René Rebe

alert tcp any any -> any any (msg:”My TEST rule”; flow:stateless; sid:66666;)

So we got some new PC server mainboard, and the latest greatest AMD Phenom II X6 CPU. Of course the BIOS would not recognized the CPU, just list an “unknown” CPU, and let it run at a bare 800MHz. Apparently no real OS wanted to boot in protected mode either. So I thought it’d be a good idea to update the BIOS to the latest, greatest. However, turned out that wasn’t so much of an good idea: after the update the board would not boot up anymore. No sign of the BIOS at all, …

The board vendor, however, was so nice to handle our support inquiry nicely and sent out a new 8-pin, serial EEPROM last Friday, and it even arrived the following day, that is Saturday!

So with the new EPROM in the board it actually booted again (puh!), and re-reading the BIOS Release Notes I found that it indicates running the DOS flash EXE with some special arguments, that I obviously did not include when I just run it intuitively the fist time:

PFUDOS.EXE FILENAME /p /b /c

How nice. If I would author some BIOS flash utility, I would rather write it in a way that a run with default, that is without fancy parameters would produce a reasonable, good outcome, …

Anyway, another note: After booting I removed the second, new, good ROM and injected the old, bad flash, and then used above run with fancy parameters to flash it again, and voila: I finally had an BIOS ROM with the latest version that worked !

And yet another note: Flashing from an bootable USB stick with FreeDOS worked just fine.

Is that they apparently are often only not so well integrated facades, with poor error handling. When they work, they are nice and pretty, but woe some system-call returns an error, or backend program quits unexpectedly. Then those shiny facades become annoying, hard to control monsters. Two cases in point:

As I write this I’m trying to sync my father’s in law iBook files to a brand new MacBook. Thanks to the dismiss of Firewire I may do so by the means of the Migration Assistant via Ethernet. So far so good. Until you hit the “an system call returns an error” condition: Turned out the assistant just did not want to run thru yesterday. Hanging at 99%, 1 minute remaining the whole afternoon. One could not even cancel or quit it (the “woe something goes wrong and your are lost” condition). I’d thought I give it a second run over the night, maybe it completes. Of course it didn’t, … The iBook system log revealed, i/o error, certainly some sectors gone bad. How nice. It certainly could have skipped some unreadable files. As resolution I unpacked my Unix skills and rsync‘ed the whole user’s home directory to our office file server. Turned out it where just 2 files (images in the photo library) rsync spotted with i/o errors and skipped over gracefully, warned about at the end. Actually rsync was coded with some extra intelligence, to re-try files with errors a second time at the end! Btw, from the system log it looked that the Migration Assitent uses Racoon/IPsec internally to encrypt the transfer internally, over the air or on the wire. I somehow get the feeling the errors handling in Apple’s assistant is not so well tested after all.

Which brings me to the second example. Actually also a bad hard disk: My brother recently got a brand new Mac mini. He unpacked it and wanted to apply his Time Machine backup from the sold MacBook (Pro I think). He tried all, again and again, but it just did not want to run thru. So without his files restored he started to work on the machine, which inhabited a pretty odd behavior, even I had not seen before: every now and then, like every few minutes, or just once an hour the whole machine would lock solid, with just the colorful mouse cursor ball spinning around, no audio playback, nothing, for a could of minutes. And then, suddenly, as if nothing happened, it would continue to operate normally. My brother was already totally perplex and mad on the just new Mac mini when I came over the other day (it’s 300km, IIRC it was around CeBIT 2010). I’d also not know what to make of it. Running too hot? Noisy PCB wires resulting in stray, random memory content? Though the later would shure rather result in kernel panics. Anyway, my first loved click on the Console to browse the famous system log an there it was: i/o errors every now and then, … (on a just onboxed Mac mini!). The world’s most advanced operating system, that just got even better really could have pop’ed up some nice information dialog, or put some yellow exclamation mark on the hard disk icon, or the top menu, whatever, ….

Somehow I see a repeating pattern here: disk quality issues paired with notorious bad habit not to check for, and handle system call error conditions gracefully.

What the heck? How can it possibly be that broken???

For some time now I excessively used Mac OS X (Safari) Dashboard Web Clips, for most part to blend in various server loads. While in theory a nice thing: this stuff just does not work quite right!!! On one day or another (usually after the Mac slept the night) some stupid Web Clips just won’t refresh anymore, showing old, previous day content. While so far I usually just have removed and re-added it in this case, today I thought I’d rather reboot in the hope it would refresh and appear right. Wrong! Now all Web Clips in a row show a totally different spot of the statistics site from what I previously set it up to show?!?!

