Little known secret about Pidgin that I can’t seem to find anywhere but that I somehow figured out.

Obviously it uses GTK for it’s window engine.  Logic tells us that it would use GTK themes in the same way.  This is correct.

You can grab your themes from Gnome-Look (only from the GTK 2.x category) and then extract them.

One you have your files, grab the folder that contains a folder with the name “gtk-2.0″ (id est, you would find the “gtk-2.0″ folder then hit “go up one level” one time, and then take that folder) and put it under C:\Program Files\Common Files\GTK\2.0\share\themes or C:\Program Files (x86)\Common Files\GTK\2.0\share\themes if you’re on 64-bit Windows.

This is the default location of GTK, if you installed it to a different you’ll need to go under /Share/themes from the root GTK install directory.

Then go to your start menu, find the GTK+ folder and launch “Theme Selector”, select the theme you chose from the “Global” list, hit ok, and now restart any GTK applications (like Pidgin).  You should have your new theme.

Ok so this is probably going to be the first in a series I do on utilizing the internet as a modern student, making use of all the different tools we have in modern times to better ourselves.

What prompted this is I was never taught Algebra properly (and never really listened either to be bluntly honest), so I’m terrible with Algebra.  However, if you’ve read my About page, you know I’m also an engineer.  Math is essential to my degree, including a bunch of Calculus courses.  I happen to be in Calculus 2 (or Integral Calculus, it differs at different colleges) and I’m having a time with all the Algebra tricks required to solve a bunch of these equations.

In the old days I could go for tutoring, get a lot of help from my professor, or review through the book.

But this is the Information Age, what can I do now that doesn’t inconvenience the tutor (they have lots of other students to help out), inconvenience my professor (he’s busy enough as it is), or make me want to pull my hair out in a generally ineffective manner?

If you’re not familiar, a lot of colleges have been putting some of their courses online.  MIT, U/C Berkeley, Stanford, etc.  All of these and many more have been initiating free courses (called courseware) to be downloaded and viewed on demand to whoever.

So, as bad as a taste that this leaves in my mouth, I launched iTunes and went to the "iTunes U" category in the iTunes store, then scrolled down to mathematics and found a College Algebra course with ~35 lectures for download from Florida Community College at Jacksonville.  Perfect.

I also found differential and integral calculus courses from MIT which will be great for review throughout the days.  Plus I can have the MIT training in Calculus and other courses.  It may be beneficial in an interview to say "yeah I took  the course at my own college but I also took MIT’s course via their OpenCourseware service, so I have both my college’s training and MIT’s training"

So time to begin the review, aka totally retaking the course but I can’t think of a much better way to do it.

A note for those of you who followed these instructions on getting JSP to run transparently on IIS 6.

This method, in my experience, would only function if IIS5 Isolation Mode was enabled.

I’m not sure why but the ISAPI plugin started up just fine after enabling IIS5 isolation mode.

Check this thread out.

Microsoft has this to say about the modes of operation.

Here’s how to enable IIS 5.0 Isolation mode.

If you’re not into running Isolation mode (I wasn’t) I setup Apache 2.2 on a different port specifically to run JSP apps.  Instructions after the break…

Read more

[rather scathing rant]

So I just got back from a Cyber Security Club meeting at my school.  I decided to sign up and attend a meeting, expecting maybe 10-15 really nerdy people like myself that live, sleep, eat, and breathe computers, or at least a healthy population of people who know about computers.

I can say I was severely disappointed.

I went in and there were probably 60 people in the club, I can point out maybe 10-15 of which qualified under my expected population.  The rest of the group were people that I’m familiar with the type.

I must give an example.  This woman WAS here this evening too mind you.  This woman was in the Cyber Security Program and was in a Java class I took last semester.  Java…as in the programming language that’s excellent for programmers but a hit to take for non-programmers.  There were no prerequisites for this course.

So this woman is in a full blown programming course and we’re maybe 2-3 weeks into the class (maybe it was prior but I think it was like 2-3 weeks in) and she turns and ASKS THE PROFESSOR HOW TO SAVE A FILE!!!!!

IS THIS THE KIND OF PERSON THAT’S GOING TO BE RESPONSIBLY FOR NATIONAL INFRASTRUCTURE SECURITY?!?

And worse yet, aside from the 10-15 people that I pointed out, the rest qualify either under the same classification as this woman or just the hyper students that aren’t really into computers but are just there to play video games.

Ok so maybe they want a job change.  Frankly I think if you haven’t had anything to do with computers up until this point that you shouldn’t be going for issues of national security, but maybe I’m missing something.  I’ll give them at least the benefit of the doubt.

So they were also electing club officers and one of them noted how he was in the club last year and they talked about cyber security but they never actually did any of this (he wanted to setup a lab, which I agree with), but really, is the cyber security club just a couple of talks and a lot of people playing video games?

