The main reason I’m posting this is so that other people can avoid trying to play “chase the dependency trail” in back-porting the Debian etch Django source package to sarge. If you want to do that I suggest working on modifications to the source package rather than following the trail.

[Note: If you want Django on Debian etch then you can simply: apt-get install python-django (not the latest and greatest though, 0.95.1 at this time, your best bet in all cases is probably a local user install from SVN)]

Here’s how I successfully installed Django as a Debian package, followed by the way I failed to do so.

Creating a Django Debian package (successfully)

After my trail following led me to a cliff I gave up on the 0.95.1 Debian source and moved on to this hackish method of getting a package. There are plenty of ways to get to packages on Debian. Let me scare you with this:

:; su -c 'apt-get install rpm alien'

(I’ll used Sam’s neat prompt to differentiate between commands and other crud.)

Then:

:; wget http://www.djangoproject.com/download/0.96/tarball/
:; tar xzf Django-0.96.tar.gz
:; cd Django-0.96
:; python setup.py bdist_rpm --packager="Yvan Seth" --vendor "django" 
            --release 1 --distribution-name Debian

However, the last step fails with “Illegal char '-' in version: Version: 0.96-None” so I edit build/bdist.linux-i686/rpm/SPECS/Django.spec and remove the -None from version (can’t see a way to do this with the bdist_rpm options):

:; vim build/bdist.linux-i686/rpm/SPECS/Django.spec
:; cp ../Django-0.96.tar.gz build/bdist.linux-i686/rpm/SOURCES/
:; rpmbuild -ba --define "_topdir 
        $HOME/source/Django-0.96/build/bdist.linux-i686/rpm" --clean 
        build/bdist.linux-i686/rpm/SPECS/Django.spec
:; fakeroot alien -k 
        build/bdist.linux-i686/rpm/RPMS/noarch/Django-0.96-1.noarch.rpm

Joy! Now I have a django_0.96-1_all.deb, do I dare to install this critter?

:; su -c 'dpkg -i django_0.96-1_all.deb'
Password: 
Selecting previously deselected package django.
(Reading database ... 41757 files and directories currently installed.)
Unpacking django (from django_0.96-1_all.deb) ...
Setting up django (0.96-1) ...

This sucks like a 747 engine (or blows, all a matter of perspective), but the deed is done. Probably better than “su -c 'python setup.py install'” but in the end it would probably have been best to just do a local --prefix=$HOME/blah type of install.

Setting it up

The Django site documents installation at http://www.djangoproject.com/documentation/0.96/install/.

The Django documentation is rather good, once I was though with my packaging débâcle the doco got me up and running in next to no time. My notes here are specific to my system and probably not useful to anyone.

Database

I’m already running both PostgreSQL and MySQL. I chose to use PostgreSQL because the sarge package for python-psycopg fits the specification given by the Django instructions while the python-mysqldb version is a little older than the specified minimum version. I’m also more familiar with postgres. So:

:; su -c 'apt-get install python-psycopg'

You’ll want to set up a database, so get an appropriately privileged psql shell and, for example, do:

CREATE DATABASE django_mysite;
CREATE USER django_mysite WITH PASSWORD 'dumbpassword';
GRANT ALL PRIVILEGES ON DATABASE django_mysite TO django_mysite;

mod_python

The mod_python setup is documented here: http://www.djangoproject.com/documentation/0.96/modpython/

I have mod_python installed and it makes sense to use it. I’m using a pretty funky Apache vhost setup though and I’m not going to detail it here. In essence you want to find the appropriate VirtualHost section and insert something like this:

    <Location "/djangotest/">
        SetHandler python-program
        PythonHandler django.core.handlers.modpython
        SetEnv DJANGO_SETTINGS_MODULE mysite.settings
        PythonPath "['/home/vhost/malignity.net/data/django/'] + sys.path"
        PythonDebug On
    </Location>

With that done you should see a basic status page at the configured URL (i.e. http://malignity.net/djangotest/).

All Good!

Now to follow the great tutorial that starts here: http://www.djangoproject.com/documentation/0.96/tutorial01/ I’m mildly impressed already, and web stuff usually pisses me off before I even touch it. We’ll see how it fares after I try and actually do something with it though.

