ADO.NET and Connection Timeouts

Today I've written some code at work which is connecting to a SQL Server DB via C# code. The code is executing some heavy SQL transactions, so it is supposed to take a while before it completes its tasks.

Knowing this, I've set the "Connection Timeout" correctly on the connection string, to a big enough number, so my connection won't timeout during the execution of the query.

Setting this option seem to be ineffective in some cases, as my code kept getting kicked with a "Connection Timeout" exception. After over 30 minutes of digging around I finally found the culprit. It seems that SqlCommand objects doesn't inherit the timeout configuration from the connection string, rather they have their own 30 seconds timeout default. So in order to overcome this, one should set "command.CommandTimeout=...".

Still didn't find any explanation for this behavior that would convince me it is rational.

Adium failing to connect to GTalk solved

Every once in a while a different IM client is giving me a hard time to connect to the Google Talk service. Empathy, Pidgin, Adium, you-name-it.

For all other services, an upgrade, or re-adding the account solves the issue. With Adium, this seems to be consistent.

Not anymore.

In order to have Adium connect to GTalk correctly, open the account preferences, and in the "options" tab, change the port to 80 (the default is 5222). Leave none of the check boxes checked. And that's it. Adium now connects to GTalk perfectly.

Anti-Social Networking - Part 2

In the previous time I wrote about this topic, the main issue was people using social networks and how little they really know about their "friends". This time I want to argue something a bit more extreme: people are knowingly becoming more distant when choosing such network as a way of communication, rather than becoming closer.

I'll explain.

In my last birthday I was a little insulted by friends not calling to wish me a happy birthday. It's not that such people are not my friends anymore, it's just that they offloaded some of their knowledge about their friends to some on-line database, so it's a little bit easier on their heads. The same thing happened when we stopped memorizing phone numbers of our dearest, simply because it is stored on a SIM card, and it's easier that way. The problem here was that only people which are members at the same database (e.g facebook) could one keep information about. So people forget birthday dates.

I thought "oh, OK, I don't have a facebook account, so people forget about me". Just this week I considered opening an account, and the strangest thing happened: a friend who's active on facebook had a birthday and told me how insulted he was that most of his friends didn't bother calling him and wish him a happy birthday. It's not that they forget, It's just that they preferred leaving him a short message on facebook: "happy birthday". Being easier than sending an SMS message, leaving a message on facebook seems to be even more insulting.

So instead of enriching this friend's social life, he feels facebook has degraded those. His main dilemma right after seeing all those messages was whether to reply to each and every one, or not. And what to do with those written on the wall?

Is this the case for everybody on social networks? I don't know.

Is there a reason people leave such messages and don't do real social activity (such as calling)? I believe that yes, there is. It is faster, cheaper and doesn't require any human interaction.

I'm still pessimistic thing will get any better before they'll get worse.

ChromeOS first impression

Since this is the hot topic of the day, and I too was curious about this OS, I decided to give it a shot.
So I downloaded that torrent that everyone seems to download, and attached the virtual disk to a VM under VirtualBox.

My feelings about this OS are mixed. It seems to accomplish its main goal: an OS which is capable of running a browser, and nothing but the browser. The browser is good (Chrome), and renders sites with flash and other complexities correctly. But Hebrew isn't rendered well, or even not at all. This would become a major drawback if I want to further test it, because I read mail and RSS feeds in Hebrew, and without those, the OS isn't useful at all.

The jail-ing mechanism of the OS works as expected. Although I did only a very short test, it seems to be impossible to break the jail. This is great in terms of security. But then again, if I had root access to the OS, I could've installed Hebrew support...
My bet is that soon more security researchers will dig for Chrome (the browser) bugs, and utilize it to gain local access (for whatever it's worth, as the OS isn't intended to run from a HDD).

While I agree that some netbooks users are using netbooks purely for browsing the web, I don't think Google has any advantage over the competitors. It is possible to create a stripped down disto of Linux that does just that (hey, that's what ChromeOS is all about), and I bet someone at Microsoft is playing with creating a stripped down version of Windows that does exactly the same. Boot time in both cases can be reduced considerably, and a security jail can be created as well. The advantage of such solution will be the support for a wider range of hardware and maybe even local storage, should it be necessary.

Finally, with the iPhone OS, maemo, Android, ChromeOS and the other new OSes from the past 3 years, it seems we're entering the age of ad-hoc OSes. I wonder how good the communication between those will be.

Using Wubi without torrent

Wubi is a great way to test Linux (any Ubuntu variant) without having to mess with partitioning the disk or changing the boot loader. I recommend it to anyone who wishes to take the first steps into Linux, and afraid to jump to the deep water.

Other than that, Wubi is also perfect for people who cannot repartition their HDD for whatever reason it may be. Also, since it adds an entry to the "add/remove programs" control panel, it is easy to get rid of the installation if one finds it disappointing or want to proceed to the next level of installing Linux on a real partition.

When using Wubi, the installer will attempt to download the installation media using the bittorrent protocol. This might be a problem if you're using a network which doesn't allow torrents to be downloaded. This is the case with some corporate networks and with ISPs that block torrent traffic. In these cases, it is still possible to use Wubi, without having to download a torrent.

To do this, one needs to download the Ubuntu (again, any variant would do) installation media, or rip it from a CD/DVD, and have the ISO file in the same folder as the Wubi executable. Now, when running Wubi, it would recognize the ISO file, and skip the download all together. Since it is possible to download or rip the ISO without the bittorrent protocol, the problem is solved.

Enjoy your new Linux installation.

Media Streaming

As I might have mentioned before, I'm the proud owner of a PopcornHour A110. Having such a device in the living room reminds me of the excitement of the first portable MP3 player I had.

Besides the awesomeness of being able to stream everything to my TV, it is possible to configure the A110 to do other cool stuff. Here's a list of my recommendation:

1. Using the Community Software Installer for NMT, it is possible to install additional software on the A110. Since the OS is NMT (which is Unix-like) and it runs a PHP-enabled web server, almost everyone can write additional software for the A110. I recommend adding a SSH-server and the transmission bittorrent client. The torrent client can be managed remotely via port 9091. This means that once these services are installed, the A110 becomes a full fledged downloading machine, and not just a mere streamer.

2. Using a media jukebox software, such as YAMJ, gives the second power-boost to the device. It adds amazingly looking menus with movie posters, plot summaries and other information. Also, if configured correctly, it'll pull Hebrew subtitles automatically (!!!), which is a great bonus.

3. The A110 has a service which makes it a UPnP server. This means it can stream media to other devices at home, such as a gaming console or a laptop. So the streaming works both ways.

The setup in my house didn't give me the option of having an Ethernet cable between my router (which is in a different room, along with the PC) and the A110. Drilling or passing thru tunnels in the walls wasn't an option either. Since using the Wifi dongle isn't very much recommended, I decided to put a 802.11n access point in the living room. This tiny device does a great job, even when streaming HD content, and the A110 believes it is connected to a wired network, which is easier to manage. Initial configuration of the AP was a little annoying, though.

Should any of the reader be interested in further information of my setup, I'll be glad to share it.

OS updates

Ubuntu
This weekend I finally found the time to upgrade one of my Ubuntu machines to 9.10. The upgrade went perfectly well, and the system indeed seem to boot way faster. Also, the enhanced look is great. Finally, this is the first release not giving me hard time with the 64bit flash player and Firefox. This means that sound can be played back simultaneously inside the browser and by external app without any issues.

Edit: while writing this post I noticed that the new version is way faster when it comes to filesystems and opening files. My pictures on an NTFS partition load considerably faster.

