Archive

Archive for June, 2009

Gmail Lab’s Reply-to-All

June 26th, 2009 1 comment

I don't know about everyone else, but I tend to send hit 'Reply to All' much more frequently than just Reply. So when the Gmail labs feature to make 'Reply to All' the default became available, I was rather excited. It isn't much (a simple click on a drop down) but it made life more convienient and I rather enjoyed it. The other day I replied to an email intended for 4 people and realized that I'd sent it only to the person who sent the last email in the thread. Confused I went back into the thread and replied again, only this time did I realize that reply was the default and not 'Reply to All'

I searched Labs and discovered that the feature was gone, after some googling I came across this link. It contains a very minimal comment stating that it was removed because it was causing issues for people who had enabled it, followed by a series of responses requesting the feature be brought back. Obviously it was working for a number of people, myself included.

Now, I can accept that in my lifetime the beta tag on my Gmail may never disappear and I can accept that adding a Labs feature may break my "Gmail experience". What I don't get is how a feature from Labs could be pulled because it's causing some people a bad user experience? Perhaps those people just shouldn't use it. Let those of us that want to risk the alpha release (after all if Gmail is beta, Labs can only really be considered alpha). I assumed risk when I enabled the feature, I've accepted that... those people who are having issues also assumed risk... let them suffer on their own.

Anyways, this post had two purposes... the first was to inform anyone who hadn't yet noticed that their "Reply to All" feature was gone and second to rant about an alpha feature being pulled.

Categories: IT Tags: , ,

What is InfoSec?

June 25th, 2009 No comments

When you speak to individuals working in our industry, you'll get a variety of answers for what they do. This near endless list of titles includes:

  • Software Engineer
  • Software Developer
  • Security Engineer
  • Support Specialist
  • Research Engineer
  • Network Admin
  • System Admin

The list goes on and on. Historically, I've divided those within IT into one of four groups:

  • Developer
  • Information Security (IS) Professional
  • Information Technology (IT) Professional
  • Web Developer

These days Web Developer could probably be folded into Developer since there's so much beyond simple HTML used to build web sites. That leaves us with Developer, IS Pro, and IT Pro. I tend to think that that is a fairly reasonable distinction, at a high level with one caveat. IS isn't really on the same level as the other two. Most people that you talk to have experience in either IT or Development when they move into IS. IS is a skillset that's built onto one of those two. Let's look at this another way...

Imagine this is a RPG and your Level 1 IT Worker. You can choose the abilities you upgrade and they include "Programming", "Router Config", "OSI Model", etc. The level ups for these may include "C++", "Java", "Routing Protocols", "Routed Protocols". This means you could follow the path of IT Pro, Developer or "Jack of all Trades". It isn't until you reach one of these levels that you unlock the next round of abilities (the IS skills) which may include "Packet Analysis" (requires Routing and Routed Protocols) and Binary Analysis (requires "Programming" + 1 Level UP). Only at that point do you move to "IS Pro".

You're probably saying to yourself, "WTF is he talking about?" After all, I'm reading this and thinking that. What I'm talking about is this blog post, 'what do you need to know to work in infosec'. To put it plainly, the list is wrong. Well the list isn't wrong, the list is correct, but the title is wrong. With the exception of one or two items, this list reads more like a "what do you need to know to be a sysadmin" or "what do you need to know to work at a helpdesk"

Now as I said, IT is a stepping stone to IS, so yes, at one point or another you probably learned many of these if you now work in IS, but these aren't the things you need to know to work in IS, these are the things you need to know to work in IT.

So let's take a look at the 'What you need to know...  ' list and figure out where the line items fit. If we take the ones you really need to know to work in IS we've got maybe 5-7 items (1, 11, 14, 15, 17, 18 and 19) - I'll let you decide if it's some or all.  Let's think about some of the others. Numbers 2 -5 are all networking related, I know people in IS who've never touched them... now as a network admin or member of the network group (which would fall under IT) these would be important skills. With numbers 6 - 9, we're looking at a sys admin, or help desk employee (again positions I'd consider to be IT related). Now 10, 12, 13, and 16. These could be argued a few ways but I'm going to call them help desk or support type things and bundle that up into the IT category.

So what's my point? To state that I disagree with a definition of infosec that "needs" all those abilities. Then again, people may even disagree with the 5-7 I felt could be kept. In the end that list is a great list if you want to go get the title of Network Admin or Sys Admin, or even in some cases Security Admin but even at that, working in a enterprise security group where you may deal with all those tasks (it seems doubtful that you'd rely on the security team to install software though) that's one very small aspect of infosec.

Categories: IT, Security Tags: , ,

MySQLdb in Cygwin

June 9th, 2009 No comments

I use Windows XP on all of my 4 primary machines (work, work, laptop & home). The only reason I like Windows XP is because it holds PuTTY windows so nicely and allows me to Alt-Tab between them. No Linux distro or Window Manager has ever really had the Alt-Tab experience that Windows XP provides.

sshv2-putty-window

The main problem with XP is that to do anything remotely useful with it you need a decent terminal/shell. I love rxvt/bash and the best rxvt you can find for Windows is via cygwin. Out of the box cygwin is an ugly brute - bash in cmd.exe != a real term.

cygwin_shell

Install rxvt via cygwin, then add some Consolas fonts (from Windows Vista) and edit your .Xdefaults to get a much nicer term.

rxvt

Download a sadistic editor. Drop in a beautiful colour-scheme (brookstream). You now have a sweet shell and editor.

gvim

Install Python via cygwin and away you go.

Perfection?

I was attempting to connect to a remote MySQL DB when my sweet setup failed me.

Nothing in cygwin's repository could help -- there is basically no support in cygwin for MySQL (odd). There is tons of support for Python and Postgres, so this MySQL FAIL surprised me.

After an entire morning of Googleing it turns out the people at Cygwin Ports have solved this problem. For the sake of your sanity follow these simple steps to get Cygwin + Python + MySQL working.

  1. Follow the steps above to create a sweet cygwin development environment.
  2. Follow the overly convoluted steps to enable cygwin ports in your setup.exe
  3. Install the following package "python-mysql" including the crucial dependancy "libmysqlclient-devel"
  4. Test your setup

python

Rejoice?

This process has saved you the experience of python eggs, installing gcc, compiling anything from source and best of all it just works.

Enjoy!

- Graver

One last note - if you have ever found a slick PNG that you wanted as an ICO (for Windows XP) check out this online converter site!

Categories: Python, Tutorials Tags: