EntBlog

The Art of Intrusion

May 10, 2008 @ 18:48 | In Books, Hacking | 4 Comments |

The Art of Intrusion
Author: Kevin D. Mitnick & William L. Simon
Pages: 349
Published: 2005

Kevin Mitnick is one of the most famous hackers in the world. In the 80’s he was able to break the most secured systems and computers getting lot of private information. In 1995, with lot of controversy, he was arrested.

After five years in prison and as a logical maturation process, he changed sides and became a computer security consultant. A “white” hacker.

This book is about “real” hacking stories that have been contrasted by Mitnick himself. Although all the stories are presented as real, all the relevant details are altered so that nobody can try the same hack again.

This book got to my hands, months ago, while I was in a library. A first look at the book revealed interesting technical details of each episode and lots of external web links with more information. So I decided to buy it. This book can be perfectly read by a person without computer knowledge although the book is targeted to techy readers.

The book is structured in ten episodes about hacking, cracking, phreaking and social engineering. Some stories are greatly exaggerated to be believable (for example, I think that the story about social engineering is absolutely 100% fiction) but others (like the one about cracking) are incredible believable with lots of technical information about the details. It is hard to believe that those details are being invented. Working in a big Video-Game Studio (at least when I wrote this article), one detail that made me smile was in the episode about cracking. In that chapter the hacker being interviewed reveals that their team was successfully able to break most of the big Video-Game companies. Probably there are lots of fantasy elements in all of this, but my intuition tells me that there is something real under the hood…

The book is very easy to read and if you have spare time I recommend it. Probably I will read the book Mitnick wrote before this: The Art of Deception. It is getting quite good reviews.

Rating: 7 / 10

Teaching at Oviedo - Noesis Engine

April 23, 2008 @ 11:23 | In Programming, Videogames | 9 Comments |

This weekend just finished the course I have been giving at the Oviedo University. The course is about programming graphic engines for videogames. In 30 hours / 6 days I tried to explain how to architect a solid engine for realtime purposes.

This is the first time I talk about the task I have been involved in the last months: Noesis Engine (a provisional name). Till now, it has been developed by a very small team and contributed to two commercial products. A small videogame is under construction now. I expect to give more information about this in the future.

A link to the first session of the course: Noesis - Core. The document reveals not too much information if you are not attending the class, but may be you find something interesting there (or wrong, and we can discuss). The first part is a global introduction to the course, the second one is about the core technology being used for the rest of the course. The document is in Spanish, I have no time now to translate it (I would be really grateful to any volunteer helping in this). Sorry for that.

And following with Spanish documents, I contributed to several tutorials in codepixel, a daily mandatory read if you understand Spanish, about the same topic, Graphics in Realtime. The hard part was done by Javier Loureiro / derethor. Iq / RGBA helped to this documents too, The tutorials:

And nothing more for today. As you can see I am still alive and working really hard.

UPDATE: Thanks to Ricardo Amores and Miguel Herrero for translating the powerpoint to English. It can be downloaded from: Noesis - Core - Eng

Implementing a Graphic Driver Abstraction

March 3, 2008 @ 19:26 | In Programming | 8 Comments |

A screenshot from a mesh in wireframe mode

If you are a graphic programmer you have probably implemented lot of times what I will refer here as the graphic driver of the engine. The graphic driver is an abstraction over a low level graphic API like DirectX, OpenGL, libgcm, etc. I want to dedicate this article to some ideas and rules that have worked fine for me in the past when implementing this part of an engine. Probably your mileage may vary, so the comment section is open to discuss any detail you want.

Click to read the full article

Peopleware: Productive Projects and Teams

January 2, 2008 @ 2:42 | In Books, Programming | 2 Comments |

Peopleware: Productive Projects and Teams
Author: Tom DeMarco & Timothy Lister
Pages: 245
Published: 1999

Peopleware is the second edition of a classic book (I have not read it, but jumped directly to this one). It is a book about software teams written by two software consultants experts although probably all the stories may be applied to other engineering areas. Do not expect technical comments in this book as this is about people and teams. It is structured in six parts where the last has been added into the second edition. Each part includes a series of short essays. Why most problems are not so much technological as sociological, why you must not save money on space for your team, why a good programmer (the right people) can give you a 10x factor productivity against a normal programmer, why you should make teams jell at your company and why you should avoid teamicide are an example of the topics covered in this book.

