VelociPeek

Song of The Day: Hypnotize - Artist: System of a Down

As a follow-up to my first post about the conference, here are a few more thoughts concerning the keynote and sessions. It’s interesting to think about these events in retrospect, especially given the recent announcements of new iPods, movie sales over iTunes, and the up-and-coming iTV.

As I mentioned previously, I experienced two reactions from folks: 1) those ecstatic about the new enterprise offerings, and 2) those a bit disappointed about no “new consumer device.”

The enterprise offerings were impressive as Apple sealed its transition to Intel processors with the announcements of the new Xserve and Mac Pro. Both offer QuadCore capability by including 2 64-bit dual-core Intel Xeon processors. Furthermore, to take advantage of all this computing power, Apple introduced to the developer community and the world, their next operating system, Leopard. Regarding Leopard Apple’s site declares:

Leopard delivers 64-bit power in one, universal OS. Now Cocoa and Carbon application frameworks, as well as graphics, scripting, and the rest of the system are all 64-bit. Leopard delivers 64-bit power to both Intel- and PowerPC-based Macs, so you don’t have to install separate applications for different machines. There’s only one version of Mac OS X, so you don’t need to maintain separate operating systems for different uses.

After the keynote, I decided to keep a keen eye on any 64-bit talks and discussions. Since I’m not really sure what I can and cannot say regarding my 64-bit information regarding OS X (i.e., the sessions were “confidential”), I’ll wrap this entry up by considering what developers should consider when porting an application to 64-bits:

• int stays 4 bytes
• pointers and “long long” are 8 bytes
• watch out for large files (2^63 or a little over 1 exabyte)
• watch out for overflow from 32-bit assumptions
• compatibility and thunking layers
• larger memory configurations

For OS X types, here is a pretty good starting place.

Tags: Eric O’Laughlen, WWDC 2006 , 64-bit Porting

Song of The Day: Inside Out - Artist: Eve 6

Sree Kotay recently wrote an interesting blog entry about finding a faster and better mechanism to detect integer overflow. The entry for those interested is here.

In response to it and to a couple of comments (e.g., from Michael Herf), I wrote a simple program, that uses the SETO opcode/instruction, to detect the overflow condition. It was pretty fast by my benchmarks, but didn’t pass Sree’s correctness test and didn’t perform well with the “exception-toss-on-overflow-flag-set.”

I thought the code was an interesting and important exercise, given the plethora of security issues in code today, so I include it below. The code should only be used for research and review purposes (i.e., “as-is” and at your own risk).

When I get some more time (i.e., maybe this weekend if my family doesn’t “kill” me first for being computer-bound ), I’ll take a look at Sree’s tests and MS’s SafeInt class more.

Here is the output of the program:

asm OF test…
Error: over flow [-2147483648]
Total: 825.803 usecs
Press key to continue…

asm non-OF test…
Success: sum = [2147483647]
Total: 552.305 usecs
Press key to continue…

Simple add OF test…
Error: over flow [-2147483648]
Total: 784.178 usecs
Press key to continue…

Simple add non-OF test…
Success: sum = [2147483647]
Total: 552.025 usecs
Press key to continue…

add64 OF test…
Error: over flow [-2147483648]
Total: 925.537 usecs
Press key to continue…

add64 non-OF test…
Success: sum = [2147483647]
Total: 550.349 usecs
Press key to exit…

Here is the program safeadd.cpp (Updated: 9/23/06, 1:30pm ET).

This brief program and benchmark produced up to ~50% performance degradation with SETO compared to the simple add (i.e., different upon inspection from the 15% originally reported). Also, I added a 64-bit C version for comparison that is posted at various spots on the Internet.

Of course, there appears to be even more to consider after the follow-up post. As mentioned, hope to revisit a little later, but good blog fodder for the moment.

Tags: Eric O’Laughlen, Integer Overflow

Song Of The Day: Beautiful Day - Artist: U2

To all my millions of fans out there, today we launch a new version of the site complete with a server change, new UI, and a few new features. Thanks to all that made this possible (i.e. ah, me). :)

For those that enjoy perusing the archives they will be entirely migrated shortly. For now, 600) )4j 31337.

Tags: Eric O’Laughlen, Velocipeek Blog

Song Of The Day: Keep Hope Alive - Artist: The Crystal Method

During a mid-July blog entry I mentioned that I was registered for the Marine Corps Marathon on Oct. 29. Well, here is a quick update on my training progress. Today I ran 24 miles in 4:06, which gets me close to a 4:30 marathon time. As I hobble around nursing aches and pains, I am happy with this effort overall. The pros are that I feel like I can complete 26.2, I wasn’t “exhausted” afterwards, and the time was a personal best. However, the main con is that I would’ve liked it under 4:00–something about those miles after 18 :).

