![[SJF Logo]](../../images/sjflogo.gif)
Recently I wrote about the MusicMatch RadioMX service, and it's gotten even better. They recently introduced their "Platinum" service, and I cannot believe how much I enjoy listening to music online.
The basic RadioMX service gives you a couple of dozen genre "stations" to select from, and the mixes are commercial free and professionally selected. They provide a "station mixer" that lets you pick a little disco, a lot of big band, and some show tunes - whatever your preference is. You save this "mix" and it rotates through the selections. This is about $40/year and a delight.
But the "Platinum" service goes much better with "Artist on Demand". You can pick from the many artists in the catalog, and play their music and that of related artists, which provides a much higher degree of control over what you listen to. You cannot pick or replay a particular song, and there are limits to how often you can "skip" past a song you don't care for - these are restrictions from the record labels - but it's not at all onerous.
Their playlist management is sophisticated, though it still has a couple of bumps - it's a new service. I've gotten a handful of Javascript errors on both Mozilla and IE, but I presume they will get these worked out over time.
Sound quality is outstanding. I have very high-end DSL service, so perhaps I have a skewed view, but I believe I've had sound "cutout" perhaps three times in two months even at CD quality. They do substantial buffering that goes a long way to avoid these problems, and it's yet another area they've done a great job.
The Platinum service is $60/year would be a bargain at triple the price, and I cannot say enough good things about MusicMatch. I just gave a year's subscription to RadioMX Platinum as a gift, and it only took a few minutes for it to register as a big hit.
I positively love MusicMatch.
mpack is a package for working with MIME mail packing and unpacking from the UNIX command line, and I've used it for years. At a customer we found that it was unpacking a file to the wrong place, and a bit of investigation showed a clear typo in the code.
When a MIME part contains (emphasis mine):
the semicolon gets included as part of the filename, which is later turned into an "X" before the file is created. So foo.txt is saved as foo.txtX. This only happens if the filename is not quoted, and reading the source in decode.c shows that it's an out-and-out bug (the code doesn't match a correct and descriptive comment).
Content-Type: text/plain;
charset=us-ascii;
name=foo.txt;
Content-Disposition: attachment;
filename=foo.txt;
Email to the maintainer's address has bounced, so it's not clear how actively this code is being supported.
The very simple patch for this can be found here: mpack-1.5-patch.txt
I'm a print subscriber to the excellent Consumer Reports magazine, and I recently got a mailer from them inviting me to subscribe to the online version. The funny part is that they included a helpful sticker to put on your monitor to hold your username and password. In practice this is probably harmless, as the worst thing that could happen is that somebody else could read CR's content, but this is just terrible security advice. Hasn't every hacker movie ever made involved getting passwords from a Post-It™ or slip of paper on a desk?
I am very happy to take CR's advice on gas grills (I love my Weber Genesis), but not on security.
I build a lot of software on a customer's SCO UnixWare system (also sometimes called "OpenUnix"), and I run into no end of troubles. Most of the time I figure it out, so to help others in the same boat I have created a Tech Tip that summarizes the packages I've had to muck with. My experiences may not be the same as yours, but I believe these issues are widespread enough on this platform that I believe this to do some good.
• Tech Tip: Building Software on SCO UnixWare/OpenUnix
There was a time when it was "cool" to find a C compiler bug, but those days are long gone. This is especially the case with SCO compilers, which have had more bugs than ll the other development systems I've used put together.
This weekend I was building the wonderful rsync tool on a customer's OpenUNIX 8 system, but it core dumped early and often.
Many hours later I tracked it down to code that looked like this:
strcpy(alloca(n), str);
alloca is a compiler intrinsic that makes room on the stack for a variable of the given size ("n"), and it's de-allocated automatically when the enclosing function exits. This facility has been around a long time but has been somewhat problematic: this shows one of the reasons why.
The SCO compiler performed these steps (in simplified form)
- push "str" onto the stack
- allocate "n" bytes on the stack, which changes the stack pointer
- push the pointer to allocated memory
- call strcpy()
The strcpy() library function saw the pointer to allocated memory, but the original "str" parameter was waaaaay up higher on the stack, so it used as source data something other than the source string. It turns out that this stack-misalignment also had a cascading effect because saved registers were restored to the wrong place, and it just made the code go boom.
I believe that calling alloca() from within another function call is asking for trouble (even if legal), so the workaround in rsync is to use a temporary variable to hold the pointer to the new memory.
I've submitted a bug report to SCO and a patch to the rsync folks.
The "Iraq Oil" worm is running around on the internet now, and it was detected and captured by Lawrence Baldwin of myNetWatchman. He and Philip Sloss did traffic and dynamic analysis of the worm, and I did the static reverse engineering.
The full details were reported first at DSL Reports, and all the reverse engineering can be found on my site (still working in progress).
Sleep is overrated :-)
This weekend I'm installing Windows 2000 Professional on my main workstation for the second time in a week due to the same old usual Windows crap, so while I'm waiting for the umpteenth reboot I can enter in one tip that has really been helpful for a long time.
My workstation has three drives split up into five partitions, and when reinstalling it's really easy to get confused as to which partition used to be which drive letter. So many moons ago I adopted the practice of labeling each partition with the name of the computer plus the drive letter normally associated with it. So on my main workstation WIZ, the labels would be "WIZ-C", "WIZ-D", and so on.
These labels are visible not only from explorer, but from the Disk Administrator tool, so it's really easy to reassign the drive letters properly.
I also make it a habit of naming my CD-ROM drives starting with high letters (R:, S:, etc.) so that these drive letters don't get changed when hard drive partitions come and go.
These two tips have saved me a lot of headache over the years.
I've had a couple of background research projects for some time, and until I decided what to do with them I had them on private pages, but I'm sure I'll not really get to explore them much in the near future so I've put them on a main Research Page.
RPAT (Realtime Proxy Abuse Triangulation) is a method of tracking down people abusing proxy servers. I think this is a clever technique, and I'm fairly sure that it's completely original. Source code included.
BackStealth is a method for malware to bypass local software firewalls, and I extended the work of the original author. Source code included.
Not terribly shy to blow my own horn: my article on constructing chroot jails appears in the December 2002 issue of Linux Magazine. Available at finer newstands eveyrwhere.
Today I started using some technology that has proven to be surprisingly useful: Wake On LAN. Computers equipped with this feature provide a very small power source to the Ethernet card, and it watches the wire for a magic packet containing (among other things) the card's hardware address. When it sees this magic packet, it pretends that the system's power button has been pressed and turnes on the computer. It boots normally.
I'm using this at a customer that's a 30 minute drive away: I make a list in advance of all the MAC addresses in the place, and with a simple bit of perl code I can wake up any of the machines. This is going to be really helpful when I remotely "shutdown" a key server instead of "reboot". I've done this before.
I used the wakeonlan software by José Pedro Oliveira, and this was utterly plug and play. No special drivers required, it "just worked" on a Red Hat Linux 7.2 system. What a joy.
Today I submitted a patch for rblcheck, a program that queries multiple DNS-based spam blacklists. For a long time I've used a modified version of rblcheck-1.4 that would take a DNS hostname instead of just an IP address, but tonight I made the same changes into rblcheck-1.5 and submitted the patch.
Though the blacklists are of source based only on IP address, when doing random checks it's much easier to use the hostname instead. My patch is smart enough to know when a given hostname has no or more than one IP address associated and respond accordingly. I've used this functionality for more than a year.
The patch is found here as rblcheck.patch.