Although the first edition was written almost two decades ago, all commentaries are still valid. You will be able to identify with many of the situations described. I specially like the chapter about the workplace quality and the importance of not breaking concentration moments (the flow state). The additional chapter, Son of Peopleware, is written with another perspective. It is not surprising given that it had been written ten years later. Instead of concentrating in the design of projects and the environment it is focused in the design of an entire organization that creates teams with aligned goals. The last chapter, The Making of Community, is my favorite. This quote particularly strikes a chord: “An organization that succeeds in building a satisfying community tends to keep its people.”. I have yet to find find a company where this rule is being applied, but I shall continue my search.

This book plus The Mythical Man-Month are my two preferred classic books. What are you waiting for? Read them.

Rating: 9 / 10

Static Code Analysis

December 4, 2007 @ 3:01 | In Programming | No Comments |

While following the interesting thread about putting all of the platform libs into source control, I decided to upgrade the Win32 Platform SDK (now, Windows SDK) whose latest version can be found following this link: Microsoft® Windows® Software Development Kit Update for Windows Vista.

There, I found a very interesting new compiler flag: /analyze. This option, previously only available in the Visual Studio Team Suite and fully integrated in Visual Studio 2008, allows activating Static Code Analysis when compiling with any version of Visual Studio 2005 (you only have to add the path to the new cl.exe in the Visual Studio Options).

There is a great presentation given by Microsoft at the last Gamefest event about static code analysis: Static Code Analysis on Game Code.

After activating it in my project, lots of warnings appeared. The truth is that most of them were false positives, but I caught an obscure bug that worthed the effort of upgrading the compiler. To reduce the noise, __assume and __analysis_assume (properly integrated in your error and assert macros) were good allies.

And now, time to sleep…

Capturing OutputDebugString

November 9, 2007 @ 3:20 | In Programming | 1 Comment |

Using OutputDebugString for tracing your programs is probably not a good idea, at least if you have lots of traces being generated (OutputDebugString raises an exception and causes a kernel mode transition). So you will probably end up implementing your own tracing/logging system. Parts of code that are not under your control may be still using OutputDebugString (like Debugging Tools for Windows, DirectX, etc). The code listed below allows capturing OutputDebugString calls generated inside your own process (in fact, it is capturing all the OSD calls generated by all the active processes).

You will need to put this piece of code in a separate thread, but those details are omitted for better clarity.

NOTE: If the process is being debugged, the ODS calls will be intercepted by debugger.

/////////////////////////////////////////////////////////////////////////////

struct DbWinBuffer
{
DWORD dwProcessId;
char data[4096 - sizeof(DWORD)];
};

DbWinBuffer* dbBuffer;

HANDLE hAckEvent;
HANDLE hEvent;
HANDLE hSharedFile;

SECURITY_DESCRIPTOR sd;
SECURITY_ATTRIBUTES sa;
/////////////////////////////////////////////////////////////////////////////

sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = true;
sa.lpSecurityDescriptor = &sd;

if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
{
printf(”ERROR: InitializeSecurityDescriptor\n”);
return 1;
}

if (!SetSecurityDescriptorDacl(&sd, true, 0, false))
{
printf(”ERROR: SetSecurityDescriptorDacl\n”);
return 1;
}

hAckEvent = CreateEvent(&sa, false, false, L”DBWIN_BUFFER_READY”);
if (!hAckEvent)
{
printf(”ERROR: CreateEvent(\”DBWIN_BUFFER_READY\”)\n”);
return 1;
}

hEvent = CreateEvent(&sa, false, false, L”DBWIN_DATA_READY”);
if (!hEvent)
{
printf(”ERROR: CreateEvent(\”DBWIN_DATA_READY\”)\n”);
return 1;
}

