Rubenerd

This post originally appeared on the Annexe.

Brian Karlovsky writing for ARN:

Fujitsu has demonstrated servers with thin fiber optics that will use lasers and light to transfer data, replacing the older and slower copper technology.

Shh! Don’t say that so loud in this country.

The light was used to transfer data between the systems. Light is considered a faster way to transfer data than copper wire.

Admittedly, that wouldn’t be too hard. I’d consider transferring light through the air (or self-refracting containment device such as a fibre optic cable) would be rather faster than transferring physical copper wire. That stuff is heavy.

In the context of running unpatched versions of Windows (in my defense, in a sandbox!), we've had the news this month that TIFF rendering in certain versions of Microsoft Office allows for remote code execution.

A patch was unfortunately not forthcoming during Microsoft's Patch Tuesday, forcing Windows users to continue using the hotfix that merely disables TIFF rendering until a more permanent solution can be found.

Cause and effect

This is more problematic than I think some people acknowledge. I've heard podcasts and read blogs implying that TIFF is a legacy format that shouldn't have much impact being disabled. Nothing could be further from the truth; TIFF's colour space is still vitally important to creative professionals and is still employed heavily in workflows. Clara would know more about this than me!

While Windows users still don't have a patch, we do know now broadly how the exploit is able to work. Recent versions of Windows employ data execution prevention (DEP) which only marks certain areas of active memory as being executable. If a buffer overflow is used to inject extraneous code into memory, theoretically DEP will disallow its execution. It also uses memory address randomisation, which hampers the ability of attackers to predict where the next block of allocated memory for a process is.

The good news is this TIFF vulnerably was not able to break these security measures. As is often the case with security however, the problem is not with the system itself, but how it's implemented. For apparent reasons of backwards compatibility, Microsoft Office allows for the selective disabling of DEP and memory address space randomisation. Yikes.

In my view

Security bugs in image parsers are particularly scary, at least to me. Compared to exploits that depend on people running malicious email attachments or downloading dodgy applications, merely viewing a malformed image intentionally or embedded in a document is enough to invoke the problematic library and compromise your system.

For me, this issue harkens back to the Windows Metafile vulnerability discovered in 2007, soon after I'd left high school and was getting interested in end-user security. Back then, an undocumented feature in the WMF format that allowed printer control codes to be inserted were used to inject malicious code into Windows machines. As Microsoft was slow to implement a fix for this as well, a third party developer came out with a patch.

Here's hoping Windows users won't require something of this nature again, and Microsoft will release an out of cycle fix as soon as possible.

While I sit here lamenting software versioning, Clara has gone ahead and written a post about hard toffee. I'm sorry, that joke wasn't terribly sweet.

I've always been more of a fudge kind of guy, or at least for as long as I attempted to make toffee as a teenager, and created fudge by accident. It's the same way I accidently made scones when I tried to bake bread. In any event, Clara's latest effort has allowed me to see the error in my ways; there is lots to love about toffee!

Clara has lots of interesting tidbits sprinked into her post, including her use of silcon cups to prevent those nasty strips of paper sticking to your culinary creations. If you're interested in sweetness, check it out.

And before you ask, this was not a paid promotional post. Unless you count free samples as payment ;).

As with the dizzying number of graphics cards the software ran on, I never really kept track of DirectX versions growing up. I paid the price recently when I tried to install it on an old copy of Windows 2000 to relive some classic simulator games, and encountered multiple incompatible releases with the same version number.

I couldn't find an iDirectX 9.0s

DirectX 9.0c is the last version to support Windows 2000, according to the official Microsoft Download Centre doucmentation. Unfortunately, the first page result downloads the infamous dxwebsetup.exe stub file, which then downloads DirectX. Yo dawg, I heard you like installers, so we put an installer in your installer so you can install while you install.

I couldn't even use this if I wanted to. Because the OS no longer receives security updates, I run Windows 2000 in a sandboxed VM to shield it from the outside world. The key then is to do what we all did in the past, and download the redistributable version of DirectX. This allows you to download the whole installer in one shot, and keep it for future installs.

I proceeded to download DirectX 9.0c, and was given the following prompt in Windows 2000:

23 secret herbs and spices

Digging around for an explanation for this error, I rediscovered something utterly confusing. Despite the seemingly specific version number, there were 23 versions of DirectX 9.0c released between June 2005 and June 2010. Of these, all are compatible with Windows 2000 except the last version which included some new incompatible features.

Moral of the story: if you're a Windows 2000 guy or girl still, you want the February 2010 release of DirectX 9.0c.