How Not To Do It

Backporting python-django from Debian etch to sarge

This was a supposed to be a command log for a successfully back-ported Django package build. But it didn’t turn out so well.

We start with a Debian sarge server box. I really don’t want to risk dist-upgrading a box that’s in another country a 2 hour flight away. The box runs with some backports.org packages for the likes of Apache2, SpamAssassin, and ClamAV updates. Consider it a fully up to date general server with this sources.list file:

:; cat /etc/apt/sources.list
deb ftp://ftp.de.debian.org/debian sarge main contrib non-free
deb http://security.debian.org/ sarge/updates main
deb http://www.backports.org/debian sarge-backports main

What I want on this box is this cool new Django thing I’ve heard so much about, but rather than download and work with the tarball I’d prefer a Debian package (call it a form of OCD if you like). A fairly up-to-date package is available in current the currently stable etch and we can trust Debian to track this for security fixes, if I track this package manually we ought to be able to have a relatively safe install. So! Time to try and build the etch sources for sarge.

;: su
:; cat << END >> /etc/apt/source.list
deb-src ftp://ftp.de.debian.org/debian etch main contrib non-free
deb-src http://security.debian.org/ etch/updates main
deb-src http://www.backports.org/debian etch-backports main
END
:; apt-get update
:; exit

Create and install python-django?

:; mkdir -p pkgbuild
:; cd pkgbuild
:; apt-get source python-django
:; pushd python-django-0.95.1
:; fakeroot dpkg-buildpackage
...
dpkg-checkbuilddeps: Unmet build dependencies: debhelper (>= 5.0.37.2)
    python-dev cdbs (>= 0.4.42) python-setuptools (>= 0.6b3-1)
    python-support (>= 0.3)
...

In a perfect world this would build your package! But things are rarely perfect. The dpkg-buildpackage reports any missing build dependencies, I had to install the parts that I could:

:; su -c 'apt-get install debhelper python-dev cdbs python-setuptools'
...
Setting up cdbs (0.4.28-1) ...
Setting up python2.3-dev (2.3.5-3sarge2) ...
Setting up python-dev (2.3.5-2) ...
Setting up python2.3-setuptools (0.0.1.041214-1) ...
...

Notice the versions aren’t really what I’m after, I’ll be punished for that later.

Create and install python-support?

Alas is isn’t as simple as that, another build dependency was python-support which wasn’t available for sarge, so…

:; popd
:; apt-get source python-support
:; pushd python-support-0.5.6
:; fakeroot dpkg-buildpackage
:; su -c 'dpkg -i ../python-support_0.5.6_all.deb'
...
 python-support conflicts with debhelper (<< 5.0.38)
...

Nope, no luck. Looks like the version of debhelper installed really needs an upgrade… I’ll prefer to trust the package maintainers and not try and force an older debhelper version on things.

Create and install debhelper?

:; popd
:; apt-get source debhelper
:; pushd debhelper-5.0.42
:; fakeroot dpkg-buildpackage
...
dpkg-checkbuilddeps: Unmet build dependencies: po4a (>= 0.24)
...
:; su -c 'apt-get install po4a'
...
Setting up po4a (0.20-2) ...
...
:; popd

Create and install po4a?

It is getting a bit over the top now… another route would be advisable at this point. While there’s got to be a better way I’m possessed of a zombie-like persistence so keep going…

:; apt-get source po4a
:; pushd po4a-0.29
:; fakeroot dpkg-buildpackage
:; # Joy! It builds!!
:; popd
:; su -c 'dpkg -i po4a_0.29-1_all.deb'
:; # Joyjoy! It installs!!!

Pass 2 of: create and install debhelper?

:; fakeroot dpkg-buildpackage
:; # Joy! It builds!!
:; popd
:; su -c 'dpkg -i debhelper_5.0.42_all.deb'
 debhelper depends on dpkg-dev (>= 1.13.13); however
  Version of dpkg-dev on system is 1.10.28.

Sigh. Is it really worth following this path any further?

Create and install dpkg-dev >= 1.13.13?

