Just some random things.

As of yesterday at 2pm, I no longer am no longer part of the EIS team at William and Mary. Never fear, I wasn’t fired, I am just moving over the the Web and Learning Services team. It makes lots of sense given the work I have been doing (just about everything I do is web related) and I think it will be a better personality match. It does mean that I get to move onto campus, which is cool. I think this will be a good thing. While doing some things for Braz today, I realized that the webserver on bree serves pages for 35 different hostnames. wow.

that is all. have a nice day

As a regular user of CVS, I am well aware of the limitations this classic tool has. As a result, I’ve been looking for tools that are as simple to use as CVS yet have learned from the shortcomings of CVS. Subversion appears to be such a tool. The authors of Version Control with Subversion have produced an informative yet succinct book that will get one started with what they call the “Next Generation Open Source Version Control.”

They begin with a general architectural overview of version control systems and of subversion itself. Individual sections are provided for prospective users and administrators of a subversion system. They explain the pros and cons of the two different servers that can be used to provide source control access to remote users. A detailed section is also given to the developer who is interested in the inner workings of subversion. In closing they give a complete reference to using the complete family of subversion tools.

This is a straightforward book and as such there isn’t so much to say about it, but that is a good thing. It covers the topic well, and I look forward to putting the knowledge to work.

If you are writing something not application specific in Java you are doing something wrong as it is probably already written for you. But finding the correct solution or class that answers the need you have is often hard. Books such as Java in a Nutshell are useful, but you need to know what you want before you look.

Ian Darwin’s book Java Cookbook is a mammoth (829 page) book that provides answers to hundreds of questions. His style is easy to follow. The book is broken down into major topic areas (strings, numbers, OO techniques, networking, etc.). Each section begins with an overview of the capabilities that Java provides in that area followed by a series of Q&A entries that address specific problems a programmer might encounter. He then concludes with a simple application (or two) that demonstrates the techniques he has discussed. Simple, straightforward, useful.

This second edition has expanded to cover new features that are being developed for Java 1.5. As a programmer familiar with working in Java (but by no means an expert) I found these topics to be the most enlightening. Specifically the coverage of the new foreach construct and the templating mechanisms.

Overall this is a book useful for everyone who codes in Java. It has basic techniques for the new user, and expands into areas that an expert would need.

“Be afraid. Be very afraid.”

If there is one motto to be taken from this book, that is it. Security Warrior takes a new track from most security books, the view of the attacker. How and what they do are explained in detail, from reverse code engineering to methods of avoiding intrusion detection systems. As a systems administrator, part of me wants to just go and unplug all my servers after reading this book.

Far from an introductory book, the authors assume you are familiar with the concepts of securing servers and networks on the internet (achieved, possibly from books like Practical Unix and Internet Security). The first half of the book covers attack methods and then switches to defense methods for the remainder.

The authors provide detailed and up to date information regarding program disassembly for the purpose of patching as well as for determining possibilities for buffer and heap overflows. Methods and tools are discussed for Windows, Linux, and Windows CE. This is heavy stuff; you will need to be at least passing familiar with assembly language and computer architecture to make sense of what they are discussing. They move on to cover network attacks beginning with reconnaissance techniques, firewall and IDS avoidance, and hiding your tracks. I found it very impressive the discussion of some of the most moedrn tools; not only did they discuss TCP stack fingerprinting, they mentioned the latest developments in non-static and passive OS detection tools.

In the last “attacker” section of the book, they discuss specific vulnerabilities in many services, including topics such as Active Directory hacks (extending even into the weaknesses of smart card technology). General web attacks like SQL injection and parameter checking problems are discussed as well as the deficiencies present in most wireless ethernet implementations.

After scaring the daylights out of you in the first part of the book, the authors proceed to the defensive topics of the book. They cover the general topic of logging adequate information and dealing with logs from multiple sources. Alternate syslog implementations are discussed that provide more flexibility than the standard toolsets. For networks in general, intrusion detection systems are discussed using Snort as the example tool. Honeypots are also described in brief. Computer forensics is covered as well as techniques that are used to destroy electronic evidence.

I felt this was an excellent book. It is definitely an advanced book, but is a welcome relief for people who are experienced in computer security and want something that pushes the edge.

I love Williamsburg in the summer.

OK, I realize this was a horrible event and my heart goes out to the victims and their loved ones, but what the hell is up with this headline?

90 dead in tanker horror smash

“tanker horror smash” What?!?!

::sigh::

I’m an official real student again. I got my acceptance letter and have returned the “yes, I will register” paperwork. Master’s degree, here I come (albeit slowly).

Just a quick note that I have posted some pictures. Click on the Photography link to the right

Alton Brown - Rants & Raves!

If I’ve said it once I’ve said it 97 times: there are no bad foods, just bad food habits. If I’m fat (and I’m not saying that I am) it’s not Ronald McDonald’s fault, or ConAgra’s fault or Ben & Jerry’s fault, or my mom’s fault or anyone’s fault but my own. I don’t support lawsuits against fast food any more than I support lawsuits against cigarette companies. Anyone who doesn’t know cigarettes are bad for you is an idiot. Anyone who doesn’t know that eating too much fast food will make you fat…ditto. In fact I think I may organize a class action lawsuit against people who stage lawsuits against corporations who they think should take responsibility for them. Criminy! Most corporations can barely take responsibility for themselves much less others.

If I’m fat it’s because I’ve shoved to many calories down my pie hole. I don’t need to chat with Oprah about it and I sure don’t need to consult that loathsome profiteer “Dr” Phil. I just need to stop eating so much and exercise more.

Ok, just one link. An article by the author of Talking Point Memos, a very good blog.

“Confidence Men” by Joshua Micah Marshall