I have some updates to my running gear as well. Although the Nike + Sport Kit is nice, I switched back to my Mizuno WaveRider 9 shoes and bought a Garmin Forerunner 305 GPS device and heart monitor. Unfortunately, the standard Nike Plus shoes started to bother my feet on long runs (>12) and the Nike + Sport Kit wasn’t as accurate as I wanted it to be for my longer runs.

Rock on all long distance runners and marathon trainers! I see a few out there in those wee hours.

Tags: Eric O’Laughlen, Marine Corps Marathon, Garmin Forerunner 305

Song of The Day: Fire - Artist: Jimi Hendrix

Well, I indicated a while back that I would post some notes about object signing (specifically for Firefox extensions), so here’s a start. There is a lot of information around the Internet about object signing; however, it still takes a little time to discover, aggregate, and digest it all. Hopefully these blog fascicles will help clarify a few points and technologies for people.

Summary

In the coming entries we’ll walk through the steps of creating “self-signed CA (certificate authority) digital signatures” that can be used by folks for testing purposes. Furthermore, it will show how to create these types of certificates using the NSS, or Network Security Services, certutil and signtool tools. Along with this specific information, there will also be references to related technologies like Authenticode and Java’s javakey.

Object Signing Model

First, let me write a few words about code signing. It’s been around a while, since the late 90’s for browsers, and it is one type of security model for running code. The idea is that an entity, individual or company, “certifies” that the software is from them and, generally, that it is safe to run. Typically, the certification process encompasses a third-party issuer or certificate authority, like Verisign, to strengthen the process and policies. Again, this means that the authorship is verified by a trusted authority and that the signature guarantees that no one else has modified the code except the author.

Sandbox Model

In contrast to another security model, sandboxing, this model attempts to restrict what the software can do. As an analogy, one verifies a door with a key while the other removes doors entirely. Java applets, when unauthenticated, are an example of “sandboxed” restrictions to limit behavior. One such behavior to Java applets is no access to local computer files. Another restriction is that applets cannot connect to hostnames by which they were not downloaded. There are ways around applet sandboxed behavior, but not as a default.

Caveat Emptor

However, it is important to understand that signed software does not verify that the code will run without problems. For example one may download software from a company that is signed and still experience bugs or even rogue-like behavior. Unbelievably, even fraud can surface. See this article for an example that affected Microsoft. Although object signing has its limitations and problems, it is still a powerful model for protecting users and deploying trusted software. People just need to be aware that it complements education, awareness, and other measures of protecting systems.

Next Time

Object Signing: Using NSS (part 2)

Tags: Eric O’Laughlen, Mozilla, Firefox, Network Security Services (NSS)

Song of The Day: Cubicle - Artist: RinôÇerôse

Apple Computer, Inc. has scheduled a media event for 10am PST today. While this is interesting, I found the System Unavailable message on the iTunes Music Store even more interesting this morning (below).

Innovation and buzz can obviously go a long way, even to the point of turning an unavailable service into marketing hype. :)

I have been apart of many product launches that would have seen this as a “ominous omen” on any pending announcements!

It will be interesting to see what is announced today: movie service, new iPods, iPhone, sliced bread?

Tags: Eric O’Laughlen, Apple Computer

Song of The Day: Cubicle - Artist: RinôÇerôse

Once upon a time (i.e., this weekend), I was “playing” with kernel extensions to my MacBook. Upon reboot the touchpad and keyboard no longer worked — oh my! I thought “No problem, I’ll just boot a system disc and reverse my blunder.” However, one issue was a non-system disc already in the SuperDrive and the eject button wasn’t working once OS X booted. What was one to do? It wasn’t too bad really, but there were a few nuances to get things working again.

Startup Keys

First, Mac OS X has “almighty startup” keys; it is good to memorize most of the 11, or keep handy, startup key combinations. For my Intel-based MacBook they are here. For example during startup, one can boot into “safe mode” by holding down the “shift” key and “command-v” will show unix boot messages. Also, if there is a bootable system disc already in the drive slot one can press “c” to boot from the drive.

The Secret Code

For my purposes the most useful “secret code” ended up being the “Press Option during startup.” After the boot tone, press the “option” button and wait. Eventually, the hard drive will appear with an arrow; maybe the SuperDrive, if a bootable disc is available. This allowed me to eject the existing non-bootable disc I had in the drive with the eject button while also allowing me to insert a bootable disc. After I selected the SuperDrive and CD, I was able to use the Utilities menu to start Terminal. A few “mv” and “cp -r” operations and a reboot later, the MacBook was healthy again.

