• The Author – Bart Busschots

  

  • About
  • On Flickr
  • On YouTube
  • On Mastodon
  • On Twitter

  
  

  

  

  

  

  

• Site Search

  
  

• Site Map

  • About Bart
  • Blog
    • My Development Toolkit
    • Programming by Stealth
    • Taming the Terminal
    • Photo of the Week
    • Observer’s Log
  • Photography
  • Publications
    • Podcasts
    • Presentations
    • Software
      • HSXKPasswd – A Secure Memorable Password Generator

• Blog Categories

  • 42 (Life the Universe & Everything)
  • Computers & Tech
    • Automation
    • Security
    • Software Development
    • System Administration
  • Cooking & Food
  • History & Geography
  • My Projects
  • Photography
  • Polemics & Politics
  • Science & Astronomy

• Featured Tags

  • presentation
  • review
  • software release
  • tutorial

• Creative Commons

  Unless otherwise stated, the content on this site is licensed under Creative Commons Attribution, Noncommercial, No Derivative Works 3.0 License

  

When Apple announced the app store I was a little nervous, but I could see the positive side and was prepared to believe that Apple would be good gate-keepers. It soon because clear I was too optimistic. I was already annoyed with Apple when they started to impose their taste on the world by banning joke apps they didn’t approve of like Slasher and Pull my Finger. Myself and Allison had a big argument about it a little over a month ago on NosillaCast Episode 164. Allison felt that Apple should be allowed to choose what to sell in their store, and she has a point, however, when you block all other options and make yourself the sole distributor of software for an entire platform it’s not wise to go all Victorian with your policies. Obviously Apple CAN block what ever they want, I just think they shouldn’t because it’s bad for users, bad for developers, bad for the platform, and hence, bad for Apple. My solution was simple, have a rating system. If you think something is rude or in poor taste give it an explicit rating! At that stage we were just talking about matters of taste, this week things have taken a very different turn and Apple have moved on from Victorian prudishness to anti-competitive and anti-use practices. They have denied a better podcatcher access to the store because it competes with Apple software. Granted, Apple use the word “duplicate”, but it comes to the same thing in my mind, if you’re not allowed to duplicate any functionality Apple implement then you’re not allowed to compete and that’s bad. To be honest I’m shocked Apple were so blatant about this. When you start creating monopolies for yourself and then banning competition it’s hardly a massive leap to jump to “anti-trust”.

[tags]Apple, iPhone, iPod Touch, App Store, developers[/tags]

Read more

Tagged with: Apple

It’s taken them months, but Apple have finally caught up with the rest of the world and patched the critical DNS flaw disclosed in early June. This is Apple’s second attempt at patching it, they did a very poor job on their first attempt, but thankfully they seem to have gotten it right this time. It’s taken Apple over three months to patch OS X, this is totally rediculous considering Apple users the standard ISC implementation for both their DNS server and DNS resolver in OS X. ISC released patches on the 8^th of June, it took Apple till the 15^th of September to get their update out!

For a more detailed look at the two major security updates Apple released in the last few days (one for iPhone/iPod Touch, and one for OS X 10.5 and 10.4) check out my analysis on the IMP blog.

[tags]IMP, DNS, Apple, OS X, security, vulnerability[/tags]

Tagged with: DNS • vulnerability

Update (18 June 2012) – A more up-to-date version of these scripts can now be found here.

My Myers Briggs personality profile insists that I “prefer economy of effort”, you can probably translate that to “is a lazy sod”. Because of this I like automating repetitive tasks. It all started when I wanted a quick and easy way to prepare my images for posting to my website. I wanted them resized with my URL and the Creative Commons icon added in, and I wanted to be able to process a whole directory of images in one go. I started by playing around with the GD libs in PHP, but soon realised it would be quicker and easier to use Perl to shell out to the command line tools from Image Magick. At the time I wrote a post on my choice to do this which also contained the initial code. That code has been expanded and evolved since, and now includes functions for rendering nice (in my opinion) borders and titles on my better images. If you want to see examples checkout the Photo of the Week category on this blog..

[tags]Perl, Image Magick, script, programming, image processing[/tags]

Read more

Tagged with: Perl • scripting • Image Processing • open source • software release • tutorial • WebifyIMG

The problem with .Mac (the previous name for Mobile Me) was never the concept, nor was it what was promised, the problem was always the implementation. I expressed my views on .Mac back in January 2007 in a post entitled “.Mac – The Devil is in the Implementation”, and nothing has really changed since. I had high hopes that Mobile Me would finally give us the .Mac we’d always wanted. If all Mobile Me had been was a working version of .Mac without any new functionality it would have been great! However, since it’s launch Mobile Me has just been one disappointment after another. Things started badly when it took them days to get the system even remotely stable, got worse when they permanently lost thousands of people’s email, and didn’t improve at all when we found out Apple had lied to us about push.

[tags]Apple, Mobile Me, .Mac, iDisk, security[/tags]

Read more

Tagged with: Apple • review • cloud service

This is just a quick guide to getting BibTeX to work in a LaTeX document. This is not meant to be an introduction to BibTeX for someone who’s never heard of it, but rather a cheat-sheet for those of us who don’t use it quite often enough to remember the details without a little help.

First you need to create and manage your bibliography database (.bib file). You could do this by hand, but if you’re on OS X I’d highly recommend BibDesk. Much simpler.

