Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps | Ars Technica.
Let’s see:
This is serious stuff. Fascinating. Let’s see if this is another state-sponsored Stuxnet-like malware.
Some of you might know that COLLADA was not supposed to be used as an end-format in itself (like say OBJ) but more as a interchange format. To quote Wikipedia,
COLLADA was originally intended as an intermediate format for transporting data from one digital content creation (DCC) tool to another application.
It was meant to solve the difficulty of using digital assets across different tools. For example, if I scanned a 3D point cloud and processed it in Geomagic, I want to be able to use the result in say, 3DS Max for further work. 3DS Max obviously cannot open Geomagic files, so most of the time, the DCC artist have to figure out the intermediate format that’s supported by both software, and use that as a mid-point to bridge the gap. That is, instead of A->B, you go through an intermediary X, via A->X->B.
While it sounds logical, it usually doesn’t work in practice. First of all, 3D formats are not like image formats, which are fairly standard except for headers, compression etc. You can get pretty good results in image format conversions. Even though you might get some loss in image quality, the result is usually fairly acceptable.
Once you go into 3D, lo and behold, the problem size explodes. There are many types of mathematical models for 3D representation – polygonal, point cloud, parametric, volumetric, etc. Even within one representation you have tons of parameters. Each software chooses how it wants to use and interprets those parameters, and it varies widely from software to software. The result is that moving digital assets across software is a pain. In fact companies exist to sooth those pain (Right Hemisphere, Okino).
Sony Computer Entertainment, being a game company, must have faced a lot of such issues. The solution it created was COLLADA, to fill the missing X that plagues the industry. In 2004, it generously donated COLLADA to the community. The competing format back in the days was X3D, the successor to VRML. X3D was mainly driven by the academia, and did not have the kind of backing COLLADA has. It happens that Google Earth was looking to introduce support for 3D models around that time. Previously, it could only support imagery and terrain data. By a stroke of luck COLLADA was adopted as the native 3D format – even though it’s actually an interchange format. SketchUp soon followed, in a somewhat clever move – it was acquired by Google shortly after. By then, Autodesk and the rest of the big boys were on-board and the rest, as they say, is history.
Mozilla Thunderbird uses the mbox format, which makes it incredibly portable and easy to process. Unfortunately, it also means that all of your messages within a Thunderbird folder is in single file*. This can cause problems if you keep using a folder for many years. For instance I have a mbox file that is >1GB and it’s mounted in a network share. Opening, modifying, backing up takes quite a while. I finally gave up and decided to do something about it.
I wanted to organize my mailbox by year, while preserving its folder organization. A quick online search did not find anything I can use. So I whipped up my trusty PHP and wrote this.
https://github.com/boviner/splitmbox
Usual disclaimer applies.
* I’m simplifying here. If your folder contains subfolders, each subfolder actually has it’s own file
Ever wonder what information you can derive from a MAC address (eg. 50-e5-49-12-34-56)? Well, the first 6 letters uniquely identifies the manufacturer of the device. Eg. MAC addresses starting with 50E549 are from Gigabyte. You can download the whole list of manufacturer OUI (ORGANIZATIONALLY UNIQUE IDENTIFIER) from here. Or you can use a lookup service like this.
Here’s a small utility that I’ve written to make it easier to visualize package changes in a Debian-based system.
Sample output:
2013-03-06 (Wed)
purged> 13:30 ecryptfs-utils ()
12:37 ecryptfs-utils (68-1+lenny1)
12:37 keyutils (1.2-9)
12:37 libecryptfs0 (68-1+lenny1)
12:37 libgpgme11 (1.1.6-2)
12:37 libpth20 (2.0.7-12)
purged> 12:36 mimms ()
uninstall> 12:36 libmms0 (0.4-2)
2013-02-28 (Thu)
23:36 mimms (3.2.1-1)
23:36 libmms0 (0.4-2)
2013-01-30 (Wed)
upgrade> 17:16 samba-common (2:3.2.5-4lenny15)
17:16 smbfs (2:3.2.5-4lenny15)
upgrade> 17:16 samba (2:3.2.5-4lenny15)
upgrade> 17:16 smbclient (2:3.2.5-4lenny15)
...snipped...
Read more here: https://github.com/boviner/pkghist/
From the creator of WordPress:
Has it really been 10 years? It seems just yesterday we were playing around on my blog, and the blogs of a few high school friends. Two of those friends are married, one isn’t anymore, two are still figuring things out, and one has passed away.
You were cute before you became beautiful. Wearing black and white, afraid of color, trying to be so unassuming. I know you got jealous when I wore those Blogger t-shirts. They were the cool kids at SxSW and I thought maybe you could grow up to be like them.
Read more here: http://ma.tt/2013/05/dear-wordpress/
I’m recently reminded of this old article by Josh Bloch when dealing with some of our clients. Some people can’t seem to accept that software can have bugs and software can crash (note: in this case it’s not our software). For those of them, I leave them with the following quote from the article I mention:
We programmers need all the help we can get, and we should never assume otherwise. Careful design is great. Testing is great. Formal methods are great. Code reviews are great. Static analysis is great. But none of these things alone are sufficient to eliminate bugs: They will always be with us. A bug can exist for half a century despite our best efforts to exterminate it. We must program carefully, defensively, and remain ever vigilant.
via Extra, Extra – Read All About It: Nearly All Binary Searches and Mergesorts are Broken.
If we can’t even get a “simple” binary search working bug-free – by someone with such distinguished credentials – what hope is there for the rest of us for getting complex software to work correctly 100% of the time?
While searching for a solution to stop @eaDir from being generated on the Synology NAS, I came across this blog, which has quite a number of good articles that sysadmins will find useful.
Will certainly be keeping this in my bookmarks for reference.
This post is more as a note for myself, as a quick reference for the expanding list of Amazon AWS services. Not too long ago it was just EC3 and S3, and now you have stuff like Route 53, Glacier, Redshift and a whole bunch of others.
Good that someone compiled a nice summary here:
Just saw this on HN. Alexander Brevig : The //* /*/ //*/ comment toggle trick.
I’ve been using something very similar – the only difference between the last comment //*/ vs /**/
//*
someFunction();
/*/
someOtherFunction();
/**/
This technique is surprisingly “portable” – works in C++, Javascript, PHP, amongst others. And it works better than if (0) { someFunction(); } else { someOtherFunction(); } ‘cos syntax-highlighting works.
Another trick that I’ve used by abusing comments is to produce output that are both valid Javascript as well as HTML – at least to most browsers:
//<!--
alert("hello");
//-->
//<html><body>some text</body></html>
In Javascript context it’ll show a “hello” prompt, whereas in HTML context it’ll show “// //some text”. This can be used when say you’re returning a Javascript API and someone is misinterpreting it as HTML. You can of course be creative about the “some text” part. 🙂