Windows 7
Things with 64bit Windows 7 are a little less stable. My HP DeskJet driver completely crashes the printer spooler whenever printed to. Disabling the spooler causes the entire desktop (explorer) to crash (!!!).
So to avoid replacing my printer just to use Windows, I thought I should give a shot to "XP Mode". Surprsingly - it worked. The funny thing is the "XP Mode" installation screen, which includes a funny typo (see below). For the English speakers, it says "The installation program will reduce Windows XP mode on your computer". Well, typos happen. Even for those with gigantic QA departments...

Surfing on waves

Yesterday I got my Google Wave invitation. Of course I immediately signed-in and started digging around. Actually, there isn't much to see, especially since I have only 6 contacts there, and I'm in real contact with only 2 of them. That's not enough people to "wave" with, so I send some invites to some more people which requested invites before, and didn't get them. It appears that the invite process is taking a few days, so I'm still quite alone there.

Anyway, along with this other person, I started checking out all of those features promised in the intro video. Many features aren't implemented yet, which makes the experience very incomplete. Most importantly, I was hoping to publish this post from Google Wave, but the plug-in simply does nothing.

After a few hours of blipping, we got this one giant wave, which is very much not readable, and there's no way of understanding what's going on within. The fact you can post replies in the middle and anywhere else makes it very difficult to follow. Also, you must use keyboard shortcuts if you really want an uncrippled experience.

Finally, I can say that while I am excited to be part of this beta, I think this platform isn't revolutionary. It's a nicer way to have email (like GMail interface is better than Outlook), and an awful way to do IM. Perhaps when the plugins would work it'll be better.

Connected Home

Right now I'm sitting in the living room, with my laptop, writing these lines and having some background tabs in the browser which stream some TED talks and YouTube videos. Girlfriend is near the PC, streaming some Internet radio while searching the web for stuff. My cellphone (Nokia N95) is connected over the WiFi and runs fring and occasionally some other apps which requires Internet access. The popcorn hour (a topic for another post) is on, pulling some software from the net as well. Everything works perfectly smooth. I have an Internet-enabled home. Wait, where do I find a WiFi-supporting toaster?

Do you trust your AntiVirus?

I know the topic of "how crappy signature based AVs are" is already beaten, and there are thousands of other posts about it, but I had to give it my own perspective.

But first, I guess you are running an OS which leaves you no choice but having an AV running. Otherwise, you're probably reading this for fun and knowledge, which is even better.

The vulnerability I'll be discussing about is quite old now (8 months), and is about the way Adobe Acrobat Reader parses PDF files with JBIG streams within. You can read an analysis of the vulnerability in other places. Since this isn't a new vulnerability, you'd guess that by now AV products would be able to block it well. You guess wrong.

I've taken a sample which is generally blocked by most AV products, and did a little modification to the 5th byte in the stream. The modification left the 6th bit on, so the file is still malicious. Now have a look at the first picture below - only 1 AV caught it as malicious.

Let's make another modification and change some few more bits, still leaving the 6th bit on... drum roll... not even a single AV did the job (second picture below). The file has passed and could potentially exploit the unsuspecting user who believes that having a decent AV would keep him safe.

Improving impression in job interviews - Part 2

Only recently I discussed about the possibility of improving the impression at job interviews using credit you earn in online activities. Now it gets another approval. Today Jeff Atwood declared some sort of integration between StackOverflow and one's CV. This is another way for a potential employer to get a better understanding about just how good you are, even before you get to the interview.

Having a respectful StackOverflow/SuperUser/ServerFault account might prove itself useful the next time you look for a job.

Respect

Usually I don't publish stuff I do at work in this blog, since we have a different blog for that, and most of the stuff doesn't justify re-writing or there's nothing I can elaborate.
This time it is different, since Bruce Schneier has quoted us, which is something that's considered as a great respect in the security community.

The URLZone trojan is very sophisticated, since it fakes the displayed balance in the bank site, so the end user could never tell the money was stolen. Also, the trojan uses the current opened session to the bank, so it doesn't need to send the account credentials nowhere.

If you like to read a great technical analysis of this trojan, you can find it in our blog.

The SMS will die

For sometime now I've been using fring on my Nokia smartphone to communicate with my IM buddies. I can tell it is very convenient, and VoIP quality for both Skype and GoogleTalk is excellent.

Since most 3G subscribers today also pay for a data plan (which basically means - Internet traffic), applications such as fring would become more and more popular. Leaving it on for the entire month, just for texting, wouldn't drain even the most basic data plan. Using it for some VoIP calls would push the bandwidth usage and might bring it to the limit. Even so, using SkypeOut or GoogleTalk instead of long distance calls would make the price of a larger data plan quite reasonable.

I believe that eventually everyone would be connected to their IM service(s) while using a mobile device, and would use it for text messages. This would probably mean that the SMS would die, as it wouldn't make sense anymore to pay (even if it is only few cents) for 140 chars anymore.

Remote control Ubuntu and Hebrew

I guess most of you already know the ability to turn on the "remote desktop" feature in Ubuntu, which basically allows you to remote control the desktop using the VNC protocol (Ubuntu/Gnome uses vino-server for that).

Some people, including me, are used to have problems when it comes to keyboard layout switching using this configuration. This means that under some circumstances (especially when remote controlling using Windows), you cannot switch between keyboard layouts, and thus cannot type in Hebrew or other languages.

Most solutions on the net include modifying some configuration files manually. Since I'm always looking for cleaner solutions, I continued digging, and found out that using the latest UltraVNC client solved this issue. You can use it and switch keyboard layouts freely.

Improving impression in job interviews

My C.V includes this line saying I'm involved with Open-Source software development. Most interviewers even asked me about this, and about which projects I engaged. Not even a single one had questioned for the reason. I guess this is obvious that one is passionate about the profession if he/she has a software hobby on the side, and especially if it is pure contribution which doesn't bring any profit. So I recommend all of you one of the two:

1. If you're engaged with the FOSS community, and contribute in any way, even if it is testing or translations, you should brag about it in your C.V.
2. If you're not engaged with the FOSS community, and looking for a hobby (which doesn't necessary takes a lot of time), you should look for a piece of software you like and use, be it a torrent client, chat client, the tiniest usability app - and see what you can do to improve it. Maybe start by reporting bugs and/or try to fix them, or simply add a translation to your native language.

Recently it seems employers are getting even more ways of telling how good programmer you are, without even asking you questions or bringing you to an interview. Take for example Trollim, which ultimately allows you to get a rank which says just how good you are. Or take Google Code Jam, which doesn't "rank" you, but says something about you if you participate and advance. Specifying to your would-be-employer that you have participated in such activities, shows something about you and your passion to the profession. Think about it.

Heating up

Since I have a special place in my heart to Oracle and its products, I thought I'd share with you an ad Oracle has published today. This as is supposed to make Sun customers feel better after Sun was purchased by Oracle.

I didn't see that coming, an ad which directly challenges IBM to compete with Oracle. Also, Ellison's confidence is admirable. Looking forward to see how it evolves.

FUD

Read this on neowin today.

Well, they do have to give the retailers something to argue about with a potential customer, but at least get the facts right.

Becoming number 1

Recently I stumbled upon this great lecture by Joel Spolsky.

There's a part at the beginning where he demonstrates how Windows behaves when he wants to upload a picture taken using a digital camera to the web. This is very much true, and us, computer people, can know that only by seeing somebody else having this bad experience. In my case, all I have to do is see what my mom succeeds in doing alone, and in what actions she fails and require my help.

Every now and than I consider moving her from the much-giving-trouble XP she uses now, to a different environment, which would support her better, and make my life easier. Problem is no matter which move it'll be (except than a newer Windows), it'll force her to give up on IE, which is still required every now and than by some Israeli web sites she visits.

