Month: August 2008

VMWare critical licensing bug

According to Matthew Marlowe’s Blog, VMWare instances running ESX 3.5U2 in enterprise configurations have a license management bug that will prevent them from starting, beginning tomorrow.

The post has turned into a list of pretty helpful tips, including:

While the licensing bug does not appear to be related to security issues, this is a pretty good reminder of how mission critical hypervisor software is. It should be held to the same standards as operating systems.

Security: information, MBTA, geopolitical

Isaac Hayes, RIP

I was two or three years out of college when I first listened to Isaac Hayes seriously. I had picked up Shaft in college but, aside from the title track, it didn’t speak to me. I mean, flutes? Really? I just couldn’t get past the instrumentation. I knew there was something funky there but it wasn’t finding me.

And then I picked up, for some unknown reason, the soundtrack to Stealing Beauty, which leads off with Hoover’s (later Hooverphonic’s) “2 Wicky.” I was never a big Hooverphonic fan, but “2 Wicky” set off all kinds of bells in my head, primarily because of the opening, which I knew had to be sampled from somewhere. I did some digging and found it had come from the lead off track on Isaac Hayes’s Hot Buttered Soul, an album I had always assumed was a goof like Shaft. But I was hooked on that opening guitar + backing vox riff, so I picked up Hot Buttered Soul.

And I couldn’t put it down.

That weekend I was driving around Raleigh, North Carolina, with some college friends–we were there for a wedding–and I couldn’t pull the disc out of my car player. I must have played “Walk On By” and “Hyperbolicsyllabicsesquedalymistic” about a hundred times that weekend. The album was so over the top, so drenched in drama and sound, but somehow it touched the same funky center, breathed the same groove, as the Parliament and James Brown that I had been marinating in for the previous four or five years. And it reached deeper than those cuts in some ways–Hayes projected a pain and vulnerability that you’d never hear from the Godfather of Soul.

I was smacked sideways when I heard yesterday about Isaac Hayes’s death. It seems like someone who touched the human condition so deeply shouldn’t be allowed to go so quickly.

Security, privacy, fatuity, and parody

Attack of the Living Dead Friday Random 10

It’s been a good long while–over a year? really??? where did time go?–since I posted one of these. In that time I finished my “listen through” of my music library, so I don’t have a large pool of unlistened to songs on my iPod. Instead, a good many of these are likely to be songs that are already on my playlists, and therefore a little less revelatory. Let’s see what happens.

  1. U2, “11 O’Clock Tick Tock.” 11 O’Clock Tick Tock (Single)
  2. Howard Jones, “No One Is to Blame,” Dream Into Action
  3. Sun Kil Moon, “Si Paloma,” Ghosts of the Great Highway
  4. PJ Harvey, “The Letter,” Uh Huh Her
  5. Maddy Prior, “Singing the Travels,” Silly Sisters
  6. Jamie Lidell, “What’s the Use”
  7. Sarah Blasko, “Don’t U Eva”
  8. Peter Gabriel, “In Your Eyes (special remix)”
  9. M.I.A., “Bamboo Banga,” Kala
  10. Big Star, “Give Me Another Chance,” #1 Record

New mix: “Blasphemous rumors”

I haven’t posted a new mix for a while, and there are a few reasons for that. So I’m jumpstarting by posting a largely unedited theme mix, based on Estaminet’s Sacrilicious mix of a while back. It’s called “Blasphemous Rumors,” and it hits songs with Old and New Testament themes as well as good old fashioned breaking of the third (or second, depending) commandment.

This will also be the last mix I post on Art of the Mix unless a few things change. The site has had some problems with SQL injection vulnerabilities, and the developer chose to fix the vulnerabilities by filtering input–which is fine, but it means that you can’t create a mix with the word “drop” in it, even in a song title (e.g. “Dropkick Me Jesus”). Tip to the developer: the best way to avoid SQL injection is by whitelisting input and parametrizing your queries, not by blacklisting.

So does anyone have a recommendation for a replacement for Art of the Mix? It should ideally support uploading playlists from iTunes.

Money, money, and security

Comprehensive security guide for Windows Communication Foundation

The developer challenge in developing secure code is two-pronged: first, understanding the threat landscape; second, coding defensively and following best practices to avoid creating security vulnerabilities in code. The WCF Security Guide, now available for download from Microsoft, is a pretty impressive document (600+ pages) that combines aspects of both threat landscape definition and specific coding practices, leveraging Microsoft’s Windows Communication Foundation (part of the .NET Framework in version 3 and later).

WCF is an impressive framework that allows the creation of applications that do everything from turnkey SOAP web services to custom communications channels, with tons of flexible configuration options. The downside of the flexibility of the framework is that a lot of the choices it offers have serious security considerations, and the tradeoffs aren’t necessarily clear at development time. For instance, WCF allows the definition of the security mechanism used to protect a communication stream–transport level, message level, or none; encryption, message signing, or both–and using some of the options can make deploying services more complex (must run the service as a user who belongs to a domain, for instance). The guide walks you through a lot of these decisions, as well as basic secure coding practices ranging from input and output sanitization to developing to survive a DoS attack.

Onegin reviews and other musings

Upholding and reporting, bizarro style

Alone in the crowd

photo
There are some days where my love of Tanglewood bumps up, hard, against some of the less ideal aspects of the place. I speak of the crowds.

I think part of the reason I love coming here with the chorus is those glorious early days of the residency, when we and the orchestra are almost the only people here. But come Friday night and a concert in the shed (in which I’m not performing) and I find it a bit… overwhelming. Call it agoraphobia, but partway through the search for friendly faces among the blankets and lawn chairs I’m invariably seized with the urge to flee. So it was that I couldn’t hack the crowds for last night’s concert.

But of course I still want to hear the music. So this residency I’m taking full advantage of that secret of the Tanglewood experience: the open rehearsal. While they can still be crowded, particularly this morning with Yo-Yo Ma, the crowd is not as dense, and one can sit inside the Shed and feel insulated from the worst of it. And the best part is how cheap the tickets are–I mean, they let the chorus in for free, in recompense for our services, but even for the general public an open seating ticket is less than $10.

Colic, anthrax, and presidential avoirdupois

Small world

It was over four years ago that I wrote about my choral doppelgänger (aka doppelsänger), Scott Allen Jarrett, who directs the Back Bay Chorale among other musical responsibilities in Boston. In the meantime I’ve never actually met him. Until last night, when I was introduced to him by a fellow TFC member in Lenox.

The introduction, coming as it did after a marathon day of rehearsals that ended at 10:30, was an unexpected capper to the evening. Until I realized that on the other side of the restaurant were the guys from Chanticleer, whose performance I had been unable to attend because of the aforementioned rehearsals.

So, a red-letter evening: a successful (ultimately) series of rehearsals for Onegin, a great dinner when by all rights all kitchens in town ought to have been closed, finally made the connection with Scott, and got to greet the guys from Chanticleer. At this point, the only thing left is for me to bump into David Weinberger, who’s spending time out this way this summer, and the nexus of coincidences would be complete.