The First Week

Looking forward to going to work Is a feeling that I’ve never felt before this week. It’s an odd feeling, and one I don’t know if I will ever completely get used to. Of course, I’m sure the feeling will wear off after a while.

In the past week, I have gotten a number of experiences that I would not have gotten any other place. My first two days were spent trying to break into a web application on a VM. Although I managed to get access to a few things, I never really got that far.

Today presented a similar scenario. In a virtual network, there were a number of computers: some desktops and some servers. I had to gain access to some “fianancial information” hidden on a server, using exploits in the other machines to gain access. Although I needed a few hints here and there, I managed to get the sensitive information using a variety of tools, including two kernel exploits, sqlmap, Nmap, Metasploit, and RainbowCrack. It was a really fun experience, and I’m glad I got to take it for a test drive.

The icing on the cake for today, however, was using a decompiler to disassemble a fake program requiring activation and bypassing the registration. From the information gathered we made a keygen using 3 different methods. Doing so requires a bit of smarts and a lot of assembly knowledge, which is something I don’t have a lot of. With some help though, I managed to crack the registration, which was an exhilerating experience.

These experiences are pretty much all thanks to Ron Bowes, one of the guys I’m working with. I’d call him an IT Professional (he’s certainly skilled enough), but he might laugh at me for such a remark. The virtual network was all designed by him, and he walked me through the application hacking, showing me every step and how it was done. I certainly have no intentions of using any of that knowledge to break the registration information for any program for any reason other than my own personal development, but it was still a really amazing experience. He keeps a blog on his homepage (I’m mentioned in a recent post), and it’s certainly an interesting read.

A final thing that I’m working on at work is a suitable replacement for Burb Suite, which is an application for attacking web applications. It’s a really powerful program, but there’s three main problems with it: it’s closed source, you have to pay for it, and the Swing interface is god-awful ugly. Other free utilities lack in either power, the user interface, or both. So, upon approval from a supervisor, I might be helping to develop a free open source alternative which would be released into the public domain. We’ve decided to program the backend in Ruby, and so far it’s going really smoothly. In just one day I almost have the proxy designed, and I’m looking forward to getting the backend completed.

All in all, work is great so far. Getting paid to do something you love is amazing.

Five Sites To Waste Your Time On

Well, I start my new job today at Manitoba IPC. Next post I’ll talk about that, but seeing as how I will have only been working for about 3 hours by this point, I won’t have much to go off of. In the mean time, here’s a couple amusing sites if you have nothing to do and feel like burning some time.


We’ve all come to realize that IRC chat rooms are the source of a lot of junk online. It also tends to act as a cesspool of stupidity, amusing stories and typos that end up embarrassing somebody and also providing entertainment for quite a while. QDB is a collection of submitted quotes from IRC. Many are obscene, some are geeky, and most will probably cause you to at least giggle a little. (For more, check out

2. Lifehacker

Lifehacker, although one could waste plenty of time on it, will hopefully help you streamline your life. The site provides a number of tips to improve productivity or perform certain tasks by a cheaper alternative means. It’s kept in my daily reading because of some of the ingenious things that they come up with.

3. TED

TED’s slogan is “Ideas Worth Spreading”, and that is certainly what they do. The site is filled with over five hundred talks about science, technology, art, psychology, and many other topics. Some of the most amazing ideas have come from TED talks. I guarantee that if you like to be amazed, this site will chew through your bandwidth like a teething puppy.

4. StumbleUpon

Create an account, tell it what you’re interested, and click Stumble. StumbleUpon finds a page which matches your interests. That’s what StumbleUpon is all about. For each page you visit, you can tell it if you liked it or not, and it will further refine your Stumbles. I highly recommend the Photography topic.

5. Wikipedia

I shouldn’t need to tell you what Wikipedia is. If I do, you need to educate yourself. Wikipedia is the one big free encyclopedia online. It’s accessible, it’s full of information, and covers every topic imaginable. The best part: it has a Random Page link. Click the link, go to a random page, and repeat.


Over the next few weeks, there will be a lot changing in my life in many different aspects. I expect it might be an interesting experience.