Media Center connectivity with Nokia N95

If you are a lucky owner of a Nokia N95 or other advanced N-series device, you should know your device supports the DLNA protocol. This protocol is basically an extension to the well known UPnP, which was designed for media devices, such as media centers, gaming consoles, DVDs, and yes, multimedia smartphones.

Since the Symbian menu hierarchy is rather complicated, I challenge you to find on your own the "Home Media" application, and lunch it. After the wizard completes, you should be able to share media files (pics, videos and music) between other devices you might have, and the mobile phone.

This way, If you have a PS3, just let it scan for network devices, and see how it finds the mobile phone and displays its contents. It can even stream music from it.

After I managed to successfully play files from my N95 on my Windows Media Center and play files from the PC on the device (requires Windows Media Player 11), I decided I should try my favorite Media Center software - Elisa. Since Elisa is DLNA compatible, and is open-source, I had thought this one is gonna be an easy task. So I was wrong. I am yet to crack this thing. For some reason, Elisa refuses to see other devices, and doesn't display the N95. As far as I can tell, no one has succeeded yet in doing so.

So as I was about to give up, I decided to put Apple's FrontRow to the test. Nada. Doesn't work as well. So I'm stuck with Windows software.

Now that you know your N-series device has such an amazing capabilities, please go on and try to make it work with Elisa or a different open-source Media Center software. I would really love to see this one working.

Israel becoming a Mac country?

Judging by the amount of media coverage Apple's products gets in the Israeli blogsphere and media lately, one could think that most computers in Israel actually carry the bitten Apple logo.

And I'm not even talking about the iPhone, which is going to flood the cellular market here. Estimates say that by next year, 15% of mobile devices will be iPhones.

Since we're a land of hackers, this means many more OS X installations will be done, as the development tools runs exclusively on OS X.

But look at how many articles there's out there about the next version of OS X, the pricing, estimates about features and arrival date to Israel, etc. Since when does anybody in Israel care about Mac so much?

Maybe this is part of the move of Israel becoming another star on the American flag - just like Americans favors the Mac, so will the Israeli. Time will tell.

How to get rid of the pesky Windows Error Reporting popups

Today at work I've been developing something to automate part of my Windows malware analysis routine (so many malware for Windows, one gotta automate it). Problem is the code isn't perfect, and malware causes many kinds of corner cases. So for every few hundred files, it crashes with the annoying Windows send/don't-send dialog (or the simple error reporting's OK/Cancel dialog).

When running this over thousands of files at a time, this could be really annoying, especially if I go and do something else in the mean while, so there's no one to close the dialog.

After digging around, I found this gem. A tool called ClickOff that automatically responds for dialogs, and can fill up forms, etc. I configured it to close the Windows error dialog, and now everything works smoothly without me having to watch over it.

I guess Windows operations weren't made to be script-ed or automated, so one has to use 3rd party tools to overcome this. Maybe this is why Administrators hate Windows.

Amazing social engineering technique

Yesterday, a collegue of mine (and a friend) published this post on Finjan's blog.

I won't dig into the details, you can read it there. What amazes me is how great the social engineering and SEO techniques used by Koobface are, and how effective it is.

Finally, it is quite rare to read a detailed explanation which covers the attack from A to Z.

Obvious message that reduces motivation

Today I noticed that Skype offers me to upgrade from version 3 to version 4. I know this isn't very new, yet I didn't upgrade so far since I don't like the new UI.

Now I noticed this message in the upgrade offer: "...keep all your contacts and settings".

What? If I couldn't keep my contacts and settings between upgrades, I would have never used Skype! My requirement to keep such things is so obvious, that the fact the message is presented makes one worried: if the message wasn't displayed, would it mean my contacts will be lost forever???

You snooze, you lose

Two days ago, we've found something really nice at work, which is worth blogging about. So we wrote down a draft and started the long workflow of getting it approved. By the time we were about to finish, we found out someone else has already wrote about it.

We missed the chance to be the first to publish about this issue only by few hours. But as I mentioned before, professional blogging makes one much slower and less dynamic.

Computing MD5 sum in Python

So, you're writing some Python code which requires computation of an MD5 sum of a given input file. Don't worry, it's quite easy. Following are two ways to achieve this.

Method one: compute the MD5 sum using Python's APIs:

infile = open("filename", 'rb')
content = infile.read()
infile.close()
m = hashlib.md5() # don't forget to "import hashlib"
m.update(content)
md5 = m.hexdigest() # now the md5 variable contains the MD5 sum

Method two: using the OS command `md5` on Linux, or the Windows command line utility available for download:

p = subprocess.Popen("md5 " + "filename", shell = True, stdout=subprocess.PIPE) # don't forget to "import subprocess"
md5 = p.stdout.readline().split() # now the md5 variable contains the MD5 sum
p.wait() # some clean up

That all folks.

Awkward WPA2 Issue

Yesterday I was at my brother's, trying to fix a WiFi problem he had for the past six months. The problem existed ever since I set up the wireless network at his house, which probably says something about me :(.

Anyway, the problem is like that: the network works fine with the PC connected to it via cable, and with our Nokia smartphones connected to it via WiFi. Also, a PS3 device is connected wirelessly.
The only device not working properly is a Dell laptop. The laptop was able to connect to the network after a long time, and then only web browsing worked. No instant messenger, no e-mail, no file-sharing. Only the web, and quite slow.

I eliminated the possibility the problem is around open ports and/or port forwarding, after messing with it for about an hour or so. I also noticed some things started working once I disabled the Windows firewall.
Also, everything worked perfectly when the firewall was on, and we used a neighbor's unsecured wireless network.

Then it hit me that the problem might be in the network security. After few minutes I had everything working perfectly: changed the security setting from WPA2 to WPA, and that's it!

I hate to think that some problems are voodoo problems, but this one had all the symptoms. Until today I found out this is a well known issue with Dell laptops. Someone I consider an expert explained:

1. You can try and upgrade the driver. But it doesn't always work.
2. You can reduce security to WPA, but that, as we all know, means the network is hack-able.
3. You can use an external WiFi NIC.

Too bad I didn't know it on the first place. Considering the situation, I'll leave the network with WPA security and hope for the best.

Why reboot, why?

My goal for last Sunday was: be able to talk in Skype and/or other VoIP clients without being "cabled" to my PC. Connecting my Nokia N95 wireless-ly will be a bonus.

So I bought a Bluetooth adapter, and decided to use the BT headset I used with my cell phone. Compare the installation process between different OSes:

Windows: Connected BT adapter. Windows driver automatically installed. Added BT software. Reboot. Upgraded BT software. Reboot. Paired BT headset. Launched Skype. Skype BT add-on installed. Reboot. Upgraded Nokia PC Suite. Reboot. Everything works.

OS X: Connected BT adapter. Paired BT headset. Launched Skype. Installed Nokia Mac software. Paired Nokia. Everything works.

All of those reboots took me a lot of time, so I didn't manage yet to test it on Linux. Rumor says I'll need some special software like in Windows (making the BT headset function as an audio I/O device), so I might update about it when done. Even though, I don't expect any reboots to take place.

Why on earth did I have to reboot that much?

Viruses In Linux

Many Linux users, and non-Linux users, believe Linux is a virus-free OS.
Other believe that even if a virus hits a Linux machine, the impact would be little, as it runs without root privileges.

So the shocking news are: both wrong. Linux distros has bugs and vulnerabilities which can be exploited for malicious activities. Such can include remote-control trojans, rootkits, data-theft, and so on. Those viruses gains root access without the user's acknowledgment.