Nuances and Notes

At first I used a Mac OS X Tiger installation DVD, not distributed with my laptop, and was perplexed that it wouldn’t show up. Finally, I read the fine print and saw it required PowerPC processors (e.g., G4, G5, etc.) - duh. In haste I dug around and found the original discs! It’s good to be careful to only use the installation discs that come with the computer; otherwise, the “c” and “option” startup combinations may never work as intended. :) Also, the touchpad button will also eject any disc upon startup. This is how I initially ejected it, then discovered that the “option” key allowed me to do all the above in one succinct startup sequence (i.e., eject, load, select, and boot).

Happily Ever After

Okay. Not earth-shattering technology or information, but helpful during a pinch.

Tags: Eric O’Laughlen, MacBook, Apple Computer

Song of The Day: Inside Out - Artist: Eve 6

It’s been a while since the WWDC 2006, but thought I’d still share a few thoughts about my experience. WWDC is Apple’s Worldwide Developers Conference, which was held in San Franciso, CA between from 8/7-8/11 at Moscone Center. Overall, the conference was great and it was nice to be a part of the hype, announcements, and technical overviews. From the people to which I spoke there seemed to be two primary camps and attitudes: a) those that were ecstatic about the enterprise updates to Xserve and MacPro, and b) those that were slightly let down that a “new Apple device” (e.g., something like a cell phone) wasn’t announced.

What was the hidden major accomplishment in my opinion? Well, maybe not hidden, but it didn’t seem to garner as much attention: Apple’s complete transition to Intel processors from PowerPC processors between the two WWDC conferences. I think that’s a pretty remarkable achivement for a company. I know that the groundwork was probably there for a while, but a lot could have faltered along the way, and, well, nothing did.

The atmosphere was set with various banners at the conference. For example one proclaimed, “Hasta la vista, Vista.” Another read, “Redmond has a cat, too. A copycat.” One even heralded, “Introducing Vista 2.0.” The accompanying pictures are below.

The week was sure to bring some interesting twists…more in future posts.

Tags: Eric O’Laughlen, WWDC 2006, Apple Computer

Song of The Day: Digging In The Dirt - Artist: Peter Gabriel

Today, I witnessed a bunch of youngsters either starting or restarting their daily treks to school, including one of my own for the first time. Although it was literally “pouring” down rain at 7:20am, my kid was enthusiastic about hopping on the bus and starting the first year right! In like spirit, I headed to work and determined to get my latest black, Intel MacBook laptop spun up with a Mozilla development environment. Some may have read about a network utility I’ve been implementing off and on, so it was time to get that all working on Intel.

Overall, it wasn’t TOO bad. I assume one already has the development tools (e.g., gcc 4., make, otool) already installed from the Mac OS X (10.4.7) installation DVD.

• 1. Download Firefox . This is the 1.5.0.6 release.
• 2. Verify the file and signature (steps below):
  a. Install gnupg. On the Mac one can do that
  with fink and FinkCommander.
  b. Import Mozilla.org’s key with:
  /sw/bin/gpg –import KEY.
• The key is located here.
  [eolaughlen@newton:~] /sw/bin/gpg –verify \
  firefox-1.5.0.6-source.tar.bz2.asc \
  firefox-1.5.0.6-source.tar.bz2
• You should see something like this in the response.
• 3. Install glibc and libIDL. These are needed by various programs and by XPCOM respectively.
• The following installs both of these libs:
• [eolaughlen@newton:~] sudo apt-get update
  [eolaughlen@newton:~] sudo apt-get install orbit orbit-dev glibThe reference below has DarwinPorts commands.
• 4. Once the distribution is bunzip2′ed and un-tar’ed, add a .mozconfig file. Mine looks like:
• [eolaughlen@newton:~/mozilla] cat .mozconfig
  ac_add_options –enable-application=browser
  mk_add_options MOZ_OBJDIR=$HOME/mozilla/objdir
  . $HOME/mozilla/browser/config/mozconfig
• 5. Afterwards, type “make”, and “make install” if you want the compiled firefox under /usr/local.
• 6. Since I use NSS for extension signing (e.g., signtool), I did the following to get NSS and its tools to build with a patch. You can use this by saving the text as “headers.mk.patch” and issuing:
• cd ~/mozilla/security/coreconf
  patch -p1
• One can also just modify the header.mk directory by adding the following include directories:

INCLUDES += -I$(DIST)/include/nspr
INCLUDES += -I$(DIST)/include/dbm

Note: I’m checking into a more appropriate way to build NSS tools without my own patch.

Also, there are a few good references and helps on the Web like: http://developer.mozilla.org/en/docs/Mac_OS_X_Build_Prerequisites

Hopefully, in the near future I’ll be able to share my experiences with XPCOM, signing browser extensions, and other tid-bits as they relate to dent and other initiatives.

Oh yeah. Disclaimer stuff: Use all information, and any code, at your own risk.

Tags: Eric O’Laughlen, Mozilla, Firefox