As many of you may know, I run a site called H2H Security Group, which has been an ethical hacking knowledge base. Over the past few months, there has been little-to-no contributions to it, and it doesn’t seem reasonable to keep the site up and running without any participation from other members. My interests have also shifted (matured, if you will) to encompass development-related topics rather than hacking, and I believe that another style of site would suit my interests more than this one. As such, I have decided to take down H2H. It was a hard decision to make, but I believe that my knowledge and expertise would be more suitable in a development site. Therefore, rather than simply removing a part of myself from the internet, I have decided to replace it with a development site. I realize that there are a lot of them out there, but this is something that I am much more passionate about, and will coincide much more with my interests in web development. Hopefully I will be able to attract more people interested in topics similar to this.

H2H spent a lot of time up and running because of its members. Specifically, I need to personally thank Aaron Goldsmith (aka AltonRashmire) and Sam Jenkins (aka Satal Keto) for their donations, dedication, and hard work. Their support, both technically and monetarily, has meant that H2H has survived for much longer than expected. They have earned both my respect and my friendship, and I will no doubt keep in touch with them, hopefully on my new development site.

One thing that certainly held H2H back was the hosting I went with. I have been with Lunarpages for 2 years now, and I have decided to move on due to lackluster tech support (a phone call I made to them which was not toll-free resulted in me yelling at the person because he was completely unaware of the DNS exploit which resulted around that time which crippled my site) and significant downtime as of late, which has been severe enough to even take down their own site. Add to that the additional costs for simple things like installing SSL certificates, and you have one unhappy customer. I am now starting a web hosting company with a few friends, which will be an eco-friendly web host. If you are looking for a good deal on hosting, contact me; mention this blog post, and I’ll take $1 off per month, which works out to 20% off (this offer good until the end of September 2009). I’ll bring you more information on the new host when it is purchased.

Finally, I start my new job in a week and a half, at the Manitoba Information Protection Centre. I have been looking forward to this for quite a while, and I expect it to be an amazing experience. This will certainly be a great learning experience, and definitely be a great source of income, which will be needed to fund my technology addiction.

That’s all for now. More later. Sorry for not following my schedule. I’ll work on that.

Car Upgrades, Pt. 2

My car, a 1994 Plymouth Acclaim, was given to me by my grandpa. At the time, I wasn’t entirely sure that I wanted it. After all, it looks like the only person that should drive it should be someone who is 80+ years old (which, as it stands, is fitting for my grandpa). Don’t get me wrong; I’m grateful to have it, and it runs amazingly well, but it makes me feel old. Not “old” as in 25 years old, but “old” as in 60+ years old.

That being said, I’ve done my best to make it my own. Last post I made, I mentioned my sound system, which has received three solid upgrades since I got the car. Although I put a fair amount of money into it, I’m okay with that because everything I put in I can remove in a few hours so that it can be put into my future new car. Next upgrade I did was install some neon lighting inside, which looks amazing, even in my car. I like it so much that I’m going to be putting more inside. Even simple things like getting nice windshield wipers make the car look that little bit better.

I do have some other plans, however, and I’m hopeful that they’ll turn out well. The next thing I’m going to try is painting the car interior.Not all of it, but just the vinyl frame around the interior of the car. As far as customization goes, it’s pretty easy to go. I’ll be using a basic, flat black spray paint, and I’ll do each part one at a time, and hopefully it will make the car look a little sleeker. The entire interior is an off-gray, and I think it needs something to make it look a little sharper. While I’m at that, I’ll also touch up the paint on the outside with one of those touch-up pens. There’s a few nicks in the paint that I’d like to clean up, and it will certainly make the car look cleaner.

The only other thing that I might consider paint-wise is to paint the exterior of my car. My dad actually made the suggestion, which caught me a little off-guard. Regardless, it would be a great learning experience, and could potentially make my car look better. Depending on how creative I felt, I could maybe look into doing a custom design on the side of the car. I think I lack both the creativity and dexterity to pull off something like that, though. I think it would be really fun to learn how to do that, though.

I have a few more things up my sleeve, which I’ll go into next time (I promise next time will be my last car upgrade post for a while). I have a few electrical and fabric things for next time, which I hope to work on this summer.

Car Upgrades, Pt. 1

Due to the recent success I’ve had from getting a job (see a future post) and me having slightly more money than I expected to have at this point in the summer, I decided I would do a bit of celebrating and treat myself. Although I could have looked into purchasing some of those upgrades I need for my server, I decided that I would put a bit of money into my car.