Recently I found at work a server hosting tons of Linux viruses, with the source code, which exploits recent kernels used in modern distros. Here are few examples.

I don't want to raise any panic. Linux is still way safer than Windows. So does OS X. This is mostly due to the fact those OSes are far less popular on the desktop. Also, updates are released faster, and thanks to package management, installed regardless which piece of software is vulnerable.

Anti-Social Networking

I admit: the only social network I'm taking part of is LinkedIn. I don't like twitter, because I don't feel the urge to talk into the void. I don't use facebook, because I'm not looking for a date. The list goes on...

One side effect I noticed about social networks, facebook specifically, is the fact they encourage anti-social behavior. I'll explain. In the past few months two of my friends (which are not related to one another) got back from a long trip abroad, and found new jobs. Some mutual friends of mine were able to tell me the details about the pictures uploaded to facebook, and the job title of those that came back. But that's it. Nothing else. Most of them didn't consider calling or meeting and get the details about the trips or the jobs. In my opinion, this is what matter most. Seeing someone's pictures is one thing, but listening to the experience and the stories around the trip is entirely different.

So those who gets updated through somebody's profile might think they know the person in question, but in fact, they know nothing.

Other side effect is the fact some people are relying too much on those networks as the means of communication and the primary source of knowledge about those they are connected to. Others, rely on the network's updates about people's status, birthdays, couple-state (single, with a g/f or b/f, married, ...), etc. too much. No updates - no knowledge.

The sad ending of this post is the fact I don't think things are going to change for the better. We'll rely more and more on technology to do our tasks, including social tasks, and our brains will become degenerated.

Ireland. Tags

First, allow me to apologize for not updating my blog in a while. I have a good reason for that: I just got back from Ireland. Wanna see? Here.
Ireland is a great place for a trip, and I would highly recommend it. Perhaps I'll dedicate a post about things to do and things not to do there.

Second, starting from this post, I'm adding labels to the posts. "OpenSource" will naturally be about open-source software. "General" has nothing to do with anything else except my life and musings (such as a post about Ireland). "Technology" - well, enough said...
If I understand correctly, readers could choose to subscribe to specific labels only. I'd still prefer you'll read everything I write, but hey, that's up to you.

OS X oddities

This one is not FOSS related, so some readers might wanna skip it.

I noticed two interesting oddities with Mac OS X this week:

1. When I used Skype, the call used to drop every few minutes. It seems that turning the automatic time synchronization (via NTP) off, solves the problem. Usually, this would have been called voodoo. Apparently OS X, just like MS Windows, became quite a bloated OS, so such bugs pop every once in a while, where a reasonable explanation isn't in the horizon.
2. For downloading torrents under OS X, I use Transmission. I had good experience with the Linux version, so it was my first choice. Apparently, it is capable of reaching my full internet connection speed, even during the hours my ISP throttles traffic. I still don't know how this trick is achieved, so I'll dig into it once I'll get the chance.
   

Malware toolkits

It's been a while since I last published here something related to my work. There are few reasons for that, such as some of my work-posts are more of marketing than pure technical achievements.

Anyway, some of you, my readers, had asked me to link here to some of the more technical stuff we do, or explain how a full-blown over-the-internet-attack works. So here are two posts I published in the past few months, demonstrating malware toolkits. Should this post's responses include more specific questions about toolkits, I'll try to answer them in following posts.

1. LuckySploit. This one describes one of the most sohpisticated attacks out there. It is very much oriented to avoid anti-virus products during the infection process. Moreover, the fact this toolkit uses encryption is really impressive.
2. Unique Pack. The funny case with this one is the fact Firefox users weren't vulnerable to this specific attack (Firefox has some vulnerabilities, so keep it updated at all time).

Now I must add the fact that using Linux and/or Firefox doesn't mean one is protected, although it really increases your chances to stay clear. Keep your software updated.

Hello (mobile) World

Yesterday I've completed my first Android application. One can read about mobile platforms all over the place these days, as the competition between them heats up. So I decided to give it a shot.

This is not my first attempt to write a mobile application, as about a year ago I've written some Python apps for Symbian. Moreover, few weeks ago I've written a simple application for the iPhone. This puts me in a position where I've tried coding for most of the popular mobile platforms, except RIM and Windows Mobile.

Quite surprisingly, mobile development environment has reached maturitiy. This manifests in the existance of visual development tools (drag-n'-drop controls), debuggers, code completion, etc. Not having such tools as my day-to-day development (I mainly use vi and notepad++) isn't a big deal, but for mobile development this is a must. The complexity of creating an application is just too big, and reminds me of the first days of J2EE development - tons of XML files, source files, resources, etc.

This also means I got to try Objective-C, as this is the language for iPhone development. I really don't understand why would Apple insist on that language, with such great alternatives.

I expect we'll see even better ways to develop mobile applications, and such applications would take greater market share, as the lines between the desktop and the mobile starts fading away.

Addition: If I had the means, I would have written something for OpenMoko as well.

Japanese is actually a sysadmin language

Got this one today by mail. Quite funny.
If you don't get it - enlarge the image.

Security, UI and things between

I'm not sure when exactly that happened, but it seems I got myself a name of someone who truly hates Microsoft. For instance, yesterday a friend of mine was really shocked to hear some good criticism from me regarding Windows 7. Some of you may be surprised to read this, but I do not hate Microsoft. I have friends working for Microsoft, and I myself once considered a position there.

Yesterday, a friend of mine, who's using IE7 on Windows XP was infected with some virus. It's low detection rates by AV products, suggests it's a rather new one. Luckily enough, I recommend people (including this friend) which are using Windows for some reason, to install Avira AntiVirus, as my profession taught me it is better (most of the time) from the others.
Having used some useful tricks I learned at work, and the handy ThreatExpert, we were able to clean the infection and restore the computer to a healthy state.

After the virus issue was solved, we began quite a long conversation, which lasted today's entire morning and noon, about how the infection was done in the first place, how it could have been avoided, and what measures can be taken to prevent future cases. We both agreed that popular products, such as Windows, Internet Explorer, Adobe Acrobat Reader, and the likes, are much more prone to be trageted by attackers, and this is why much more exploits exists out there to these products. Firefox is no different, in the past few years it gained huge popularity, and to some estimates it controls over 30% of the browsers market - not a number that could be easily ignored. Firefox, as well, is targeted by cyber criminals, and we see many attempts to push malware through its holes. Nonetheless, Firefox's vulnerabilities, once discovered, are handled much quicker than IE's, a fact making it much less exposed to cyber attacks.

So after many persuasions, the friend agreed to install Firefox and use it exclusively for an entire week. Had Firefox failed to supply the goods, he'll try Google's Chrome or Opera.
Soon after he started browsing the web using Firefox, I started getting complaints:

• Firefox is slower than IE. I said he should remove any old Firefox remains he might have, and install it freshly.
• A web site isn't working properly. Not giving a clue why. After I checked the issue, it seemed he missed the Flash add-on. Awkward, as the browser was supposed to say something is wrong. New version of the Flash player was installed - and everything works.
• No apply button in the settings dialog.

What? Wait a second... what was that last point? No apply button?
It never occurred to me that the Windows version of Firefox differs from the one installed on my Ubuntu. Go and have a look at your settings dialog. If you're using Ubuntu (I guess this applies to other Linux-es as well), your settings dialog would include a Close button, and a Help button. Every modification you make, is immediately applied. If you're using Windows, You'd have a OK button, and a Cancel button, but indeed no Apply button. This means that if you make several modifications, you can't easily undo only the last of them. A bug regarding this issue exists ever since 2003, but it doesn't seem to go nowhere.

