I hope the days of running arbitrary CPU instructions to perform every single task come to an end soon.

I hear people complaining about how MS doesn't make them secure enough. I hear from the other end (i.e., the pros) that we have to have user education. I read about parents having to filter their kids' computers, ensuring they don't run malicious code (not “bad content“, such as pro-Bush propaganda, but code to take over a PC). People run anti-virus software. People are now running Anti-unwanted-commercial-software programs. Heck, in some cases, there's even Anti-anti-spyware code out there.

We hear about having to “ensure we trust the source”, as in, “do I trust Bob to send me a web site link”? Not even a program, *just a link*! We have the “don't execute attachments” and “don't install code from websites”, on and on and on. Some people even think there should be a “Internet drivers license” or even some sort of basic PC user training/license.

This has got to stop. It's been shown that we'll never be able to get average people to make correct trust decisions. It's also stupid to want to do that. If someone writes up a cute “Flying Bunnies.exe” game, I WANT to be able to run it, without worrying that it's some kind of attempt to hack me.

.NET gives us the first level. We have code access security, which can ensure that certain code running can't do certain things. Next, we need an OS that takes this home.

It looks as if we'll be having a little girl this May. By the time she's old enough to have her own real PC, I hope these things will be an issue of the past. When I got my first computer, I was 5. I was already somewhat familiar with DOS; I knew my way around. How different would that have been, had I have to understand a full set of security and trust related data? How much slower would I have gotten into things if it had to be accompanied by a ton of overhead just so that I wouldn't get hacked?

If Microsoft embraces managed code fully (and it looks like they are), this should not be hard. Managed programs should just run. Get an email attachment? Just run it! See a cute game that needs rich UI controls from the web? Should be automatic. Only when an unmanaged EXE comes along should we run into roadblocks. Indeed, any program requiring trust should require us to login as admin (or elevate to admin) and allow it.

So, in about 5 years, I hope to be buying a nice little PC for my child. I want to flip it on, use biometrics as her password, and LET HER PLAY dammit! If she finds a bunny program, I want her to be able to run it. Now, I'm hoping my kids will follow after me and understand computers enough to make those decisions for themselves (heck, and for other people :)), but I sure don't want that to get in the way.

The same applies to pretty much everyone else (yea, I'm saying a lot of users aren't much more advanced than a 5-yr-old). We can't expect people to make security decisions. We simply MUST have a way for things to get done, without security implications. I think at this stage, this is entirely possible.

Apparently some congressman in Guatemala found that the Internet has porn. And that kids can use the Internet. Why this took him X number of years to figure out is beyond me. At any rate, the Congress is apparently discussing requireing all Internet cafes to install filtering software. They claim that 90% of kids looking for content to do with their homework run into porn. They're more gullible than I thought! “Hey! What's that stuff on your screen junior?!” “Ahh um.. it just came up! I was just trying to find out how to calculate the surface of a vortex, honest!”

The congressman says this will stop them from “losing youth”. Perhaps getting a decent education system in place, killing all funds to the military (who they gonna invade?) and getting their police force back in line might help more. [As a side note, the police here are given 5 gallons of gas per 24 hours of patrolling. And they have to pay for their own bullets.]

These are the same people who just recently voted themselves a substantial salary increase as “some of us have to travel to the capital city to do our jobs”. And believe it or not, this is the GOOD party that was running.

At any rate, I sure hope this law doesn't pass. Not because I think kids have some kind of right to go look at naked hotties, goats and sheep, or whatever, but because this kind of law is an implementation nightmare, and just leads the way for more government intervention. When a private establishment is required to do something like this, especially from a group of people who have absolutely zero technical skills, it is a receipe for disaster.

Oh, one more thing, if they're really that concerned about this kind of stuff, why don't they outlaw prostitution as a first step? (Not like that's anything that should be illegal, but hey, while we're on the subject...) Oh wait, no, that'd piss off a lot of people. Let's screw with the Internet instead.

Sigh... why is it that the Dilbert principal applies to government and not just corporations?

