36 Chambers – The Legendary Journeys: Execution to the max!

April 14, 2014

Too Rich To Bribe

Filed under: Curmudgeonliness — Kevin Feasel @ 6:00 pm

Steve Sailer questions the idea of finding people too rich to bribe.  I tend to agree and sum it up with a classic Mr. Burns quotation:

Homer: Mr. Burns, you’re the richest man in the world. You own everything!

Mr. Burns: Ah yes, but I’d give it all up for just a little bit more.

The fundamental problem here isn’t finding incorruptible people; that’s practically impossible.  Instead, what they should aim to do is minimize the ability of the government to engage in acts of thievery and reduce its control.  This makes it less valuable to bribe government officials, which means fewer government officials will receive bribes.

April 13, 2014

New Presentation: SQL Injection

Filed under: (In)Security, Database Administration — Kevin Feasel @ 6:00 pm

I will be presenting for the PASS Security virtual chapter on Thursday, April 17, 2014 at 1 PM Eastern.  Attendees can go to the link to register for the webinar.  The talk is entitled “Understanding and Eliminating SQL Injection” and here is the abstract:

Over the past several years, hacktivists, criminals, and people just “out for lulz” have managed to find sensitive data owned by organizations like Sony, Yahoo, NASA, and the U.S. army, among many others. In all of these cases, the attackers exploited websites using SQL injection attacks.

SQL injection is at the top of the Open Web Application Security Project (OWASP) top 10 list and is an important part of one of the SANS 20 critical security controls. This talk will go into what SQL injection is, how attackers can use it, and how to secure your sites so that your CIO and CISO never show up on the evening news.

Although the talk will focus on using the Microsoft stack (IIS, ASP.Net, and SQL Server), the lessons will apply to all web systems everywhere.

April 12, 2014

X-Wing Alliance On Modern Hardware

Filed under: Computinating, Our Favorites — Kevin Feasel @ 6:00 pm

Since I started watching Clone Wars, I’ve felt the urge to go back and play one of the greatest space simulator lines ever:  the X-Wing series.  Folks growing up in the 1990s have fond memories of X-Wing and TIE Fighter as excellent single-player games (TIE Fighter tends to rank high in the hearts of gaming geeks), and one of my time sinks in my youth was X-Wing vs. TIE Fighter (as well as the Balance of Power add-on).  Shortly after XvT, LucasArts released X-Wing Alliance, the final game in the Totally Games X-Wing series.  Unfortunately, LucasArts never came out with any modern space simulators, so all we’re left with were great games from the 1990s.

So here’s the problem with 3D games from the 1990s:  modern video cards tend not to support them.  X-Wing Alliance used DirectX 6.0 (quick note:  we’re up to 10) and all kinds of crazy tricks nVidia and ATI/AMD were glad to deprecate.  This means that if you install X-Wing Alliance on your modern Windows PC (getting around the fact that the game was released a decade before UAC and back when Windows users were always local administrators), chances are good that you won’t get the results you want…at least by default.

This story has a happy ending, though, because we can play X-Wing (and the rest of the games) with upgraded, modern(ish) graphics, on our ultra-powerful machines from the future.  Here’s what you do, keeping in mind that I have an nVidia graphics card from about a year and a half ago.

  • Get a copy of X-Wing Alliance.  Don’t get it new.  In fact, to be honest, I’d consider this abandonware and wouldn’t have any ethical qualms about downloading a copy of the game.  LucasArts won’t make a dime off of it at this point and they haven’t supported the game in over a decade, after all.
  • Installing the game can be a bit tricky.  You need a patch to get the game to pass the Windows version check, saying that yeah, you have Windows 98.  Don’t think about installing this in a Windows 98 VM, though; your 3D card probably won’t work so well through a virtual machine.
  • Once you install the game, make sure to upgrade to version 2.02.  If you can’t get that patch, the next step actually includes it.
  • Now, the game was released in 1999, meaning that it had to run on PCs with 166 MHz processors, 32 MB of RAM, and 4 MB PCI video cards.  Sure, the game looked great at the time, but regardless of how much you love Star Wars, it will look like crap today.  This is why you absolutely need Darksaber’s Ultimate Craft Pack.  X-Wing Alliance was a highly moddable game (thanks for that, Totally Games), and over the past decade or so, people have contributed nicer models, turned on settings that Totally Games originally had off (remember:  crappy hardware), and pushed the graphics engine well past what Totally Games ever could have expected.  For my nVidia setup, I installed the nVidia font fix as well as the No CD crack, and all of the high-resolution models.
  • Once I got that taken care of, I jumped into the game.  On my first mission, pressing T to target a supply crate caused all of the objects to disappear, leaving just the star field.  The game worked fine in Software mode (but that’s crappy rendering and looks terrible!), and apparently, over the past 7 years or so, nVidia changed something in their drivers to make the game no longer work right.  After reading 10 pages of complaints, Reimar saved the day.  Go get XWAHacker.  For me, I ran the fixedclear.bat and 32bitmode.bat files.  The combination of those two changes made it so that I could target objects and perform all the actions without any graphics glitches.  I also used changeres.bat to change the default resolution to give me a widescreen experience.
  • Finally, don’t forget that there were a lot of controls and the game requires a joystick.

