Installing Windows, Ubuntu7.10, Mac OS 10.4.10 on MacBook (Triple Boot)

I am happy with my MacBook with its running Mac OS X 10.4.10. I can't stand working on windows any more, I feel more comfortable with Mac OS.

My master Thesis is running on linux environment(basically Fedora, but I successfully turned it to be Ubuntu)
My current project delivery should be done on windows. An easy solution costing 60$ would be to purchase Fusion.
Although Fusion looks very interesting, I didn't submit to this solution, for the following reasons:

1. Running virtual machines consumes more memory, in this case I will loose some performance which is something I will certainly need during development.
2. More memory usage, means more power consumptions, hence less battery life time. in normal cases I enjoy having ~4hrs battery life time with my lovely Mac. this is sthg i don't stand to loose.
3. to overcome the first problem, I can extend my RAM. this will make the virtual software costs me almost (60+90)$....I really can't afford this for now. (I didn't get paid for salary 3 months ago)

So, I decided to to create a triple boot on my MacBook. It was a very risky step for me..But here we go, I have nothing to loose anyway (keeping in mind 150$ :S, 900 LE when converted to our local currency!!!!!! )

My MAC specs are:
Processor: 2.16GHz Intel Core 2 Duo
Memory: 1 GB 667 MHz DDR2 SDRAM
MAC OS X: 10.4.10

The target is to install Ubuntu 7.10 and WinXP SP2 on MacBook.
steps:

1. Get BootCamp: I think it may force you to update to Mac 10.5. (luckily I installed it 1 month ago before leopard is released)
2. Update your Mac OS.
3. Install rEFIT.
4. run BootCamp assistant and follow instructions to burn driver CD for windows. (don't proceed with installing steps)
5. Backup your data. (you may not loose your data if things go smoothly)
6. Check your disk partitions and identify the Mac Partion. I most cases it is /dev/disk0s2. but if you are not sure, you can verify this by running a shell command using the diskutil:

   $ diskutil list
   

   resize your HDD using Diskutil by running the following command. first you specify the volume to be resized, and its new size, then the type, and the name of the new volumes followed by their size.
   

   $ diskutil resizeVolume /dev/disk0s2 70G "Linux" "Linux" 20G "MS-DOS FAT32" "Windows" 20G
   

7. insert your XP SP2 CD and hold down the "ALT" key.
8. install XP on the valid partition, just give it a quick FAT32 format.
   
9. you should now have a dual boot(windows with Mac).
10. insert your Ubuntu 7.10 Live CD.
11. run the installation normally. You should set up the partition manually. Don't mount the EFI system partition. you need only to mount / to the drive you allocated to your linux installation. I didn't make a SWAP file, I just don't need this for now, I relied on my 1GB RAM.
12. Continue through the installation steps.
13. When you reboot, you should have triple boot.
    

Effective Java Programming

Effective Java Programming, by Addison Wesley, is one of nice books i have read in software development material. and i recommend it to any developer developing in Java, starter or senior.

programming by nature is very flexible. you have many choices. it is like creating a statue using clay. You choose at every point; Class names, methods and variable names. public methods, internal implementation algorithms, structure of the package classes,.. all of those and others are left for the programmer to choose.

Effective Java programming comes to introduce a lot of the best practices for Java programmers; to enhance the stability, readability, clarity, reusability and maintainability of their code. it also has guides to the proper use of a lot of the java standard classes.

A note inside the book really draw my attention; in item 8, chapter 3, Wesley was talking about overriding the hashCode method, he stated an example of a phone number class and an implementation of a suggested hashCode, then he said "Writing such hash functions is a topic of active research and an activity best left to mathematicians and theoretical computer scientists.". Wesley encourages his readers to use the state-of-art code. that's the goal of the book.

Actually i was thinking about the classes of the open source libraries we use as i proceeded reading the book. the kind of code that shall be used by thousands of programmers all around the world.

Zimbra, violating Open Source terms

Not all pretenders are Open source... This is true for zimbra at least which claims it is open source, but actually I see everythg they r doing is against open source. check this for detailed discussion abt zimbra as open source.
I am still in my battle field working on Zimbra.
We upgraded to the new zimbra version now....
In this new version I found sthg in the code that made my nerves; all variables are written in this format "_158", "_140".
I found this hilarious...

The fall of MS fan

For most of life, I have been a Microsoft user. I wasn't a MS' fan. But I didn't find it not so bad working on Window, and it was fair enough for me, although it is not perfect.

