Jedi/Sector One's random thoughts - Home

How to flush the resolver cache on OSX

2008-11-20T21:42:00Z

Flushing the local DNS cache is a common operation, especially if you have to deal with servers IP changes or if you need to tweak your /etc/hosts file (that also seems to get cached on OSX).

As finding the command in order to do so isn't straightforward, here's the magic command:

dscacheutil -flushcache

Recent security flaws you might care about

2008-11-18T00:45:00Z

Send9 found an exploitable heap overflow in the Opera web browser. Opera was notified around the time Opera 9.6 was released. Opera 9.61 and 9.62 were released since, but still no fix, so he released a public exploit for Opera 9.62. Very bad times for Opera, as every recent releases mainly addresses security flaws that weren't handled seriously when reported (see FM changelogs).

Another one you might care about: Plaintext Recovery Attack Against SSH, an attack verified on OpenSSH running Debian GNU/Linux.

Have phun.

Yet another fast CSS3 selector implementation

2008-11-12T15:07:00Z

Samuel "Xilinus" Lebeau released Bouncer, yet another CSS3 selector implementation.

It still lacks some features, there's no benchmark yet, but it doesn't use eval(), it doesn't use listeners, it works bottom-up and the code is very small and slick.

Big life secret: how I manage my money

2008-11-06T23:34:00Z

Here's a very personal secret: how I manage my money.

Let's face it: I never was able to manage my money, or even to know how much I have (ot not) without any helper. Since I joined Skyrock my income is quite constant. But before, it was a complete mess, since I was juggling with part-time and short-time position and freelance jobs.

Some people seriously track what's happening to their bank account. Some people need no helper to always know what's going on. Some people know how to spare. I never was able to do anything like that. Never.

Software like GNUcash is probably a great way to manage one's money. I tried it multiple times, among with tons of other similar software and it was a complete failure. Way too complicated, way too lousy to keep up to date. Even software advertised as "for dummies" felt lousy and too complicated for a dummy like me that just has an income and pays regular stuff. Sounds like this kind of software is made for people with plenty of money and plenty of accounts.

About 20 years ago, I wrote a very basic (and in GfA-Basic) money tracker. 20 years later, I'm still using something similar and I'm still unable to use anything else.

Here is a screenshot

It downloads (was through Minitel, now it is through the Internet) the account status from the bank, it stores that in a database and it displays bars. Hovering a bar shows details.

And that's all. Fucking all. And it's fucking enough to know:

at any time, if I can afford to buy some expensive stuff or to have a break: a quick look at the shape of the curve and at the width of the bar the month before, is enough to know.
when and why large expenses happened, and how they compare to other expenses, just by looking at the relative widths of the bars.

Prices can change, income can change, needs can change, family can change, a financial crisis can happen, no need to be a finance wizard, the tool is always accurate to appreciate whether there's a gap for buying cool stuff, or whether every penny must have a reason to get lost. I just have to try keeping the global shape of the curve regular.

Am I an immature fucking idiot? Probably. Do I care? No.

What's the fastest in-memory associative arrays library?

2008-11-06T21:46:00Z

Using the maptest.cc benchmark :

(time for insert and for find) :

Tokyo Cabinet   : 0.40563   0.25999
STL map : 2.63157   1.51657
STL multi map   : 2.54474   1.46864
STL set : 2.34127   1.43893
GNU hash map    : 0.75396   0.48303
Google dense hash   : 0.74089   0.41089
Google sparse hash  : 2.06608   0.4709

The C++ standard library is clearly the big loser, regardless of the method.

Tokyo Cabinet just beats everyone.

Source Wars, an overview of OpenBSD 4.4 by its coders

2008-11-05T08:34:00Z

As always, O'Reilly has a nice coverage of what's new in OpenBSD 4.4, from a technical point of view.

It's worth a read even if you don't use OpenBSD.

A zero-knowledge password authentication method

2008-11-04T10:14:00Z

The J-PAKE method (just implemented in OpenSSH and OpenSSL) allows password-based authentication without exposing the password to the server.

Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint.

Direct link to the the document: Password Authenticated Key Exchange by Juggling and to the announce (with links to source code in C and Java).