I came to the club because the description was (and I quote):

Inspires learning of all things technological through trial and error, reverse engineering and professionals within the field.

And none of this was even apparent that they did any of this.

Maybe I’m missing some huge fact but really…..this is absurd.

[/rather scathing rant]

I create a video for TiltMobility.com that explains and shows how to flash a ROM to your AT&T Tilt, check it out.

IMPORTANT! Flashing your ROM is a potentially dangerous activity and I take NO responsibility for you messing up your device or anything else.

Please read this post on TiltMobility for important information about the video prior to flashing your ROM.

Heading back to college tomorrow.  Updates will be a little more sparse for a time but will pick back up again soon.

I’m currently working on a few projects, including Arduino stuff.  I’ll keep you all posted for further information

Some of you probably read about the vulnerability in Vista that doesn’t just take advantage of any new exploit but rather Vista’s fundamental architecture all together.

Well the way this systematic attack is approached is via an arbitrary browser exploit.  But what if browser exploits were cut off from the main machine?

Meet ZoneAlarm’s new security tool that’s been a bit long in coming in my opinion.  It’s called ForceField (and with good reason).

What the product does is put your browser inside of a virtual environment that’s totally cut off from the underlying OS.  It also cuts off the OS from the browser (helping negate the effects of keystroke loggers and such).

Now earlier they were giving away free CD keys for ForceField and I registered for a copy (1 year subscription).  It doesn’t have Vista 64-bit support unfortunately but it is on my laptop (32-bit Windows XP) and I’d say that it runs rather well.  My laptop is a machine that’s gaining a little age (although it’s far from old) and typically has some trouble running Firefox 3.0 with all my normal extensions.  However even running virtually, it still runs rather fast (negligible performance decreases).

So aside from negating this proposed attack, it can also protect against a wide variety of other problems, and it’s existence (albeit probably inevitable) is certainly welcome.  It will certainly be nice to be even less concerned about visited websites leaving cookies, ads containing exploits, and the like.

Well apparently the new e-passports that were supposedly so good have already been hacked, furthermore with minimal equipment and within an hour.

Kind of ignorant to think about something as simple as that as secure.

The Public Key Directory sounds like a decent way to make it more secure.

Personally my idea is that every e-passport needs more hardware.  Hardware that stores data, preferably in a rotating array like RSA SecurIDs, and would better yet have another mechanism which would never transmit the internal rotating IDs but rather would transmit a hashed ID, which would furthermore be salted with an ID that is unique to the scanning station, so every single scanning station would have a unique salt ID, or better yet a group of salt IDs that change depending on several factors, that would be added to the internal ID upon hashing and would produce the more secure resultant ID.

With how cheap FlashROM is now, it’d be great if they had an updatable internal mechanism for rotating keys for your personal ID (such as updating internal IDs whenever you renew your passport), as well as keeping an internal database of the salt IDs for all the stations so the salt ID wouldn’t have to be transmitted anywhere near as often, thus reducing risk of an attack on the hashing algorithm.

Also, since all of this hardware is going into these things, might as well build in an authentication mechanism so the e-passport doesn’t arbitrarily send out IDs where a differential attack may be observed, similar to how WEP was cracked.

But like I said, this would require a lot more hardware.  However, RFIDs are not really a good idea for important information.  Security, especially like this, needs to be taken seriously in this day and age and even if it’s not "cost effective", then don’t bother giving out a far less secure system that can endanger the privacy and identities of people.

Hackers, despite what you may have heard, have ethics, but apparently a couple of giddy Frenchies though they would be "1337" and sniff a few packets on a line designated as secure at hacker convention Black Hat 2008.  Turns out monitoring traffic when parties involved are not informed is a felony.  What a surprise.  Furthermore surprising is that FBI agents attend Black Hat (I’m being sarcastic, it’s not surprising).

Lest we all forget the NBC "shock" reporter…

Explanation:
Reporters are welcomed at hacker conventions like Black Hat and Defcon, but they are also required to declare themselves as reporters and wear a press badge.  This woman was hiding a camera in her purse and recording the events.  Unsurprisingly she was caught very early in the con.  She was attempting to do a shock piece for NBC Dateline on hackers and federal agents.  Unfortunately, aside from the usual fun of "spot the fed" (where the people try and point out who they think are federal agents in good fun but no real seriousness), this woman would have revealed the identities of many agents and otherwise.  Hence it’s a big deal.

Ok so Adaptive Path’s Aurora concept is very cool

But even so with this cool concept, I can’t help but keep thinking back to Windows Live Search for Windows Mobile.  Windows Mobile is a platform people have really been neglecting and it’s really a highly advanced, and easy to use, mobile OS, which I happen to greatly prefer to the iPhone OS.  More after the break.

Read more