Posted on August 27th, 2008 by Tim.
Categories: General/Misc..
I’m a 1337 hax0r. Don’t believe me? I’ll prove it.
Step 1: Rent some space in a carrier hotel
Step 2: Steal an IP using BGP (Border Gateway Protocol). This is not an exploit! This is how BGP is MEANT to work!
Step 3: Make sure the IP you steal is of a well known update server (for instance: java.sun.com)
Step 4: Spoof an upgrade package with a trojan of your own design.
Step 5: …
Step 6: Profit!
This is a blended attack that would clearly be EXTREMELY successful. This exploit is independent of operating system. The reason this attack works is because many software developers make the faulty assumption that the IP addreses and domain names can be trusted. Not to pick on Sun, they’re not the only ones to get this wrong. Apple, Sun, and Winzip are just a few of the larger companies that have products vulnerable to this exploit. There are likely hundreds of smaller companies vulnerable as well.
The fix is really not difficult. Don’t trust an untrusted protocol. Use SSL. Verify those certificates. And for the love of all that is holy, use certificate signing on update packages!
Oh, and who actually gets this right? Microsoft. Guess SDL works after all.
Posted on June 28th, 2008 by Chris.
Categories: Chris, Games, General/Misc..
Idea in one sentence: Develop a platform that enables a high performance gaming experience over the internet.
Consider it the Firefox of gaming, if you will; bridging the gap between Yahoo Games and Half-Life 2. Where is it?
Posted on May 28th, 2008 by Chris.
Categories: Chris, General/Misc..
Those who have ever done publishing will be familiar with Lorem Ipsum. For those who don’t know, it’s just a long Latin text that’s used in publishing, so designers can do layouts before anything’s actually been written.
That’s the ground for this observation:
Rich Boy’s “Throw Some D’s” is the Lorem Ipsum of rap.
At first I thought the lyrics were pointless, repetitive, and simplistic. Just as a comparison, here’s the song, side by side with Vanilla Ice’s Ice Ice Baby (clearly the pinnacle of hip hop…):
http://www.lyrics007.com/Vanilla%20Ice%20Lyrics/Ice%20Ice%20Baby%20Lyrics.html
http://www.lyrics007.com/Rich%20Boy%20Lyrics/Throw%20Some%20D’s%20Lyrics.html
But that’s the point. Commercial rap has learned that it doesn’t need good lyrics; it needs good producers. Anyone who doesn’t believe that need only look at the charts. (exceptions of course)
And what would be better for good producers to work with then an undistracting, formulaic song with an easy to remember chorus and a straightforward beat?
What you get is plenty of remixes–guest stars, newcomers, and even classical music. [1, 2, 3, 4, 5, 6, 7] Fact is, it’s harder to make a good beat if the lyrics are distracting you (especially if you’re just gonna make your own). That’s the point of lorem ipsum. That’s the point here. Rich Boy happens to illustrate it by having more remixes than you can possibly imagine.
Posted on May 21st, 2008 by Chris.
Categories: Chris, General/Misc., Product Design, Programming, UI Design.
For years I have used and loved Mulberry, perhaps the best e-mail client in existence. So I was greatly saddened to hear that Cyrusoft, the company behind Mulberry, declared bankruptcy a year ago.
I was just as much shocked as dismayed. Mulberry was hawked by so many colleges that I assumed its destiny was all but sealed. College students, as early adopters, would all be exposed to Mulberry and see how wonderful it was, and they’d take it to their jobs, promoting an almost viral spread.
I guess the Thunderbird/Outlook duopoly was just too strong for Cyrusoft to handle. However, all is not lost, as Mulberry is available for free now.
Let’s take a look at all the wonderful features of this program! (full article)
[originally started a long time ago]