After recently reinstalling my iMac to make sure that it's save, some time has passed and things seem to be secure. LittleSnitch takes good care of my internet connection and, so far, I have not spotted any troublesome activity.
Obviously, I'm curious to know whether my system had been compromised at all. I cannot find out, however, since I just completely formatted the hard drive once I had decided to reinstall. I just came across an interesting article at heise.de, though, which discuss the value of compromised Mac systems. The article cites the analysis of activities within a malware community called Partnerka where, apparently, malware had been distributed through video codecs.
Before the infection I had actually tried to install video codes for decoding some weird formats I came across. Could this be the explanation for the troubles I had with my system? In any event it is interesting to see that, contrary to popular (internet) opinion, malware people and botnets are targetting Mac - and seem to be successful doing so.
Saturday, September 26, 2009
Thursday, September 17, 2009
Adobe AIR, Flex and Mac OS X Dock behaviour
Here's a quick pointer implementing the common behaviour of hiding windows when clicking the Exit button used on Mac OS X. Clicking on the dock icon will make the window visible again.
Article at ThanksMister
Thanks, Mister!
Article at ThanksMister
Thanks, Mister!
Tuesday, September 15, 2009
Probabilities in Monopoly
I just read some paragraphs in a book called "The Art of Game Design: A Book of Lenses" by Jesse Schell. It really is a very interesting book, analyizing the design of games from a rather theoretical standpoint but giving rules of thumb that can guide your designs.
Anyways, the paragraph I read was an introduction to probabilities for game designers. It was really well-written and a fun read. One thing I have to comment on, though, is the statement that it is "nearly impossible to calculate the probabilities of landing on a particular field in Monopoly using theoretical means" (in contrast to simulating a very, very long game). It actually can be done with good thought and knowledge of Markov Chains. Googling a bit, you will find really nice articles analyzing the game of Monopoly in this regard. This place might be a good start.
So now that I've given this one away, let me know whether you succeeded in the game by purchasing the most likely fields!
Anyways, the paragraph I read was an introduction to probabilities for game designers. It was really well-written and a fun read. One thing I have to comment on, though, is the statement that it is "nearly impossible to calculate the probabilities of landing on a particular field in Monopoly using theoretical means" (in contrast to simulating a very, very long game). It actually can be done with good thought and knowledge of Markov Chains. Googling a bit, you will find really nice articles analyzing the game of Monopoly in this regard. This place might be a good start.
So now that I've given this one away, let me know whether you succeeded in the game by purchasing the most likely fields!
Monday, September 14, 2009
SSL errors in Firefox
Since recently I have noticed that Firefox, every now and then, tries to access two servers using SSL that have no valid certificates. Both servers are accessed without me requesting anything so it must either be something that another website is using (the last times this has happened I had Gmail open in one of my tabs) or something else is trying to open.
One server is int.fmsolutions.pl which returns a "sec_error_unknown_issuer". I have no idea why anything would try to connect to that server so I'm slightly worried again. My password paranoia is back :-S
The other server was a subdomain of blue-cdp.com which belongs to a company called QPASS. I know these guys from previous work experience where they have acted as a content management solution for a mobile operator. Why would anything on my system connect to that server? The SSL error I see mentions a problem with the server mentioned in the certificate: it contains a wild-card character '*' but that does not seem to match the server my Firefox tried to access.
Is there any option in Firefox that allows you to see the exact history of URLs that have been accessed recently? Like a log or something?
Anybody knows what that server does? Googling only reveals one dodgy SMS login page ...
The other server was a subdomain of blue-cdp.com which belongs to a company called QPASS. I know these guys from previous work experience where they have acted as a content management solution for a mobile operator. Why would anything on my system connect to that server? The SSL error I see mentions a problem with the server mentioned in the certificate: it contains a wild-card character '*' but that does not seem to match the server my Firefox tried to access.
Is there any option in Firefox that allows you to see the exact history of URLs that have been accessed recently? Like a log or something?
Tuesday, September 8, 2009
Mac Security - part III
No Blizzard mail since last night informing me of another account cancellation - even though I used my Mac to play and installed one of the addons (QuestHelper). LittleSnitch only detected regular communications going to Blizzard servers. No strange behaviour. I start to feel save again.
What bugs me is that I still don't know what exactly happened. The only thing I can think of is that, while installing WoW, I downloaded the installer file from a non-official source. This might have been a modified file contain a Trojan or something. Seems rather unlikely, though ...
What bugs me is that I still don't know what exactly happened. The only thing I can think of is that, while installing WoW, I downloaded the installer file from a non-official source. This might have been a modified file contain a Trojan or something. Seems rather unlikely, though ...
Monday, September 7, 2009
Mac Security - part II
My account has been re-activated and Blizzard was kind enough to delete all the characters that had been created without my knowledge. I logged in to their website and changed my password on my Windows machine - which has been equipped with ZoneAlarm in the meantime. Afterwards, I logged in using the game client (once I deleted all the add-ons I had still installed) and verified that things were in order. No breach of security so far (which is about 10 hours).