I had great passion to try the Vista out, the long delayed version, 6 years or sthg. We all read abt it for many years, and how much it will be sthg fascinating and a new..bla..bla..bla
When I tried it on my PC, i was expecting sthg that could dazzle me.

finally, I got Vista business. I was totally wrong, I regret the day i installed Vista.

well, it is beautiful, the 3-D desktop switcher looks nice.
I faced many problems with Drivers. the problem is not that they r not verified by Vista. the problem that from time to time, I had to redefine the drivers.
my network card kept to be disconnected. I couldn't stay online for couple of hours. the stupid thing that when it disconnects, i have to press by myself "diagnose and repair" then should press "get a new IP" to ask the Vista to get another IP. What is this stupidity!!! didn't I define that already in the connection properties!! the answer to that question is the "ALLOW" :))
If u run sthg on vista, and precipitate away from ur PC, don't expect it is working.

u should wait because u will have to answer "Continue with getting a new IP?", "continue with opening this executable file"..etc I really hate this stupid thg in vista. i don't think i have to press 3 clickes just to run exe file..

The gadgets are terrible, I have never turned them on. they are not innovative and poor.

fighting to have a network connection really annoyed me.
this Vista eats the processor and the Memory. it slows down ur PC. without any tasks running ur RAM usage can be 512 MB. to use a PC now, u have to add $X to buy extra RAM for the Vista and $Y extra to more powerful processor, don't forget that u will pay for the Vista too :)
Vista price is too high. despite the license price is the almost the same since many old versions of windows, it is too high comparing with HW costs these days. Windows license can exceed 20% of ur costs!!!!

the only thg that may keep windows alive is that majority of mobile tools need windows to sync, and some softwares are not still available for MACs.

anyway, I didn't like the Vista thg.
Not friendly, no performance, no stability...nothing.

Web Antivirus

Web Services are increasingly becoming an essential part of your everyday life. How much time you spend surfing the internet pages?

To be more specific how much you feel now that Google is too much involved in your daily routine? Can you imagine your life without Google? your search, your Calendar, your email, your blog, ...etc

Well, it seems that you will look for Google to be your web antivirus. Before you access a page, type the url in google search and pray that you won't get "this site may harm your computer".

you have just to obey, otherwise your PC will be affected.

the story begins with researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to "in-depth analysis". Actually they found 450,000 pages guilty.

It is sufficient only one visit from you to make the attacker able to detect and exploit a browser

vulnerability. Therefore, the goal of the attacker becomes identifying web applications with vulnerabilities that enable him to insert small pieces of HTML in web pages.

An example for this is iframes, which can successfully install a malware binary "drive-by-download".

Are the web masters, or the site creators are responsible for this?
The answer is, it is not always the case.

User Contribution

Many web sites feature web applications that allow visitors to contribute their own content. This is often in the form of blogs, profiles, comments, or reviews. they usually support only a limited subset of the hypertext markup language, but in some cases poor sanitization or checking allows users to post or insert arbitrary HTML into web pages.

Advertising
Although web masters have no direct control over the ads themselves, they trust advertisers to show non-malicious content. Sometimes, advertisers rent out part of their advertising space; in this case the web master needs to trust the ads provided from a company that might be trusted by the first advertiser. And so on, you may find nested relations which considered as pitfall in the trust relation by making it a transitive one.

Third-Party Widgets
A third-party widget is an embedded link to an external JavaScript or iframe that a web master uses to provide additional functionality to users. Example for this, Google Analytics :)

Webserver Security

The contents of a web site are only as secure as the set of applications used to deliver the content, including the actual HTTP server, scripting applications (e.g. PHP, ASP etc.) and database backends. If an attacker gains control of a server, he can modify its content to his benefit. For example, he can simply insert the exploit code into the web server’s templating system. As a result, all web pages on that server may start exhibiting malicious behavior. Although the team has observed a variety of web server compromises, the most common infection vector is via vulnerable scripting applications. They observed vulnerabilities in phpBB2 or InvisionBoard that enabled an adversary to gain direct access to the underlying operating system. That access can often be escalated to super-user privileges which in turn can be used to compromise any web server running on the compromised host. This type of exploitation is particularly damaging to large virtual hosting farms, turning them into malware distribution centers.

Exploitation Mechanisms
A popular exploit they encountered takes advantage of a vulnerability in Microsoft’s Data Access Components that allows arbitrary code execution on a user’s computer.
Typical steps taken to leverage vulnerability into remote code execution:

• The exploit is delivered to a user’s browser via an iframe on a compromised web page.
• The iframe contains Javascript to instantiate an ActiveX object that is not normally safe for scripting.
• The Javascript makes an XMLHTTP request to retrieve an executable.
• Adodb.stream is used to write the executable to disk.
• A Shell.Application is used to launch the newly written executable.