One thing I had done before and decided to try again was inline (embedded? inline isn't the right term exactly) ASM with C#. Remember, the CLR JITs your IL code down to native code when it runs. There's no interpreter or likewise going on -- your C# code is x86 when it runs (on an x86 platform). However, when writing in C#, it's rather hard to get out to x86 directly. Probably the easiest way would be to use Managed C++ and an inline asm section there. But, if you want to keep it all in C# (say, you want something extra hard to decompile), you can achieve that.

[I must note, the more I learn of internals, the more I learn I need to learn more. Thus hopefully, some true expert will read this and give me more insight.]

The most straightforward way that occurred to me was to use a delegate. As far as I know, C# won't issue calli and ldftn IL opcodes for us in any way we can neatly control. There will be ldftn when a delegate is created, but we can't set that value directly. So instead, we'll create a delegate and modify it. Delegates have a private field named “_methodPtr”. This, as far as I can tell, points to the code to be executed by the delegate. It's important that our delegate is accurate regarding the number of parameters, and the return value.

We will store our x86 in a byte array. Then, we'll pin the array, and stick the address of the first element inside the delegate. When we call the delegate, everything will be set.

As far as I can tell, methods in the CLR use the fastcall convention, so the first two parameters will be in EDX and ECX. The return value is expected in EAX. My demo is going to be simple, performing a ROR (ROtate Right) by 1 on the parameter and returning that. 3 lines of ASM.

Compile with /unsafe obviously, else I'd be writing to secure@microsoft.com. I'm not sure how terribly useful this is, but it seemed cool to me. At the very minimum, it serves to tell people to STFU when they claim that C# / .NET can't do pointers, or raw code, or whatever.

using System;
using System.Reflection;

class Program
{
    public delegate uint Ret1ArgDelegate(uint arg1);
    static uint PlaceHolder1(uint arg1) { return 0; }
    
    public static byte[] asmBytes = new byte[]
        {        
0x89,0xD0, // MOV EAX,EDX
0xD1,0xC8, // ROR EAX,1
0xC3       // RET
        };
        
    unsafe static void Main(string[] args)
    {
        fixed(byte* startAddress = &asmBytes[0]) // Take the address of our x86 code
        {
            // Get the FieldInfo for "_methodPtr"
            Type delType = typeof(Delegate);
            FieldInfo _methodPtr = delType.GetField("_methodPtr", BindingFlags.NonPublic | BindingFlags.Instance);

            // Set our delegate to our x86 code
            Ret1ArgDelegate del = new Ret1ArgDelegate(PlaceHolder1);
            _methodPtr.SetValue(del, (IntPtr)startAddress);

            // Enjoy
            uint n = (uint)0xFFFFFFFC;
            n = del(n);
            Console.WriteLine("{0:x}", n);
        }
    }
}

When I started working with Linux for my current projects, it was on a severly underpowered box (a Celeron 400MHz, 128MB RAM, 3GB HDD). Thus, running Gnome and so on, in addition to my development projects, wasn't a really good idea.

After a bit, I got tired of waiting forever to compile, so I got a 2.something GHz Pentium 4, 512MB of RAM, nice disks, etc. Since I was going to do a bit more than I had done before, I decided to install and use Gnome, as well as RedHat's cute little GUI tools to configure stuff.

Soon, I was using X/Gnome a good portion of my time (X-Chat seems to be the best free IRC client on any platform, and I use IRC for work on Asterisk a lot). Also, it can be nicer to use Gnome than have a bunch of SSH sessions open at once. So, at first, I tried out VNC. I didn't like it. I wanted to get a logon screen, and I was having trouble getting VNC to do that. Also, the RealVNC client I had for Windows seemed pretty crappy.

Then I discovered GDM and XDMCP. Now I have integration like this:



Here are the steps to get XDMCP/GDM working rather nicely with Windows (at least on RedHat systems):

1. Edit /etc/X11/gdm/gdm.conf. In the [xdmcp] section, set Enable=true. That'll allow you to connect remotely using xwin or other XDMCP clients. Next, in the [daemon] section, set KillInitClients=false. This allows xwin's clipboard integration to work correctly.

