JRRZZ blog

I’ve received an email today. It made me smile.

A while ago Fontys has started a new programme specialised in security (Dutch), a pathetic attempt if you ask me. They’ve been heavily criticised by several professionals. You can’t teach people security by teaching teachers about security. Some basic concepts can be taught, but you’ll need real world experience to give your security researcher title any meaning. Rumors about the end of the programme have been around since it’s launch.

Somehow Fontys has found the funds to give the dying educational programme another jolt. A security lab is Fontys’s answer to the failing project. I wonder what’s to be found in a security lab. Is it about network security? Then I wouldn’t expect anything more than some OpenBSD boxes. Is it about software security? All you need for that is a compiler suite and some debugging tools, no lab. Or is it about low level hardware and software security? If that’s the case you’ll need quite a shit load of (extremely expensive) measurement and development tools, since there’s a shit load of low level security mechanisms out there. And the researches will need knowledge beyond anything taught at Fontys. In short the security lab needs to contain everything used to develop the target products in order to be effective.

Another point of critique is the fact that you’ll need to be highly skilled in software development in order to search for security flaws. These youngsters can’t code jack shit and start following security courses. How the hell are they going to look for buffer overflows and illegal (de)referencing if they don’t even know what pointers are? I bet they get taught what security companies are saying instead of really getting down and dirty with a debugger.

But anyway, the challenge. The grand opening of this new lab is scheduled at friday the 13th of June. How appropriate. It would be so cool to prove Fontys is full of crap by, say, spicing up the event. It can’t be that hard since Fontys has been Microsoft’s lap dog for years now. Don’t get all excited and destroy half their network, just leave a little statement. Show some sportsmanship. If you are successful at this the outcome will be positive in any way. If Fontys decides to play the bully and punish whoever did it, they prove they don’t understand security basics (security be fear). If they accept their defeat you’ll prove they’re full of crap.

p.s. They keep insulting us (wnb) hackers.

Tags: Stuff by jorrizza
1 Comment »

This is a response to my previous post about OOP, over a year ago.

As I’m developing my own programming language, I’ve read a lot of documentation about procedural, relational and object oriented programming. Because of this newly acquired knowledge I’ve got to tune down last year’s attack on OOP. Lots of arguments are still valid, though.

Object oriented programming, as I’ve stated last year, has it’s uses. It’s not the holy grail. Not even close. OOP only works well when structures within the software are static in the real world. Following many of the examples in OOP books for instance, inheritance is explained by a car analogy. Of course car parts don’t change their order of, or dependance upon each other. But in the real world this does happen quite a lot. It’s hard and sometimes even impossible to restructure your code to reflect real-world structural changes when using the OOP model. It often requires rewriting much of the OOP wrapping code.

My previous ranting crusade against all that was OOP was a little mislead. All the OOP code I’ve worked with was primarily PHP code. PHP doesn’t support OOP. It tries to, just like it tries everything else, but fails. Just like at everything else PHP tries. Most of the C++ code I’ve worked with has been developed by fellow students. Not that I want them to take the blame for my anti-OOP stance of yesteryear, but their code has contributed to the negativity. I won’t blame them, it’s the teachers who don’t understand a single OOP concept. They only know how the language works grammatically but fail to translate the grammar to real world problems. So students just end up recreating all the stupid examples in their software the teachers conjured up.

The worst thing is, these students end up writing code in big code generating companies like Logica or Atos Origin. The cubicle philosophy is worshipped like burgers at Mc Donald’s. At these companies the code is just a byproduct. It’s the entire package they’re interested in. The V-model is followed by the letter and engineers are happy they can go home to their normal life, wife and kids at 5pm. This byproduct of theirs is sent into space, embedded into medical devices or used at your bank. Most of the IT flaws seen today can be blamed upon nobody telling these people how to write proper OOP, let alone proper code.

I know what you must be thinking. What the f*ck made this guy change his mind? Qt. If you want to know how a proper C++ OOP model looks like, look no further. Qt makes programs less complicated, it just does everything right. Alright, some aspects (like the dreadful Qt4 CSS) need some polishing, but overall Qt is a prime example. It’s documented properly, has a sane object structure and actually makes sense.

I don’t like languages that make everything behave like an object. It’s not easier for the developer, it introduces unnecessary overhead and often makes the program overly complicated when writing binary handling software like, say, file or socket streams. A file handle is an object, but fully privatised. Just remember what you’re abstracting. I also still hate database object mapping. For example Ruby on Rails rapes the database that way. Why would you need to convert table data to a language specific storage format just to convert it again to database objects? It takes at least twice the amount of data processing and, depending on your language of choice, sometimes twice as much memory. There’s no real good way to really tune your software for a certain DBMS. Database abstraction is evil, just learn proper SQL and procedural data type abstraction.