GEMA is now open source

2008-11-02T22:13:00Z

Ahaha, since I just found the source code on a old floppy, here's a big (...) thing:

GEMA is now open source and in public domain.

Here's the link to download GEMA source code and DOS binaries.

GEMA is an assembly language compiler I wrote in 1994, designed to write whole projects (ie. demos) in assembly.

It was used a lot by people coming from the Atari / Amiga demo scene.

The last version was released in Danemark during "The Party V" demo-party.

It was also the very first project I wrote in C language, and also the first code I wrote on a PC (just coming from the Atari world...). It's nice to see that it still compiles fine, 14 years later, even on Linux and OSX.

It's now useless, there's probably zero reason to use it in 2008, so the release of the source code is only for fun. But who knows, maybe it might still be useful to some lost souls.

Yes, 6 x 9 = 42

2008-11-02T20:12:00Z

#define NINE 8 + 1
#define SIX 1 + 5

int main(void) {
    printf("%d times %d is %d\n", SIX, NINE, SIX * NINE);
    return 0;
}

Online version of OpenOffice.org 3

2008-10-29T13:31:00Z

Here's a serious challenger for Google Docs: through Ulteo, it's now possible to run OpenOffice.org 3 online.

No need to install anything, a Java-enabled browser is enough and you got 1 Gb of free storage.

C++ backend for haXe and AS3->haXe converter

2008-10-28T17:41:00Z

Great news for haXe coders.

haXe can now compile to C++ source code in order to produce native (Windows, for now) executables.

Author says that it's about 5 times faster than Neko (and hopefully it will get more portable than Neko).

Another great announce : Don-Duong Quach released an ActionScript 3 to haXe converter. Yes, it finally happened. It's still an early release, but it opens a lot of doors to haXe. Converting Papervision3D, for instance, can be very useful. It will also help a lot AS3 coders to upgrade to haXe.

Don't forget that clickjacking is still with us

2008-10-27T00:04:00Z

Yes, the issue is old, and yes, it has been widely disclosed and discussed everywhere.

So, is clickjacking a threat of past?

Unfortunately not. Clickjacking is still a real issue until everyone upgrades to Flash 10 (and until a variant is found).

Although it's only a partial barrier against clickjacking, something that any web developper should do on every web site if to check whether the site has been loaded as a frame (or iframe).

Really. As a bonus, it will defeat almost every web-based anonymous proxy, and it might prevent exploitation of cross-frame leaks.

Is there any downside? Probably none. It's something I'm doing for years (was to bugger people surfing through anonymous proxies) without any issue.

How to do it? Just add some lines of javascript that checks whether window.parent.location.href matches your domain. If it doesn't, set window.parent.location to window.location.href and you are done.

Optimize your Firefox SQLite databases

2008-10-26T22:07:00Z

Firefox 3 uses SQLite in order to store cookies, downloads, applications local storage, search history, etc.

Unfortunately, updating those databases adds holes. Files keep growing over time. It means waste of storage space and Firefox gets slower and slower.

The webappsstore.sqlite, places.sqlite and urlclassifier3.sqlite files can especially grow very large.

Some extensions like the Digg one also store data in a SQLite database.

In order to optimize these databases, here's what you should really do from time to time.

Close Firefox and run:

cd ~/.mozilla/firefox
find . -name '*.sqlite' -print -exec sh -c "echo 'vacuum;' | exec sqlite3 {}" \;

If you are on MacOS X, use:

cd /Users/j/Library/Application Support/Firefox/Profiles
find . -name '*.sqlite' -print -exec sh -c "echo 'vacuum;' | exec sqlite3 {}" \;

Of course you need SQLite to get installed on your system.

Matthew Dillon's NYCBSDCon 2008 slides

2008-10-26T21:17:00Z

The presentation of the HAMMER filesystem that Matthew Dillon made for the NYCBSDCon are now available.

Ruby off Rails

2008-10-26T21:04:00Z

Building web applications with Ruby doesn't imply Rails.

Although it's not a just-released document, the Ruby off Rails presentation is a great roundup of available options, in order to build a web site with today's most suitable components.