2. Next, install cygwin, ensuring to install XWin. This has the tools we need to make the connection.

3. Create a shell file inside cygwin to start xwin. I called mine “startsungx“ (sung is my Linux machine's name). Here's my file:
    xwin -query sung -notrayicon -clipboard -rootless -nowinkill -keyhook -xkbmodel microsoft

Do xwin -? to find out about those options. The interesting ones are -rootless, which prevents a “root“ window from appearing (which will manifest itself as an ugly background).
-nowinkill stops the Windows Alt-F4 from killing xwin.
-keyhook allows you to use Alt-Tab and the Menu key inside the session.
-xkbmodel microsoft allows you to use a nice big Microsoft keyboard with all the keys. You can also specify pc101 and similar.

With that, everything should work. But, the downside is that you now have a Cygwin window sitting on your taskbar. Hardly elegant.

4. Create a batch file to start cygwin, and run xwin, while hiding itself. I have a SungX.cmd file:
D:
cd \Linux\cygwin\bin\
cygstart.exe --hide -- bash --login  -i -c /startsungx

That'll start up cygwin, hidden, and run your xwin script. Enjoy!

Now, what I'd REALLY be interested in having is a way to have each application that registers for the Gnome application list panel appear on the Windows taskbar. Or maybe not, as it'd add to the clutter. Either way, I'd like to try it for a bit. If anyone knows, drop me a line.

This post is because of Micah, who had the most classic expression when he saw the Gnome Fedora Core 2 splash screen load up right in the middle of Windows XP. (Yea, I've since moved to RHEL, err, TaoLinux.)

I ran into an issue with Asterisk, mainly that you can't dynamically control which codec gets accepted. You have to make your choice “up front”, when you define a user/peer. This means, for example, if you want to say “for this call, use the GSM codec”, you can't. You've got to let Asterisk's code work things out, and even it works out on your side, the callee might decide to use a different codec anyways. This means that I end up declaring various peers: peerX-g729, peerX-ulaw, etc., and then have to swap them out when I call Dial.

Even worse, there's no easy way of completely avoiding transcoding when you want to. For instance, I have several phones connected to my server. Some use GSM, some use ULAW, some use G.729. They all use the same dialplan, and ulaw is usually negotiated for the termination. That means my little server gets nailed doing all this transcoding. This is even sillier when you realise that my termination provider has big hardware and will handle transcoding for me. So, without making a seriously complex dialplan, I'm stuck.

Well, IMO, that sucks.

So, I actually dove into the code, and patched it: http://bugs.digium.com/bug_view_page.php?bug_id=0003346 I've yet to see if this will get into the actual codebase. I sure hope so, since I *hate* forking. Indeed, that's one major criticism I have of the “you can just modify it to suit your needs“ claims of OSS. But, the ones in power seem quite rational, so there's some hope... maybe :).

Asterisk is a large project, but thanks to Visual C++ 2005, I could navigate it (New Project From Existing Code is very useful!). Unfortunately, I think there's a bug, as VS takes up 1.4GB of memory when editing this project. However, it's still quite responsive -- except for the Virtual Memory Warning from Windows, and the initial slowness, I'd never notice it was eating all that memory.

MVP Patrick MacKay down in Chile has finally gotten his Spanish primer on encryption up on the MSDN site. Check it out here: Desmitificando la Encriptación (Parte I). Not to boast or to brag, but I drew the little face that's used to show off the cipher modes :).

I was configuring my router (my all-purpose Linux machine) to use both of my Internet connections, specifically to route my data and voice over separate connections, so I don't have to deal with QoS issues.

I tested both lines, and noticed the Convergence line seemed to have a bit less latency, so decided to go with that. But, I also noticed that there seemed to be some packet loss, moving around between 3% and 8%. So I phoned Convergence and explained I have a problem. I was asked how fast my downloads were, but told the tech that the issue was there was a lot of packet loss: 5% I said. “And the problem is?” He insisted that 5% is very acceptable and good.

After pushing him for a bit, he says that they have up to 8%, and they consider that to be fine. He went on to explain that cable is just like that. I don't know what these guys are smoking, but this is the stupidest thing I've ever heard. When Convergence bought Cybernet, I think they didn't realise what a horrible infraestructure they had. But it's been years now, plenty of time to fix things.