No, I really don’t want to do this. Time to stop! Additionally:

:; popd
:; apt-get source dpkg-dev
:; pushd dpkg-1.13.25
:; fakeroot dpkg-buildpackage
...
dpkg-checkbuilddeps: Unmet build dependencies: debhelper (>= 4.1.81)
  pkg-config libncurses5-dev | libncurses-dev zlib1g-dev (>= 1:1.1.3-19.1)
  libbz2-dev libselinux1-dev (>= 1.28-4)

A circular dependency on my debhelper/dpkg requirements. Version requirements for libselinux1-dev and zlib1g-dev that are too up to date for sarge and would require builds. No, it’s gone too far.

Another route would be to try modifying the package build information to get a Django package that doesn’t have any of these requirements. But that also tends to be a slippery slope.

Yeah… just don’t do this. OK?

Now I say this as a certified “fatso”: pedometers/wiis/foot-tapping aren’t going to make fat bastards experience “big health benefits” (my qualifications: BMI of 27.6 … still a fat bastard, but that’s down from the 37.6 I was at 3 years ago — BMI’s don’t mean a huge deal but the mirror doesn’t lie). Maybe there’s one fatso in one thousand who gets a case of OCD over their wiggle-my-stick-wii game and loses a few pounds, but seriously? “The allure of computer gaming and competition with other users encourages players to make small lifestyle changes that can add up to big health benefits.”

But these are scientists saying this is so, so who am I to pronounce judgement
or even have an opinion? It’s just rare that I see something come through ACM
TechNews that makes me think “what a load of tripe”.

AFAIC fat bastards have two things to do:

1. eat less,
2. lift some heavy shit (seriously, muscle burns calories).

Wiggling your PDA and other “small lifestyle changes” isn’t going to do it for
you. And for the truly obese “running” is just going to stuff your knees.
Want real incentive? Take away access to public health services of any kind,
it should be treated the same as smoking or any other personal risk-increasing
habit. You choose to increase your risk, you cover the consequences. Of
course the US is way ahead of everybody on that front, but they’re still all
fat. I guess that’s why I’m not qualified to have an opinion 🙂 d’oh!

Of course, this is actually from a press release, so isn’t worth paying attention to.

Bah, this isn’t even going in tech.

[[[Update: Fellow fatsos should read this.]]]

I’ve sporadically been losing emails recently. It turns out this is due to two things.

1. I changed ISPs and now have a dynamic IP that is in several blacklists.
2. I’ve been sending emails with the string “configure.ac” in them and this is in several URI blacklists.

Mostly this means I don’t receive my own emails, but sometimes the IP thing seems to catch emails on their way to me from someone else. I do have to wonder who else is not getting my emails though 🙁

OK, so “dying gasp” is a bit melodramatic. But email seems to become increasingly unreliable. Unless you’re expecting email and will thus miss it when it doesn’t arrive how do you know you’ve missed the unexpected? There’s no way of knowing whether you’re getting all you should be, or others are getting all you’re sending! More and more I use IM and websites for communication, and email becomes an “on the record” and “just a sec, I’ll email you the file” medium.

The listed IP thing is only going to happen to geeks who have local mail relays. I use a local mail relay for work email, so it is kind of important. I guess I’ll have to configure the local MX to not add a received header.

The “configure.ac” thing is just a PITA.

Seeing more of those emails that try to hurt Kaspersky’s feelings. An interesting note about them. If you download with an IE useragent string you get something different that what you get with a Firefox useragent string. If the UA string isn’t FF or IE you get simple HTML with just the link to the exploit .exe file. The obvious difference between the FF and IE versions is that the FF version of the code doesn’t insult Kaspersky.

Beyond that the FF and IE have very different payloads attached. The IE payloads I see now are very similar to the weekend’s, some minor differences that seem to mainly revolve around the different IP address. The decoded script contains a variety of nastiness, including downloading “file.php” which is another PE executable, yet another version of Zhelatin/Nuwar/Storm. This site’s version of video.exe is labor.exe (Labor Day in US). Both PEs are detected as Zhelatin vars by KAV. KAV catches the IE version of the web script, but not the FF version. Overall scan results are pretty average (heh, these guys probably use sites like virustotal.com to test their damn malware).