Finally I’d like to address the OOP in PHP topic. Of course you can write OOP using PHP. You’ve got two choices, really. You can use PHP objects and risk to stumble upon one of the many pitfalls it brings to the table. Or do it the Linux way. Much of the Linux kernel, and especially the API, has many OOP features but doesn’t use real objects. Of course these handles behave like objects, and in essence they are, but they’re implemented using C. You can use this technique to your advantage when designing PHP software. Use array-based handles and use the global scope in a civilised manner.

Tags: Tech by jorrizza
No Comments »

I had a few problems to face. First, I’m terribly out of shape. And with the coming holiday I really need to do something about that. Second, I needed a new bike.

Combine these two and it’s not that hard to guess what kind of bike I was looking for. A sports bike, right? Well, almost.

As a left wing activist with some street cred left I can’t just buy an awesome car and drive around polluting the very thing I tend to preserve, the environment. Not that I avoid using cars all together. I’m not that much of an environmentalist. It’s just nonsense to use a car when a bicycle gets you there faster and cheaper. Maybe the fact that I grew up without a car to my disposal helps a little. I don’t know. Anyway, I’m used to cycling everywhere so I need a proper work horse that gets me where I want to go faster than my current bike and is also suitable for high speed touring.

When I buy something I never buy things half-baked. I want it to be a Dutch bike, too. Somehow I’ve managed to completely destroy every foreign bike I’ve ever had. So I’ve got a few choices right? I could go for the more expensive Batavus or Gazelle models or for a properly hand crafted Koga Myata. RIH and Sparta just don’t make the bikes they used to anymore. Koga Myata seems to be an excellent choice and the bicycles I’ve tested are nice, light and fast.

While riding a Koga loaner a while ago another bike passed me, while I was picking up some serious speed. Powered by a middle aged man. Smiling.

I usually don’t use the words but in this case “what the fuck” is the right expression. I’m a young adonis for pete’s sake. That guy was half way to hell. How he managed to pass me? He had a recumbent bicycle. So if a middle aged man on a recumbent can pass me on a Koga, I have to have a bike like that.

It turns out quite some hand crafting Dutch recumbent bicycle manufacturers exist. Quite a lot actually. The biggest three (for all I know) are M5, Challenge and Nazca. They all create some really weird contraptions. All I wanted was a fast bike capable of transporting my camera or laptop. After much folder sniffing and google raping I found the bike that suited all my wishes. The Nazca Fuego.

A beautifully hand crafted bike. It’s quite nice on the eye, too. Packed with sports level parts while staying comfortable. At least, that’s what they say.

But where can I buy this thing? My local bicycle shop owner couldn’t help me. He’s restricted to the bigger Dutch brands like Batavus, RIH and Sparta. Luckily Nazca provides a dealer list. And hey, a dealer within cycling distance, how nice! So today I’ve paid a visit to De Liggende Hollander, which roughly translates to “The Laying Dutchman”. The shop is located in a small shed/garage type of building in the middle of an average neighborhood. Not the place where you’d expect the only recumbent bicycle dealer in the area. The thing is completely packed with bikes. Some are out for display, some are hanging from the wall and others are hanging on wires from the ceiling. It’s a wonderful sight of brilliant engineering combined with a chronic lack of space. The shop is operated by a friendly guy who surely knows his stuff.

And behold, there it was, hidden behind it’s direct Challenge competitor, the Fuego. After some adjustments to the frame and some paperwork I was ready to take this thing for a spin. Or at least, I thought I was. I’ve tried a recumbent bike before quite a while ago and didn’t really manage to take off, so to speak. The shop’s owner helped me along and after a few (wobbly) laps around the neighborhood I was confident enough to take the bike to the public road.

What a revelation. It’s fast, comfortable, lean and everything everybody was saying about these bicycles is absolutely true. It’s a way better experience than the ordinary upright bike. The seat is shaped just right, the air suspension does it’s job perfectly and together with an excellent stiff frame this adds up to an unprecedented cycling experience. Of course some minor things annoyed me. Like that most traffic lights are controlled by buttons that are placed just too high to be easily reached from a semi-low racer like the Fuego. Also, because of the speed and aerodynamics flies and other insects are lining up to enter one of your facial cavities. Wearing glasses isn’t just a luxury, it’s highly recommended. note to self: buy some

Because of this wonderful experience I’ve decided to buy it. Expensive as it may be, it’s worth every last penny.

Some technical details I’ve remembered for the interested: Fuego Top-Sport Black Satin, Shimano (105?) 2×9 crank setup, Schwalbe Stelvio tires, Kind-Shock air suspension, Shimano (M535?) hydraulic disc brakes, 24 spoke Alex wheels and some LED lighting. Photos will be submitted to DeviantArt next week, after I’ve received the bike.

Tags: Stuff by jorrizza
No Comments »