I'll be courageous and will log in using my iMac now. Fingers crossed that re-installation fixed the issue.
I'll be courageous and will log in using my iMac now. Fingers crossed that re-installation fixed the issue.
Sunday, September 6, 2009
Menus with cocos2d
If you intend to use the Menu class in cocos2d, remember that each method used as an invocation target by a MenuItem must take exactly one argument which is going to receive the object that invoked the method. If you don't conform to this, you will see an error message like:
*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[NSInvocation setArgument:atIndex:]: index (2) out of bounds [-1, 1]'
Here's a sample method that will work:
- (void) doMenuItemAction: (id) sender;
*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[NSInvocation setArgument:atIndex:]: index (2) out of bounds [-1, 1]'
Here's a sample method that will work:
- (void) doMenuItemAction: (id) sender;
Saturday, September 5, 2009
Mac Security
I consider myself a savvy computer user: have been online since well into the 90ies and have programmed loads of apps on desktops, servers and mobile devices. With my approach to using passwords and navigating around the web I felt fairly save - till just recently.
To drive some iPhone development, I have recently switched to a nice 24" iMac (this doesn't add any value to the story - am just bragging here). Like probably a lot of other users I felt fairly save with my OS X setup and I didn't worry too much about the security setup: I did not install anti virus software nor did I install a personal firewall of any sort. The system is sitting behind a router, though, so direct connections to the system are not getting through.
Now here's the fun part: since a couple of months I have been playing - and now I admit to it publicly - some World of Warcraft. There were never any issues with my account as long as I was on my Win XP machine. Once I got the iMac I installed WoW on that system since it's way more powerful than the laptop I had been using before. Things worked smoothly (except for a really bumpy install process) for the first couple of days or so but this week I received notice from Blizzard that my account had been cancelled permanently due to involvement in online trading activities.
I surely was surprised by this since I have never done anything illegally within the game. I sent Blizzard a notice on re-activating my account since I hadn't done anything violating their ToS and, after a couple of days, received notice that they had reset my password and I could start using the account again. Immediately I went to their site and picked a new password *that I had never used before*. The password was of ok strength, I think, looking similar to "bla5623bRealm". I logged in to my account and noticed that, indeed, two characters had been created within my account that I didn't know of. I deleted those characters, verified that nothing majorly had happened to the other chars and logged off to get on with work.
About four hours later I receive another mail from Blizzard, cancelling my account again due to the very same reason! Through the WoW iPhone app I could see that another six or eight chars had been created within my account. I have, obviously, not shared my password with anybody, not posted it on any websites and - most importantly - I have never, ever used it before. Now I'm obviously quite concerned about the security of my system since the explanations which do not imply that my system has been pwned (brute-force attack, Blizzard people using my account, hackers breaking into Blizzard servers) are fairly unlikely.
Scanning my system using popular virus scanners and rootkit detection software did not detect any oddities and, eventually, I chose to re-install the Mac. Obviously, if something like the keyboard hack made it into the wild, a reinstall won't fix anything. Is there anything else I should've considered as a possible means of intrusion?
Which also leaves the question through which means I might have received the evil intruder. Have only used a couple of very popular WoW add-ons and software that was recommended on websites. No pr0n apps, no illegal software. Any comments are very much appreciated - I'll post follow-ups as the story develops.
BTW, is there any easy way to download the firmware from my keyboard for checksum comparisons? I must look pretty paranoid :-D
To drive some iPhone development, I have recently switched to a nice 24" iMac (this doesn't add any value to the story - am just bragging here). Like probably a lot of other users I felt fairly save with my OS X setup and I didn't worry too much about the security setup: I did not install anti virus software nor did I install a personal firewall of any sort. The system is sitting behind a router, though, so direct connections to the system are not getting through.
Now here's the fun part: since a couple of months I have been playing - and now I admit to it publicly - some World of Warcraft. There were never any issues with my account as long as I was on my Win XP machine. Once I got the iMac I installed WoW on that system since it's way more powerful than the laptop I had been using before. Things worked smoothly (except for a really bumpy install process) for the first couple of days or so but this week I received notice from Blizzard that my account had been cancelled permanently due to involvement in online trading activities.
I surely was surprised by this since I have never done anything illegally within the game. I sent Blizzard a notice on re-activating my account since I hadn't done anything violating their ToS and, after a couple of days, received notice that they had reset my password and I could start using the account again. Immediately I went to their site and picked a new password *that I had never used before*. The password was of ok strength, I think, looking similar to "bla5623bRealm". I logged in to my account and noticed that, indeed, two characters had been created within my account that I didn't know of. I deleted those characters, verified that nothing majorly had happened to the other chars and logged off to get on with work.
About four hours later I receive another mail from Blizzard, cancelling my account again due to the very same reason! Through the WoW iPhone app I could see that another six or eight chars had been created within my account. I have, obviously, not shared my password with anybody, not posted it on any websites and - most importantly - I have never, ever used it before. Now I'm obviously quite concerned about the security of my system since the explanations which do not imply that my system has been pwned (brute-force attack, Blizzard people using my account, hackers breaking into Blizzard servers) are fairly unlikely.
