http://www.cosine.org Life and Ruby and Security Sun, 16 Nov 2008 09:13:58 +0000 http://backend.userland.com/rss092 en This morning I released AVLTree version 0.1.4. The difference from version 0.1.3 is an idea from modifications made to the code by the Samhain folks to improve performance. If you are not familiar with my AVLTree project, it is a C library that implements AVL trees and provides an interface ... http://www.cosine.org/2008/11/16/avltree-014-released/ I wrote a little spreadsheet template language for Excel VBA (Visual Basic for Applications). What for? Say you have a report you create often, and you're thinking of making a macro in Excel to help automate its generation. You want to report on the sales of your ... http://www.cosine.org/2008/10/10/excel-template/ I have spent a lot of hours in the past week working with Mephisto. Mephisto is a blogging platform with aims of eventually being a full-fledged CMS. Overall I like it, but I am uncertain if it is a platform I ought to continue working with at this ... http://www.cosine.org/2008/08/23/mephisto/ Yes, that's right. Today is my last day at my present employer. Two weeks ago I formed my own company, CosineWave Technologies Incorporated, and I will be working for it as a contractor. Here are the primary services that I offer today: Unix Security Security Management Application Development Internal Training Please go to the ... http://www.cosine.org/2008/07/11/independent-contractor/ Thursday, February 28 was a long day for me, but in a good way. It started almost like any normal morning, except I had to wake up 20 minutes early to handle the morning care and feeding of my animals. That task is one my wife usually performs, ... http://www.cosine.org/2008/03/03/chisec-16/ Earlier this month I was playing with a WordPress plugin that would add OpenID support for the blog here. My intention is to make it easier to signup for commenting, while still not opening the flood gates of anonymous posting to avoid spam (I am not a big fan ... http://www.cosine.org/2008/03/01/openid-testing/ Recently Oracle released a 272 page document outlining some recommended best practices when implementing SOA with its suite: http://download.oracle.com/technology/tech/soa/soa_best_practices_1013x_drop3.pdf I was going to review it for its security best practices and WS-Security recommendations... but there are not any. Take that to mean what you will. http://www.cosine.org/2008/02/12/security-missing-oracle-practices/ I just found out that Paul Graham has unleashed Arc upon the world after years and years of teasing us. This is exciting, particularly for what will happen to Ruby. All of the nifty features that make Arc awesome will be extracted into a few Ruby gems in ... http://www.cosine.org/2008/02/06/unleash-arc/ Are you stuck in a J2EE framework that leaves you feeling like this? <statement><personal><timeframe><someday><subject>I</subject><action how="at">look</action><object><name>ruby</name><modifier type="on">rails</modifier></object></someday></timeframe></personal></statement> Why wait? Get out there and get started with Rails today! :) http://www.cosine.org/2008/02/05/ruby-rails/ If you started reading this blog recently, you might wonder where I have been for the last two weeks. I apologize for my absence. I have been extremely busy working with a wonderful team on a new project. I have dedicated all of my spare time to ... http://www.cosine.org/2007/11/14/where/ I have had some thoughts recently about the security of SOA (Service Oriented Architecture). When using SOA, the services are often made available using SOAP (Simple Object Access Protocol) messages communicated using HTTP. Naturally, it is important to keep data secure as it is transmitted from requester to ... http://www.cosine.org/2007/10/25/wss-vs-ssl/ Have you ever been jamming away on a Unix host's command line and wish you could share your session with others? Perhaps you could do so to show someone else something you found on the system? Maybe you want that someone to type a password for you? ... http://www.cosine.org/2007/10/23/multiuser-screen/ In my previous post I introduced the idea of using irb as a desktop calculator. If you are new to Ruby, however, using irb can have the side effect of teaching you Ruby. Everything you type in irb is a Ruby statement. The response you get from ... http://www.cosine.org/2007/10/17/irb-learning-ruby-quick/ One of the things I love about Ruby is that it comes with irb. It is short for Interactive Ruby, and it is a command line tool to interact with an instance of the Ruby interpreter. To start it up just run irb from the command line (Interactive ... http://www.cosine.org/2007/10/11/irb-desktop-calculator/ Sorry for the delay in posts here, but I have been sick the past week, and getting back into my regular routine has been challenging since. Also, rather that just post random musings of the day like many other blogs, I try to provide useful original content based on ... http://www.cosine.org/2007/10/06/internal-machine-security/ This post discusses answers to the Redirection Puzzle. Do not read on if you do not want to see or discuss answers (yet). :) My solution is not very complicated or long at 57 characters (9 of them spaces, 6 of them optional), but it is less than the ideal ... http://www.cosine.org/2007/09/27/answers-redirection-puzzle/ Today's entry here at cosine.org is a little Unix puzzle for everyone to work. I came up with this seven years ago when I was first reading about the Plan 9 shell, rc. Plan 9's shell has a nifty little syntax for connecting a pipe from an arbitrary ... http://www.cosine.org/2007/09/27/redirection-puzzle/ How command line arguments are processed in Unix is important to know when scripting. That which should be a simple script is often troublesome to debug if the arguments to some of the commands get mangled unexpectedly. To help understand what ends up being sent as command line arguments to ... http://www.cosine.org/2007/09/22/mind-arguments/ In my previous post titled Bolting on Security, I mentioned that port 22 is generally not scrutinized as much as 445 when being allowed through a firewall. Obviously the situation varies from incident to incident, but I wanted to say that port 22 really should be looked at more ... http://www.cosine.org/2007/09/18/scrutinizing-ssh/ To build security in your project, you need to make it a consideration from the start. Bolting it on afterward is always a recipe for disaster, and unless you start over with a complete application rewrite you are likely to fail to secure your application in some subtle manner ... http://www.cosine.org/2007/09/14/bolting-security/