A coworker of mine was asking me one of his favorite interview questions. It basically goes like this:
"Write me something that will change any file ending in .html to .htm"
Okay, simple enough, I write out a quick bash loop and hand it to him, then he says:
"Okay, now let's say the directory has spaces in the name"
A bash for loop will create an array by splitting on spaces, so something like this would break:
for file in `find ./ -name *.html`
do
mv $file $newfile
done
If you had a directory named "my directory" you'd have an entry for "my" and an entry for "directory/blah.html" which wouldn't work.
The solution is to do some "while reading this line" bullshit in bash,
but my solution was much more elegant, throw away bash and use ruby:
irb(main):001:0> Dir.glob("**/*.html").each do |fileName| system( "mv
\"%s\" \"%s\"" % [fileName,fileName.gsub( /\.(html)$/,".htm" )] ) end
This question is designed to see if you can think around complicated
scenarios. However, in the wild I'd never trust bash to do the right
thing.
Bash is dumb, ruby is elegant perfection. I guess I would have failed that interview question. ;)
Solving complex problems with speed that creates delightful experiences in the world of cloud automation. Helping you get more out of your cloud.
Friday, October 28, 2011
Tuesday, October 25, 2011
Chef is fun.
I'm currently using chef to manage 91 nodes, and find it to be a fantastic tool. I esspecially like to combine knife commands with shell stuff for something like this:
for node in `knife search node "chef_environment:prod"|grep "Node Name"|awk '{print $3}'`; do echo -ne "${node}\t" ; knife node show $node -a ec2.instance_type; done |awk '{print $1 "\t" $3}'Which gives me a list of nodes in production along with their ec2 instance type. It's handy for generating simple reports, and getting an idea for how may instances of each type we have running in any given environment.
Monday, April 18, 2011
Marriage is tough
Five Finger Death Punch sums up my feelings on the current state of things quite nicely:
"I'd rather hate you for who you are then love someone you're not"
In other words, I'd rather have all the bad then one second of something that you're not.
I love you Kira, and you're worth it. ;)
"I'd rather hate you for who you are then love someone you're not"
In other words, I'd rather have all the bad then one second of something that you're not.
I love you Kira, and you're worth it. ;)
Saturday, February 5, 2011
The house hacking analogy
...and why I dislike it.
First off, the obvious point that a house is clearly nothing like a computer, or a network. People love to use this analogy when talking about security. the conversation usually goes something like this:
Me: "I think that pointing out security flaws does not equate or an immoral act. In other words: if my intent is purely non-destructive, how can it be considered wrong?"
Them: "It's wrong in the same way that breaking into a house is wrong."
Clearly this person is invoking the social contact regarding the expectation of security. This contract states that if you break into my house, or otherwise violate the physical security of this domicile, you will be sanctioned based on the nature of your entry and your subsequent crimes that result from an unauthorized entry.
The parallel here is that the physical security of my house is like the physical security of a network or computer system. If it's wrong to break into my house, then it's wrong to break into my computer as well.
I don't think this holds up like people think. First off, as far as a house goes, the borders and boundaries are clearly laid out. With computers and networks, not so much. The obvious scenario is a hacker gaining clearly unauthorized access to the system. In this case it's clear that no matter what this person does, they're doing it illegally. Gaining access to a network that you know you aren't supposed to be on is clearly wrong.
My differentiation here is that it's not illegal or immoral to find the flaw. The act of proving it ( in most cases ) is the same as exploiting it which makes this a bit of a semantic argument.
However, there are cases when exploiting by proving is worth less than the knowledge gained by knowing about the problem. For example, if we go back to the analogy of the house we could say that by calling the owner of the house letting them know that their front door was open ( and you knew it was open since you were standing inside the house ) and that perhaps the owner should do something about this before someone robs them blind. One might be inclined to think that the owner of the house would greatly appreciate this person pointing this out perhaps even paying this person to shut the door for them.
The person that entered the house was in breach of the social contract. They violated the expectation of security, however, they did it because the door was open, literally. I propose that the immorality of violating this social contract is grossly outweighed by the person doing the right thing, and clearly having no intentions of doing anything but.
