Are We There Yet?

Who hasn't had to deal with interference of some kind at one point or another in their life? Sometimes, it's a trivial thing like your cordless phone causing intermittent problems with your wireless network. Or when I'm taking a trip in to town and someone else's iPod cuts in over my car's speakers as I pass a fellow iPod FM transmitter user who has discovered that 89.5 is the only frequency in town suitable for our use.

Those kinds of interference are usually pretty easy to identify and remove. If your cordless phone is causing problems with your wireless network, try changing your network to use another channel. If you can afford it, upgrade your cordless phone to a 5.8 GHz model to get it out of the 2.4 GHz range in use by most wireless networks. If you can't stand your fellow motorist's choice in music as he overwhelms your FM transmitter, speed up, slow down, or change the station. Simple, right?

One of my favorite parts about working in the tech industry is the opportunity to learn new things on an almost daily basis. For me, there are fewer things that I enjoy more than learning something new. It's really easy to get caught up in the fast lane and blow through every day like it's a race to the finish line. The problem with this mentality is that you miss out on a lot of cool and interesting things.

While researching a project I was working on, my research began to take me towards more resources focused on SQL injection attacks. In a nut shell, a SQL injection attack involves providing specially crafted user input to an application that uses that input to construct a SQL statement in order to get additional SQL commands executed during the normal course of operation. The severity of a SQL injection attack depends upon the level of input validation present in the application and how well secured the database server is configured.

I'm not going to say much more about how an attack is done as there's lots of resources out there that go in to much better detail than I care to right here. Start with the Wikipedia article I linked above. Here's another good article that starts with the basics and builds upon that until the full capability of this style of attack is made clear to you.

If the information above makes sense to you (or frightens you), then this next one is going to blow your mind. This video lays it all out in front of you with a real-world example demonstrated in real-time. In the video, a hypothetical web-based business is the target of the attack. As a web-based business, their credit card transactions are processed electronically. This processing is done on a computer with no direct interface to the Internet. Sounds "safe," right?

As you'll see in the video, it's only as safe as the code that makes it all possible. Exploiting the weak user input verification present on the company's web site (and a poorly configured DB server), he shows how a hacker can:

• Build a binary copy of the data contained in the database.
• Snoop around the computer using directory listings.
• Transfer files to and from the targeted machine using TFTP (check your Windows system32 directory - unless you're running Vista, you probably have it).

The end result is that the hacker can use the company's web site to perform just about any action he desires. The interface through which it's done might seem cumbersome, but if you're a hacker, it's a small price to pay when you're got the keys to the kingdom.

Scary stuff, right?

With apologies to guitar god Slash, I have an obsession confession to make. You see, as a self-professed geek, I deal with the occasional fit of desire for a new device or gadget. This by itself can be all the persuasion required by many individuals to translate their indulgence in to a purchase. However, my circumstances are complicated by a streak of frugality that would embarrass most people. I'm told that many years ago when I had attained a constant level of income through my paper route such that I could afford to purchase Christmas presents for my family members, I planned out presents for everyone to limit my expenditures to no more than $10. If I recall correctly, a pack of bubblegum was involved for one of my lucky siblings.

In other words, I rarely cave in to my obsessions. My approach has always been to deny myself the latest gadget or gizmo when the urge strikes. If, after a sufficient quantity of time has passed, the urge continues to surface and cannot be ignored, I begin to entertain the idea of the purchase and determine whether or not it makes fiscal and functional sense. Is it affordable? Will it do something for me from an entertainment or usefulness standpoint that can be easily justified? Are those reasons sufficiently persuasive that they can sway the keeper of the bank accounts?

I've never been a big fan of cold weather. I've always been of the thought that it's easier to deal with hot weather and find ways to cool off than it is to deal with cold weather and find ways to warm up. Thus, I'm rarely happy to see the arrival of winter and am always happy to see it go.

If only the changing of seasons was that clear-cut.

It's currently snowing throughout most of the state of Wisconsin. My little corner of the state is forecast to accumulate 4"-6" of snow when all is said and done. As it's been snowing for the past 10 hours or so, I'd say they're right on target. Since the temperature is hovering between 30-32 F, it's a very dense, heavy, wet snow. The last time it snowed like this, my snowblower didn't handle it very well. Of course, there was also about a foot of it on my driveway, which is still of the gravel variety. Fortunately, the expected temperatures of well above freezing over the next few days should eliminate the need to be proactive about its removal.

For now, I guess I'll just have to dream of a forecast like this.

I had a chance to play a co-worker's Nintendo Wii after work this evening (if you're giggling, please leave now). It's the first time I've ever played with it, much less seen one in person. By all accounts, the Wii is still incredibly hard to find. One of my co-workers happened to get lucky one morning waiting for a Target store to open and was able to snag one from their limited shipment.

There were some problems getting the remotes to function properly at first, which I was told was very odd considering that no problems of that sort had been encountered for the past couple weeks. I seem to have this kind of effect on hardware of all sorts. Monitors wear out prematurely when it's my desk they call home. Removable DVD drives refuse to be recognized when notebooks are booted up in my docking station. Devices that work flawlessly 99.9% of the time refuse to function as intended in my presence.

