to share files, documents, discussions, etc”

There are still far too many Microsoft products that I couldn’t identify if you gave me a description, or describe if you gave me their names.

Apparently, I’ve made it as a blogger.

Finally, after goodness knows how long, I am getting blog spam.

I figure this means that I have arrived, as a fully-fledged blogger.

Now I get to join everyone else who complains about blog spam.

I think spammers are a strange bunch – they expend effort and thought on trying to get rich quick by engaging in an activity that seems pretty damn stupid.

They’d get rich far quicker, I think, if they put that much effort and thought into something that takes only a little hard work and thought to become successful.  And people wouldn’t execute them, gang-land style.

I think it’s a new breed of sociopathy.  It goes way beynd selfish, well into the realm of wanting to screw with people.

Don’t think I’m simply ranting – I’ve been following the behaviours of spammers for oh, about a decade.

It’s just getting boringly predictable.  The Internet creates a place for sane and moderately on-topic discussion, then come the spammers to piss in the pool.

Immigration idiocy

I’m struck by how many people are shown on the news spouting claptrap about immigration reform.

The biggest offence, in my opinion, is to stand there and say that illegal (or “undocumented”, if you prefer) immigrants are law-abiding, tax-paying residents.

Okay, number one… they are not law-abiding, or they would have abided with the law that says they should not enter the country without documentation.

Number two… if they are tax-paying, then they have compounded their law-breaking on entering the country by filing a false tax return.  How do I know it’s a false tax return?  Because, as undocumented immigrants, they have no social security number, and therefore must be filing with a fake SSN – either one that’s made up, or one that already belongs to another person.

Oh, hey, that there’s identity theft, too.  Imagine the mess you’d get in trying to sort out your social security if that happens to you – particularly if the social security lot give you a refund for overpayment, and then discovers later that they shouldn’t have.

So, next time you hear of a “law-abiding tax-paying undocumented immigrant”, think to yourself “engaging in identity theft, filing false tax returns, and continuing to evade detection and prosecution for a crime already committed”.

I spent a lot of time, effort and money that I could ill-afford to legally enter this country, even answering, without giggling, the many stupid questions on the immigration form (“Are you entering the country with the intent to overthrow or subvert the government?”, “Have you ever taken part in genocide?”)

I don’t ask you to agree with me (hey, if I sway your political opinions, does that mean I’m engaged in “subverting the government”?), but I do ask that you consider that while there are certainly some appalling abuses of human rights by employers of undocumented aliens, that does not necessarily make it right that anyone who evades the law for long enough should get a free pass into the country, nor does it mean that these individuals are “law-abiding”.

The hardest working woman in IT

This is a picture of the hardest working woman in I.T.:

I know she must work hard, because not only is she in the front page of Webroot’s web site, but she’s also in several print adverts.  I’ve seen her in Global Knowledge’s adverts, and a couple of the ‘cheap adverts’ at the back of several trade journals.

Please include some links below of places you’ve seen her.

Septoplasty update

In my post “Scott Adams is a whiner“, I mentioned that my septoplasty wasn’t so bad – I spent a couple of days, as is usual when you have surgery, recovering, and I missed a couple of days of work.

Then there was the week of not being able to blow my nose, and of having to rinse twice a day with a liter of salt water – not fun, but then again, not painful either.

Finally, came the moment when the splints were to be removed.

You know that scene in Star Trek II, Wrath of Khan, when the bug crawls out of Bester’s ear?

Yeah, that’s what it was like.

You lean back, they snip the string on the splints (was that to prevent me from sneezing them out, or to prevent them from accidentally being swallowed?), and ask me to breathe out as, one by one, they pull out these huge slug-like pieces of what appears to be silicone gel.

Looking at the splints, as they lay on the tray in front of me, I couldn’t help but think that all these years of nose-picking, I’d been an underachiever – I should have been able to get my index fingers up both nostrils at the same time, right the way up to the web.

My next thought was “my %deity% – does everyone breathe like this?”

It was amazing – even when I took a breath in through my mouth, air came in through my nose.

And when I closed my mouth, I could actually suck in huge lungfuls of air with ease without really trying. [And I have big lungs]

It’s now about a month later, and I can definitely say that although my nose still feels a little tender, and I’m not allowed to ride my unicycle for a while (too much danger of banging my nose), I would recommend this surgery to anyone with a deviated septum.

New ideas from the house of crypto…

Below you’ll find images of my next project in progress.

