Technocrat at large

I recently picked up a new lens for my Canon Rebel XTi DSLR camera: the EF 50mm f/1.8 II, to be precise. It’s the first lens I’ve bought for my camera so far, mainly because almost every other lens is god-awful expensive. At only $130, this was a steal of a deal, and if you have a Canon DSLR camera body, I highly recommend picking yourself up one of these.

By popular demand of a few of my friends, I’m putting up a small sampling of the photos I’ve taken with it over the past few days. Although I’m still getting used to the lens, I’m really happy with the results so far. You can check out the full album of new photos right here.

Nowadays, my life has a good amount of its time consumed with either work or swing dancing. I work every weekday, and four nights every week I’m dancing. Being the nerd that I am, I always look for opportunities to intertwine my hobbies, despite them being complete opposites. Being on the executive committee helps a lot with that, since I take the position of Web Administrator and Graphics Designer with UMSwing.

On the way home from an event a couple weeks ago, I was talking with a friend about the hassle of all the paperwork we have to go through every time we have a lesson; we need to fill out transaction logs for each payment, keep track of every person’s attendance for each class, and also mark it on their membership form that they attended and paid for that class. A single person dropping in to that class requires writing on three sheets of paper. When you’re trying to run everybody through quickly, that starts becoming an issue.

This friend, being the kind of person that seems to regurgitate good ideas on demand, suggested to me, “Brian, you’re a developer. Just write a program to do it for you. You’re learning Ruby and Rails, so you can do a web-based backend and a GUI frontend. Problem solved!”. Thus, I sat down and started planning. Rails seems to be yet another one of those languages that lacks any decent documentation or tutorials. If you plan on learning it, pick up “Agile Web Development With Rails“. It is by far the best development book I have ever read. If it’s any sort of selling point, one of the authors created the Rails framework; if he doesn’t know how to use the framework, nobody does.

As a method for potentially helping me brainstorm, I’ve decided to spill out some of my ideas and goals here. I’m only going to discuss a few ideas here; while I would normally immediately distribute this idea into the public domain, I’ve decided to keep this one closed source. If you have any suggestions or ideas, let me know and I will give you credit. Better yet, if you’re interested in this software, get in touch and we can discuss it.

Goals for Dance Site

• Members: Keep track of all members, regardless of how long ago they joined. Eliminate the need to fill out a new membership form every semester. Each member should be assigned a member number, which can be put on a barcode. Keep track of personal information, interests, and attendance. Gather statistics/metrics from attendance vs. month/day/semester, etc.
• Memberships: Handle multiple membership types, including drop-in. Integrate with finances to determine when a user has paid for their membership through drop-ins. Support for online payments through Paypal (ie. Mastercard, Visa, eCheck, etc.)
• Finances: handle per-lesson incomes. Support for multiple lessons per day. Keep track of what is taught during that lesson. Provide unlockable content for each lesson; attendance to that lesson unlocks the content for that member; refresher videos, class notes, etc. Support for discounted membership dates/times.
• Graduated system: attendance of X number of events allows you to attend higher level classes. Ability to override by administrator.
• Mailing List: Separate old members by current members, allowing for class updates to be sent to current members, while global events to be sent to all. Ability to unsubscribe.

I’m sure many of you collect some sort of rewards on a reward program, be it Aeroplan or Air Miles, or some other similar program. Myself, I’m an Air Miles person, and a lot of that has to do with the really good deal that I get for Safeway prescriptions.

But I digest

While casually browsing the rewards catalog online, I was going through the gift cards and subscriptions. I happened to notice a new section for charities. Under there, you have redeem 170 Air Miles to donate $20 to one of three charities: Kids Help Phone, Special Olympics Canada, and the World Wildlife Fund. Unfortunately, Air Miles has yet to add any more charities, but I sincerely hope that they add more than those three. I’ve made a firm decision to redeem a donation for every item I redeem on there.

I’ve never seen this on a rewards site, and I think it’s a great thing to do. Think about how many reward miles you have. When was the last time you redeemed them? Do you think you could spare a few to help a good cause? I hope the answer is yes. Some people don’t donate to charities because they can’t afford it. Now that you can use Air Miles, this should make things a little easier. Alternatively, redeem a gift certificate somewhere you would normally shop, and use the saved money to a charity of your choice. Either way, it’s a free donation.