It's a gift; what else can I say?

Title: Needful Things
Author: Stephen King
Copyright (Original): 1992 (1991)
Pages: 736
More Information: Wikipedia Entry

I read Needful Things for the first time about 15 years ago. It was the second book I had read that was written by Stephen King (The Shining was the first). Although I have enjoyed reading both of these books, I never read many more of his books after this one. Looking through his bibliography, it would appear that the majority of his books that I've read since are those with recent movies based on them, including The Green Mile and Different Seasons (a series of 4 short stories with 3 having spawned movies - The Shawshank Redemption, Stand By Me, and Apt Pupil). I've never read either of his two most popular books (It or The Stand). Perhaps I should do so.

While searching my bookshelf for something to read a month ago, I decided it was time to revisit Needful Things once again.

A couple weeks ago, I wrote about my broken Klipsch ProMedia 2.1 speakers. The flimsy, cheap DIN plug was no longer making a solid connection with the subwoofer. The Klipsch web site continued to show replacement controls pods as unavailable, so I elected to fix them myself instead.

For those that are looking to do the same thing, here's the parts list:

• Broken Klipsch ProMedia 2.1 speakers
• Replacement 5-pin DIN plug (scavenged from a 6ft. MIDI cable)
• Klipsch DIN plug wiring diagram
• A digital multimeter (highly recommended)
• Soldering iron & solder
• Wire strippers
• Electrical tape

I recently started messing with the StyleCatcher Movable Type plug-in to accommodate a few other blogs running on this server. On the surface, it's a great concept. Customizing templates on older versions of Movable Type was a bit of a daunting task and required more time than I cared to dedicate to the task. Now that the base template is centered around CSS, this customization process is a lot easier. Six Apart's style contest was also a great idea to get talented web developers to create a gallery of templates to showcase the changes.

Now that StyleCatcher is properly configured, I can appreciate how streamlined and simple the process can be. Unfortunately, it took a fair amount of tinkering to get to this point and it's still not behaving properly under all circumstances.

Six weeks ago, my monthly TiVo newsletter informed me of a partnership they had formed with Amazon to provide their Unbox video download service to TiVo subscribers. The Unbox service allows you to purchase or "rent" movies and television episodes through the Amazon website. Once your purchase is made, you can download the video to your computer (or potentially multiple computers if the copyright allows) for watching. Your rental is good for 30 days, however that changes to 24 hours once you start playing the video for the first time. Your purchased videos can always be downloaded from the service, so you don't have to store it permanently on your hard drive or TiVo (where space is at a higher premium).

The notice from TiVo came along with a $15 credit to the Unbox service if I signed up by April 30. If you have a TiVo connected to your home network, you've still got a few days to sign up and get the credit, too. Who doesn't like getting something for free? So I signed up so I could try out the service at a later date.

I've spent a fair amount of time over the past 12-18 months reviewing resumes and conducting interviews with people applying for various positions at my company. In that time period, I've been pretty shocked at the quality, or rather the lack thereof, evident in the submissions I receive from many people. Your resume and cover letter is the first thing I'm going to see about you as a prospective employee at my company. It is from this information and how it's presented to me that I will decide whether or not to spend more time conversing with you, up to and including a face-to-face interview. When you consider the fact that: 1) I have other responsibilities on the job outside of hiring, and 2) I have a lot of resumes to go through, it would seem to follow that while your resume isn't going to matter much once you've got the job, it's the single most important factor prior to that event.

With that in mind, here's some advice to the job hunters out there. My advice is being given from the perspective of a small, technology oriented, Web-based business.

...it's bullet time (boooooo).

• A rumor out of a Chinese publication, Commercial Times, states that production on Xbox 360's containing the scaled down 65nm processor could begin this May in time for a Fall release. A less power hungry, cooler-running Xbox 360 would be the straw that breaks this camel's back. Cooler internal temperatures translates in to more reliable hardware, which allays my great fear of the investment. A redesigned main board to take advantage of the changes means an eventual price drop. (via Ars Technica)
• On my way to work every day, I've been watching a new building get constructed on the side of the road. It's finally completed and looks like it's been occupied by an entrepreneur. The name of the store is "Forgotten Treasures" and the windows of the store are filled with dated clothing, old knick-knacks, and other various tchotchke. The store's superficial similarity to Leland Gaunt's Needful Things is rather eerie.
• I rented another movie through Amazon Unbox for my TiVo. It took 2 hours 35 minutes to download a 1 hour 55 minute movie. Until I can watch a movie as it downloads, I still don't see the value of this service. I guess I'm not as opposed to driving to a rental store (or, more likely, skipping the rental altogether) as most people.
• The movie we rented was Man of the Year. We thought we were renting a comedy about a comedian that gets elected the President of the United States. What we got was a not-even-remotely-funny comedy crossed with a thriller about buggy software in a company's electronic voting machines that elects the wrong candidate (who happens to be a comedian) and their subsequent attempts to silence a potential whistle-blower. It's a good thing nothing like that could ever happen, huh?