Tuesday, July 24, 2007

in ur datacenter, breakin ur web 2.0

So apparently, according to this site, either a power outage or a drunken employee (or both) knocked several popular web sites offline this evening, including LiveJournal, Craigslist, TypePad, and Technorati.

I searched Google News for the name of the datacenter, 365 Main. All I found was COMEDY GOLD.

Which makes me believe that I can no longer use Google for breaking news. I ended up finding this information on Digg, which is a big win for "Web 2.0".

(Despite the fact that Digg seems to be the only "Web 2.0" site up and running right now, that is.)

Thursday, July 19, 2007

Wikivice referers

I was checking out the HTTP referers to Wikivice, and I noticed a handful that came in from this blog.

I didn't even know a handful of people READ this blog.

I love you, whoever you are!

Oddly enough, there were even people coming in from my Twitter post (http://twitter.com/tkrpata), and I *know* nobody reads that!

(Sidenote: I hate writing "HTTP referer," because I'm never sure if I should spell it correctly, or spell it the way it shows up in the HTTP header.)

Monday, July 16, 2007


Today I launched a new web site called Wikivice (the free advice column that anyone can edit). The idea is that the community will collaborate to write the best answer to a given question, much like on Wikipedia the community collaborates to write the best entry on a given subject.

I'm hoping to get some traffic by word-of-mouth, and go from there. I think this has the potential to be great, but I need to build a solid user community in order for the site to be a success.


Friday, July 6, 2007

My OMGWTF Calculator

A while back, I submitted an entry to the Worse than Failure Olympiad of Misguided Geeks contest. I didn't win, but I thought my entry was somewhat clever.

The contest was to implement a 4-function calculator in the most "WTF" way possible. My entry took advantage of the fact that floating point representation of the correct result of each test case was also an invalid memory address. I performed the calculations in the expected way, but instead of returning the result, I attempted to write to that memory location.
sprintf( (char *) *(int *) &r, "paula = brillant");
There was some amount of type punning that needed to happen in order to maintain the float representation of the result, as you can see.

I set up a signal handler to handle SIGSEGV (segmentation fault), and used setjmp/longjmp to return the invalid address/correct result at a known-good location in the program. I set up a similar handler for SIGFPE (floating point exception) to correctly report an error when attempting to divide by zero. The meat of it occurs in this conditional:
if(sigsetjmp(err_env, 1)) {
} else if(int result = sigsetjmp(ans_env, 1)) {
siginfo_t *sigInfo = (siginfo_t *)result;
sprintf(newText, "%g", *(float *)&sigInfo->si_addr);
} else {
DoOperation(g_Operator, op1, op2);
As you can see, the result is contained in the si_addr field of the appropriate siginfo_t struct.

Some of the winners obviously put a lot of thought and time into their entries, and I was very impressed at the creativity they showed. I'm also proud of my little idea, and I had a lot of fun writing it!

Tuesday, July 3, 2007

Extending IDS into the virtual environment

I'm going to just credit my colleague Nick for this idea, and maybe someday he can point to this blog post to prove that he thought of it first.

We've been exploring our options for IDS visibility into a virtual switch in order to monitor traffic between VM's; that is, traffic that never shows up on the physical NIC. I've discovered, though I need to confirm, that if you allow a virtual NIC on a VM to enter promiscuous mode on VMWare ESX server, the virtual switch port becomes effectively a span port. Based on this, I've been trying to think of an efficient way to shuttle that sniffed traffic off of the VM and get it where I need it to go.

Nick suggested that perhaps Sourcefire (and IDS vendors in general, too) should just offer a virtual version of their IPS appliance that you can just bring up on your VMWare server. This is so head-slappingly obvious that I can't believe it's not currently an option.