During our studies for the recently minted Cloud Computing Infrastructure subject at UTS, we studied the Kusnetzky Group Virtualisation Model. Developed (surprising though it may seem) by the Kusnetzky Group, it identifies several distinct layers of offerings beyond those of the somewhat overused NIST Service as a Service acronyms.

A terribly brief rundown

Most of the layers seemed pretty self explanatory:

• Application virtualisaion, where software is developed to be deployed on a common application framework. Through a bit of a logical stretch, I suppose the JVM could be included here too.

• Processing virtualisation, where hardware and software are abstracted, divvied up and served independent of their physical implementation.

• Storage virtualisation, where file systems, physical hardware and their interconnects are implemented to serve a pool of logical space. In the NIST definition, this and the preceding layer would be combined to form IaaS.

• Network virtualisation, where networking hardware and software are abstracted. More specifically, where logical networks are independent of their physical implementation.

These actually do run down, though

Intersecting these layers like syrup dripping and running down a lovely stack of soft pancakes, we have the management layers:

• Security for logical environment, where policies and technology serve to secure (surpsiring though it may seem) the virtualised infrastructure.

• Management of logical environments, where the deployment of the virtualised services is automated and allowed to be served as a single pool of computing resources.

Ruben, you missed out access virtualisation

Which brings me to the first and highest layer in the Kusnetzky Virtualisation Model. The other layers seemed to fit into place in my brain fairly easily. I did like how the management layers were articulated too, though I think a specific provisioning layer separate from management would make sense.

What had me scratching my head was access virtualisation. I assumed it had little to do with virtualising a Microsoft consumer database. Oh Ruben, you so funny.

From what I've been able to research, access virtualisation has to do with the hosting of software on a server, and the rendering of said software on a separate client device. This client device is able to interface with the application, and determine how best to render it. In this way, it's similar to the NIST definition of SaaS, but with perhaps a little more logic on the client side.

There could be circumstances where that distinction is important. In the case of phones, a user could choose to view a phone, tablet or desktop optimised version of a web application, or even use an installed thick client application that calls the server hosted software.

I could be misunderstanding this distinction; I'm certainly open to correction. If it turns out there is no such distinction, perhaps I should create a Ruben Sandwich of Virtualisation model. That has a nice Burger Ring to it.

While killing a little time in the Hornsby Westfield shopping centre this afternoon, Clara and I decided to check out the holiday decorations in Myer. We were surprised to see a Yule tree seemingly missing its top, and joked about it on Twitter.

If I were superstitious, I'd almost say someone was listening. While nothing compared to the natural disasters in the Philippines or the US of late, my Sydney suburb soon after endured quite the freak weather show. Wild winds uprooted trees and crushed cars, smashed the roof of the huge Westfield shopping centre in several places, and even flipped a demountable. Trains stopped, traffic was brought to a standstill.

A mini tornado was to blame, according to The Austrailian Bureau of Meteorology. Whatever it was, we were lucky to be back home after leaving the shopping centre less than an hour before all the damage struck. Photos from the scene were pretty scary.

As @yaakov_h said on Twitter, Australia has had ALL the weather of late. Less than a month ago, Sydney endured a heatwave and winds so strong it triggered bushfires that were reported around the world. Now as I sit here studying for my final exam of the semester, I can hear more violent rain lashing the windows. Luckily we were able to give Clara a lift home!

HansOrph is selling Hornado tshirts. I have to say, I'm tempted.

Julie of Anime@UTS fame recently spotted the following menu in Japan. While I've long heard of the Reuben Sandwich, the Land of the Rising Sun also grills my misspelled namesake. I appreciate being informed of this!

As a note of interest, this was the last post I wrote regarding sandwiches.

This post originally appeared on the Annexe.

Tim Hepher reporting for Reuters:

Boeing meanwhile expects to turn the corner on reliability problems with the 787 Dreamliner within six months as a result of software changes, he said. Customers including Qatar Airways and Norwegian Air have complained about the plane’s reliability.

Absent is a mention of ANA; they and their customers were the hardest hit.

This post originally appeared on the Annexe.

Rhiannon Elston, reporting for SBS:

Some 28,000 schoolies will descend on the Queensland city during November, and more than 500 are expected to need emergency care. The top three expected injuries are alcohol intoxication, drug poisoning and cuts to hands and feet from broken glass.

Idiots.

This post originally appeared on the Annexe.

Mavericks does not persistently store the key mappings on my Model M clone. It’s infuriating, and had me pondering a Mountain Lion downgrade.

Through some forum searching, I came across KeyRemap4MacBook. It’s bewildering with its numerous duplicated options shoehorned into one window, but my Windows and Alt keys are now mapped to Option and Command.