I'm going to play with the modem and see if I can increase it's power or something that will reduce loss. It's an old 1997 Zenith modem -- anyone know anything else about these kinds of issues?

You know you're gonna have a fun time trying to figure out configuration settings when the user manual for your phone start off with this:

Congratulations on your purchase of the product. Please read the manual carefully to ensure your phone work in best status.

 Security and Notes:

◆     Don’t use it in chemical plant、gas station or near the exploder place.

I have to say, I was really disheartened when I read that. I was really looking forward to using my phone near the exploder place! I guess I'll have to find some equipment that IS safe to use in the exploder place.

It appears as if Microsoft's Windows Media DRM protection sucks in yet another way. Some evil people are using Windows Media files to open popups, which then try to confuse users into installing spyware and so on. I can imagine that perhaps this is even by design (when you try play protected media, it wants to send you to a website so you can purchase a license).

Some companies are now trying to trick users into downloading these files, and then take advantage of the extra confusion since the Windows open from WMP (”What the... I have to click this? Huh? Must be related to this new Windows Media Player...”).

While this “hole“ isn't *that bad*, since, AFAIK, all it does is fire up a browser (ok, that can be pretty risky, depending on the circumstance, and perhaps it can easily be used to escalate?), why is this even happening in the first place?

  1: Microsoft builds DRM into it's media system, even though no users are asking for it.
  2: Microsoft then turns ON these features by default -- features that connect to arbitrary sites without the user doing any action remotely related to Internet access.
  3: User gets burned, and some crafty devil-developers are happy.

How is this good? If MS would just wake the hell up and do what's right, instead of continuing to cater to media executives, we'd all be a lot better off.

I use a Fedora Core 2 machine for a lot of my development work (well, mainly compiling and running, since I develop, when possible, with VS 2005). I've found the desktop to be generally usable, if perhaps a bit unstable (I'd say Gnome on FC2 hangs just as much as IE does on XP, which is pretty often).

Sometimes I use IRC. I've realised that mIRC *really sucks*. Especially when I try to get it working with Korean input. Pretty much everything makes it hang (full CPU usage). Apart from that, it's just not that nice. However, mIRC combined with AppLocale is the only IRC client I've been able to work with Hangeul input and display.

At any rate, I've been using X-Chat for a while on my FC2 machine. It seems far better. Today I wanted to go into a Korean chat room. Hmm, shouldn't be hard right? Somewhere I should be able to click something and get a Korean IME... right?

So I searched. And asked. And read lists. And downloaded and installed a lot of RPMs. And I'm still no closer to getting any CJK support at all. Apparently whoever develops this stuff didn't think that 'foreign' language input should be that easy. The closest I came to getting any decent info was some Japanese guy basically saying that the Gnome/FC2 people are dumbasses for not getting this working right and easy.

Maybe it's just me. Maybe I just really don't know how to use computers and figure things out. At any rate, it's just nice to see such solid reminders of why MS shouldn't give a damn about “Linux on the desktop” coming to steal their users away.

For what it's worth, getting pretty much ANY input method installed on Windows XP is this simple: Start -> Control Panel -> Regional and Language Options -> Details -> Add. That's it. Maybe you'll have to insert the CD and reboot. After this, you'll get the Language Bar, and can flip between IMEs till your heart's content. Considering this isn't anything so revolutionary or new, but a simple, “boring“ core functionality item, you'd think that the desktop linux people would have it down solid by now eh?

Well, I guess my cross-platform development bliss had to come to an end sooner or later, right? I started work on a new app for Asterisk, and found that ASP.NET would come in handy.

Visual Studio 2003 requires IIS to work with web projects. Maybe I can trick it into using XSP, but I'm really, very, happy with VS 2005, and I don't want to go back. So, what are the problems with 2005? ASP.NET's new drug-induced compilation model.

Before, I could build my app with codebehind, compile, and go on my merry way. The DLLs are loaded at runtime, things are good, and most importantly, they work with Mono/XSP. Now, I've got several problems. First, it doesn't seem like the ASP.NET 2 support is in Mono. That's fine, I'll stay away from master pages (even though it hurts), and other new stuff. My biggest goal is to use VS 2005.