   File             | Caught By | As %
--------------------+-----------+--------
IE Script           |   6/31    | 19.36% 
IE Script (decoded) |  15/32    | 46.88% 
FF Script           |   7/31    | 22.59% 
FF Script (decoded) |  12/32    | 37.50% 
labor.exe           |  16/32    | 50.00% 
file.php            |  12/32    | 37.50% 

(The /31 entries are where the Prevx1 scanner wasn’t included for some unexplained reason.)

The FireFox post-xor payload is much shorter than the IE version. It seems to contain just a couple of simpler exploits. One of which is for Windows Media Player plugin EMBED bug MS06-006. The other looks like something intended to do some stack smashing in the FF javascript engine.

Also worth noting, each time you download you get a script that has used a different value for the xor key (well, probably random rather than specifically different). Both versions have the same obvious xor decrypt though. Getting closer to some difficult form of polymorphism?

Seen only a couple of IPs hosting this creature so far. In both cases they’re RoadRunner owned IPs in the US.

Finally, here’s a coverage summary from a script that processes virustotal.com results. This data is by no means a meaningful representation of anything at all. Top points to Webwasher, although AFAIK they uses multiple AV engines. I’ve never even heard of half these scanners outside of virustotal.com scans.

                                 FF-dec FF IE-dec IE file.php labor.exe  COVERAGE
Webwasher-Gateway (2007.09.03):       Y  Y      Y  Y        Y         Y     100%
              AVG (2007.09.03):       x  Y      Y  Y        Y         Y      83%
          AntiVir (2007.09.03):       Y  x      Y  x        Y         Y      66%
      VirusBuster (2007.09.03):       x  x      Y  Y        Y         Y      66%
        Kaspersky (2007.09.03):       x  Y      Y  x        Y         Y      66%
           McAfee (2007.09.03):       Y  Y      Y  Y        x         x      66%
         F-Secure (2007.09.03):       Y  Y      Y  x        x         Y      66%
         Symantec (2007.09.03):       Y  x      Y  x        Y         Y      66%
      BitDefender (2007.09.03):       Y  x      Y  x        Y         Y      66%
       eTrust-Vet (2007.09.03):       Y  x      Y  x        x         Y      50%
        Microsoft (2007.09.03):       x  x      Y  Y        x         Y      50%
            eSafe (2007.09.03):       x  Y      x  Y        x         Y      50%
           Sophos (2007.09.03):       Y  x      x  x        Y         Y      50%
           Rising (2007.09.03):       Y  x      Y  x        x         x      33%
            Ewido (2007.09.03):       x  Y      Y  x        x         x      33%
    CAT-QuickHeal (2007.09.03):       x  x      x  x        Y         Y      33%
            DrWeb (2007.09.03):       x  x      x  x        Y         Y      33%
          Sunbelt (2007.08.31):       x  x      x  x        Y         Y      33%
           Norman (2007.09.03):       Y  x      x  x        x         Y      33%
           Ikarus (2007.09.03):       Y  x      x  x        x         x      16%
            Panda (2007.09.03):       x  x      x  x        Y         x      16%
       Authentium (2007.09.02):       x  x      Y  x        x         x      16%
            VBA32 (2007.09.03):       Y  x      x  x        x         x      16%
           F-Prot (2007.09.02):       x  x      Y  x        x         x      16%
            Avast (2007.09.03):       x  x      x  x        x         x       0%
        AhnLab-V3 (2007.09.03):       x  x      x  x        x         x       0%
          NOD32v2 (2007.09.03):       x  x      x  x        x         x       0%
      FileAdvisor (2007.09.03):       x  x      x  x        x         x       0%
         Fortinet (2007.09.03):       x  x      x  x        x         x       0%
           Prevx1 (2007.09.03):       x  O      x  O        x         x       0%
           ClamAV (2007.09.03):       x  x      x  x        x         x       0%
        TheHacker (2007.09.02):       x  x      x  x        x         x       0%

[[[FYI I’m a big fan of using different AV scanners. I.e. use one product on your desktop, another on your mail server, and yet another at the gateway. I have a leaning towards McAfee and KAV, in the rather unrepresentative example above they make a perfect combination. 😉 It’s a bit expensive though, and you’re not going to get any “seamless integration” this way. Could be some call for a meta-AV company. The meta-AV company creates a UTM, remote desktop management system, and messaging (mail, etc) server scan interface with one unified management system. What would make it different from the alternatives I’ve seen around is that rather than being single-vendor based the aim would be to allow different AV products to plug in to each location.

