OS X oddities

This one is not FOSS related, so some readers might wanna skip it.

I noticed two interesting oddities with Mac OS X this week:

1. When I used Skype, the call used to drop every few minutes. It seems that turning the automatic time synchronization (via NTP) off, solves the problem. Usually, this would have been called voodoo. Apparently OS X, just like MS Windows, became quite a bloated OS, so such bugs pop every once in a while, where a reasonable explanation isn't in the horizon.
2. For downloading torrents under OS X, I use Transmission. I had good experience with the Linux version, so it was my first choice. Apparently, it is capable of reaching my full internet connection speed, even during the hours my ISP throttles traffic. I still don't know how this trick is achieved, so I'll dig into it once I'll get the chance.
   

Malware toolkits

It's been a while since I last published here something related to my work. There are few reasons for that, such as some of my work-posts are more of marketing than pure technical achievements.

Anyway, some of you, my readers, had asked me to link here to some of the more technical stuff we do, or explain how a full-blown over-the-internet-attack works. So here are two posts I published in the past few months, demonstrating malware toolkits. Should this post's responses include more specific questions about toolkits, I'll try to answer them in following posts.

1. LuckySploit. This one describes one of the most sohpisticated attacks out there. It is very much oriented to avoid anti-virus products during the infection process. Moreover, the fact this toolkit uses encryption is really impressive.
2. Unique Pack. The funny case with this one is the fact Firefox users weren't vulnerable to this specific attack (Firefox has some vulnerabilities, so keep it updated at all time).

Now I must add the fact that using Linux and/or Firefox doesn't mean one is protected, although it really increases your chances to stay clear. Keep your software updated.

Hello (mobile) World

Yesterday I've completed my first Android application. One can read about mobile platforms all over the place these days, as the competition between them heats up. So I decided to give it a shot.

This is not my first attempt to write a mobile application, as about a year ago I've written some Python apps for Symbian. Moreover, few weeks ago I've written a simple application for the iPhone. This puts me in a position where I've tried coding for most of the popular mobile platforms, except RIM and Windows Mobile.

Quite surprisingly, mobile development environment has reached maturitiy. This manifests in the existance of visual development tools (drag-n'-drop controls), debuggers, code completion, etc. Not having such tools as my day-to-day development (I mainly use vi and notepad++) isn't a big deal, but for mobile development this is a must. The complexity of creating an application is just too big, and reminds me of the first days of J2EE development - tons of XML files, source files, resources, etc.

This also means I got to try Objective-C, as this is the language for iPhone development. I really don't understand why would Apple insist on that language, with such great alternatives.

I expect we'll see even better ways to develop mobile applications, and such applications would take greater market share, as the lines between the desktop and the mobile starts fading away.

Addition: If I had the means, I would have written something for OpenMoko as well.

Japanese is actually a sysadmin language

Got this one today by mail. Quite funny.
If you don't get it - enlarge the image.

Security, UI and things between

I'm not sure when exactly that happened, but it seems I got myself a name of someone who truly hates Microsoft. For instance, yesterday a friend of mine was really shocked to hear some good criticism from me regarding Windows 7. Some of you may be surprised to read this, but I do not hate Microsoft. I have friends working for Microsoft, and I myself once considered a position there.

Yesterday, a friend of mine, who's using IE7 on Windows XP was infected with some virus. It's low detection rates by AV products, suggests it's a rather new one. Luckily enough, I recommend people (including this friend) which are using Windows for some reason, to install Avira AntiVirus, as my profession taught me it is better (most of the time) from the others.
Having used some useful tricks I learned at work, and the handy ThreatExpert, we were able to clean the infection and restore the computer to a healthy state.

After the virus issue was solved, we began quite a long conversation, which lasted today's entire morning and noon, about how the infection was done in the first place, how it could have been avoided, and what measures can be taken to prevent future cases. We both agreed that popular products, such as Windows, Internet Explorer, Adobe Acrobat Reader, and the likes, are much more prone to be trageted by attackers, and this is why much more exploits exists out there to these products. Firefox is no different, in the past few years it gained huge popularity, and to some estimates it controls over 30% of the browsers market - not a number that could be easily ignored. Firefox, as well, is targeted by cyber criminals, and we see many attempts to push malware through its holes. Nonetheless, Firefox's vulnerabilities, once discovered, are handled much quicker than IE's, a fact making it much less exposed to cyber attacks.