Scanning my system using popular virus scanners and rootkit detection software did not detect any oddities and, eventually, I chose to re-install the Mac. Obviously, if something like the keyboard hack made it into the wild, a reinstall won't fix anything. Is there anything else I should've considered as a possible means of intrusion?
Which also leaves the question through which means I might have received the evil intruder. Have only used a couple of very popular WoW add-ons and software that was recommended on websites. No pr0n apps, no illegal software. Any comments are very much appreciated - I'll post follow-ups as the story develops.
BTW, is there any easy way to download the firmware from my keyboard for checksum comparisons? I must look pretty paranoid :-D
Thursday, September 3, 2009
Extending cocos2d
Today was my first real day of doing something vaguely productive using cocos2d on the iPhone.
I coded an animation creation framework (aptly called Pixel Animation Studio) some months ago which can be used to compose animations using 2d pixel graphics. Basically, an animation is broken down into frames which in turn are broken down into small fragments. This technique encourages reuse of image fragments and can save a lot of space normally wasted by duplicate content in images. I guess you can see my background as a J2ME engineer shine through ...
Anyways, to support the animations created using this tool, I need a Sprite class that can be assembled by rendering multiple images instead of a single texture. To get this working, I investigated the CocosNode, TextureNode and Sprite source code to see, how rendering is performed deep within cocos2d. Turns out it's fairly easy to do:
cocos2d already handles most of the behaviour you need for a Sprite in CocosNode. It takes care of position translations and rendering all the sub-nodes added to a CocosNode. Now you just go ahead, sub-class CocosNode and add all the images you'd like to render as children of type Sprite (or AtlasSprite). cocos2d will take care of the rest!
Since the animations produced with Pixel Animation Studio are slightly more advanced than the ones provided out of the box by cocos2d (btw, I didn't realize plain 2d, frame-based animations were supported out of the box to begin with - they are just not properly highlighted as a feature on their site), I also had to implement a new IntervalAction. That's pretty straight-forward, too: just subc-class and override the + (void) update: (ccTime) time method. When instantiating, keep in mind that cocos2d takes parameters in seconds for the actions which accept a duration parameter, not in milliseconds.
I coded an animation creation framework (aptly called Pixel Animation Studio) some months ago which can be used to compose animations using 2d pixel graphics. Basically, an animation is broken down into frames which in turn are broken down into small fragments. This technique encourages reuse of image fragments and can save a lot of space normally wasted by duplicate content in images. I guess you can see my background as a J2ME engineer shine through ...
Anyways, to support the animations created using this tool, I need a Sprite class that can be assembled by rendering multiple images instead of a single texture. To get this working, I investigated the CocosNode, TextureNode and Sprite source code to see, how rendering is performed deep within cocos2d. Turns out it's fairly easy to do:
cocos2d already handles most of the behaviour you need for a Sprite in CocosNode. It takes care of position translations and rendering all the sub-nodes added to a CocosNode. Now you just go ahead, sub-class CocosNode and add all the images you'd like to render as children of type Sprite (or AtlasSprite). cocos2d will take care of the rest!
Since the animations produced with Pixel Animation Studio are slightly more advanced than the ones provided out of the box by cocos2d (btw, I didn't realize plain 2d, frame-based animations were supported out of the box to begin with - they are just not properly highlighted as a feature on their site), I also had to implement a new IntervalAction. That's pretty straight-forward, too: just subc-class and override the + (void) update: (ccTime) time method. When instantiating, keep in mind that cocos2d takes parameters in seconds for the actions which accept a duration parameter, not in milliseconds.
Wednesday, September 2, 2009
+ (void) load
I just happened run into one of those things that must happen to you if you just go out there and try to learn a new programming language from scratch without using any tutorial books.
Just for the sake of getting started with some Objective-C coding, I'm implementing some 2D animation functionality based on an animation tool coded in Java. Trying to load the files its creates using Objective-C, I implemented a method called load in one of my classes. Things got properly loaded - but, to my surprise, I also saw some error messages in the console hinting at leaking memory. An autorelease-pool was set up in my main class so I was wondering what could possibly have gone wrong.
Turns out + (void) load is method defined in NSObject class which is used for initializing objects. It got called even before my autorelease-pool was initialized, thus the leaking. Keep that in mind if you see error messages saying "No autorelease pool in place" or "Just leaking" even though an autorelease-pool is set up in your main class.
Just for the sake of getting started with some Objective-C coding, I'm implementing some 2D animation functionality based on an animation tool coded in Java. Trying to load the files its creates using Objective-C, I implemented a method called load in one of my classes. Things got properly loaded - but, to my surprise, I also saw some error messages in the console hinting at leaking memory. An autorelease-pool was set up in my main class so I was wondering what could possibly have gone wrong.
Turns out + (void) load is method defined in NSObject class which is used for initializing objects. It got called even before my autorelease-pool was initialized, thus the leaking. Keep that in mind if you see error messages saying "No autorelease pool in place" or "Just leaking" even though an autorelease-pool is set up in your main class.
Subscribe to:
Posts (Atom)