Maybe Windows users are used to lame UI.

I won't even start about arguing that using a different OS, and a different software stack would solve the entire issue on the first place. But what I heard is a professional user willing to live with virus threats, lame UI, the need to upgrade software manually, accept downtime, and tons of other issues, for reasons I don't fully understand.

Various musings about productivity

Zero Inbox
I've known the term "Zero Inbox" for quite some time, and without really intending to do so, I used to follow that idea. Only recently I found myself flooded with email in my inbox, some of it sent by myself, and I really felt confused. What am I supposed to do now? With what shall I begin?
This can become quite a burden, until everything is back in order. E.g. This blog post was in my head for about two months, but only now I got to the draft I sent myself.
Conclusion: overwhelmed inbox reduces productivity.

Sleepiness
I don't really understand in human physiology, but I noticed something strange about myself: I'm used to sleep between 7-8 hours at night, and this keeps my highly active during the entire day. But it really does depend on when these sleeping hours begin: the earlier, the better. This means sleeping between 00:00-08:00 feels much better than sleeping between 02:00-10:00.
Conclusion: sleeping 8 hours doesn't guarantee productivity. It is only a requirement.

Cubicles
I wish I had worked at Fog Creek, just because they have amazing office space. Instead, my workspace is a cubicle. I know for a fact it is bigger and better equipped than other cubicles out there, but still it holds most of the disadvantages of cubicles. It's like software companies aren't aware to the fact programmers productivity is directly affected by their ability to concentrate for long periods of time.

Music
Different tasks and different moods require different music. Each task has its own music which helps getting into the zone. This is why I have various different genres in my deezer playlists. Music is one tool to solve issues caused due to working in cubicles.

Many things has effect on our productivity, and it is difficult to manage them all. Sometimes we're more productive than in other times, but it is always impotant to be aware of that, and they to improve.

Hello Mac

As I've written before, I always had the passion of installing and messing around with different OSes. Having VMs is fun. Moving from single boot to dual boot to multi boot is even more.

My current victim is Mac OS 10.5.5. Actually these lines are written from within the Safari browser running on that OS. A friend of mine told me he moved from Windows to Linux because it was more fun, and moved from Linux to Mac because things are simpler and everything just works.

After using the Mac OS for two days I really don't get it. Things don't just work. If you're used to something different (say Windows or Linux), you'll need some time to adjust to the interface and to the whereabouts of applications and other stuff.

I guess what all those Mac users are so proud about is not their super-easy super-strong OS, but the very well-done integration between the hardware and the software. Having limited choice between the available hardware (which is also very expensive in Israel), makes the OS design much simpler and easier. No quirks about some obscure WiFi or RAID adapters. All the drivers you need are supplied with the OS, and the OS is built to put this hardware to good use.

Didn't have the chance to go over all of the applications bundled with the OS (time-machine, spotlight, i[Placeholder], etc.), so I can't judge it fully. I think I'll be smarter once I'll be able to compile my first Objective-C "Hello, World!", so I'll be able to compare what's in this OS for developers.

ISP traffic shaping - cont. (2)

Still continuing my posts about Israeli ISPs which perform traffic shaping without admitting it. This time: does a certain ISP encourage piracy?

I must admit it - I consider myself as a PC gamer (the only real reason to have Windows installed). Generally, computer and console games in Israel are expensive. Too expensive. A while ago I became familiar with a cool service from Valve: steam. I believe this service is the right direction of gaming companies, so they could survive the on-going piracy in the field.

Now check out this forum question in steam. You read it right, 012 is known to be blocking steam and games traffic. I checked it, and it is true. Without firewall or anything else to disturb steam, it simply can't connect steam servers to update itself.

Whether this is done on purpose or by ignorance doesn't matter. 012's customers are left without the option to use steam. So a customer which wouldn't afford itself the 3x price of the store, might turn to the less legal option... everybody loses.

Helping sysadmins

Ever since I worked as a sysadmin, I was waiting for something like serverfault to come out. This is a sister-site for stackoverflow, which I have blogged about before. Last night I logged in for the first time to serverfault, entered my OpenID (based on my blogger account), and my profile was converted from stackoverflow. Now I already own the first badge there.

Sorry for the short post, I hope I'll get back to blogging soon.

ISP traffic shaping - cont.

Thought it might be a good idea to update you regarding latest developments and research results since the previous post.

I've been trying the 1.9 beta of uTorrent (available for Windows, runs perfectly under Wine on Linux), since I heard it supports uTP. The reason uTP is important, is because it is believed that ISPs aren't "shaping" this sort of traffic. The experiment seems to be progressing well, as download speeds increased, but still not perfect - not everyone uses uTP-enabled torrent client. But still, now my computer downloads from other computers accross the world, at high speeds, using the new protocol.

So there are few problems which still keeps me from getting my full bendwidth:

1. No open-source implementation of the protocol - slower adoptation.
2. Few closed clients are implementing the protocol, and are still in beta - slower adoptation.
3. ISP still "shapes" other protocols. Annoying.
4. Future problem: will the ISP "shape" uTP?

Happy passover.

Conficker coming to Linux

I guess that by now you've all read about the latest threat over Windows-running PCs - the Conficker worm. So far Conficker had shown some very impressive capabilities, both in infecting innocent machines, and in evading AV products and other security measures.

Today I found at work a Conficker mutation which affects Linux-running computers. Currently it seems to be targeting only specific, debian-based, distros, such as Ubuntu.

Users of older versions of Ubuntu (7.10 and below) are protected due to usage of older kernel.

Everyone who uses newer versions, hurry up and downgrade, or install a more secure and solid OS such as Windows Millenium Edition.

ISP traffic shaping

As I've written before, I'm using file-sharing every now and than, to download a new version of my Linux distro (and other distros for testing), or to download a TV show which doesn't show in Israel, or I cannot watch by other means. Also, as you may all know, the best way to do so, is using a torrent client, such as Transmission, uTorrent, Vuze, etc.

It seems ISPs in Israel (and probably world wide) are playing a double-game. Their first interest is to sell us as much bandwidth as possible. Only recently a new commercial went on-air telling us how much more music and movies can be downloaded if one would double their bandwidth. On the other hand - it seems some ISPs are doing traffic shaping.

Me and a friend of mine are both subscribers of a large ISP, which has the word "gold" in its name, and we are quite sick and tired of this. After doing some thorough tests, we came to a conclusion that torrent traffic is being limited during most of the day. In those hours, the torrent would download at full throttle only from clients subscribed to the same (our) ISP. As for the rest - download rate was roughly 1KBPS. At about 2AM, the limitation is removed, and all of a sudden those same clients started sending data at blazingly fast rates, which lasted until morning.

What bothers me more is the fact there's no transparency regarding traffic shaping. If I'm being limited - I want to know about it. Some uses are legitimate, and consumers must be aware for those limitations. Moreover, what if other services are "shaped" as well, such as the bandwidth-consuming youtube? I like watching youtube videos at HD, and don't want those to be choppy (and I noticed they sometimes do).

So what do you think? Is your ISP shaping your traffic? Also - what can be done about it?

IE8 optional in Windows 7

Is this true? If so, it doesn't mention how could one install a different browser (so you have to use IE8 to download another browser). Interesting.

Either way - this is a good step toward making Windows a safer OS.

What matters in a web browser

I've been installing variety of browsers ever since there were browsers to choose from. I like playing with them, comparing them, and just have them lying around.