Once you do all of that, you’ll get a fantastic game.  Once you finish the default set of missions, you can mod XWA to re-create X-Wing and TIE Fighter with differing levels of success.

Alternatively, you should be able to get the entire series to play on a modern computer…but you won’t find the same upgrade packs, so you’re dealing with old, old graphics.  Still, old graphics beats nothing.

Disney, here’s some free advice:  take these games, put them in a modern engine, and re-release them in 2015 to hype up Star Wars Episode VII:  George Lucas Is Finally Gone.  Get it right and revenues would be fantastic; you’d have a whole new generation of people blowing stuff up in letter-shaped space craft.

An a sigh of relief echoed from across the ocean

Filed under: Sports — Tony Demchak @ 5:26 am

Alex Mack is officially, once again, a Cleveland Brown. This may be the most canny move the new Browns front office has made, which is actually a compliment. (Then again, the bar was pretty set low.)

If you aren’t a Browns fan, I’ll bring you up to speed. The Browns tagged Alex Mack at the beginning of the offseason, but not with the franchise tag. They used the “transition tag”, which is about 20% cheaper than the “franchise tag”, but allows the player to negotiate and even sign a contract with other teams. If he does so, the original team has five days to counter the offer. In fact, if they match the offer, the contract is automatically signed.

The difficulty for the Browns was that they wanted Mack back, but there was feeling from Mack and his agent that he wanted a significant payday in any extension. The Jaguars made this deal as much of a poison pill as possible — he’ll be the highest paid center in the league for the first two years of the deal, and can opt out after the first two years. Plus, he can’t be tagged again per the contract. It’s technically a five year deal, but the feeling, at least at the moment, is that he’ll opt out ASAP. I’m okay with that; I’m confident that the Browns will show enough improvement that he’ll decide to stay. In any case, this was a roll of the dice, and the Browns won. Alex Mack got paid, and we can focus on getting guards that don’t suck in the draft.

April 11, 2014


Filed under: (In)Security — Kevin Feasel @ 6:00 pm

So…it turns out that OpenSSL has been broken for a couple of years.  Most UNIX-based servers are going to be affected.  If you use OpenSSL on a server, get this fixed now.  Many of the big companies are doing so now.  If you don’t, you’re probably going to get several “Hey, you should change your password” e-mails over the next several days.

Bruce Schneier has more.  For a humorous take, check out The Daily WTF.  Several people there make the argument that we shouldn’t use C or other languages without boundary protection for…well, pretty much anything.  Given how easy it is for a good developer to make a catastrophic mistake and for it to sneak by code reviews for years, I think they have a point.

April 10, 2014

SQL Saturday Update

Filed under: Database Administration — Kevin Feasel @ 6:00 pm

SQL Saturday #320 will officially be at Wake Tech North.  We’ve signed the paperwork and will have room for 10 simultaneous sessions.

I’m quite excited about the event and will probably have a couple more updates as we get closer to the go-live date.

April 9, 2014

Going To Derbycon

Filed under: (In)Security, Where's Poochy? — Kevin Feasel @ 6:00 pm

I will be going to Derbycon for my third straight year.  This year, I’m taking Carlos Perez’s training course on using Powershell for defense and post-exploitation.  The last couple of years, I branched out into parts of security in which I had no experience; this is coming a lot closer to my wheelhouse.

I also have submitted a paper for their CFP.  Here’s my title and abstract:

A Gentle Introduction to Security Economics

Why do software manufacturers release software known to be vulnerable? Why are 419 scammers’ e-mails often so poorly written? Is making software open source better for security–or could it actually be worse? These are all questions which we can answer using economic tools. Economics is, at its core, the study of human behavior; given that security is fundamentally a human problem, marrying economic concepts to security analysis can give security researchers a better perspective on the problems we’re all trying to solve.