Just a little food for thought.

Okay, this is going up a day late. My bad. I’ve been busy. Regardless, I have a rant which any programmer can sympathize with.

I’ve been recently programming a proxy in the Ruby programming language, which is known for its code elegance. When you know how to use it, it’s a great language. The problem, however, comes when to learning about the API in the language. To put it bluntly, the documentation is crap. To be more specific, a good amount of it is incomplete, and those sections that are completed fail to follow a consistent fashion. To put things in perspective, there are 108 core libraries included in the Ruby documentation; over half of those libraries have incomplete documentation.

Now, this isn’t that much of an issue if you know how to use the language; after all, there’s no need to go to the documentation when you know the language. The problem comes when you are like me, learning how to use the language, and don’t know what any of the constants for the sockets library do, which is a bit of a problem when you need to program a proxy. See where I’m going with this?

Maybe I’m complaining because I’ve been spoiled on PHP’s phenomenal documentation, which is an amazing feat when it comes to documentation. All of the functions are properly laid out with plenty of cross-references, and tell you exactly what to expect for each and every function. The documentation is a work of art, I kid you not. Don’t believe me? Try learning how to do something complex in PHP using the documentation only, then try to do the same in Ruby.

I have heard some people make the argument that Ruby is open source and relies on its members to do the documentation, hence the lack of it. While I understand this argument, it doesn’t entirely make sense. Ruby has a large band of dedicated followers (think Jehovah’s Witnesses-style) who should have filled in the 1.9 documentation by now. Thinking about it from another perspective, PHP is a free and open source language as well, and look at the detail in there compared to Ruby.

All I’m saying is that Ruby needs to step up its game a bit, otherwise it will have trouble competing for those people looking at learning a new language. If it wasn’t for an amazing IBM document on Ruby socket programming, I would have moved on to another language by now.

Anyways, tune in this Friday for something different. I realize programming isn’t everybody’s cup of tea, so I’m hoping to branch off into something a little different for those of you who either find computers boring, or those of you that simply don’t understand them. As always, I appreciate you reading, and I appreciate even more those of you who tell a friend about my blog .

Hey all, this post will be a shorter one. Not too much to talk about today, but I do have a bit of an insight into the new Apple iPhone firmware update.

After having my iPhone for the past month or so, I’ve found very few problems with it. In fact, I’ve never had a problem  yet.

Well, that’s not completely true. I’ve never had a problem until earlier this week, when the new firmware was released. After about 24 hours of running my phone, I noticed two significant changes. First of all, my battery life was dropping faster than a kid coming off of a caffeine high. Secondly, my phone took a whole 3 seconds (yes, three – I counted) to respond to the “slide to unlock” bar. Those were two things that I was not willing to put up with.

After doing some reading up on the subject, I noticed that I wasn’t alone. Some people blamed the firmware, while others blamed the users. I blame both; clearly the issue wasn’t universal. A hard reset (ie. not using the “slide to power off” slider) seemed to be a temporary fix, but I wanted something more permanent. It seemed the only way to fix this was to do a DFU factory restore. The only catch is that when your phone restarts, you have to create a new phone profile, and NOT restore an existing backup.

The process was relatively painless. I only lost a few photos and my text messages (I’d love to have a way of backing up text messages!), but aside from that I got all of my old data back after loading it on again.  The reset seems to have done the trick; here’s hoping it stays that way.

On September 1st, Microsoft released a security advisory regarding an exploit that was discovered in their IIS FTP service, which you can find here. In short, the vulnerability allowed servers which allowed anonymous write access to be compromised.

Opening up my email, I notice the vulnerability in my inbox, and a message attached asking me to find all the servers in the government which might be vulnerable to this exploit. Now, as you can imagine, it’s not like there’s 50 servers in the government. This isn’t a situation where you go to each server manually and check for the vulnerability. This worked out to be a perfect situation to use nmap.

Nmap, as I had mentioned last post, is a security scanner. It’s powerful: really, REALLY powerful. There’s so many command line switches that they have to use two characters for a lot of them, and they’re case sensitive as well. To top it all off, it also provides scripting support. In layman’s terms, you tell it to jump, and it asks you how high, how many flips it should do, what music should be playing in the background, and what the acrobat’s costumes should look like. You get the picture.

