Entries for March 2007
March 3, 2007 at 1:06AM What “hypertext as the engine of application state” means
“Have links, will follow.”
Simple as that.
March 6, 2007 at 4:30PM DNS spoofing explained in simple terms
What follows is an excerpt from an email I sent to somebody explaining DNS spoofing. It’s been edited to protect the innocent.
I wouldn’t have any worries if we had a cert on our end so we could negotiate a completely secure connection, but unfortunately that’s not the case.
As things stand, any connection we might make to your servers is not completely secure because we don’t have a cert on this side to prove that the server we’re connecting to is who and what it says it is.
Because of this, a DNS spoofing attack is a non-trivial but relatively easy way to subvert the protection provided by SSL. All the bad guys have to do is make our server think that their server is your server. Once they’ve done that, they can connect to you pretty much invisibly and shuffle stuff back and forward between the your server and ours. Now they’re monitoring the traffic between our two servers.
This particular exploit doesn’t depend on SSL itself having any weaknesses. Once the connection’s up and running, it’s rock solid. However, it’s a rock solid connection to the bad guys who are then relaying the information we sent them across a rock solid connection they made with your server.
That’s a man-in-the-middle attack and it next to no processing power to mount.
For a slightly contrived real-world example of how DNS spoofing works, consider a situation where you’re going to visit a friend who happens to have an evil twin (the person attempting the DNS spoofing exploit) neither they nor you know about. Your friend has moved to a new street and all you have is their postal address and you don’t know where their house is on the street (i.e., you have their hostname but you don’t have their IP address). Your friend’s evil twin has been stalking either you or you twin and knows you’re coming, so they renumber all the houses on the street during the night so you’ll go to the house they’re lying in wait within (this is similar to DNS spoofing).
Now you head off to visit your friend, but because the houses have the wrong numbers, you end up going to the house your friend’s evil twin is in rather than your friend’s house. Once you step in the door, you’ve no way of knowing that the person you’re with is actually a bad guy because as far as you know, you’re talking to your friend.
To get around this, some way to identify the other person is who they say they are and not impersonating the person you want to talk to. In SSL, this is what a cert is for. The digital signature isn’t enough as it only proves that the parts of the message included in it haven’t been tampered with. This, however, is no guarantee that the rest of the message has been left intact.
Nothing I’ve described here requires anything other than a server and a bit of ingenuity, and the kind of people who’d like to get their hands on this kind of information have both in spade.
Now those of you in the audience might think that one way around this would be to only allow connections from certain IP addresses, but you’d be wrong because the attacker could use IP spoofing. The only real way to securely talk to another server is for the client to have a cert so that it can prove it isn’t lying about who it is.
March 9, 2007 at 11:41AM A note on svn:externals
You cannot use svn:externals to pull in arbitrary files. This property can only be used to pull in directories. Suckage.
That bit me in a big way today. ![[sad]](/images/smilies/sad.gif){kind=small}
March 13, 2007 at 3:25PM Sane vim tab navigation
To make tabs in Vim 7 usable, add this to your .vimrc:
" Sane tab navigation :nmap <A-PageUp> :tabprevious<cr> :nmap <A-PageDown> :tabnext<cr> :map <A-PageUp> :tabprevious<cr> :map <A-PageDown> :tabnext<cr> :imap <A-PageUp> <ESC>:tabprevious<cr>i :imap <A-PageDown> <ESC>:tabnext<cr>i :nmap <C-n> :tabnew<cr> :imap <C-n> <ESC>:tabnew<cr>
March 14, 2007 at 12:44PM Twitter: can somebody explain the point (or attraction) behind it?
I’m really quite puzzled. It doesn’t seem like anything that you can’t do in a forum, weblog, or IM.
March 14, 2007 at 2:46PM My .vimrc
For my own reference and for those geeky enough to be interested in this kind of thing, here it is:
" Default tab settings: I like an indent of four across the board.
set tabstop=4
set softtabstop=4
set shiftwidth=4
" How I want Vim's GUI to appear.
set nocompatible " Get rid of the VI-isms I dislike.
set toolbariconsize=tiny
set ruler " Show where we are in the file.
set showmode " Because I'm stupid and like to know what mode I'm in.
set history=50
set visualbell
set showcmd
set nobackup
set incsearch
set backspace=indent,eol,start
set enc=utf-8
set tenc=utf-8
set laststatus=2
set statusline=%<%f%h%m%r%=%l,%c%V\ %P\ %{&ff}\
"set guifont=Monaco\ 8
set guifont=Consolas\ 9
syntax on
colors koehler
" Don't use Ex mode, use Q for formatting. Ex is annoying anyway.
map Q gq
" Switch syntax highlighting on, when the terminal has colors
" Also switch on highlighting the last used search pattern.
if &t_Co > 2 || has("gui_running")
syntax on
set hlsearch
endif
" Only do this part when compiled with support for autocommands.
if has("autocmd")
" Enable file type detection.
" Use the default filetype settings, so that mail gets 'tw' set to 72,
" 'cindent' is on in C files, etc.
" Also load indent files, to automatically do language-dependent indenting.
filetype plugin indent on
" Put these in an autocmd group, so that we can delete them easily.
augroup vimrcEx
au!
" For all text files set 'textwidth' to 78 characters.
autocmd FileType text setlocal textwidth=78
" When editing a file, always jump to the last known cursor position.
" Don't do it when the position is invalid or when inside an event handler
" (happens when dropping a file on gvim).
autocmd BufReadPost *
\ if line("'\"") > 0 && line("'\"") <= line("$") |
\ exe "normal g`\"" |
\ endif
augroup END
" Settings for various modes.
autocmd BufNewFile,BufRead,Syntax *.rb setlocal sw=2 ts=2 sts=2 et
autocmd BufNewFile,BufRead,Syntax *.scm setlocal sw=2 ts=2 sts=2 et
" automatically give executable permissions if filename is *.pl
au BufWritePost *.pl,*.cgi,*.sh :!chmod a+x <afile>
else
set autoindent " always set autoindenting on
endif " has("autocmd")
let php_noShortTags=1
"let php_folding=1
set background=dark
" Sane tab navigation
nmap <A-PageUp> :tabprevious<cr>
nmap <A-PageDown> :tabnext<cr>
map <A-PageUp> :tabprevious<cr>
map <A-PageDown> :tabnext<cr>
imap <A-PageUp> <ESC>:tabprevious<cr>i
imap <A-PageDown> <ESC>:tabnext<cr>i
nmap <C-n> :tabnew<cr>
imap <C-n> <ESC>:tabnew<cr>
March 15, 2007 at 5:49PM How to break your terminal horribly with Vim (under Ubuntu)
I’d a bunch of files I needed to edit quickly and they were scattered all over the filesystem, so I tried this:
find . -name readme.txt | xargs vim
Should be fine, right? Hah!
Vim complained “Warning: Input is not from a terminal”, and I thought to myself, “Hmmm... why’s that happening? After all, xargs is just building up a bunch of command line arguments, right?”
I edited all the files and exited the error, but my keyboard was left behaving oddly, so I ran reset to fix the problem. Did that help? Only a bit: it fixed a few of the problems, but backspace and a few other keys were still acting oddly.
Not sure what the problem is, but I’ve a sneaking suspicion that ncurses isn’t cleaning up after itself properly. Very, very odd.