Another semi-related thought is that you could have a system where a business has n different AV products installed across it’s desktop systems. Most employee desktops do stuff-all with their mega-cpu-power, so let’s put it to some good use. What you get is a “farm” of AV engines that your email/proxy infrastructure can call out to for scanning. To make it even more distributed you could have employee mail clients and web browsers pulling their traffic through their peers in such a way that each peer links through a peer with a different AV product. It’s a bit rough around the edges. Can you trust a desktop platform to do the job of secure proxy server? What about the added latency, is it significant? AV scanning tends to be slow.]]]

Seeing more and more of these spammed attempts to get people to self-infect. Most recently I passed over one that looked much like one described by the AVERT blog a short while ago. A very simple email with the line:

Dude I know thats you, someone emailed me a link to the video. see for yourself… http://www.youtube.com/watch?v=iVyfrel8jIt

The bit that seems to be a YouTube link is actually wrapped in an anchor tag linking to an IP address (not reproduced above). Not YouTube! Duh! (It’s rather disappointing that the YouTube URL actually doesn’t show some amusing video.)

If you hit the site you get a nice HTML page that tells you your video will be ready in 15 seconds. Meanwhile it tries to break your web browser, as recently described on the Kaspersky blog. In fact I think the author of this malware might read the KAV blog too, from the script code:

function kaspersky(suck,dick){}; function kaspersky2(suck_dick,again){};

Ouch! Getting personal in malware code!

As an added bonus the page includes:

If your download does not start in approximately 15 seconds, you can click here to launch the download and then press Run.

Sure, “press Run”? But how many people will this sucker? Too many I’m afraid.

ClamAV tells me that the HTML page is “JS.XorCrypt” (some sort of generic signature I assume) and that the video.exe file linked to is “Trojan.Small-3273”. McAfee and Kaspersky both catch both files too, “Nuwar” and “Zhelatin” respectively for video.exe… no surprises there. I guess the author is right to be annoyed at Kaspersky, it catches their malware! Ha! (On VirusTotal.com 46.88% of 32 scanners detect the HTML file and 78.13% detect the executable – detected malware names vary greatly.)

Examining the code in these things is often fun. In this example the HTML page contains the (reformatted) code:

function xor_str(plain_str, xor_key)
{   var xored_str = "";
    for (var i = 0 ; i < plain_str.length; ++i)
    xored_str += String.fromCharCode(xor_key ^ plain_str.charCodeAt(i)); 
    return xored_str;
} 
function kaspersky(suck,dick){}; 
function kaspersky2(suck_dick,again){};
var plain_str = <<OBFUSCATED_STRING_HERE>>
var xored_str = xor_str(plain_str, 20);
eval(xored_str);

Given a couple of minutes I can translate this to:

#!/usr/bin/perl -w
use strict;
sub xor_str
{
    my ($plain_str, $xor_key) = @_;
    my $xored_str = "";
    for my $chr (split //, $plain_str)
    {
        $xored_str .= chr($xor_key ^ ord($chr));
    }
    return $xored_str;
}
my $plain_str = <<OBFUSCATED_STRING_HERE>>
my $xored_str = xor_str($plain_str, 20);
print $xored_str;

I don’t really have time to dig deeper (it’s 03:31 right now!), but here’s the list of functions grepped out of the decoded exploit code.

h() {mm=mm; setTimeout("h()", 2000);}
getb(b, bSize)
cf()
startWinZip(object)
startWVF()
elea(){
yah()
startOverflow(num)
GetRandString(len)
CreateObject(CLSID, name) {
XMLHttpDownload(xml, url) {
ADOBDStreamSave(o, name, data) {
ShellExecute(exec, name, type) {
MDAC() {
start() {

A final note. The virustotal.com result for the decoded payload gives a 46.88% (15/32) detection rate. What is interesting is that the detections are by a very different set of AV products and identified by a very different set of names! Only 7 engines detected both the encoded and decoded forms. Of these seven only one gave them the same name, but this was the rather uninspiring “Downloader” from Symantec. I kind of expected that at least one product would be able to perform the decode and identify the payload (although if you can detect prior to doing this you save CPU time, so doing the decode isn’t necessarily desirable).

