Honeymonster's Lair

In recent news: Sun Microsystems has been targeted for takeover by Oracle. The deal is expected to complete by the end of the summer. Oracle and Sun have both published an FAQ which I briefly looked over. The bit that caught my eye is the wording to the effect that "[Oracle] remains committed to Linux".

Does that mean Oracle are going to push code from Solaris into Linux, eventually dropping the former, or that they are going to retain Solaris for High-end deployments? OpenSolaris has quite an active community, even if most of that is from within Sun itself.

On the note of Solaris, I do love this platform in the guise of OpenSolaris. The SMF along with ZFS are two very amazing pieces of technology. The other bonus in the Solaris code base to Oracle is the DTrace system, which I’ve not had a chance to look at.

Onto BSD. Wouldn’t it be great if there was an operating system that was Free as in Beer, Free as in Gratis, and had all the advantages of Linux along with some of it’s own technologies? Well, why not look at Free/Open/NetBSD? The range of hardware support may not be as good as Linux, but quite a few Linux technologies are getting ported to the BSDs along with Solaris technologies such as ZFS. The license is the most liberal of open source licenses available, requiring only attribution when redistributed or cobbled into another product (which can be closed source).

My opinion? Well, If I can’t go with OS X – which has BSD internals, the launchd system and "just works" – I think my preference is swinging from Linux onto OpenSolaris. Maybe I’ve just got a penchant for smaller, lesser-used, operating systems.

I guess my ideal non-OSX system would be an OpenSolaris or pureDarwin-based distro. PureDarwin is the project that evolved out of the demise of OpenDarwin, and aims to create a workable OS out of the opensourced parts of OS X; which means that launchd is a given. However, pureDarwin is very infantile at present and really isn’t usable nor up-to-date (AFAICT), with it’s developer preview from way back at christmas.

Microsoft has un-officially announced a date for the "Release Candidate" version of Windows 7. Apparently the behemoth slipped when uploading new content to their partner program website which revealed the date. Microsoft has since amended the site to remove any mention of the release date.

The Register reported, last month, that someone at Microsoft made another, similar, gaff which revealed May as the time to expect the RC. The leak also contained the expected system requirements, information that the expiry date is June 2010 one year after the download ceases to be available and that there is apparently no limit on the number of RC product keys available.

While Windows 7 isn’t out of the door yet, The Register is also reporting that Microsoft is hiring developers for the Windows 8 test cycle.

And finally, MSN messenger users which don’t have access to the full desktop client (such as at a Linux-based Internet Café) can finally access the network directly from their browser as an embedded component of Windows Live Hotmail. The system is being rolled out in phases, and should be available to everyone fairly soon.

Tags: microsoft, windows 7, windows 8, msn messenger, messenger

I’ve been playing with the CSS layout code of my site, and have now made the display capable of complete screen resolution independence down to screens running at 640×480.

On another note I tried Qumana, my blog editor of choice, under ubuntu 9.04. However, it would seem that the application can’t spawn any new windows. This is rather essential, as the initial display doesn’t include any editing capabilities, requiring a new window to add or edit blog entries.

Tags: css, display, layout, blog editor, qumana

Oh dear, it looks like another high profile hack has managed to get the perpetrator a job in the “security” field. Stupid thing is that he probably knows next to nothing about security.

As reported by The Register:

The self-confessed author of the recent Twitter worm has scored a potentially lucrative job doing security analysis and web development work…

… [The] founder and chief exec of Web applications development firm exqSoft Solutions, told ABC that Mooney has accepted the job he offered, which will involve security analysis and Web development.

exqSoft have admitted that the job posting will bring them lots of publicity, but at what cost? The exqSoft founder, 24 gained his first security posting (in military intelligence) in similar circumstances. However, the worm in question is actually very primitive, and doesn’t really do much other than post links to the author’s, Michael “Mikeyy” Mooney, website.

The real crackers got to work after Mikeyy, a 17 year-old student from Brooklyn New York, went to the press further publicising the worm and his own sites.

He originally sent an email to BNO News of Brooklyn, but has since sent emails to ABC and others. The BNO news article quotes Mikeyy as having created the site which he was publicising out of “boredom” and because he “needed a way to make money”. The site, Stalk Daily, is a twitter clone and was offline when I tried to see how much of a clone it was.

This obvious attempt at publicity, however, got at least one cracker group riled up. They have since posted an email from Mikeyy’s, now hacked, gm ail account listing details of a large portion of Mikeyy’s online life. The crackers tarred up the complete web root of Stalk Daily along with a SQL dump of it’s database. This means that the privacy of anyone who naively signed up is shot to bits. The email then goes on to list stats about the virtual machine which ran the sites, including a dump of the last 50 root logins and their source.

Also dumped is an except from Mikeyy’s /etc/shadow file which lists the encrypted “hash” of the user accounts on the machine. These hashes, once acquired, can be cracked by brute force.

Next up is a dump of some directory trees, mostly from /home, and finally the usernames and passwords for: DreamHost.com, VPSLink, Mikeyy’s root password for the VPS, his cPanel (installed within the VPS), godaddy, another godaddy, GMail (iammikeyy@gmail.com), GMail (mikeyylolz@gmail.com), GMail (mikeyydomain@gmail.com), AOL Instant Messenger (mikeyylolz), Another AIM (AhmedShieb – is this his?), Skype (iammikeyy), buzznet (mikeyy), mac.com (iammikeyy@gmail.com), github (mikeyy). That’s alot of passwords. I’ll not relist them here, but they’re archived for all to see in the email to the Full Disclosure security mailing list.

Tags: twitter, worm, twitter worm, mikeyy, crack, hack