I’m building on the idea of the RAID – Redundant Array of Inexpensive Disks – where a number of cheap disks with relatively high failure rates are stacked together, connected, and controlled in such a way that they appear to be a single storage device.  These disks can be used in a number of different configurations – striped, so that a number of slow disks can achieve a faster sustained throughput by working in parallel; mirrored, so that a failure on one drive does not cause failure of the storage as a whole; or some combination.

I have figured for a while that this idea needed to be embraced and extended, and with the number of free or cheap thumb-drives that I have cluttering up my desk drawer, the idea came to me that I should create the “RAFT” – Redundant Array of Free Thumbdrives.

As you can see, the prototype, which includes a Free Hub at its centre, runs on four thumb drives of various sizes producing storage nearly equivalent to 256MB.

Let me know what successes you’ve had with floating your own RAFTs.

Error 0x80005000 and DirectoryEntry in .NET

So I’ve got a project that requires I write a web app that checks against Active Directory (an ADAM instance, as it happens).

It doesn’t seem to work, for the longest time.

I’ve got my server’s address set out, I remember to use the “Distinguished Name” format of the user name, and I have the right password.  I’ve selected the right AuthenticationType, and I still get an exception:

“Unknown exception (0x8000500)”.

Here’s the code that failed:

const string adamServer = “ldap://servername:389/DC=example,DC=com”;
const string adamSvcUser = “CN=userName,CN=Roles,DC=example,DC=com”;
const string adamSvcPassword = “cwazqa”;

protected void
subClick(string sUserName, string sPassword)
// Find User in ADAM
DirectoryEntry root = new DirectoryEntry(adamServer,
adamSvcUser, adamSvcPassword, AuthenticationTypes.None);

I just couldn’t see anything wrong.

I’ll come back and edit this post later with the answer…


Okay, so nobody else saw the answer either – that makes me feel better.

The answer is simply that I put “ldap://” at the start of the adamServer string.  The protocol specifier is case-sensitive.

Who thought that one up?  Is “ldap” really different from “LDAP”?  How?  To what protocol does “LDAP” refer, if not to “ldap”?

So there’s your answer – the string should have been “LDAP://servername:389/DC=example,DC=com” – elements in the string other than “LDAP” are all case-insensitive.

Blue Screens and Dump Files.

Blue Screens and crash dumps – I have a love-hate relationship with them.  On the one hand, they’re an unequivocal statement that something is going wrong and needs to be fixed, and on the other hand, they kill all the work you were doing, and nobody pays attention to them anyway.

That latter part is an issue that needs fixing.  Every time I’ve heard complaints to the effect of “Windows is so unstable; my machine blue-screens on me twice a day”, I ask the simple question: “What do you do with the blue-screen error?”

The answer is always “I ignore it and reboot”.

Well, no wonder your machine keeps crashing, then.

A blue-screen is an invitation to investigate and remove a source of error in your computer system.  Whether you investigate it yourself, or bring someone else in to do it for you, it’s vitally important that you do something with it.  [At the very least, use the Dr Watson service to report it to Microsoft – yours may be a common problem that they have already investigated and fixed.]

Usually, you can type the hex error code (including the “0x” at the front) into http://support.microsoft.com and get a few potentially useful answers.  You can also look at the list of device drivers that are suspected as the cause of the failure, and go get updated drivers or ask the device manufacturer for support.  All this without touching a debugger.

Betas – not for general consumption.

A Susan Bradley blog post today reminded me once again that people are treating beta test versions of software as if they are production-ready.

Sadly, when “beta test” is too long for inclusion, the word “test” gets dropped, instead of the word “beta”.

Most people would be well aware that a “test” version of software would be inappropriate for regular use, but relatively few are aware of what “beta” means.

It’s a Greek letter, and as the second letter in the Greek alphabet (alpha-beta, you get the picture), it’s the second part of the process in testing a piece of software.

Alpha testing is the first part, when you first have a more-or-less complete version of the software to test, and you run it through a bunch of internal tests to see that it does more or less what you designed it to do.

Beta testing follows, where you give the application to regular users to see whether it works properly for them.

Beta software has been known to wipe out entire operating system installations, and is generally unsupported.  Choosing whether or not to run a beta test version of software is an exercise in risk management.  Don’t engage in it blindly.

Just last week, we wiped out a colleague’s system by trying to enable BitLocker in Vista.  You need to pass certain requirements in order for BitLocker for work, and the only way we could see to test for those requirements was to enable BitLocker and see if it worked.  It worked in one respect – the drive was encrypted – but in another, important, respect (reading the encryption key off a thumb-drive), it failed.