So after many persuasions, the friend agreed to install Firefox and use it exclusively for an entire week. Had Firefox failed to supply the goods, he'll try Google's Chrome or Opera.
Soon after he started browsing the web using Firefox, I started getting complaints:

• Firefox is slower than IE. I said he should remove any old Firefox remains he might have, and install it freshly.
• A web site isn't working properly. Not giving a clue why. After I checked the issue, it seemed he missed the Flash add-on. Awkward, as the browser was supposed to say something is wrong. New version of the Flash player was installed - and everything works.
• No apply button in the settings dialog.

What? Wait a second... what was that last point? No apply button?
It never occurred to me that the Windows version of Firefox differs from the one installed on my Ubuntu. Go and have a look at your settings dialog. If you're using Ubuntu (I guess this applies to other Linux-es as well), your settings dialog would include a Close button, and a Help button. Every modification you make, is immediately applied. If you're using Windows, You'd have a OK button, and a Cancel button, but indeed no Apply button. This means that if you make several modifications, you can't easily undo only the last of them. A bug regarding this issue exists ever since 2003, but it doesn't seem to go nowhere.

Maybe Windows users are used to lame UI.

I won't even start about arguing that using a different OS, and a different software stack would solve the entire issue on the first place. But what I heard is a professional user willing to live with virus threats, lame UI, the need to upgrade software manually, accept downtime, and tons of other issues, for reasons I don't fully understand.

Various musings about productivity

Zero Inbox
I've known the term "Zero Inbox" for quite some time, and without really intending to do so, I used to follow that idea. Only recently I found myself flooded with email in my inbox, some of it sent by myself, and I really felt confused. What am I supposed to do now? With what shall I begin?
This can become quite a burden, until everything is back in order. E.g. This blog post was in my head for about two months, but only now I got to the draft I sent myself.
Conclusion: overwhelmed inbox reduces productivity.

Sleepiness
I don't really understand in human physiology, but I noticed something strange about myself: I'm used to sleep between 7-8 hours at night, and this keeps my highly active during the entire day. But it really does depend on when these sleeping hours begin: the earlier, the better. This means sleeping between 00:00-08:00 feels much better than sleeping between 02:00-10:00.
Conclusion: sleeping 8 hours doesn't guarantee productivity. It is only a requirement.

Cubicles
I wish I had worked at Fog Creek, just because they have amazing office space. Instead, my workspace is a cubicle. I know for a fact it is bigger and better equipped than other cubicles out there, but still it holds most of the disadvantages of cubicles. It's like software companies aren't aware to the fact programmers productivity is directly affected by their ability to concentrate for long periods of time.

Music
Different tasks and different moods require different music. Each task has its own music which helps getting into the zone. This is why I have various different genres in my deezer playlists. Music is one tool to solve issues caused due to working in cubicles.

Many things has effect on our productivity, and it is difficult to manage them all. Sometimes we're more productive than in other times, but it is always impotant to be aware of that, and they to improve.

Hello Mac

As I've written before, I always had the passion of installing and messing around with different OSes. Having VMs is fun. Moving from single boot to dual boot to multi boot is even more.

My current victim is Mac OS 10.5.5. Actually these lines are written from within the Safari browser running on that OS. A friend of mine told me he moved from Windows to Linux because it was more fun, and moved from Linux to Mac because things are simpler and everything just works.

After using the Mac OS for two days I really don't get it. Things don't just work. If you're used to something different (say Windows or Linux), you'll need some time to adjust to the interface and to the whereabouts of applications and other stuff.

I guess what all those Mac users are so proud about is not their super-easy super-strong OS, but the very well-done integration between the hardware and the software. Having limited choice between the available hardware (which is also very expensive in Israel), makes the OS design much simpler and easier. No quirks about some obscure WiFi or RAID adapters. All the drivers you need are supplied with the OS, and the OS is built to put this hardware to good use.

Didn't have the chance to go over all of the applications bundled with the OS (time-machine, spotlight, i[Placeholder], etc.), so I can't judge it fully. I think I'll be smarter once I'll be able to compile my first Objective-C "Hello, World!", so I'll be able to compare what's in this OS for developers.