smashedbug.com, tech music and geek news

I must admit, my head must have been buried too deep in web development and system administration manuals to have missed Xen.

Xen is an open-source software project that provides high-performance, resource-managed virtualization on the x86 processor architecture.  To break that down, Xen is a freely available, open source technology that allows multiple operating systems to run, in parallel on the same hardware.

Basically, once Xen is fully realized, I could run Linux, FreeBSD, NetBSD, Plan9, Windows, OS/2 and perhaps even Mac OS X all at the same time, on the same computer, simultaneously. We are not talking about dual booting.

So in a typical scenairo, you might have your primary operating system running Xen-powered Linux. During startup, you might have it load up Windows in the background. From the Linux desktop, you may decide to switch between them or perhaps setup remote desktop/VNC and access Windows in that regard. Setup a few network shares to allow files to be transferred between the two systems and voila! One computer, multiple, simultaneously running operating systems, total process isolation, near native performance.

Whats particularly cool about Xen is the ability to manage the resources. For example, you might have a server running a dozen or so operating system instances (ie mail, ftp, web, database, etc..) Each one of these could be granted a certain percentage of the overall system resources and Xen will keep them in check. Great for hardware consolidation (why ahve a handful of single processor boxes when you could build a 4 or 8 way box (ie 4 dual core processors) and maximize hardware reuse).

This is definitely some technology I am planning on investigating further. The ability to run multiple systems simultenously w/o having to reboot or utilize expensive GUI-based virtualization software (vmware) or uber-slow emulation (qemu, virtual x86) is enticing.
For additional details, check out the Xen page at Wikipedia.

I have been doing quite a bit of web development work lately and time after time, I find myself utilizing Firefox as a development tool.

Firefox has two particularly powerful features that are very useful for web designers and developers:

• Document Object Model Inspector
• Web Developer Extension

Document Object Model Inspector

The Document Object Model (DOM) is a display of a web page that shows how the raw page source was read into the browser and understood. It shows how different elements of a website are nested within one another, it provides access to the cascading style sheet (CSS) information and JavaScript. As a result, it provides a skeleton of the web page and all the elements that make up the page.

So why is this useful? I particularly find it useful when working with CSS and run into issues where an element simply does not appear the way I *think* it should appear. CSS has rather complex inheritence rules that while very useful in maintaining consistency of design, can occasionally baffle even the most gift CSS gurus couple this with incomplete (and sometimes incompatible) CSS rendering by various web browsers *cough*internet explorer*cough* and its nice to have a tool where I can determine EXACTLY how the browser calculated a given value. The DOM Inspector provides me this capability.

With the DOM Inspector, I can pull up any web page and  using the “Find a node” tool, click on an element on the page. It will pull up the element in the page tree and give me many options, including the box model characteristics (position, dimensions, etc..), css style (in particular, which css files and rules were used), and the computed css style. As a result, I can review the data provided and quickly determine how a particular object was calculated and ultimately displayed. In addition, the tool provides the ability to change values (or add values) and have it dynamicly update the page in the browser so I can see changes in real-time. Great to test-run a change to complex CSS rules before altering the original style sheet.

Absolutely great tool. There have been many times where I am left scratching my head and the DOM Inspector comes to the rescue showing me exactly how items on the page were calculated and gives me a sandbox to test new ideas before commiting them to the original source documents. Anyone remotely involved in web design and development should spend some time working with the DOM Inspector to get to know its capabilities — its sure to save much time down the road when complex inheritence issues arise.

Web Developer Extension

Ahh. What would life be like without the Web Developer Extension! Another must-have for web development and design. The Web Developer extension allows you to quickly test many “what-if” scenarios. It provides quick access to disabling various browser features (cache, cookies, images, java, javascript, page colors, pop-up blocker, styles (different levels), etc.) which comes in very handy to ensure proper web application handling in those scenarios (ie is session state retained on the server if a user does not accept a cookie? Does server-side form validation operate if someone disables javascript to avoid annoying java-script form valdiation pop-ups?)

In addition to disabling, it provides a huge array of additional features such as working with forms (POST vs GET form submissions, auto-form population, form analysis tools, etc.), working with images (outlining images not meeting certain criteria, displaying image dimensions and sizes, etc..), working with css (setting styles, editing styles, viewing styles, using alternative styles, etc..), outlining page elements, validating against the W3C validators, resizing browser (to test for various screen resolutions), analyzing http response headers .. and much more.

Fantastic tools. Absolute must-haves to quickly analyze complex problems and solve them efficiently. Its great to have insanely great tools at your finger tips.

Well if you haven’t heard yet, its 2006 and Microsoft already has a MAJOR KNOWN unpatched security exploit in ALL VERSIONS OF WINDOWS (yes, even including the Windows 2003 Server, Windows XP SP 2 and Windows Vista betas..).

The problem started out about a week ago and over the New Year’s Day weekend, picked up significant traction when the exploit code was posted and dozens of variants were released in the wild.

The issue is simple — the WMF (Windows Meta File) image format contains the ability to execute code (why? I have no idea). In anycase, it is possible via a buffer overflow to run malicious code at an administrative level and take control of a computer. Unlike many historic security issues where a user had to run an application, this issue only requires the VIEWING of an image .. let it be in an email, on the computer, via an application, on a website.. doesn’t matter.

Given the “extremely criticial” rating of this issue and the fact the exploit can not be easily filtered at the border (ie firewall, intrusion detection system, etc..), a software engineer posted an unofficial patch that was endorsed by several security firms, including SANS ISC and F-Secure. This was released on New Years day which would give IT departments a head-start to get this deployed on their networks before workers came back on Monday or Tuesday.

Microsoft’s response? “Don’t use the patch.. it is insecure code that might be vulnerable .. we have a patch but won’t release it for a week..”.

Hahah.. I find that hmm.. INSANE. Here is *MICROSOFT* code that IS KNOWN vulnerable and exploiting this hole is escalating by the minute… a patch is developed, source code released and endorsed by security experts in the industry and Microsoft *DECLINES* to review and make it an official patch…. even worse, they claim to have a patch but will leave MILLIONS of computers vulnerable for 10 DAYS longer..

So if you follow Microsoft’s advise, to minimize the risk, your ONLY ACCEPTABLE OPTION is to NOT use your computer until next TUESDAY once the patch comes out (and hopefully works for all the variants of this issue). hah.. no internet, no email, no viewing of images.

Its kinda like Russian Roulette .. every day that passes, there is another bullet added to the gun.. you feeling lucky enough to use Windows today?