The sixth Sussex geek dinner will be in Brighton, at the Black Horse on Church Street, on 4th October at 8pm. More details on the Sussex geek dinner site.

[Tags: geek geekdinner sussexgeekdinner sussex brighton]

Our web-based bug tracking software, TestTrack Pro, has a session timeout of 20 minutes. I'd love it to be longer (or infinite), but we have only a few licenses, so having a timeout means that we can all use it, albeit frustratingly at times.

The frustration comes when opening an easy-to-fix bug, fixing the bug, checking it in, and then going to mark it as fixed in TestTrack Pro. Pressing the "development complete" link invariably shows a login screen. Hmph.

Not only is it a login screen, but there's a drop down list of destinations. Obviously the one I want isn't the default, so I have to select the right one before logging in.

I finally got utterly tired of this, so I wrote a quick and dirty GreaseMonkey script to enter my user name and password, choose the correct link, and activate the OK button. This now means that after a timeout, I have only two clicks (and no typing) to go back to where I should be.

[Tags: greasemonkey testtrackpro]

Every now and again, my wife and I like to rent a film. I like to exasperate Julia by pointing out the technological errors, and explaining why things wouldn't happen like that. Last night we watched Firewall, which disappointingly didn't mention any firewalls. As a film, it was generally ok, but the were a few there's-no-way-that-would-work bits that I spotted (in ascending order of ridiculousness):

1. There is no way that the head of security for a bank would use a weak password such as "Lark" for his alarm system. Especially as "Lark" is the name of his boat.


2. There is the standard "wireless internet everywhere" thing. I could accept that the baddies might have a satellite link, but the secretary's personal laptop wouldn't. I'd be surprised if they even had phone coverage in the remote house by the lake, let alone being able to track the dog's GPS collar on a website.


3. Jack cracking into the baddies' Cayman Islands bank account and removing $100 million from a bank terminal. I could accept that he might be able to reverse a transfer within a certain time period, but not that he could get into a specific account, and so quickly.


4. Taking apart a fax machine and plugging the scanning roller into an iPod, and then sticking it to a monitor, and recording a fast moving set of numbers as they scroll up the monitor onto the iPod is just ridiculous. Especially as it worked the first (and only) time, that the data was flashing up on the screen. Goodness, I can't even read and then parse a line of text from a file right first time!

It seems that someone else has spotted a network goof too. Still at least they didn't try to upload a virus from a Mac to a spaceship.

Oh, if anyone can show me how this fax / iPod thing being done like it was in the film, I'll write out this blog post by hand onto a sheet of paper, and eat it. And this extra sentence, just to make it take a bit longer. And I'll video myself doing it and post it to YouTube.

So why is it that Hollywood can spend millions on getting top-notch actors and effects, and won't consider having a quick chat with a genius like Scott Hanselman? (Mmm. Maybe he's not cynical enough - perhaps Mike Gunderloy?). You know what? I bet they wouldn't charge much more than about ten grand a film to skim through the script and show them where they're going wrong. The film would be better, and I wouldn't annoy Julia so much.

[Tags: firewall film ridiculous]

I'm on my way back from an excellent VBUG session. Barry Dorrans demonstrated a worrying number of website hacks, from cross-site scripting to SQL injection attacks and search engine leaks. This is the same presentation that I foolishly missed at the first developer^3 day, and I'm really glad I got another chance to see it.

Some of the techniques I had come across before, but not in as much detail as Barry showed. I must mention at this point that Barry repeatedly emphasised that these website hacks should not be tried willy nilly on various websites, but the information provided was to be used to help prevent our own sites being hacked.

Barry had a deliberately bad website installed on his laptop that he demonstrated the various hacks on. This was quite useful, as one or two of the examples were quite hard to understand until it was shown.

Some of the hacks were quite subtle, like trying to make a web page crash by meddling with the query string. If the site was still in debug mode, then the exception details are displayed to the user, including source code, and possibly database details from any SQL in the source.

As ever, Barry had a relaxed style of presenting, which was engaging and entertaining. So; good content and good presentation made for one of the best developer sessions I've attended.

[Tags: vbug barrydorrans hacking]

I used to work for a consultancy, and while I was there I was part of a 4 man team working on a system that I'll call TLA for the purpose of this post. TLA was a great system, which worked very well, and saved the customer more money than it cost to implement (around a quarter of a million pounds). I'm proud of my part in it, and so were the others.

The system was finished, and there was the odd small bit of tidying up to do, and a couple of us left the company, and the software worked fine, and then the others left. Also, the customer's main product sponsor also left his job.

Fast forward a bit to the other day, when a guy who I used to work with (and who I've stayed friends with) phoned me up, and amongst other things, mentioned that he's now working on TLA. After a period of nobody working on it, suddenly someone working for the customer got in touch for a support issue. The customer didn't know too much about the system, and nobody was left at the consultancy who had had anything to do with it.

So, my friend offered me a beer or two in exchange for a brain dump of all I could remember about TLA. I'll gladly accept this, firstly because he's my friend, and secondly because I invested something of myself into TLA, and I'd like it to carry on being successful. If I had left to become a contractor, I clearly could have held them to ransom a little, and got a good hourly rate from them. I didn't, so I won't. Either way, it's all gone a bit Rupert.

[Tags: support forgotten system]

Last night's VBUG presentation in Brighton was interesting. Robert Schifreen, original hacker turned security expert, poached egg turned shepherd's pie, etc. Robert's actions in the early 80s were largely responsible for the introduction of the computer misuse act 1990.

It was a really interesting talk, flitting easily between topics, which included AOL's leaking of search results, public security cameras, wifi security, social engineering and inside jobs.

Surprisingly, there were only 8 attendees (2 of which left because it wasn't what they thought it was). Had there been more, there would have been a prize draw for the books donated by INETA. However, there wasn't, so we all got to choose one each. I chose Writing Secure Code, as it has been on my list of books to get round to reading, and it seemed somewhat apt for the evening's topic.

Next week I finally get to see Barry Dorrans' website hacking presentation. 'Bout time.

[Tags: robertschifreen vbug writingsecurecode]