Anyways, the task was put before me to determine which servers were vulnerable, and how many FTP services could simply be turned off. After acquiring a list of IP addresses of assets, I sorted the list, changed each IP to refer to the class C subnet (255.255.255.0 or /24), and remove duplicates. I then came up with a list of IPs which had an FTP service. Some had closed ports, and others were filtered. Some of them were also open. A few quick grep commands and I had narrowed down the list to open Windows boxes. Below, I have the nmap command that I used to find all the servers with FTP running on them. I’d be curious to see if anyone has come up with a similar command that might be useful for this same purpose, and where improvements can be made.

./nmap -T4 -PS21 -p21 -O --max-rtt-timeout 200 --initial-rtt-timeout 150 --min-hostgroup 100 -oG /tmp/WindowsFTP.grep -iL ../WindowsServers24

For this Monday’s blog post, I’d like to stray a little from my typical technology discussions and focus on something far from that: dance. Not just any kind of dance, though. I’d like to quickly discuss swing dancing.

This might seem like an odd topic for a geek to discuss. After all, I’m supposed to be glued to my computer, make obtuse references to nerdy shows and movies, and have a natural inability to talk to women. While all of the above may or may not be true (heh), I also found myself two years ago to have an interest in swing dancing, thanks to a friend who convinced me to go to the University of Manitoba Swing Dance Club (UMSwing) open house (thanks Jacklynn!). Although initially I didn’t think I would enjoy it that much, I found myself addicted by the end of that open house, and walked out that night with a full membership. I’m still shocked that I’m even capable of dancing, but regardless, it’s a great way to get some exercise, meet new people, and get out of the house.

Two years later, and I’m on the executive committee for UMSwing as their omnipotent web administrator. I’ve met a lot of great people through the club, and by being on the executive committee, I can hopefully give back to a club which has helped me a lot. One of the events that is happening in just over a week is this semester’s open house, which I will be MCing. The club puts on one open house per semester, usually within the first few weeks. We pride ourselves on being able to teach anybody to dance, regardless of skill level. You don’t need to bring a partner to dance with, and you don’t need experience. We do some demos, teach you basic Jive, and do some social dancing. Oh yeah, and there’s a bunch of prizes that we will give away.

• Multi-Purpose Room (MPR), 2nd Floor University Center, University of Manitoba
• September 16, 2009 @ 7:00pm – 11:00pm
• Free!
• Prizes!
• No experience required!
• No partner required!

So, if you have nothing to do that night, come out and enjoy yourself.

UMSwing’s classes tend to be geared towards beginner swing dance. If you happen to have swing experience, HepCat Studio is a swing studio that is starting up today at 6:00pm. The first class today is free, and they will teach both beginner and intermediate swing dancing. You can find their website over at http://www.winnipegswing.com.

So, I will continue with random technological rants and whatnot next Friday. Methinks that my next post will probably discuss my upcoming server build and the parts involved. Although I had posted on it a while back, I’ve solidified my decisions for the next server incarnation. It will be awesome. Very, very awesome.

Looking forward to going to work Is a feeling that I’ve never felt before this week. It’s an odd feeling, and one I don’t know if I will ever completely get used to. Of course, I’m sure the feeling will wear off after a while.

In the past week, I have gotten a number of experiences that I would not have gotten any other place. My first two days were spent trying to break into a web application on a VM. Although I managed to get access to a few things, I never really got that far.

Today presented a similar scenario. In a virtual network, there were a number of computers: some desktops and some servers. I had to gain access to some “fianancial information” hidden on a server, using exploits in the other machines to gain access. Although I needed a few hints here and there, I managed to get the sensitive information using a variety of tools, including two kernel exploits, sqlmap, Nmap, Metasploit, and RainbowCrack. It was a really fun experience, and I’m glad I got to take it for a test drive.

The icing on the cake for today, however, was using a decompiler to disassemble a fake program requiring activation and bypassing the registration. From the information gathered we made a keygen using 3 different methods. Doing so requires a bit of smarts and a lot of assembly knowledge, which is something I don’t have a lot of. With some help though, I managed to crack the registration, which was an exhilerating experience.

