spoonfork

sup ya'll? happy right? everybody look the same! happy yeah! it's the holidays. drive safely ya'll!
happy deepavali and raya, yo!



photo by beezy


photo by zaido

as usual, i have some interesting stuff that you geeks might be interested in reading, if you haven't checked them out yet:

• Smack the Stack. since kernel 2.6.12, stack protection has been added to the linux kernel by default. this patch (va randomization) randomized the stack within 8Mb, and applies to ELF binaries. however, there are ways to circumvent it, by means of some advanced stack overflow methods. a few methods is presented: stack juggling, ret2pop, ret2eax, ret2esp, stack and stethoscope. let me suggest this: grsec.


• A comparison of Linux, Solaris and FreeBSD Kernels. the basic stuff are explained in general: memory management, scheduling, file system, etc.


• Performance Tuning With GCC, Part 1. this part basically explains most of the important stuff in man gcc that is performance and optimization-related, but in more details.


• Performance Tuning with GCC, Part 2. this part deals with analyzing performance problems using gprof, GNU profiler, valgrind, and oprofile. if you're a gentoo geek, this is a must read.

while going to gym has nothing to do with gcc optimization, i can't help but to note the similarities with a well-planned workout routine and optimization. -Os or -O9 or -fomg-super-optimialization may not work in all software classes. similarly, carrying so much weight (e.g. 50kg on the benchpress with 10 reps x 5 sets will gain you less mass than carrying 40kg x 12 reps x 5 sets). what i'm trying to say is - experiment with the various optimization methods and flags, and what may work for your system may not work for others. however, some rule of thumbs do apply, such as combining many different optimization flags can cause more harm than good. similarly, doing incline dumbbell press without focus on the chest muscles (for example, squeezing the muscles as you lift the dumbells up) will give slower results.

and oh, either run your security appliance on openbsd or grsec-ed your linux box.

listening to: ben folds five - kate

RD (Red Dragon) of THC released the exploit for the Snort BackOrifice vulnerability discovered by Neel Mehta. (cool! a competitor looking for vulnerabilities in another competitor's product). it is a pretty easy exploit actually, and works on linux with 2.6 kernel. there's no exploit for FreeBSD yet.

question is, if you are running snort on linux, should you be concerned? or another question, if you are running sourcefire's snort appliance, should you be concerned? well, yes. but let's not play the blame game here. but i will. you are definitely lame whatever-certified system/network/security administrator if you run snort on linux without grsecurity. lamer, that who you are. lame lame lame.

and oh, if you have one of those sourcefire appliance boxes, good luck.

(oh wait, i know many people who deployed snort without grsec... i must have pissed a lot of friends by calling them lame)

dear ub3r-1337 g33ks,

since my client (who pays for my beer and the nasi lemak and the teh tarik) allows only HTTP and HTTPS connections, i managed to SSH to my servers by tunneling it via their proxy port using a wonderfool program called corkscrew (not to be mistaken for a wine bottle opener). this is great since now i can pop my emails (using the wonderfool open source emale client called thunder! thunder! thundercats! err... bird) . so i'm tunneling pop.gmail.com and smtp.gmail.com via SSH which is great cause now i can ensure that i get every pr0n that is sent to me. however, everytime thunderbird connects to gmail, there's this semi-annoying pop-up:



is there anyway that i can trick thunderbird to recognize localhost as pop.gmail.com? this way, when thunderbird does what it has to do, it won't waste see-pee-you cycles creating the semi-annoying pop-up above?

your u3r-n00b user, spoonfork

listening to: the strokes - the modern age

metamathephor:

• my temper is direcly proportional the number of hours i stay awake. hence, the more hours i stay awake, the worst my temper gets.


• the same can be said for my alertness - i tend to stay more alert when i have less sleep, but the brain gets slower.


• seems like emerge is taking much longer when updating portage cache, even when i'm syncing like, once a week. must run strace when running portage, and see what the heck its doing.


• wordpress' dashboard takes a whole lot of time to load. hence, this


• the number of spams hitting my blog comments have increased consistenly everyday. hence, spam karma2


• and oh, i sorta like broke my personal benchpress record at the gym the other day. they say "no pain, no gain". i guess it makes sense.


• but my gain in mass (muscle mass) has been consistently low for the past 3 months


• teach yourself programming in 10 years. true in a way. five years of php and i'm still not good at it. 3 years of OOD & OOP and i still go "oo-what?". same can be said of life, i guess. lots of relationships, and i can't still maintain one for more than two years.

and oh - if the status of my IM has the words 'brazil' in it, by no means that has anything to do with world cup. it practically means that i'm pulling long hours of coding. imagine a long plane trip, to brazil, how boring and torturous can it be?

listening to: bjork - yoga