When I first got my car, it was all factory parts. Although it’s old and have no intention of putting any more money into the car than I have to, I decided that it needed a better sound system. I had a simple logic behind this: any sound gear that I put into my car, I can pull out in a few hours when I get a new car. My first purchases when I got my car were a new deck and speakers for the interior. Within a month, I had hauled an old amplifier out of my basement (which was found in the middle of the street) and bought the cheapest sub woofers I could find (2 10″ subs with enclosures for $70), and put those in my trunk. After those subs got stolen (the joke’s on them – those subs were crap!), I decided that I would do an upgrade – to a Sony 800W amplifier and a 1000W Pioneer Premier 10″ sub, and a Stinger 1 Farad capacitor to help with the powering of said system. My system has been like that for about 9 months now, and I decided that I would put new parts in.

I decided that I would get two 6″x9″ speakers, enclosures, and another Sony 800W amplifier to power them. Although putting the speakers in the trunk would initially seem like a ridiculous idea, I left enough slack in the wiring for them to be pulled out of the trunk for public events where portable sound is needed, such as any Lindy Bombing events that UMSwing puts on. Although I had to remake some wires (and I almost ran out of wire to use!), installation went off without any problems.

One thing that I was toying around with and decided to do as well was to try putting neon lighting in my car. Now, this would normally be a waste of money for an old car like mine. After all, who wants to spend a few hundred dollars on StreetGlow? But, I assure you I didn’t spend that much. In fact, I only spent $40. Rather than buy glow designed for cars, I decided that I would simply use Cold Cathode tubes from Logisys. It required a bit of wiring hacking, but I managed to put two 12″ tubes in my trunk and two 4″ tubes in the front dash by the feet. So far, it looks amazing, and I’m going to get more later to replace the old lights in the car with LEDs so I can actually see things in my car.

I also replaced the windshield wiper blades with some snazzy-looking red ones to go with my car, but that’s not particularly important. After studying today I plan on doing a good cleaning of the interior and possibly the engine. I’m also going to get a paint touchup kit, but that’s for another day. I’ll be sure to post pictures of my trunk (and the neon) soon.

The Investment

Due to the recent complete failure of my server, I’ve decided to plot of some of the purchases I need to make in order to secure my storage space a little more (and to make my server able to take over the world a little bit more, thereby helping along my plans for world domination). Amaretto, the name of my server, hasn’t had a proper upgrade in quite a while, and is in need of some new parts in order to ensure its well-being.

Due to the massive costs associated with building a server, I’ve built the server in small pieces rather than just dropping all the money at once. The system started off as a 500GB hard drive and a $15 case. I slowly added more hard drives (3 more), then upgraded the case twice (first to a Cosmos 1000, and then to a Norco RPC-4020) to deal with my expanding storage needs. Now, my motherboard has hit its limit in terms of SATA drive slots, so it’s time to start looking at larger hard drives and a RAID card.

On the recommendation of a number of trustworthy sources, I decided to go for a 3Ware RAID card which will handle an additional 4 drives and will get me properly started on my new RAID. The choice if hard drives is still up for grabs, though.

Because I will be using the drives in a hardware RAID, I will be buying RAID edition drives, which cost significantly more. Although I would normally go for a Seagate drive, they currently offer the worst warranty on all drives: a measley 3 years. On top of that, they are also the second-most expensive. Instead, I’m leaning towards the Samsung F1 RAID drive. Not only is it the cheapest, but it also has a whopping 7 year warranty. The user reviews were also promising and nobody had any serious problems with them.

All of that will set me back about a grand, so it will have to wait until I have paychecks coming in. Next purchase is a new motherboard and CPU, but I’ll talk about that another time.


For the past two years, I have been running a small personal server out of my house. Well, I guess “small” is a relative term. To be more specific, it was a Fedora 8 server with 2 terabytes of storage for my backups, music, and Subversion repositories. Along with my desktop, it was my pride and joy; everything was custom-built, the distro was actively maintained, and all of the configuration was done by a two-factor encrypted console.

Notice the use of the past tense. Was. On Monday I noticed that I was getting read errors on my drives, although I wasn’t sure which one (I had 4 drives). Although I went to bed with a (mostly) working server, I woke up to a system that wouldn’t boot up because the partition information. After fumbling with different recovery methods to try and get my data off, I came to the conclusion that I wasn’t going to get the data off; it was gone, possibly because of my recovery actions.

Needless to say, I was more than a little devastated. Although I can rerip my music, I can’t get back the Subversion repositories; those are all gone, along with all of the revisions I’ve made on projects.