@Steve Jobs Instead of bashing Flash all day for being broken (which in contrast to OS X itself didn’t really ever crash on me under OS X) could your Apple developer please get some basic fancy UI stuff going right???

Previously the Web Clips covered about the area marked in red, and as I mentioned showed a totally different spot of the underlying website, …

Oh, and while at it, some snap to grid would also be awesome! That way the dashboard would not look as cluttered, though, well, maybe that is how Steve’s desk looks like, …

ExactCODE just released another major ExactScan product family update: the new version 2.10 brings the teased major surpise Most notably is the new and novel TWAIN Bridge. It allows to utilize the many built-in drivers built into ExactScan from other, third-party TWAIN applications.

Another magical feature is the new flatbed de-skew. While previous versions of ExactScan already came with, what I would call, industry leading auto-crop and de-skew for scan with the built-in drivers from the ADF (Automatic Document Feeder), recent advancements in our in-house R&D (Research & Development) allowed us to add truely revolutionary de-skew even for flatbed scans! It allows to intelligently track objects on the flatbed glass and auto-crop and de-skew sufficient rectangular objects, such as: letters, receipts, post-cards, CD covers, coaster, etc.

Of course we also continue work as usual on the next maintenance update.

Read more: ExactScan homepage

So, you are just hacking on your boot loader, BIOS? Need to verify the executable binary you get out of GCC, LLVM? Or need poke into it otherwise, because some commercial, binary-only does not want to behave?

objdump -D -b binary -mi386 -Maddr16,data16 thy-binary

After the amazing success of the last, and very focused ExactScan release we continued the same with OCRKit. Version 1.2 shipped with hundreds of new internal test cases and all bugs closed that our valued customers brought to our attention, not to mention the always improved recognition accuracy. Oh, and last but not least we engineered a new de-screen filter that we also put into this OCRKit release, it can drastically help recognizing text on dotted background, like 25% or 50% dot background as used so often in popular spreadsheet applications.

Simply dag’n drop your files on the OCRKit application icon.

Today (yes, a Saturday, don’t ask I have to work any day, …) I had to hunt an ugly bug for a custom. Actually that gdchart, an aging PHP charing extension, does not work with PHP 5.3. Actually an issue that is all over the web and zillion of people want to see work and a patch for.

I wonder why there are no patches for this apparently kind of prominent issue. Anyway, after too much time diving thru all the mess that is PHP (yeah, I’d prefer nearly any language, such as Lua, but that is a different topic), I found the culprit the all so often “private, modified, and statically linked copy of a library” problem. Point in case: libgd, an albeit aging and ugly graphic library by itself.

So PHP 5.3 changed the symbol visibility and no long exports the libgd symbols the gdchart extension needs to perform it’s work. So after finding all this out the fix (or workaround, whatever you wanna name it) was trivial. I wonder why noone else came up with a fix, yet. Though, maybe PHP website constructors are just not up to digging thru such details.

Point being: Don’t ever, never ever, copy a library into your project and link it in statically. You’ll doing anyone a favor. Not yourself, not the distributors, nor the users. Yes, I understand it’s tempting, and worst historic coding practice. But don’t! It will just duplicate workload and headache. Not only will it age, be subject to security issues, bugs and lagging features long after the upstream library was improved. You’re unlikely doing a better job on it than the original authors. And from my T2 experience I know it! Maintaining all the thousand packages I have seen it all: from zlib, to libjpeg, libtiff, libpng, libgd, or lua, you name it.

And for the higher educated readers: You will also waste storage space by having the same executable code bundled multiple times, as well as also consume more virtual memory as those multiple executable chunks have to be mapped into memory multiple times as well, …

Subject says all! It is great to see modern, efficient, and supposedly not patent encumbered codec pushed by a major vendor.

It got a new name, too: Now called WebM = VP8 + Vorbis in an Matroska container.

Update: Apparently does not really live up to expectations, … Though at least more open video codec code, and traction in the X.264 patent debate against Theora, et al.

Update 2: And in T2.

So Android 2.2 adds JIT, Just-In-Time compilation of the Dalvik Java VM. This must be a joke. They tried to compete on the mobile space with that slow apps? Against other, native, frameworks. No wonder Android was that lagging. And it took them over 5 years to get to JIT? I’m feeling lucky I didn’t got an Android phone