hSharedFile = CreateFileMapping((HANDLE)-1, &sa, PAGE_READWRITE, 0, 4096,
                                L”DBWIN_BUFFER”);
if (!hSharedFile)
{
    printf(”ERROR: CreateFileMapping(\”DBWIN_BUFFER\”)\n”);
    return 1;
}

dbBuffer = static_cast<DbWinBuffer*>(MapViewOfFile(hSharedFile, FILE_MAP_READ, 0,
                                     0, 4096));
if (!dbBuffer)
{
    printf(”ERROR: MapViewOfFile\n”);
    return 1;
}

SetEvent(hAckEvent);

DWORD pid = GetCurrentProcessId();
printf(”Tracing PID: %d\n\n”, pid);

for (;;)
{
    DWORD ret = WaitForSingleObject(hEvent, INFINITE);
    if (ret == WAIT_FAILED)
    {
        printf(”ERROR: WaitForSingleObject\n”);
        return 1;
    }

    if (dbBuffer->dwProcessId == pid)
    {
        printf(”%s”, dbBuffer->data);
    }

SetEvent(hAckEvent);
}
/////////////////////////////////////////////////////////////////////////////

Hmm, it is probably time to install a code colorizer WordPress plugin.

Blog Refinements

October 23, 2007 @ 15:00 | In Blog, Internet, Personal | 2 Comments |

I have just spent the weekend upgrading my network infrastructure and finalizing some changes in the blog. Having learned a lot from reading other blogs and expecting this to be helpful for people visiting this site this is the list of the main changes.

Upgrading to Wordpress 2.3: This have been a surprisingly smooth upgrade. I only had minor problems with UTF-8 conversion (I had to disable the line define('DB_CHARSET', 'utf8') from the configuration file). It seems that with this new Wordpress version, categories are going to be deprecated in favor of Tag Clouds. I have yet to convert my post database to tags
Feed Icons: I am using now what is supposed to be the standard for RSS icons
Email subscription: Thanks to FeedBurner now you can subscribe to this blog via email. If you are not using a Feed Reader, please use this method instead of bookmarking
W3C Validation: Now, the XHTML and CSS of this blog are fully validated by the W3C tests. I use a simple text editor to modify the HTML and CSS, so there were lots of errors. After a lot of minor changes (like eliminating warnings in C++), the blog passes all the tests becoming a more standard blog and, supposedly, more friendly to bots navigating through my rumblings
Amazon book links: I do not like putting ad in my blog (and you probably won’t ever see any), but now book links pass though my Amazon account (I receive a small percentage if you buy using that link). It is a non-intrusive modification so I expect you don’t care about it
Wordpress plugins updated: I have updated and added new Wordpress plugins. This is the list of plugins I am using:
- Askimet to combat the spam. 95% of the comments I receive are spam
- All in One SEO Pack. Meta information, that invisible information that only bots can read, is important. This plugin gives you control over the generated metadata
- Counterize for tracking internal visitor stats
- FeedBurner FeedSmith to get feed usage stats. FeedBurner have been bought by Google and now all the pro services are free
- Subscribe To Comments. This is a very interesting plugin that is increasing the number of comments in the blog. It allows email subscription to posts where you contribute
- Ultimate Google Analytics to collect info for the Google Service Analytics
- WP-PostViews for getting visit stats for each post
- WP-UserOnline. An online users counter

Comments are welcome, thanks for reading.

Joel on Software

October 18, 2007 @ 3:30 | In Books, Programming | 4 Comments |

Joel on Software
Author: Joel Spolsky
Pages: 362
Published: 2004

What new can be said about Joel Spolsky? His blog, Joel on Software, is in the top 100 of the most visited blogs and it is probably the most visited blog about software. This book, with the same name as the blog, is a compilation of the best articles published in the past in that website. The book is organized in three chapters: the first part is about good practices to improve your abilities to make software, the second part, about managing programmers and a third part dedicated to the software development business.