Today I've installed Safari 4 beta. What can I say, the Apple dudes delivered what they had promised - a blazingly fast browser, slick UI, and it has the coolness atmosphere that surrounds Apple products. Actually, it feels like the fastest browser I've ever used. Moreover, Hebrew support is great, and many problematic Israeli websites are loaded as perfect as they load on MS's browser - only way faster.
So I played with the cover-flow interface, browsed some heavy websites - and closed it. I don't think I'll get back to it anytime soon (unless for finding some vulnerabilities within). Why?
It seems that since its 0.9 version, I always got back to Firefox after trying different browsers. Chrome was the only browser that stole me for an entire week. Why?

I know the answer. Although it is not the prettiest, not the fastest, nor the best supported browser - it has a HUGE community. And what does this community bring? Free (as in freedom and as in beer) add-ons. Without my ad-block, foxmarks, Firebug, proxy-switcher, screengrab, themes, etc. I'm totally lost. Those add-ons really make the difference! The Internet looks and behaves differently (in a bad manner) without them. So no matter what the other company will bring out the the factory - that browser doesn't stand a chance until it starts supporting FF's add-ons. This reminds a little the hold MS has on the desktop applications - one is so familiar and comfortable with them, that making a switch could be a hard decision.

So what add-ons do you have on your fox?

Lunix is Soviet

This one is simply hilarious. As much as it's old, it's still funny. Not sure whether the writer was joking or is a complete idiot.
And what king of a parent will you be?

Giving a hint

Every major DB I know supports some sort of "hinting" mechanism. What is it and why is it needed?

When a DB compiles a SQL query in order to execute it, it also decides about the best way to execute that query: which data to fetch first, which indexes are to be used, how to perform joins, how many rows to retrieve, etc. The quality of these decisions has major impact over the performance of the query.
As part of this process, a component usually known as the optimizer is running. This component is required for the construction of the execution plan, and sometimes it takes "drastic" measures, such as rewriting the query so that WHERE conditions would be executed in a different order.
Over the years RDBMS providers had put a lot of effort in order to achieve the best possible optimizer. In the course of time it started using statistics (based on ranking mechanisms and previous queries). But before that happened, each RDBMS provided an extension to the query syntax (SQL) so the developer could provide some hint to the optimizer about how he thinks the query should be executed. As the years went by, providers started recommending to avoid those hints, as the optimizer usually did a better job.

I hadn't seen a good optimizer hint for some years now, until this week. I was trying to improve some query in MS SQL Server which lasted forever, and involved an external data source. After I was about to give up and rewrite the code, I decided to give it one last chance. Digging in the execution plans I realized MS's optimizer did awful job in executing the query, so I check their hint syntax. My addition to the code was "OPTION (hash join)", and viola, the query completed within few seconds. Impressive improvement.

Improving the query (by better building it) will always be better than adding a hint, but when all else fails, this might be the only solution.

Personal [Different] Taste

Recently I noticed I tend to disagree with many reviews I read or opinions I hear. Here are some examples:

• I like playing "Need for speed: Undercover". I think it's a good game, which reminds me "Most Wanted" very much. Every single review I read about this game, and EA's strategy of the entire series, is very negative. I do agree the previous game (ProStreet) was a complete waste of money (yeah, I have an original DVD), but the new one is pure fun.
• Since I'm talking about games - I hate "Dead Space" and "Fallout 3". These were considered some of the top games of 2008 by most gaming-review sites. What can I say? I think they're horrible.
• I like KDE 4.2. I noticed that every time Linus' is switching his desktop, I switch the other way around. And not by purpose.

Also, it seems I have quite different opinions than some of my friends when it comes to movies, music, politics, you-name-it.
Good thing that in all of those fields we are not bound to some monopoly corporation, so we can choose what we like according to our personal taste.

Telco. in Israel and dirty tricks

I've been thinking about this post for quite some time, and it just keeps expanding in my mind, so it's time to write it down. Warning: this one is off-topic, and has nothing to do with technology, so some readers might want to stop reading now.

In the last year I was tricked by at least three media and telco. providers in Israel. In our little market, no one wants to be the "fra'yer", and it's a matter of principle. This is why I'm disposing my experience here, so some of you might avoid it. I know that using this blog would bring me more audience then I could reach otherwise.

Bezeq
This is still the largest phone company in Israel, and it used to be considered a monopoly until not many years ago. Seems like they have a habit of forcing users to upgrade their Internet connection speed, unwillingly, or the user would have to face a huge bureaucracy blockade. I know this trick was pulled on some friends as well, so it has to be systematic. Here's how it goes:

1. Happy user gets a phone call from a Bezeq's sales representative, offering him to upgrade his Internet connection speed at price of 10 NIS. Cheap, right?
2. User agrees, and as directed, calls to the ISP in order to upgrade the speed it provides. Such upgrades usually require 12-18 months commitments, otherwise, higher (unreasonable) price will be charged.
3. User is doing a speed test and discovers the speed remains as it was before - no upgrade was done. 2 phone calls are required (first to ISP, second to Bezeq) just to discover that Bezeq hadn't upgrade the speed. Support guy (or girl) says (quote): "It's impossible we offered you such price, as we don't have such offering at the moment. I can upgrade your speed at X NIS, though" (X >> 10).
4. Case a: user agrees, and now he has upgraded Internet connection at a price higher then he was willing to pay in the first place. -> Bezeq wins.
   Case b: user disagrees. The support guy interprets the "disagree" to "agree" and starts charging the user with the higher price, without any user conformation (such as 4 last digits of credit card, or ID number). This the user will discover only at the next month's bill. Canceling that will cost the user a lot of time and phone calls. -> Bezeq wins.
   Case c: user argues with support guy, and gets a new price, Y NIS(Y < X, Y >> 10). -> Bezeq wins.

In my own private case, I managed to confront the Bezeq dude with the ISP dude, which convinced my nice ISP that Bezeq was pulling dirty tricks on me, and my ISP price remained as the old one. No extra charge. Nice. Also, I left Bezeq. Bezeq lose.
If you get such upgrade call from Bezeq, beware. It's gonna cost you alot more then you think.
Also, this proves another lesson: always record support phone calls. This might prove useful.

Orange
Last year I moved to Orange as part of a consolidation of my cell phones providers (had too many). With my private bill I am very satisfied, and all is OK. But with my parents' bill (which moved to Orange along with me), I'm very upset.

When signing with Orange, we asked them to block all paid content (3G Internet, international calls, etc.), since my parents don't want those, and never intend to use those. Just for the record, my parents barely know how to dial a number, and doesn't even know how to send SMS.
On the first bill they got, we had our first surprise - 2 SMS were sent to Denmark. The support guy (or girl...) insisted these SMS were indeed sent, and only after quite a while they convinced there's no way my parents would send such messages, and gave the money back.

One month later, a new bill came, this time we found out my parents were watching 20 minutes of streaming TV in their cell phones (these costs more than a few NIS). Again a call to support, which insisted the media was indeed watched. It took me over 30 minutes of arguing and insisting some technician who has access to antenna logs, would check those - just to prove my point: the antenna which allegedly sent the streaming media, never hosted my parent's phones.

Few months ago, another extra charge - this time, some ringtones were downloaded.
If you read carefully, you would know that such services were completely blocked in the service agreement. Again, 20 minutes phone call, and the charge is cancelled.

Hot
The most annoying thing in Israel is the fact that "the competition is no better". The Hot incident is not as complicated as those above, but yet very annoying.

I admit it, I download TV serieses which doesn't show in Israel, or shows in a long delay (what's the point in the delay, when all of the Internet is filled with spoilers, right?). When I heard Hot will broadcast the new Lost season in a 3 day delay I said to myself (and to some of my friends) I will pay for the cable company, and watch it on TV, instead of downloading it.
The Hot web site mentioned that if I missed the chapter, I will be able to watch it on VOD. Since I'm paying 10 NIS for the VOD service, I was happy with the thought I'll be able to watch it whenever I want, right on my TV.