This talk assumes little to no knowledge of economics among attendees and will feature exactly zero Lagrangian calculations.

This talk is somewhat far afield of your standard Derbycon talk—which tends to be either highly technical or advocacy-related—but with luck, the committee will select my paper and I’ll have a chance to present in front of a brand new audience.

April 8, 2014

Wage Suppression

Filed under: Curmudgeonliness, Economics — Kevin Feasel @ 6:00 pm

Steve Sailer has been posting a lot lately about wage suppression, especially in software development and tech recruiters.  The special agreement hiring policy doesn’t quite say what Sailer’s saying, though—the collusion involves managers, not engineers.

On the other side of things, where I think Sailer’s argument is much stronger, we’re getting our annual “We’ve got to increase immigration or else the US will end!” warnings.

April 7, 2014

New Presentation Laptop

Filed under: Computinating — Kevin Feasel @ 6:00 pm

My current presentation laptop is a 2-core machine with (maxed out) 4 GB of RAM.  That’s fine for doing basic work, but was really getting long in the tooth and prevented me from doing more interesting scenarios, like having several virtual machines interacting at once.

As a result, I decided to upgrade.  I ordered an Asus N550-JV-DB72T notebook.  By default, this comes with a slow hard drive and 8 GB of RAM, but I ended up bumping that to 16 GB of RAM and a 250 GB solid state drive.  At this point, my new laptop will be a bit more powerful than my current desktop machine, and will definitely allow me to do more complicated demos.

I might have a full review of the laptop after I receive it, but that won’t be for at least another week or so.

Thoughts on Wrestlemania

Filed under: Our Favorites, Wrestling — Tony Demchak @ 4:37 pm

As a reminder, I haven’t seen the show, just read recaps. Here are my back of the envelope thoughts:

– With one massive exception, the right person won in every match. I’m happy about that. They didn’t go with my predicted Fatal Four Way, but I’m okay with that. Predictions I was right about: Cena, Bryan in the main event, the Shield, the Usos. That’s 50%!

– Sounds like the only genuinely bad match was the Divas bout, which lacked any kind of direction; A.J. winning isn’t what I expected it, but it’s a perfect legitimate finish, if it eventually leads to her getting some serious competition (*cough* Paige *cough*).

– The Shield squashing Kane and the New Age Outlaws was unexpected. No real angle advancement there either; I guess they aren’t going to be breaking up right away.

– The Cesaro face turn (I know this will be solidified tonight on RAW one way or the other) was brilliantly done, and having him pitch Big Show out of the ring to close out the Battle Royal was genius and a great tip of the cap to Hogan-Andre.

– I’ve heard mixed reviews about Cena-Wyatt; Cena winning isn’t the issue, but how he won. Some say he went SuperCena towards the end; others say there was real doubt in Cena’s mind and that he almost cheated. This feud undoubtedly continues, as it damn well should.

– HHH made Daniel Bryan look awesome in the opener, and the main event was pretty good too. As long as Bryan doesn’t drop the belt tonight, it’s all to the good.


Okay, the elephant in the room: Brock Lesnar breaking the Streak. Keep a few things in mind: 1) They will never have another Streak, at least not on purpose. Even for Undertaker it was largely accidental. 2) Brock Lesnar is a part timer, who wrestles a handful of matches and makes about 20 appearances. 3) This may well be Undertaker’s match.

All of that said… I don’t get it. You’re giving one of the biggest rubs left in the WWE to a guy who arguably doesn’t need it, and won’t be around very much to use it. Now, the rumor is that it was Taker’s call, and that the plan was for Taker to lose to Brock all along. Okay, fine. I don’t like it, but fine. The fact that Taker got hurt during the match might play a role too; again, that would be entirely logical and I would have no complaints. But if it wasn’t Taker’s call… this is a mind-bendingly dumb decision. It’s the very worst example of a swerve for the sake of a swerve.

I have just enough faith in the WWE that I’m willing to bet this third scenario isn’t the right one. I think the first (it was Taker’s call) is the most likely. I still find it very bizarre, all the same.

« Newer PostsOlder Posts »

The Silver is the New Black Theme. Create a free website or blog at WordPress.com.


Get every new post delivered to your Inbox.

Join 74 other followers