Despite my demotivation, I took this as one huge learning experience. Although I had made backups of some of my work, it was still on the same drive and partition, and I should have considered them just as vulnerable as the originals. When you can’t make consistent backups on a different system, RAID your drives.

I’ve since reinstalled my server as a 1TB RAID10. Alrhough this means I have half the space to work with, it also means that I have 100% redundancy. So, if one of my drives fails like what happened to me, all I have to do is pull out the drive, put a replacement in, and the system will copy all of the data over to the new drive. The best part about all of this is that this all happens on-the-fly; no downtime, no rebooting, and no manual work except for adding the drive to the RAID configuration.

In short, if you take one thing away from this, remember to back up your stuff frequently, even if it’s just on a flash drive or external hard drive. When your original fails, you’ll thank yourself for that backup.

The Waiting Game

While taking a Computer Science degree at my university, I have the option of participating in the Co-Op program, which will help me get intern positions at firms in the Computer Science field. The positions range from performing basic technical support to working on active projects with the rest of the team at the firm. I will hopefully be starting my co-op term this September, and I’m looking forward to the plethora of new knowledge I will gain from the experience.

All in all, I applied for a whopping 17 positions. Normally, I wouldn’t have applied for so many, but this is my first co-op term, and all of the other students going into a work term this September will be in their second work term; in short, I’m at a natural disadvantage. So, in order to increase my odds of getting a job, I’ve decided to apply for a ton of jobs (all that I would find interesting, mind you), in order to (hopefully) guarantee myself a position. The one job I would kill for, however, is at a web design firm called Tipping Canoe. The firm focuses on PHP and MySQL development, which is exactly what I’m interested in. There are a number of other technologies, such as Sphinx and memcached, which would be invaluable for any large scale development I may work on. Other reasons for liking the job include the location, which only requires that I take one bus to work, and the work environment, where they offer a casual, relaxed work environment in the Exchange district and they refer to their employees as Coding Ninjas (!!!). From what I’ve heard they prefer students who have little-to-no PHP experience, but I still have a lot to learn even though I’ve covered some of the basics.

Unfortunately, I’m not in a position to be picky for which position I get. If I get the position at Tipping Canoe, I’ll be happier than <insert happiness simile here>, but I should be just as satisfied with a tech support position. Anything I get will teach me more and give me real world experience, which is what this opportunity is all about. Any job I get will help me develop my skill set, and there’s always the opportunity to apply for them another year if I don’t make the cut. What it comes down to is that I’ll be making money doing something that I love and learning more about it at the same time. It’s hard to pass up an opportunity to get paid for doing something you love.

And Tipping Canoe, if you’re reading this, I’d love an interview. Pleeeeze? Can’t help to ask, I guess…

Decisions, Decisions

This August I have to deal with a problem that arises every three years.

Right now, I have about two months to decide what I will do with my cell phone. Although I currently have a Sony Ericcson w600i and am quite happy with it, it’s on its last legs and I’m starting to notice things that aren’t working properly. I’m also looking forward to jumping on the smart phone revolution.

I’m currently torn with what path I should take, however. Although I never would have said this a year ago, the iPod Touch is one of the coolest pieces of technology I have ever used, and therefore the new iPhone 3GS is one of the potential phone choices. I would prefer, however, something that I could write my own programs for. Google’s HTC Dream is also a fun phone. I have tried out a friend’s phone and was very impressed by it, although I was disappointed by the performance for simple things like smooth graphics on scrolling menus – something my iPod does better. Finally, there is the default of a Blackberry, but I was never quite sold on them on any particular point.

I’m torn between the Dream and iPhone for a number of different reasons. I’ve grown very fond of the iPhone for the intuitive design, smooth look, and functionality. There’s a lot of features which I’ve gotten quite used to; even things like the on-screen keyboard I am used to and have no trouble using anymore. That being said, I can definitely think of a few applications worth making, but Apple has cornered the development market for their product by forcing all users to develop on Apple systems only.

Of course, the decision on a plan depends on what phone I get and how much data I use. Although I could get away with a cheap $30 plan, I could go for something a little more impressive and get a hefty data plan, allowing me to stay connected wherever I go. Unfortunately, it looks like Rogers doesn’t offer cheaper plans with the iPhone, so I might be hooked in for a little more than I wanted to. Although I tried to price out some plans on the internet, it was really hard to figure out what would be the cheaper option. I don’t mind spending a little more up front for an overall cheaper plan, but I might have to go in to talk with a Rogers representative to figure out what is the best option for me. As always, I welcome suggestions and recommendations from the peanut gallery (ie. you) as to what route I should take. Personal experiences with this might prove to be more beneficial than the knowledge of a Roger’s representative.