All in all I think it is rather sad that malware this lame will probably do it’s intended job and net a few more netizens for the botnet empire.

Fun’n’games.

Malware seems to be getting more straightforward these days, from a short while ago:

We are looking for Consumer opinions of our new software Digital Kittens

This beta testing will enable us to fine tune the software for public
release. For helping out, you will receive a free edition and 5 years of
updates.

1: Download the software  2: Try it  3: Tell us what you think If you
want to participate, just follow the link to our download site:
http://7w.2xx.2y.1zz/setup.exe

Who wouldn’t want free digital kittens?! You can play with beta kittens, help some company out, and get years of free digital kittens as a reward. How do you fight that wetware exploitation? “Don’t accept kittens from strangers.”? I have trouble getting over the point of view that “it’s damn obvious that you don’t execute unsolicited .exe files”, but the fact is this still seems to only be obvious to a minority of computer users. Got to have that AV installed! It’ll give you some protection, though probably wont be much use if you’re in the first wave of recipients of a properly engineered piece of malware that’s been tested against the AV engines.

VirusTotal.com tells me (with engines that failed to do the job edited out):

AhnLab-V3           Win32/Zhelatin.worm.140367
AntiVir             WORM/Zhelatin.Gen
Authentium          Possibly a new variant of W32/Fathom.3-based!Maximus
Avast               Win32:Tibs-BFG
AVG                 Downloader.Tibs.7.X
BitDefender         Trojan.Peed.IGS
CAT-QuickHeal       (Suspicious) - DNAScan
ClamAV              Trojan.Small-3637
DrWeb               Trojan.Packed.142
eSafe               Win32.Zhelatin.hq
eTrust-Vet          Win32/Sintun.AE
Ewido               Worm.Zhelatin.hq
Fortinet            W32/Tibs.GN@mm
F-Prot              W32/Fathom.3-based!Maximus
F-Secure            Email-Worm.Win32.Zhelatin.hs
Ikarus              Email-Worm.Win32.Zhelatin.hq
Kaspersky           Email-Worm.Win32.Zhelatin.hs
McAfee              Tibs-Packed
Microsoft           Trojan:Win32/Tibs.DV
NOD32v2             Win32/Nuwar.Gen
Norman              W32/Tibs.ASFB
Panda               W32/Nurech.AU.worm
Sophos              Mal/Dorf-E
Sunbelt             VIPRE.Suspicious
Symantec            Trojan.Packed.13
TheHacker           W32/Zhelatin.genw
VirusBuster         Trojan.Tibs.Gen!Pac.132
Webwasher-Gateway   Worm.Zhelatin.Gen

This kitten is diseased. Time to back over it’s poor little head with a car.

A friend of mine was recently asked to jot down a C++ singleton implementation in a job interview, ah the venerable singleton. I guess we’ve all used it sometime or another, possibly trying to fit it into our designs just because it is cool.

Anyway, this dude is positively allergic to anything that looks inefficient. However, since threads are still considered cool locks become necessary, and locks are slow! So a seemingly common enhancement of the singleton is the “Double-Checked Locking Pattern”. This has the dual goals of supporting threaded client code safely and making optimisation junkies happy.

Singleton* Singleton::instance() 
{
    if (pInstance == 0) 
    {
        Lock lock;
        if (pInstance == 0) 
        {
            pInstance = new Singleton;
        }
    }
    return pInstance;
}

[[copied from the paper below]]

I wouldn’t opt for this myself, but I’ve seen it and would have used it if asked for (or I saw a need for) something more efficient. My default implementation would leave out the top level if wrapper, which is the part that makes it “Double-Checked Locking”.

However! It gets horribly complicated, my friend’s interviewer took issue with this implementation. The explanation being that a compiler implementation has the right to decide to assign pInstance to the allocated memory prior to actually executing the class construction code. This was met with disbelief, and when I was told about it I had a hard time believing it too. But things really can be this bad, for an in-depth coverage of the problems with the “Double-Checked Locking Pattern” have a read of this paper (PDF) by Scott Meyers and Andrei Alexandrescu (found in this DDJ article, page 4).

What a nightmare.