A little bit of reading through this book and you instantly discover why Joel writings are so popular. Joel is incredibly incisive in his opinions, bringing lot of subjective opinion based in his past experience (mostly, experiences when he worked in the Excel Team at Microsoft). That makes Joel’s articles very useful and with a vision hard to find in other sites. Do not expect to find here nothing on theoretical subjects. Topics like Architecture Astronauts or the one about the necessity of Technical Managers in the world of software engineering are good examples of what you will find in the book.

Joel is probably not right in all his statements. For example, when he talks about the two software cultures: Windows and Linux. He writes, Windows Software is for non-programmers, while Linux Software is for programmers. To me, this is absolutely wrong. Linux is a better stratified culture with two clearly separated layers: functionality and user interface. Most of the time, in Windows both layers are in a inseparable mixed state. In Linux, it is very usual to have a clear separation between server and client with GUI only in the client part. He writes, too, about how the Mozilla project committed its fatal error: starting from scratch. Time is starting to show that this was a good decision, Firefox is starting to threaten to that monolithic monster that IE has become.

In conclusion, and incredibly fresh read that I earnestly recommend. I am wishing to read his other book about user interface: User Interface Design for Programmers.

Rating: 9 / 10

Working At Home

September 19, 2007 @ 2:06 | In Personal, Programming | 4 Comments |

I have been working at home for a week now and I have to say that it is being quite a good experience. At first I was not sure if this would work but, now, my old ideas about how inefficient you can be when you work in an office with an strict timetable are coming to my mind. It may be a coincidence, but in this week the Flow Moments (moments of maximum concentration where you forget that you have internet in your machine) have been before lunch (12-14), middle afternoon (17-19) and after dinner (22-…). More or less all the days have followed the same pattern. My objective is trying to enlarge those Flow Moments. Rest of the time I have tried lightweight tasks (attending the email, participating in Mailing Lists, reading books, white papers, elaborating my personal planning, thinking about the next things I have to implement, etc). In those periods, maintaining focus is quite difficult. When being out of the flow, strange forces drive me to distractions like opening the Firefox. Anyway, I have been all my life a Late-night coder, so that is probably where I am being attracted to. To the (22-…) zone, where I am probably most productive.

I think that the development of the project (at least I have a clear idea about the phase zero) is going on the right track. The pieces are starting to fit together. I am not alone in this trip and that helps a lot. Having a shared vision with more people is incredibly satisfactory.

About my infrastructure: I can work wherever I want! I am using a Subversion repository installed in my server that can be accessed from internet using a ssh connection (MyEntunnel is very useful to create a background tunnel without having a PuTTY window). For task scheduling, bug tracking and Wiki I am using Trac. It integrates perfectly with Subversion and all the items can be linked uniformly (tasks can be linked to Wiki pages, Subversion commits can be linked to bugs, etc etc). For very small teams is definitely a great application. I don’t know how well it scales to bigger groups. And that is all about the admin software. There is still a lot of work to do in this area, but for now it is enough. I have the basics and all the work is being backed up every night in my NAS. One day I will write about how nicely you can organize your working environment in Windows to mount shared that are backed up (w: for work, h: for home…), how to set up a PDC with Samba, etc. But that will be in another post.

In short, a positive and productive first week.

Thanks for reading!

Bye, Bye, Pyro Studios

September 11, 2007 @ 22:15 | In Personal | 6 Comments |

Last Friday was my last day working at Pyro Studios. The decision was taken months ago but due to diverse circumstances I still continued working at Pyro for several months. As you probably know, I was working in the Technology Team which I led during a short period of time. It has been half and a year working at Pyro Studios where I have learned a lot and met lot of great professionals and good friends. I expect to work with all of them in the future. Anyway the objectives and philosophy of the studio were different from mine so the split was needed.

I think that time for building my own future has come. I have lot of ideas where I want to start working on and I have some money saved. So I think I will probably try the invest. At the moment, I cannot tell more about that. Expect news very soon.