On an off-topic note, a number of you have mentioned that the background should stay put on the site to make things easier on the eyes. I’ve heard your cries of pain and agony, and am working on it. It’s not as easy as just fixing the background with CSS. But, it’s in the works.

Testing Out Fedora 11

A few years ago, I made the switch on my laptop from Windows to Linux. If I had to summarize the experience, I’d say it’s been…well…an experience. It’s had its ups and downs as I tinkered around with more distributions than I can remember (I can think of 7, not including different architectures). I initially made the switch because the recovery disks I had burned for my Windows installation weren’t working, and I needed a suitable alternative, preferably one that wouldn’t bust the bank and would be easy to use. Linux satisfied (and in some cases, excelled) in both of these.

After much deliberation and testing, I finally decided on the Fedora distribution, which I am still with to this day. Ten days ago, they released their newest distribution, Fedora 11 (Codename Leonidas), which added a whole slew of new features. Although I only have a day or so with the new distribution, I’ve tested a lot of the new features. They are nicely separated into both Technical and Non-Technical.


20-Second Boot Time

The first problem anyone seems to have with computers is that they take too long to boot up. Fedora 11 helps a lot with this by aiming for a 20-second boot time, from the time you start your computer until the time you log in. It was about 35 seconds for me on a 3 year old laptop, but regardless, that’s a huge improvement over, say, Vista’s 2-minute boot. If 35 seconds isn’t fast enough for you, you might want to loosen up your schedule a little.

Improved Touchpad Support/Features

The one complaint I always here about touchpads on laptops is that people accidentally click on things while they’re typing, moving the position of the cursor and inadvertently typing in the middle of a previous paragraph. The newest upgrades to the touchpad drivers are amazing. You have the option of disabling the touchpad while typing, and enabling or disabling mouse clicks by tapping on the touchpad.

My personal favorite, however, it the addition of Multi-Touch scrolling. Rather than having to run your finger along the side of the touchpad, two fingers can be used to scroll. You also have the option of enabling horizontal scrolling. The best part is you don’t need a touchpad specifically designed for multi-touch; it works great on mine without any problems.

Nice Graphics

Ok, although a little technical, I’m still putting it in here because who doesn’t like smooth-looking graphics with direct acceleration? Enabled from the kernel level, direct acceleration worked right out of the box for me, which means desktop effects work without any configuration. Those who are a little more tech-savvy can obviously look into the coveted Compiz installation.



Yeah, that’s right: the ext4 filesystem is now standard on Fedora. The filesystem now supports filesystems over 1 exabyte and files up to 16 terabytes in size. If you’re going to be creating filesystems or files that large, you don’t need to read this review. There are a whole slew of improvements made over ext3, which should make for an overall more reliable experience.

2.6.29 Kernel

The new kernel runs great for me. There’s been a lot of new features added, and far more than I can go into depth with. I have yet to have a crash yet, so that is always a good sign.

GNOME 2.26.1 and KDE 4.2.2

Those that have seen the older versions of KDE (ie. pre-4.0) I’m sure remember how “immature” it looked. I always got the impression that it was geared for pre-teens. KDE 4 changes all of that, and makes me seriously reconsider using it. Not only does it look nicer, but everything is well laid out in the menu, and the desktop widgets are integrated into the Desktop Environment. GNOME looks as regular as it always has, but makes some good strides in menu locations and the included applications.

Firefox 3.5b4 and Thunderbird 3

I have been waiting quite a while for both of these to appear in a distribution. Firefox 3.5 is great so far, and Thunderbird looks very promising as well.

Smaller Footprint

Gone are the days of yonder when a Fedora installation was a 3.5GB DVD download with the inability to test it out beforehand. Fedora has reduced the size of the installation media to a staggering 690MB LiveCD, reducing bandwidth usage and and letting you try the distro out before installing. This is one of the best things Fedora has done, and I’m really glad they made the switch.


I’m so far really happy with this new release. It’s been stable and a lot of new features have been added which helps affirm my decision to stick with Fedora. If you happen to be considering making the switch from Windows, I recommend checking it out. The LiveCD allows you to try things out before installation, which will let you test the waters before plunging in to the deep end.