The same is not what we see in the computer world. Unfortunately the world I live in is far more apathetic then this. I usually hear people suggest that "it's not your problem to point out" as if to suggest that I should just shrug it off and just say "it is what it is." Apathy pisses me off greatly.
The problem here is that this isn't just a house, it's more like a warehouse full of boxes of your information. I am a professional in the Information Systems profession, and as such it is my duty as a professional to point out the potential problems of any network or system I come across. I see this as my charge, my duty as a professional. I guess in some corny way I see myself as some kind of IS samurai. Everything I do is focused on a more complete mastery of my craft. Ignoring a problem with someone else's network ( read: YO MORON, YOUR DOOR IS OPEN ) is something I will not do just like I wouldn't ignore someone breaking into your house.
Breaking into a house hurts that family and the people closely attached to that family, even neighbors. Someone breaking into a warehouse hurts everyone who had information stored there their families, and everyone connected to them. I can't help thinking that my expectation of security for my home would extend to the warehouse. However, this is rarely ever the case. The unfortunate reality is that people are so busy beating people like me over the head with their own stupidity that now we just don't give a fuck. I know for dam sure that the next time I find a security hole I'm not going to point it out, then laugh while people get fucked from the fallout.
First off, the obvious point that a house is clearly nothing like a computer, or a network. People love to use this analogy when talking about security. the conversation usually goes something like this:
Me: "I think that pointing out security flaws does not equate or an immoral act. In other words: if my intent is purely non-destructive, how can it be considered wrong?"
Them: "It's wrong in the same way that breaking into a house is wrong."
Clearly this person is invoking the social contact regarding the expectation of security. This contract states that if you break into my house, or otherwise violate the physical security of this domicile, you will be sanctioned based on the nature of your entry and your subsequent crimes that result from an unauthorized entry.
The parallel here is that the physical security of my house is like the physical security of a network or computer system. If it's wrong to break into my house, then it's wrong to break into my computer as well.
I don't think this holds up like people think. First off, as far as a house goes, the borders and boundaries are clearly laid out. With computers and networks, not so much. The obvious scenario is a hacker gaining clearly unauthorized access to the system. In this case it's clear that no matter what this person does, they're doing it illegally. Gaining access to a network that you know you aren't supposed to be on is clearly wrong.
My differentiation here is that it's not illegal or immoral to find the flaw. The act of proving it ( in most cases ) is the same as exploiting it which makes this a bit of a semantic argument.
However, there are cases when exploiting by proving is worth less than the knowledge gained by knowing about the problem. For example, if we go back to the analogy of the house we could say that by calling the owner of the house letting them know that their front door was open ( and you knew it was open since you were standing inside the house ) and that perhaps the owner should do something about this before someone robs them blind. One might be inclined to think that the owner of the house would greatly appreciate this person pointing this out perhaps even paying this person to shut the door for them.
The person that entered the house was in breach of the social contract. They violated the expectation of security, however, they did it because the door was open, literally. I propose that the immorality of violating this social contract is grossly outweighed by the person doing the right thing, and clearly having no intentions of doing anything but.
The same is not what we see in the computer world. Unfortunately the world I live in is far more apathetic then this. I usually hear people suggest that "it's not your problem to point out" as if to suggest that I should just shrug it off and just say "it is what it is." Apathy pisses me off greatly.
The problem here is that this isn't just a house, it's more like a warehouse full of boxes of your information. I am a professional in the Information Systems profession, and as such it is my duty as a professional to point out the potential problems of any network or system I come across. I see this as my charge, my duty as a professional. I guess in some corny way I see myself as some kind of IS samurai. Everything I do is focused on a more complete mastery of my craft. Ignoring a problem with someone else's network ( read: YO MORON, YOUR DOOR IS OPEN ) is something I will not do just like I wouldn't ignore someone breaking into your house.
Breaking into a house hurts that family and the people closely attached to that family, even neighbors. Someone breaking into a warehouse hurts everyone who had information stored there their families, and everyone connected to them. I can't help thinking that my expectation of security for my home would extend to the warehouse. However, this is rarely ever the case. The unfortunate reality is that people are so busy beating people like me over the head with their own stupidity that now we just don't give a fuck. I know for dam sure that the next time I find a security hole I'm not going to point it out, then laugh while people get fucked from the fallout.
Subscribe to:
Posts (Atom)