Sunday, February 6

Somebody needs a geography lesson...

I am the first to admit that geography is far from my strongest subject. However, a letter I recently received from Sean Parnell, the Governor of Alaska, makes me wonder if I don't give myself enough credit.  While I know that he did not send this out himself, I would hope that he was aware what mailings went out on his behave and cared about what kind of image these mailings portrayed .

So you can see what I am going on about, here is an image of an excerpt of the letter:

Thursday, October 21

Good WLAN Tips

ProtectmyID had a good writeup on WLAN security today. I think this is one of the writeups on this topic which contains the least amount of FUD and you can't go wrong with following its advice. However, I think a couple of improvements could be made.

First off I'd say that MAC filters these days are a waste of time as a MAC address can be easily spoofed. The time required to manage a MAC filter can be better spent elsewhere. If someone can crack your encryption, a MAC filter won't stop them in the least.

Next while I agree that WLANs are commonly used in most household, I think the first security precaution for a WLAN should be if you don't use it, disable it at the router.

Lastly, I'd like to emphasize what I think are the important points:

#1 enable encryption (WPA2 or WPA)
#2 change the password at the router

If you follow these 2 points, your home WLAN is relatively safe.

in reference to: Protecting Home Wireless Networks | ProtectMyID (view on Google Sidewiki)

Monday, October 11

The problem of 2^64 − 1

I was just looking at the securing coding practices at the CERT website and ran into a topic that has always been a pain point for me and that is the validation of pointers in C.

Growing up coding C, I was constantly exposed to the mantra of 'Check for NULL pointers'. Now it is hard to argue that NULL pointers are not bad, but I do think that when to check for them is not that straight forward.

Obviously, when trying to allocate memory one should verify that the memory was allocated and that NULL was not returned. What isn't so clear is when is there value to checking for NULL.  I've been in several organizations and dealt with developers that demand that all functions that accept a pointer,check that pointer for NULL. The argument being that we don't want the code to try to use an invalid pointer.  One issue I have with this broad approach is that it leads to horrendous code bloat.

Just look at one pointer that gets passed through a couple of wrappers to get to the actual code that will do something with it. For each function it passes through, we have said that it should be checked to insure that it is not NULL. So, for some number of times we have verified that the pointer is not one of 2^64-1 possible values.  Since at any given time a pointer has only one truly valid value [if its not referencing the data it should,its not valid], then it can be said that it has 2^64-2 invalid values.

So, what does checking for NULL over and over accomplish? It eliminates 1 out 2^64-2 possible invalid pointer values.

Monday, August 23

Shocked by NewEgg

I saw this BT headset advertised through another site and hopped over as soon as I saw it was newegg figuring it would be a reasonable deal.

I was so surprised by reviews here. I've been doing business with newegg for years now and have been always satisfied. Even, if I ran into an issue with a product, I could count on newegg to be fair and make things right. From the comments the customers have left, it sounds like what is being shipped does not remotely match the description. In my experience OEM does indicate a used or refurbished product and the reviewers seem to have the same expectations.

I hope this does not reflect a change in newegg and that I will be able to continue to purchase from them with confidence. I will definitely still do business with them at this point, but will at least be careful for anything that sounds somewhat too good to be true. Hopefully, they will show this product to be an abnormally and they are still one of the 'good guys' on the web.

in reference to: - PLANTRONICS In-The-Ear Bluetooth Headset Black Bulk (Discovery 925) - Bluetooth Cell Phone Accessories (view on Google Sidewiki)

Friday, July 23

Microsoft Network Monitor

I recently received one of Microsoft's periodic download notification emails and one item in particular caught my eye as I had never heard of it before. It was a download of Microsoft's Network Monitor.

Now I've been dealing with networking in and out of work for many years and have always used Wireshark and will most likely continue to do so.  However, I will definitely be looking into Network Monitor more and would not be surprised if it became my tool of choice in some situations.