Another popular exploit is due to a vulnerability in Microsoft’s WebViewFolderIcon. The exploit Javascript uses a technique called "heap spraying" which creates a large number of Javascript string objects on the heap. Each Javascript string contains x86 machine code (shellcode) necessary to download and execute a binary on the exploited system. By spraying the heap, an adversary attempts to create a copy of the shellcode at a known location in memory and then redirects program execution to it.

Detecting Dangerous Pages
Simply, by monitoring the CPU and the processes executed on accessing the page. When some unknown processes are added to the list, this will be a strong sign that a drive-by download has happened.

Google will be more and more involved into our life, it will report to you malicious sites for free....
anyway, it is not a big deal, you can do it yourself for some levels. but there a little bit sophisticated cases when you need multilevel reverse engineering...

Reference: Google Research Paper

Update:
Google online security blog, the latest news and insights from Google on security and safety on the internet.
Microsoft takes actions to defend vulnerabilities claim.

Upgrade your Experience with Google Analytics

Few days ago Google Analytics has released a new version. The new user UI enables easier use of the reports and metrics within the data sets,

NEW:

• Email reports and improved clarity of graphs allow users to explore and discover new insights
• Customizable dashboards ensure the right data gets to the right people at the right time
• Plain language descriptions of the data allow users to take action to improve their web site

This is awesome :)

Erlang Review

After I got a quick look to Erlang, I started to feel a little more curios to this language, and I decided to give it a portion of my readings.

The resources of this language are limited, it is very clear that it is still in the "Early Adopter" phase. I already believe that this language can realize a very good hype very soon. Furthermore, I see it has as many advantages as the Ruby.

I won't talk about the ordinary features which anybody can figure out by himself. What I see the most important point is "Concurrent Programming" in Erlang.

Now, I think of this blog entry as a checkpoint of my digging results in the Erlang World, and not an Erlang Quick Start. this is just an entry to point to the "Erlang Status".

Erlang is a programming language designed for building highly parallel, distributed, fault-tolerant systems. It has been used commercially for many years to build massive fault-tolerant systems which run for years with minimal failures. Erlang combines ideas from the world of functional programming with techniques for building fault-tolerant systems to make a powerful language for building the massively parallel networked applications of the future.
This means that your Erlang program should run X times faster on a X core processor than on a single core processor, without changing a single line in your code. I really appreciate this flexibility. You can use this feature in a very effective way in your application.
I didn't test the Erlang by myself and test its performance, but actually I am very optimistic towards the results, given that the Erlang is heavily used on embedded systems. so, I expect that it has a good performance comparing with other technologies such as Java, Ruby..etc
frankly speaking, I didn't test the Ruby on my PDA. But I expected that the performance won't be pleasant at all. so I decided to save my time for something else. About Java, yes well, I tested it and I am not ready to do it again.
I wondered if anybody used Erlang in web applications!!! The good news I found is that there is a plan to produce a web platform for Erlang. well, there is already a web platform for Erlang but it is not open source and information about it is very limited because it was developed outside of Ericsson.
I think the Erlang consulting and Training Ltd has used an Erlang web platform. which I think a quite impressive start for the Erlang. When I think about Erlang Platform, I think of powerful concurrency handling of heavy loads (It is the Erlang nature, nothing to do with it), and I certainly remember the fault-tolerance embedded with Erlang (built-in ability to upgrade software during runtime without restarting or failure time) which is something missed in most of frameworks dominating the marketplace nowadays. This paper talks in some more details about the status of the Erlang Platform.

I hope you enjoy your Erlang programming.

Quick look to Erlang

I started to be interested to the Erlang language. I read a little about it, and I think I may dedicate some time to it.
There is a short movie giving a quick introduction about ERLANG features.
Erlang has reached a high level of maturity in the telecoms market!!!!

Corporate Blogging

It's not about the way you spend your leisure time. Blogging or as we can call it here "Corporate Bloggings" is one of the technologies that have great potential impact on the marketplace.

The corporate-blogging is the use of online journals by employees to further company goals.

It started with nontechnology entries, but the lack of interest was a big factor of disappointments.

2005 was the peak of hype for corporate blogging. Currently it is sliding into the trough replaced by the (Social Network Analysis, Folksonomies, Speech Recognition for Mobile Devices, RSS Enterprise...)

The corporate-blog can be considered as a tool for projecting the marketing messages in a medium that has large reach and low cost. Furthermore, it creates a good opportunity to make some kind of dialogues with the market(collect feedback from the market).

Expectations are tricky in the blogging world. Although no initial efforts nor technical skills are needed for blogging, it is not easy to effectively achieve it because it requires long-term commitment and consistency.
Behind the scenes, you can expect the intelligent competition, and recruiting processes ;)