It reminds me of something someone I used to work with always said about the C++ standard: “watch out for the weasel words”. More clearly, watch out for the things the standard doesn’t promise.

My friend did get the job, despite the disagreement, and it sounds like a good one. Congratulations! Todo list for first day: eat humble pie. Or maybe: debate practicality of DCLP given constraints of known compiler and platform behaviour and the possible requirement for performance over portability? 😉

---

On a totally random note, why do so many well-known artists have (supposedly official) MySpace pages that totally suck? Try reading this, or this. (Ah, the aural fun of opening multiple myspace pages.) Maybe their web designers just can’t handle working without 100% flash?

“Vlad calls it the evil color.”

Classic, I now have a new favourite colour.

[Written mostly after I left InfoSec on Wednesday, but not cleaned up and posted until Sunday — no rest for the restless.]

Phew, I just escaped from InfoSec. I have serious respect for the sales and business guys who manage to make these conferences a productive experience. I come at these things from a technical perspective and there just isn’t a good mesh between me and the “guys in suits”. Mostly because they want to try and sell me things and as soon as they realise I’m not in the business of buying things and, worse, work for a company that might want to sell them things they squirm. Of course, I’m “just a developer” so I guess I shouldn’t feel bad about this, at least I had some good discussions with people we already know.

In general InfoSec was an interesting show, there’s a heck of a lot to take in there but it’s all very high level (i.e. kindergarten-like talks on rootkits and malware by people I know would like to get into the details but have to tailor for an audience wearing suits). I think that overall the most useful aspect of the show is that you get a very good view on who’s out there, what they do and what their associations are. There’s also a lot of good indicators of what the business-mass is thinking. Right now it seems to be UTMs/Appliances — seriously, every damn company seems to have a range of security appliances these days. If they don’t have their own appliances they line a wall with all the appliances they OEM to. The other thing is a sudden proliferation of web/mail-security-as-a-service businesses. Hosted secure mail solutions everywhere (where we mostly just saw MessageLabs a few years ago). There’s an upwelling of external secure-web-proxy services too — essentially taking the technical overhead of Web/Mail security maintenance away from businesses.

On a work front I met some new developers from companies we’ve had dealings with. In fact, for me this was the most productive element. I learnt some things about people’s first impressions of our stuff, some thoughts worth feeding back to Sydney but nothing we’re not already aware of. It’s also great to meet people you’ve exchanged emails/IMs with but have never met, sometimes just for the surprise of how much they do not match the mental image you have built up! And then there’s the long conversations about search algorithms, and analysis, and similar fodder for geek conversation — something I don’t have as much opportunity for these days. But I must try to remember to keep away from topics along the lines of nuclear powered bicycles and zombies, even most tech geeks aren’t prepared for that stuff.

There were “booth babes” in abundance, so much for PC. The problem is that, while it’s all very well having an attractive woman handing out brochures and the like, it all falls apart if you try to discuss the products/technology with them. Initially I was naive enough to try this (hey, I haven’t been to many of these things), but gave up fairly early on. And what does this lead to? You begin to look at any female at a booth as little more than a pamphlet-stand, most likely including several who are actually sales/tech people representing their companies. I can’t say I have anything against a veritable suffusion of babes, but there is a time and a place for these things and I don’t think a security conference is it. I don’t even think that having to make up for large numbers of fuzzy to semi-fuzzy geeks and large Americans in suits is a good enough excuse.

I was feeling rather drained by about 16:00 so headed out to Seven Dials for a couple of double-espressos at Monmouth… ahh, great coffee. Now we’re having a decent feed at The Wellington on The Strand (they deep fry a good fish, and the Aberdeen Angus burgers are sufficiently meaty though a little plain). After this time to head home, report, then collapse.

Here’s a little tip I picked up from a colleague. If you’re stuck in a Win32 world where the cmd.exe completion setting isn’t defaulted to enable tab completion (like on Windows 2000). Look here: CompletionChar.

To cut right to the important bit, run regedit and navigate to: HKEY_LOCAL_MACHINESoftwareMicrosoftCommand Processor in here you’ll find CompletionChar and PathCompletionChar – change both their values to 0x09.

There are equivalent CURRENT_USERS entries too if you prefer not to do it system-wide.

This is probably only Win2k … I’m stuck in the ancient past here. 😉