Secondly, you insert citations in the document using the \cite{} command. Each entry in your bibliography database has a separate citation key, you use this key to insert a reference. For example, if my bibliography database contained a reference with a citation key ‘Busschots2008’ I’d insert a citation to that reference with the command:

\cite{Busschots2008}

Thirdly, you need to include your bibliography in your document. To do this you need to set a style for it, and then include it. If you’re not sure what style to use start with plain. Assuming your bibliography database is in a file called Sample.bib, you’d include it with the following code (notice that you don’t add .bib to the end of the file name):

\bibliographystyle{plain}
\bibliography{Sample}

Finally, to render the document you now need to run your document through both BibTex and LaTeX in the following order:

1. latex
2. bibtex
3. latex
4. latex

Tagged with: LaTeX • tutorial • BibTex

I listened to Dan Kaminsiki’s Black Hat talk on the DNS flaw he discovered this afternoon (it’s on the web). I was disappointed by the lack of technical details, particularly about the client attacks, but it did answer some of my questions. For me the biggest deal was that yes, clients are vulnerable, and yes, clients do need to use port randomisation. This is what Apple failed to do in their latest update, and what Apple now need to do ASAP. Dan described the server flaw as being like a nuke, and the client flaw as being like a sniper, both will kill you if they hit you, but you defend against the nukes first, hence the focus on servers.

Another key point is that this is a temporary fix, not a permanent fix. By adding in source port randomisation we’ve bought ourselves some more time, probably a few years, but as networks continue to get faster, even this boost of entropy will cease to be enough. There are two permanent fixes, but neither are easy to deploy, and since DNS is a global system it will take time, and probably the patience of a saint, to get either implemented. At the core of the problem is the fact that DNS uses UDP, which is a connectionless protocol, making it easy to spoof packets. One way around this is so-called DNSSEC, which extends the current DNS architecture to use certificates to authenticate responses. Another solution would be to switch DNS from UDP to TCP. Both sound simple, but no change to DNS is simple, and if you get it wrong you literally kill the internet!

Bottom line, we haven’t heard the last of this yet, not nearly!

[tags]security, DNS, Blackhat, Kaminsky[/tags]

Tagged with: DNS • vulnerability

It’s funny how one thing will often lead to another. It’s not long since I joined the production team of the International Mac Podcast, and now I’ve been invited to join the pool of panellists for the Mac Round Table Podcast. The MRT is a very interesting idea. They have a large pool of Mac Podcasters and each week they host a round-table discussion with three to five members from this pool on some Mac related topic. Because it’s a big pool there’s a great variety of voices on the show and no two weeks are the same. If you’re tying to figure out which Mac podcasts to subscribe to, the MRT is a great place to start since you get to hear lots of Mac podcasters in one place. I’m exceptionally honoured to have been invited into the pool. I recorded my first show last night with Don McAllister, Joseph Nilo, Chuck Joiner & Dave Hamilton, so keep an eye out for it on the RSS feed.

Tagged with: podcasting

Yesterday Apple released security update 2008-005 which was supposed to fix the DNS flaw I recently complained about Apple not having fixed yet. Well, it appears that Apple only half-fixed the problem. Yes, they have fixed the BIND DNS server in OS X, but in reality that only protects X-Serves running a DNS server. Sure, regular OS X ships with the BIND DNS server installed, but it’s not on by default, and almost no one turns it on. What we all use all the time is the stub resolver that’s part of OS X, and that’s what Apple didn’t fix. This means that regular Mac users are still not protected from this DNS flaw while just about everyone else is.

[tags]Apple, OS X, DNS, vulnerability, security[/tags]

Read more

Tagged with: vulnerability • DNS

One of the things I really love about OS X is its Unix underpinnings. Under the hood we get all the *nix tools and utilities I’ve come to know and love. Printing with CUPS, remote shell with OpenSSH, Windows sharing with SAMBA, web publishing with Apache, and so on and so forth. This gives OS X great power, but it also places a great responsibility on Apple. Just like with any other software, vulnerabilities surface in open source programs. In general the open source community is very responsive to security issues, and patches are released quickly. Those patches protect those who update, but they leave those who don’t even more vulnerable. The reason for this is that the patches can generally be reverse engineered, making it easy for the bad guys to attack un-patched machines. In order to keep OS X secure Apple need to push out patches in the open source components in OS X to users as quickly as possible. This is where Apple fall down, they are notoriously slow at getting patches out.

[tags]Security, OS X, Apple, DNS, open source, BIND[/tags]

Read more

Tagged with: Apple • OS X • vulnerability

Some of you may or may not know that I’ve been a regular panellist on the International Mac Podcast Live shows for a good few weeks now. I’ve also been blogging on Mac-related security matters on the IMP Blog. As of today I’ve also joined the IMP production team, so expect to hear more of me on the young but expanding IMP network. Although I’ve been contributing to a number of podcasts regularly for well over a year, I’ve never really considered myself to be a podcaster, I guess I am now!

While I’m talking podcasts, I may as well mention my other two regular spots. I do a weekly segment on The NosillaCast called Chit-Chat Across the Pond (or CCATP for short) where myself and the host, Allison Sheridan, chat about some geeky topic for about half an hour. I also do a monthly series on the Typical Mac User Podcast called “Introduction to the Terminal” where I try to encourage people to play with the Unix underpinnings of OS X a little more.

[tags]podcasting, Mac, technology, Apple, IMP[/tags]

Tagged with: podcasting

« go back — keep looking »