Wrong. I started watching the first chapter 30 minutes late, so I used the cool Start-Over trick they provide. Half-way through the chapter, I got a message saying "Too many people are trying to watch the chapter, please try again later.". Later? I cannot Start-Over a chapter which already ended? What kind of service is that?

So I opted for the VOD option later that night, and to my surprise I found out that I will have to pay 5 NIS for each chapter. WTF? Why didn't you say that in the first place? Did you drop my Start-Over session just so you could extra-charge me for the VOD? Grrr...
Good thing they provide fast Internet (if you know what I mean)...

The illusion of being protected

Yesterday I published another blog post at my work place.

This incident is quite problematic, as it represents our inability to really trust 3rd party sources. Usually, when browsing the web using Firefox, one could think "hey, this one is Open Source, so I'm safe while browsing the Internet", but this is not the case. The fact some of Firefox security relies on some other service, which we have no control over, makes it partially-closed. This is why such engines cannot be trusted as the only line of defense.

Commercial fail

Recently some of my friends discovered the FAIL Blog. Ever since, I'm waiting to see the items they'll share via Google Reader, as most of the times those things are so funny that I have to laugh out loud.
Today I saw this "commercial fail" for Microsoft Songsmith. Such a long promo, so much effort in finding this little girl and the father, writing them some lyrics, and one couldn't find a PC laptop which looks good enough to be in a commercial? You gotta be joking.
I guess the next commercial will feature a Windows application running under Wine or something...

Deploying to Production

I was reading today this interesting post about what happened when someone realized he forgot to put production code on a production machine. As you could have guessed, a small scale catastrophe happened as the service went down.
You all know this situation: you're developing or installing something, testing it, giving its URL (or other method of access) to other developers, and all of a sudden - it's production.
Normally, this is the time the product would be installed on a production-worthy server, with DRP procedures and the rest of the things that are must-have for production. But from time to time such things are missed. I know this, because I was in this situation before, and because I'm in this situation right now. I'm maintaining production code on my workstation, and I cannot turn it off for a few days because of that. Moreover, in order to avoid the need of changing the scheduled task's password (when my password expires) which is involved with this code, I used this scheduling trick. At least I have everything under source control, so when a disaster happens, I'm only half-screwed.
So it might be a good thing that such things happen, as long as they happen to someone else, to it reminds us to put our production stuff on production.

How many options is enough?

Ways to see a divx movie on your TV:

• run cables from the computer to the TV.
• buy a divx-capable dvd player, and burn the movie.
• ... or buy one with a USB slot.
• use a laptop connected to the TV.
• buy/build HTPC.
• buy a steamer.
• use a gaming console (playstation, xbox, etc.).
• buy a TV which is capable of playing divx movies which are loaded on SD cards or some USB device.
• buy a divx-capable protable dvd player.
• IPod?
  
• use multimedia-enable mobile phone, such as Nokia's N95.
• convert to movie to another format and play with appropriate device (e.g old-fashioned dvd player).

I guess I might have forgotten some options, but you got the point.
Maybe next time: how to play your MP3 files everywhere.

Source control ang bug tracking

Ever since I was shown my first source control and bug tracking systems (ClearCase and ClearQuest they were), I grew really fond of their ideas. Since then I got to use many of the other tools, such as CVS, Subversion, Bazaar and Source(-not-)Safe in the source-code side, and LaunchPad and Bugzilla in the bug-tracking side.

I was planning for some time now to write my thought about those tools, and perhaps provide some recommendations which are based on my personal experience.
In the meanwhile, as I was doing some research about the topic, I found a really nice book about SCM, which I want to quote:

Our universities often don't teach people how to do source control. We graduate with Computer Science degrees. We know more than we'll ever need to know about discrete math, artificial intelligence and the design of virtual memory systems. But many of us enter the workforce with no knowledge of how to use any of the basic tools of software development, including bug-tracking, unit testing, code coverage, source control, or even IDEs.

Our employers don't teach people how to do source control. In fact, many employers provide their developers with no training at all.

SCM tool vendors don't teach people how to do source control. We provide documentation on our products, but the help and the manuals usually amount to simple explanations of the program's menus and dialogs. We sort of assume that our customers come to us with a basic background.

I think this says it all about the lack of human knowledge about source-control and the importance of it. I recall how once a graduate of a popular programming course told me that the experience given in that course, when it comes to source-control, is worth much more than the knowledge provided in the entire CS degree.

And for those who think that bug-tracking systems are meant for bugs only - here's a correction: I was using such systems even when I was an Oracle Applications DBA, in order to manage the workflow required to get a patch installed, tested and moved-to-production.

Possibilities are endless, and the long term benefits of having such systems in place are priceless.

Not managing your code (sources, scripts, documentation, configuration) and bugs yet? Go and start doing so now.

Beta (RC1) testing

This time I'm not going to talk about beta testing of Windows 7, as I wasn't much impressed by it. Anyway, starting from tomorrow, with the release of the public beta, the web is going to be flooded with beta-testers notes. Instead, I decided to get back to the one desktop environment I test every time a new major release arrives: KDE.

When KDE 4.0 came out, I gave it a try, but I didn't like it, so I removed it altogether. Now, with KDE 4.2 coming up, and me developing a taste in UI, I thought I should go for another round.

Thanks to this and this, I got the ultimate test environment - a chroot-ed KDE, which even supports the desktop special effects. No virtualization and without messing the host.

So what do I think so far? Overall, the OS looks great, and is very functional. The effects are smooth and nice, Hebrew works perfectly, and applications seems ready for the public. Didn't find anything yet to report a bug on, but that might take some time.
Two disappointing things:

1. Couldn't make Kopete connect to Google Talk.
2. Konqueror.

Actually, the second is so problematic, I had to write this post using Firefox.

Bottom line, the kde4daily over chroot is highly recommended for all of you out there who aren't afraid of technology. While KDE 4.2 is not ready as a complete desktop environment, I think that with the right additions (OpenOffice, Firefox) it would be good enough to set the higher standards for all of the rest of the desktops (regardless the OS).

Information Explosion OR RSS Hell

Last week I was blogging about the importance of producing information. I urge everyone I know to blog about their thoughts, findings, ideas or just nonsense. But like every other coin, this too has two sides.

This morning I got sick and tired from the RSS reader I used at work - Outlook 2007. Quite frankly, this is the worst RSS reader I've ever used. The straw that broke the camel's back was when Outlook stopped syncing feeds, and lost my stuff. So I moved to another RSS reader, and used my exported OPML file in order to keep my entire reading list. After the import completed successfully I realized I have too much stuff to read; my reading list is composed from way over 50 blogs, most of which are important to read. So sorting them and reading them consumes a considerable amount of time (before I even start with mailing lists...).

When I come home, I have a different reading list, which in turn is composed from about 50 blogs or so. It has been quite a while since I last added a blog to that list, as I don't think I can spare the time to read more. I prefer to stay productive and do other stuff.

As a result, I read blogs like I used to read newspapers when I read them: browse swiftly through the headlines, and read deeply only stuff that other people recommend (like when people share posts in Google Reader). There's a small (2-5) list of blogs which I read no matter what.

If anyone has a better idea to keep consuming huge amounts of information and stay productive, I'll be happy to hear.