Then comes the real problems: There is no more “compile“ option in VS 2005 for web projects. Nope. Seems like the ASP/VBS and PHP whiners got their way and wanted things more like a scripting language. Some huge advancements were made (no more stupid IIS screwups). But I can no longer work as before. Which means I can't deploy as before. There's a precompilation system, but it's not what I want.

I can't even do it with runtime compilation either, because of this partial class and “compiles with“ nonsense. So it appears as if I'm screwed. Anyone have any suggestions?

Well, I'm heading off to my parents' place, and my in-laws. And of course, what better way to celebrate than with kilos of powder! This year has surpassed every other in terms of aerial payloads. For less than $8, one can buy rockets with about 1kg of gunpowder. Some people have been launching these every day for the past week or so. They set off car alarms blocks away, and the diameter of the burst is probably about 20 metres? I suck at estimating sizes and weights, so maybe it's 50m. Or perhaps 5 cm. At any rate, it's big.

Last year we set someone's roof on fire in our fire-induced bliss. But to be fair, it was their fault since they never clean their roof, and it had lots of dry, dry, pine needles on it.

I bought a “Christmas Basket” for our security guards here. I'm not sure what gift baskets in other countries have, but here it contained this:

 - 1 litre of rum
 - 1 can of “Vienna” hot dogs
 - 1 bag of large marshmellows
 - 1 box of crackers
 - 1 box of brie cheese
 - 1 can of SPAM

I'm not sure what the continuity is here, but they seem to sell quite well.

Anyways, happy times to all, and if I don't blog for a few weeks, it'll be because my brother wasn't joking when he said he wanted to launch a shell horizontally. That, or I was attacked by a drunk with a can of SPAM.

Patrick Mac Kay, a Chilean MVP, gets into IL cracking fun, en español. He says he wasn't sure how to do it before, but after my quick tutorial, had “enhanced” a program to handle more data. What have I done? :)

Microsoft finally has a decent desktop search: http://toolbar.msn.com/desktop/results.aspx?FORM=PCHP

First impression: Why MSN? Why oh why? I really dislike MSN. They insist on sticking their damn butterfly all over the place, and feel the need to add tons of links to useless content I don't want to see (while still no equivalent of Google Groups, as far as I can tell). I don't wanna see a damn butterfly and links to dating inside of Outlook! I hope this just a temporary fix until Windows/Office get their search fixed up. And, the place you'd really expect and hope for integration is not there: Searching IM history. Duh.

Microsoft's using the usual tactic to promote their lame offerings by forcing them along with something you actually want. I won't say it's wrong. It's probably good for business. But I sure as hell hate it. But, I guess that's the price you pay when another division cleans up for someone else.

Oh yea, they ignore guidelines, and put a bloody shortcut on your desktop without permission. I guess they thought that even with having it automatically added everywhere else, you might *still* have problems starting it. Sigh. Even MS can't listen to MS guidelines. Oh wait, this is MSN, nevermind.

The deskbar is a nice idea, but unfortunately, having another band on my desktop really sucks (since it takes the full verticle space, wasting lots of precious taskbar space). And, unfortunately, the hotkey to start search doesn't work if the band is closed. Sucky. 

A workaround is to simply disable the MSN Toolbar (lameness incorporated), Outlook integration, and deskbar. Then, go into your start menu, right click the MSN Desktop Search, and assign a shortcut. Enjoy searching without cluttering up your apps.

Apart from MSN's spam-like tendencies, it's a good solid offering. MSN shows some of it's MS-ness here:

   - Awesome UI. The deskbar is really cool. Not worth the space loss, but almost. The search results go right the program -- no browser nonsense.

  - Network indexing!!! YEA. Now I can search the source on my Linux development machine easily. 

  - Outlook-integrated search (right where I need it).

I'm really happy with it. What I really want is Office and Windows to integrate this into their products, rather than having it be a big MSN orgy.

At any rate, I've already said goodbye to Google Desktop. Yey!