I guess Microsoft is hoping that we will all forget how fast computers run Windows 2000 and XP, and just hope we will all upgrade to Vista or even the over-hyped Windows 7.

I've got a much better idea.  How about a version of Windows just for business?  You know, one that isn't bogged down with Digital Rights Management, because in business we're more interested in getting work done, rather then watching HD movies.  And drop the high end graphics card requirements too.  Really!  You can do more with much less.

So do I really think that Microsoft is suddenly going to start producing products that businesses actually NEED?  No!

That's why I highly recommend that you give CrossOver Office a try!  Not only do you get Windows 2000 and XP support for your Windows applications, but you get great things called wine bottles.

Wine bottles allow you to have complete windows Applications isolated from each other.  Easy to archive, easy to restore.  One can be configured as Windows 2000, another Windows XP. 

On the CodeWeavers website they have many listings of Windows applications along with the current status of how the application runs.  Why give up your applications that work?

Windows 7 XP Mode Review — And here’s a review showing why you need CrossOver!

Yes, I did experience the Red Ring Of Death — How'd you guess?

After a little under 2 months of very light usage, my XBOX 360 died.  I was impressed with Gamestop — despite being over their 30 day warranty, they switched it out!

So now I have another XBOX 360, and I'm finding it hard to really enjoy it now.

Is it going to die again while in the middle of Rock Band 2?

Will I have to send it off next time and wait forever for it to be fixed — hopefully for good?

Or will I turn to the WII and Playstation 2, that I've put hours and hours on already, the tried, true, and tested game consoles that don't let me down when I want to play?  I do know most of the games there already by heart, but they don't have a family history of dying.

"The day that Microsoft Products STOP SUCKING, will be the day that Microsoft starts selling vacuums."

I see now why they dropped the prices on the XBOX 360, but who buys a game console and doesn't plan to play it to death?

While reading the SANS Internet Storm Center’s RSS feed, I found an interesting article on SQL Injections. http://isc.sans.org/diary.html?storyid=5416

The intriguing part was doing injections without the use of quote or semicolons.  Which allowed me to do some injections of my own on a production server!

It really is very important to treat any data coming from the Internet as ‘tainted’, and sanitize it.  If you think it can’t be ‘tainted’, download a copy of Opera.  Visit the web page with Opera.  Use View Source, and edit away!  Change all the default values you expect to unsafe data.  Click the Apply Changes button.  Use your altered form to inject with.

Notes from my experience:

1. Remove debugging messages that show the final SQL statement.  Showing the statement allows the attacker to see what they need to change in their input to cause the SQL to behave badly.  Note:  Showing "SQL error" is just as bad!  Better to say, "No records found".
2. Log SQL errors.  Any form input in production should never generate a SQL error.
3. Test, test, and retest.  Once you know what to look for, share what you have found with the rest of your development team.  Security is paramount in this day and age.
4. Code review.  Look for code that doesn’t sanitize input.
5. Add these checks into your routine testing process.
6. Try not to laugh when using PHP and security in the same sentence.  It can be done, really!  And secure PHP code can be written, really!

Yet another painless WordPress upgrade.  

I have abandoned my email address stevet@red-green.com thanks to spam.
I do look forward to the day where there is no spam.  Yes, indeed, that day is coming!

A more complete solution to distributed generation of rainbow tables can be found at Free Rainbow Tables.  Once a rainbow table is completed by the project, it is freely available for download over turrent.

I found that, and many more interesting projects listed at distributed computing.

When looking around for a quicker way to generate Rainbow Tables , I ran into a distributed network computing project.

It is a great way to be a part of some very useful projects.

BOINC Stats only updates once a day.  BOINC Synergy updates every few hours.  All Project Stats updates the project stats every few hours, but lags on the total credits.

The answer to my initial problem was to simply download the completed Rainbow Tables from BitTorrent .

UPDATE: Unfortunately, they don't tell you that the Shmoo Group tables won't work without a little bit of work.
You have to edit the charset.txt file, and add the following line:

alpha-numeric-symbol32-space = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ]

This is the same as "all" + a space before the closing ].

Creating the RSA Key

ssh-keygen -t rsa

This will create the id_rsa and id_rsa.pub files. The id_rsa.pub file located in ~/.ssh is your public key. Copy it to the system you want to automatically login to. See `man ssh-keygen` for more options. Why do I only show RSA keys? Because it's safer then the DSA keys according to the putty developers (see section 8.2.2) . I'm sure that all the bugs in DSA have been fixed by now, including the key generation problems, but why take unnecessary risks?

Public Key Adding Script

#!/bin/sh
# September 23, 2003 (initial)
# Updated August 23, 2006 (updated)
#
# Steve Thielemann
#
# A script file to add ssh key
#
# 1.) Verifies ~/.ssh directory exists, if not creates and
#     fixes permissions.
# 2.) Verifies ~/.ssh/authorized_keys exists, if not creates and
#     fixes permissions.
# 3.) Checks to see if ssh key is already present, if not adds to
#     ~/.ssh/authorized_keys.
#
# dependant on:  grep, touch, chmod, cut
#
if [ -z $1 ]
then
echo "I need the filename of a public key to add."
echo "(The .pub file created from ssh-keygen -t rsa)"
echo "Example:  $0 remote_rsa.pub"
exit
fi
if [ -f $1 ]
then
keyid=`cut -f3- '-d ' < $1`
else
echo "I can't find $1 !"
exit
fi
echo "Using ID $keyid"
# variables to make life easier
sshdir=~/.ssh
keyfile=~/.ssh/authorized_keys
if [ ! -d "$sshdir" ]
then
echo "Making $sshdir"
mkdir "$sshdir"
chmod 700 "$sshdir"
fi
if [ ! -f "$keyfile" ]
then
echo "Creating $keyfile"
touch "$keyfile"
chmod 644 "$keyfile"
fi
grep "$keyid" "$keyfile" > /dev/null
if [ $? = 1 ]
then
echo "Adding key to $keyfile"
cat $1 >> "$keyfile"
else
echo "Key $keyid already present."
fi
# the end

Or: download the auto SSH script .

Notes About the Script

The script doesn't do anything fancy, and once it has been run, adding additional keys is as simple as doing cat id_rsa.pub >> ./ssh/authorized_keys ! But, if the system hasn't been rsa public keyed before, this script will take care of setting all the file permissions correctly.

Configuring SSH to use the RSA Key

In your ~/.ssh/config file, add the following lines: Host nameyoucallsite Hostname 10.0.0.1 (or hostname) IdentityFile ~/.ssh/id_rsa User usernameonsite The hostname, if you set it with an IP address, it will always work (assuming your internet connection is working). If you use a hostname, it will only work if DNS is working. (Hint, if the server you are sshing into is the DNS server for that domain, make sure you have the IP address somewhere just in case!) User is the login name for that box. The IdentityFile is the file that you created, I usually create many keys, one for each project that I am involved in. Once configured, doing `ssh nameyoucallsite` is all that is required to login to the site.