These experiences are pretty much all thanks to Ron Bowes, one of the guys I’m working with. I’d call him an IT Professional (he’s certainly skilled enough), but he might laugh at me for such a remark. The virtual network was all designed by him, and he walked me through the application hacking, showing me every step and how it was done. I certainly have no intentions of using any of that knowledge to break the registration information for any program for any reason other than my own personal development, but it was still a really amazing experience. He keeps a blog on his homepage (I’m mentioned in a recent post), and it’s certainly an interesting read.

A final thing that I’m working on at work is a suitable replacement for Burb Suite, which is an application for attacking web applications. It’s a really powerful program, but there’s three main problems with it: it’s closed source, you have to pay for it, and the Swing interface is god-awful ugly. Other free utilities lack in either power, the user interface, or both. So, upon approval from a supervisor, I might be helping to develop a free open source alternative which would be released into the public domain. We’ve decided to program the backend in Ruby, and so far it’s going really smoothly. In just one day I almost have the proxy designed, and I’m looking forward to getting the backend completed.

All in all, work is great so far. Getting paid to do something you love is amazing.

Well, I start my new job today at Manitoba IPC. Next post I’ll talk about that, but seeing as how I will have only been working for about 3 hours by this point, I won’t have much to go off of. In the mean time, here’s a couple amusing sites if you have nothing to do and feel like burning some time.

1. QDB.us
http://qdb.us

We’ve all come to realize that IRC chat rooms are the source of a lot of junk online. It also tends to act as a cesspool of stupidity, amusing stories and typos that end up embarrassing somebody and also providing entertainment for quite a while. QDB is a collection of submitted quotes from IRC. Many are obscene, some are geeky, and most will probably cause you to at least giggle a little. (For more, check out http://bash.org).

2. Lifehacker
http://lifehacker.com

Lifehacker, although one could waste plenty of time on it, will hopefully help you streamline your life. The site provides a number of tips to improve productivity or perform certain tasks by a cheaper alternative means. It’s kept in my daily reading because of some of the ingenious things that they come up with.

3. TED
http://www.ted.com

TED’s slogan is “Ideas Worth Spreading”, and that is certainly what they do. The site is filled with over five hundred talks about science, technology, art, psychology, and many other topics. Some of the most amazing ideas have come from TED talks. I guarantee that if you like to be amazed, this site will chew through your bandwidth like a teething puppy.

4. StumbleUpon
http://www.stumbleupon.com

Create an account, tell it what you’re interested, and click Stumble. StumbleUpon finds a page which matches your interests. That’s what StumbleUpon is all about. For each page you visit, you can tell it if you liked it or not, and it will further refine your Stumbles. I highly recommend the Photography topic.

5. Wikipedia
http://en.wikipedia.org

I shouldn’t need to tell you what Wikipedia is. If I do, you need to educate yourself. Wikipedia is the one big free encyclopedia online. It’s accessible, it’s full of information, and covers every topic imaginable. The best part: it has a Random Page link. Click the link, go to a random page, and repeat.

In my area of the city, we recently underwent construction on the busiest 4-way stop in the neighborhood. Every rush hour, the intersection was the main source of congestion, and traffic backed up on to Bishop Grandin. So, they decided that a roundabout would be a better option rather than the 4-way stop.

It was a good idea; they are very common in Europe, and help traffic flow smoothly and evenly. The intersection has been open for less than a week, however, and I’m quite concerned with the performance of it so far. I can conclude one of two possible reasons for this. The first option is that people simply aren’t used to this new intersection. The other option is that we as drivers are too primative of a society to use such an advanced technology. For some reason, I feel compelled to go with the latter of the two options.

One thing that might cause this opinion is the lack of confidence that I have of Winnipeg drivers. Sorry Winnipeg, but we have terrible drivers. Really terrible. As in, if I had a choice, I would stay off the roads entirely. That would unfortunately cut down on a number of opportunities that I’m not willing to pass up, such as the ability to go out and buy food.

Thankfully, there are other ways out of my neighborhood. Perhaps I will stick to those routes until those who venture through said intersection can be trusted. Something about living makes me feel all warm and fuzzy inside, and I very much like to feel warm and fuzzy.