Veröffentlicht am

Creating Windows EXE-Files under Linux

Sometimes a cross-compile environment can be very handy. Sam Lantinga form the libsdl.org project made a shell script (build-cross.sh) that makes it very easy to setup an GCC cross-compile environment for MinGW.

I used the follwing changes for the script:

  • GCC_VERSION=3.4.2-20040916-1
  • BINUTILS=binutils-2.15.91-20040904-1
  • MINGW=mingw-runtime-3.3
  • W32API=w32api-2.5

The EXE-files are a little bit large in size, but when you strip them the size is reduced drastically.

Veröffentlicht am

OC4J JSP Profiling with JProbe

I have done some Profiling with JProbe - hey I didn't know that you can download a Freeware Edition from Quest.

To get it working with Oracle OC4J 10g (Version 10.1.3) I used the following configuration:

  • Application Server Type: Other Server
  • Server Directory: toplevel directory where you installed OC4J (<install -dir>)
  • Server Class: oracle.oc4j.loader.boot.BootStrap
  • Class Path: <install -dir>/j2ee/home/oc4j.jar
  • Java Executable: /usr/java/j2sdk1.4.2_09/bin/java
  • Java Options: -DORACLE_HOME=<install -dir>
  • Working Directory: <install -dir>
  • Server Class Arguments: -config <install -dir>/j2ee/home/config/server.xml

I hope that helps to get you started with profiling. It is always a cool thing to see where the performance bottlenecks are buried inside of some piece of software. Sometimes some "improvements" make it worse when seeking to make it better :-D.

Veröffentlicht am

Having Fun with Bugs

Ups :-)
It is a little bit embarrassing, but software bugs can also happen to me. Bugs in web applications can lead to something like that showing up in search engine results:

error message in search engine

That error message was caused by an flaw on how I handled the
input from the HTTP Accept-Language line, if it was missing my code run into the above error.

So, that example proves one thing - it is very hard to review and audit your own code for flaws and security holes.

Veröffentlicht am

21C3 Video Recordings

Wow, it finally happend - the video recordings from the 21th Chaos Communication Congress are in the Torrent! Just have an look at the offical BitTorrent tracker.

Well I have my own list of favorite talks:

  • 013 The Art of Fingerprinting
  • 019 Verdeckte Netzwerkanalyse
  • 057 SUN Bloody Daft Solaris Mechanisms
  • 070 Fnord-Jahresrueckblick
  • 074 Hacker-Jeopardy
  • 097 Das Literarische Code-Quartett
  • 105 Honeypot Forensics
  • 109 Anti-Honeypot Technology
  • 123 Gentoo Hardened
  • 146 Mehr Sicherheit fuer HostAP-WLANs
  • 176 Passive covert channels in the Linux kernel
  • 308 MD5 To Be Considered Harmful Someday

To play the videos I had to make some small adjustments to mplayer. The AVI-Files use H.264 as videocodec and AAC (MPEG4) ID 0x706D as audiocodec. To get the audio I had to register libfaad2 for the ID 0x706D to hear the audio within mplayer. But that was all I had to do.

Veröffentlicht am

Software Releases of the Week

Ok, here are some new Software Releases I stumbled into this week:

  • WordPress 1.5.1
    It is mainly a maintenance release with a lot of bugs fixed. To get the feeds working (RSS2 etc.) I needed to patch wp-blog-headers.php (see ID1323: Feeds return 304 when no new posts have been made Description Bug).
    I am using an paranoid setup with to different websites (wp-admin on localhost and only public stuff on the internet) I had to patch wp-includes/functions.php to reflect some changes for the get_settings('home'||'siteurl') function to get correct absolute URLs throughout the links.
  • Bugzilla 2.18.1
    No big deal in updating that, checksetup.pl a few times and guess what - after starting mysqld - bugzilla just worked fine :-D.
  • Gaim 1.3.0
    Hehe, the usual security issues CAN-2005-1261 and CAN-2005-1262 .
  • GNU ddrescue 1.0-pre1
    That tool saved my life several times during recovery from a bad harddisc. So make sure that you always have a copy of it on your rescue cdrom. It is much much faster than normal dd when it comes down to bad blocks.
  • Metasploit Framework 2.4
    If you have some time and some vulerable test systems you have to try that one out by yourself!
  • Rootkit Hunter 1.2.6
    *little bit ashamed* that tool was new to me, I used chkrootkit and AntiExploit before.
  • Clover 1.3.7 and Spike PHPCoverage 0.6
    Wow, two releases of test coverage software in one week, so if you have to perform some coverage analysis during for your tests you may want to check them out.
  • John the Ripper 1.6.38
    In case you lost/forgot your password John may help you to "remember" it.
  • Grand 0.7.1
    Got lost with your target dependencies in Ant? Grand uses Graphviz to produce some nice pictures for you.