29 August 2007

clock drift in Linux VMWare guest

Today I installed CentOS 5 as a VMWare guest (VMWare server, CentOS 4 host) and had a few problems. The first problem was that when it came time to partition the drive, CentOS didn't think I had any storage. A helpful post on the CentOS forums pointed out that I needed to select LSI (not BusLogic) for the SCSI controller.

And then I found that the clock drift was really bad, and NTP wasn't working for some reason.

http://kbase.redhat.com/faq/FAQ_43_9259.shtm suggested adding the following line to the .vmx file:
tools.syncTime = "TRUE"

This (by itself, anyway) didn't work for me.

http://www.djax.co.uk/kb/linux/vmware_clock_drift.html suggested appending the following items to the kernel command line (in lilo.conf or grub.conf):
nosmp noapic nolapic

That worked like a charm. That article also suggested appending 'clock=pit' if the guest clock runs fast (mine was running slow).

27 August 2007


IGN has downloadable trailers for Aliens vs. Predator: Requiem. Gory, but cool. I liked the previous film--not a great movie (can't touch Alien, Aliens, or Predator), but fun. And this one looks even better. Can't wait.

19 August 2007

Dark Side of the Rainbow

Last week Leo Laporte on the This Week in Tech podcast (episode 109) mentioned something called the Dark Side of the Rainbow, which I'd never heard of before. The idea is that if you play Pink Floyd's Dark Side of the Moon while watching The Wizard of Oz, you'll see and hear a degree of synchronicity: moments where the music and the film seem to intersect.

I've got a copy of that CD, and last night I picked up a copy of the movie on DVD to try it out. All in all, pretty lame. Maybe it's more interesting if you're not sober.

Another worthless Internet rumor propagated by people with too much time on their hands (although it seems like I had enough time on my hands to try it myself *shrug*).

But last night I noticed something interesting about Toto: I don't know how that dog managed to keep so calm with all the histrionics going on around him/her while they were filming that movie.

12 August 2007

Crashing e-passport readers

An RFID expert named Lukas Grunwald presented some interesting research at the recent DefCon. Grunwald was able to read the data from the RFID tag in a US passport, clone it on a writable RFID chip, and replace the image data (the e-passport RFID tag data includes a JPEG2000-format version of the passport's owner). The new image data contained a buffer overflow exploit which Grunwald demonstrated was able to crash two RFID readers. Grunwald's point is that if the readers can be crashed by altering RFID data, the readers could probably also be exploited to do things like approving an expired passport or altering what a customs official would see on his/her screen after scanning the passport.

11 August 2007

'Customize Google' Firefox extension

I just discovered the Customize Google Firefox extension. It has a large number of user preferences which affect your use of Google services. Many of the preferences are privacy-related, including some anonimization features. It can also remove ads in some contexts, and add links to other search engines in some Google search results.

But this extension is interesting to me because it can force HTTPS traffic for Gmail and Google reader, which is especially beneficial for a laptop on a coffee shop wireless network, for example. A recent blog post on dmiessler.com makes a good argument (with packet-sniffing evidence) for encrypting your Gmail traffic. (One of the comments on that post is what directed me to the extension.)

07 August 2007

EPEL repository

A new 'extras'-type repository recently opened for Red Hat Enterprise Linux and CentOS: Extra Packages for Enterprise Linux (EPEL). It has packages for versions 4 and 5. This can supplement the extras at CentOS extras and DAG's RPMs.

06 August 2007

DNSUnpinning review process

I got email late today saying that my Firefox extension is being retained in the sandbox (staying in development) pending user reviews. So if you are so inclined, I encourage you to post a user review. As an incentive, by downloading the extension, you'll be able to view the source code for a simple Firefox extention (it's got an .xpi extension, but it's really just a zip file). So if you ever had the urge to write an extension, this might be a good place to start.

If you'd like to post a review, you can either sign up for a developer account and post the review that way (here are a few notes about that), or you can write an external review (I assume that comments to this blog would work for that). If you sign up for a developer account, you'll be able to see the extension's sandbox page. Or you can visit the project home page.

To review the extension, go to about:config and search for the network.dnsCacheEntries item. You should be able to see this item's value change between 0 and 1 when toggling the extension menu item. If you run your own DNS or aren't afraid to fiddle with your hosts file, you might be able to observe the browser caching (or not caching) IP addresses.

I don't have access to a Mac, so a review of the extension by a Mac user might be useful. And the more details your review provides, the more likely it is to have an impact on the evaluation process.

05 August 2007

DNSUnpinning Firefox extension

I wrote a Firefox extension yesterday. Nothing very exciting--it just toggles a user preference. It's called DNSUnpinning, and can disable/enable IP address caching in Firefox. This has consequences for the same-origin policy in Web browsers: some phishing-related attacks take advantage of the fact that browsers tend to cache IP addresses for 60 seconds.

I created a developer account at the Firefox Add-ons site according to the MozillaZine page about sharing extensions. If you'd like to check out the extension, it's currently available on my DNSUnpinning page. The extensions now goes into a review process, and if it's accepted, it'll start showing up on the list of official Firefox extensions.

04 August 2007

Light bulb comparison

Yesterday Neutral Existence published an interesting comparison of incandescent, compact florescent (CFL), and LED light bulbs. Looks like CFLs come out on top, with incandescent in last place. The blog post also points out that LED bulbs have less mercury in them than CFLs, and that LED bulbs may get cheaper over time.

I've never tried LED light bulbs (and only recently bought my first CFLs), but I have an LED flashlight, and I like it. It doesn't seem to focus light as well as a traditional (incandescent) flashlight, but it's pretty bright, and I never have to worry about replacing the bulb. And the batteries seem to last a long time.

03 August 2007

Link goatsed

A co-worker just pointed out that a link in my OSCON 2007: Thursday post went to a ghastly gay male porn site. I think it was the correct link at the time (or I may have copied it down wrong), or else something happened to that domain. Anyway, my apologies to anyone who followed that link (slides for the vim talk) and was appalled.