Bug opening dilemma

Not long ago I had a discussion with Leon regarding bug reporting to Oracle. Leon had solved some nasty bug that Oracle had (and still has, as far as I know) in one of its products, all by himself.
I suggested he should report to Oracle about the bug and about the fix, not only because it's a nice thing to do, but also because having a patch with your name on it has some value of honor.

Personally, when I stumble upon bugs in the open-source products I use, I report a bug (if possible). If it's something I have knowledge in or interest in, I'll even try to fix the bug.

As I already wrote, I decided to install Windows 7 and see what the future holds. This raises two dilemmas for me:

• Should I report MS about the bugs I find (such as IE 8 beta crashing when browsing to Google Analytics)? There is really nothing for me in it. I really don't care if some of these products gets fixed or not, I'll probably won't get any gratitude, nor paid (hey, they're making money from this, so why don't I get my share?).
• Should I open bug/feature-request to my favorite desktop environments to mimic features I like in Windows 7 (like the ability to reorganize tasks in the taskbar)? I think innovation is much more important than copying from the competition, and since I hate GUI programming, I know I won't be the one imlpementing those features, so it's just creating work for other people.

What do you think?

Another day another OS

I just love messing around with different OSes and distributions. After settling down with my Linux distribution, I found some time, and the desire, to test something different - Windows 7.

The latest version of Windows beta is very much blogged about these days, so I'll try not to give "yet another review". Instead, my insights and though would be given.

Until 2001, I've been installing MS's OSes while they were in beta stages. This includes XP. About the same time I discovered Slackware, and ever since I found something much more exciting to play with. But the passion remains, and in the last few years I've been installing on VMs other OSes such as OS X 10.4 and 10.5 (which gave me very hard time on the VM) and Vista.

Installing Windows 7 on VirtualBox, my favorite virtualization product, is quite easy actually. Configure it for Windows Vista, don't forget to turn on ACPI, and you're good to go. After the installation, install the guest additions. Guess you'll get some error messages here, so set the guest additions executable to work in Vista compatibility mode, and all should be fine.
I still hadn't managed to get the sound to work, though I don't understand why. Hope to overcome that soon.
UPDATE: installing AC97 audio drivers (such as RealTek's) solves this issue as well - sound is working!

One of the things one will notice is the extremely reduced memory consumption of the OS. While writing this post I have few Firefox windows with few tabs each, and some other applications, and about 400MB of memory is in use. Quite similar to XP SP3. I suspect turning on all of the effects would consume some RAM as well, but over all the reduced resources consumption results in a very responsive UI.
Since Windows 7 is basically a better Vista, the only thing that comes in mind is that this is the first time I see a product in the scale of an OS which starts as a bloatware (and slowware) and upgrades to something more reasonable.

Since there isn't much to say about the underlying OS (don't know which features will be included in the final version, and Vista's experience teaches it's good not to make any promises), the only thing that can be judged is the UI.
It is very clearly shown that MS's engineers have been using OS X and Linux (both gnome and KDE) for quite a while. The new taskbar really does look like a merge between AWN, OS X dock and the previous Windows taskbar. No more annoying huge buttons with text labels. No more overly crowded quick launch area. Instead, nice icons which represents both "launchable" applications and running applications. If it works for the other guys for quite some years, it could work for MS as well.
Some new features added to the taskbar are Aero Peek and Color Hovering. One of the features allows the user to preview the tabs of open windows in the taskbar thumbnails previews. This sounds very promising, but turned out to be a bit of disappointment, as the tabs of the Firefox windows I'm using right now aren't previewed. Only MS's products does that in the mean while.

Last, but not least, some applications such as paint and wordpad, got a face lift, and now carry the Office 2007 interface. As this is really a matter of taste, I cannot really judge whether it was a good idea or not. e.g, people are using OpenOffice just to have the old Office interface back.

Bottom line: I think MS looked at the competition and got back to the right track. Don't know what Apple has in its sleeve, but I truly hope KDE 4.2 or 4.3 would set higher standards again, so all of us would benefit from a better desktop.

Producing information

In our industry, the leaders are those who produce most of the information, while the followers are struggling to keep up when consuming that same information.
Not long ago, my team leader mentioned to me how important this is for us to stay ahead on the producers side, and not to fall back to the "consumers" status. In my previous team I did the same myself, as I (almost-) forced teammates to generate masses of information in many forms: documents, wiki notes, blog posts, frontal lectures, presentations and the likes. This is what keeps us as leaders.
I came to think about it this week, as I realized I've been posting a blog post virtually in each day of the week. I wish I had more time so I could write longer posts, but blitz-posts are better than nothing. Also, using information created by other people in order to create more information, is better than not creating information at all.

As I wrote in this year's blog day, one of my favorite blogs in my reading list is StackOverflow. This week's post reminded me of two topics I wanted to write about:

• Joel writes about how important this is to test your RAID failover scenarios before going on-line. I'm really all into it. This is one of the most important things you can do before going production. Moreover, the thing they didn't talk about, is how often do you put your DRP to test? Do you exercise disasters at all?
  This is more important than most people can imagine, and still few are the people who really care about this or can handle real time catastrophe. Recent disasters in banks, voting systems and sites which were taken down (due to the war situation in Israel) only proves that even the largest organizations aren't prepared, or have only a semi-complete DRP. Go now, and write one. If Jeff and Joel can do this in their spare time, so could everybody else.
• Jeff and Joel say about themselves they are broad generalists. Only after reading their definition for it, I realize that I'm such as well.
  Lately I hear many people worried about their future in our industry. Some think they'll become obsolete, so think it'll be impossible to find a good job in a good workplace. What's common to all of them is the fact they don't realize they are (or could be) generalists as well. If you love software, and think you're meant to do it for the rest of your life - finding a job would be (relatively) easy for you, regardless any crisis. But if you don't like what you're doing, or every day you wish this day to end so you could go home - go find another field, you really won't survive for an entire career.
  FYI, software companies are still looking for people. Especially those who master many fields - DBs, OOP, Security, etc. I know this because some HR recruiters still ask me if I have friends for specific roles. So if you're talented, and fear about your future in the industry - don't.

Only rarely I get to write long posts. Guess the fact today is Friday helps.
Good weekend you all.

When professional meets personal

Another blog post for my work place. What really bothered my this time was the fact that a site I might actually visit, was infected. It felt like the attack became personal to me.

Unfortunately, the malicious code was online for far too long, and possibly many users were infected.

Organize your notes

In the software industry (don't know about the others), people generate quite a lot of information. Following are the places this information can usually be found:

• In a notebook.
• On a whiteboard.
• Sticky-Notes (PostIt)
• Text files and other documents.
• Wikis.
• Blogs.
• E-mail.
• guess the list could go on...

Each of the methods has it's own advantages and disadvantages:

• Ability to search.
• Long-Term archiving.
• Ease of use.
• Backups.
• Accessibility.
• Ability to share.
• Organization vs. Chaos.
• Privacy.
• again, the list could go on...

I guess most of you use at least a notebook, and probably a whiteboard as well. Both instruments are hard-copies, non-digital, thus, for the digital needs another tool is required.

Until not long ago, my preferred tool was MS's OneNote. It is capable for quite about everything, and I was very happy with it. But my needs has changed. Now I need something which doesn't cost money, able to work on many platforms, works via a web interface and then some.

Today I found out TiddlyWiki. Although I have very little experience with it, I can tell I'm going to love it. Basically, this is a private wiki, which runs locally from a browser. No server required, no further installations required. It is fast, and manages information in a non-linear manner (stuff can be interlinked). Notebook solutions (such as Google Notebook) are considered linear when compared to TiddlyWiki.

Their concept is great - a single HTML file that does everything. Easy to backup, easy to edit, easy. Can't wait to see how will it face the time-trial.