Weekly security week wrapup 23 and 24

It’s been two weeks since the weekly security wrapup, which makes ‘weekly’ a rather week term. Lots of excuses I could utter, but they’re all saying: “been busy”, which is another way of saying “I decided that other things were more important to do”. However, here we go again.

Cheap GPUs are breaking passwords faster

Obviously, they’re good at doing stupid things fast(er), and cracking passwords is about the stupidest task possible for a computer. However, for some of the strong stuff out there, like truecrypt, it does not really matter.  Truecrypt, for instance, has a rather slow initialization routine, which takes about 10ms on an average processor, which means you can check 100 passwords/sec. If a CUDA implementation were to increase that 1 million times (10^6), you can check 10^8 passwords per second. But if you have a 10 char password (upper/lower/digits), there are roughly 10^17 possibilities. Checking 10^8 passes/s means it takes 10^17/10^8/2 ~= 10^8 seconds. Which is another way of saying 76 years. That’s longer than the average time it takes for a disk to disintegrate by itself, last time I checked. Still, using CUDA to speed things up is quite cool.


Mac Reversing: Starter’s guide

I’ve found this article on (OSX) malware analysis for beginners. It talks you through the beginning of using IDAPro and how to start analysing it. It’s excellent, but you need to keep paying attention, or you loose track quite easily.


Electric car trouble

And we’re not talking about the trouble you have driving your new electric Nissan Leaf and looking for a place to have lunch, dinner and a nap before your car is charged up. No, we’re talking about the car’s builtin firmware’s RSS reader telling all servers your current location, speed and whether you have the aircon on. That’s not funny.



TheMacBundles has an offer for a few utilities which are quite nice. But the killerapp, parallels, I’ve already bought, so that’s sort of an un-offer for me. Also, the rest of the tools doesn’t quite appeal to me, mostly because the tools replace some other shareware of payware tool I’ve already got.

One thing made me curious though: DragThing. I’ve had it on my mac before, but I dismissed it rather swiftly the first time around. And I couldn’t think of any reason why I did that in the first place. So, this article contains my testingresults for the DragThing tool.

First off, DragThing is supposed to be a Dock replacement. Some people don’t like the dock, at all. Personally I’m rather indifferent. It’s nice to know which applications are running at any given time, and for that purpose it works. I use too many tools, like shells, mail, browser, textmate, etc. open in various configurations that I’m not using the dock for keeping the most-frequently used tools (other than mail (postbox at the moment, but that’s for another article) and safari. Which got upgraded today to a real 4.0, instead of 4beta. It didn’t crash, so that counts as good). I’m really not using the document stacks.

In DragThing, you can keep drawers for your apps, documents, folders, urls etc. All nicely together in a thing called a Dock. Of which you can run two incarnations (in the non-paid-for version): one for holding apps, docs, etc and one for the ProcessDock, which has a list of all running processes. The paid-for version also has a disk and window dock, which might come in handy when you have too many safari windows open. Personally I don’t expect much from that, because I use tabbed browsing, so I don’t have many windows open from one application.

You can associate hotkeys with certain things you want to have done, but, frankly, I’m all out of hotkeys right now. Probably the first thing I’m really needing is a two-key hotkey (like emacs with Control-x as prefix), but that’s a topic for another time.

All in all, I’m of the opinion that DragThing is not what I need to manage the stuff I do. It’s not particularly nice looking (a big, who cares topic, but on a mac, well, I do care), and the other needs aren’t that big to have them satisfied by purchasing DragThing.

Getting things done with software

I’ve been steadily improving my efficiency by using the Getting Things Done method, way of Life, something like that. One of the first recommendations is to have a single inbox. One way to have a single inbox is by using some piece of software to do that for you.

So far I’ve used TaskPaper, OmniFocus, Things and the recent newcomer (only in Beta) The Hit List.

Taskpaper is quite simple, it has the minimal set of features to manage your inbox. You can do most things, like selecting everything with a certain tag. However, it’s not too easy to organize everything by deadline. My final conclusion is that TaskPaper is too basic to fill my needs.

Things is much more advanced. What I like are the ‘Focus’ boxes in the sidebar. They make it very easy to change your focus to what should be done today, which tasks are available to do next etc. What I absolutely don’t like is that you can’t (or, at least I can’t) create sub-projects. As I found out, it’s a number one requirement for me. Further the number of tags grows quite rapidly for me and that makes it inconvenient to use. But, in retrospect, I may have been misusing the tags functionality a bit. If I’d have used it more as the list of contexts it might have been more workable. Things did not quite cut the cake, right now. Today I’ve also looked at the 1.0rc and it has 100% eye-candy, but I have not seen subprojects yet.

OmniFocus is the software I put my money in. It had all the features I needed, like subprojects. What it hasn’t got is eye-candy. It’s not quite as ugly as a baboon’s backside, but nearly there. I’ve been using it for the last month as I should. The things I use most are:

  • Recurring tasks (both recurring after completion as on a fixed deadline).
  • Subprojects. In this respect I almost use Omnifocus to do the outline of the project, now if only the output could be shown as a Gantt chart… One thing you cannot do is put a subproject on hold.
  • Emailing new ideas to my inbox via the Apple Mail integration. Nice.
  • It’s easy to spot which tasks are available next, and what tasks are due any time soon. It’s only configurable for all taks, whereas Things allows you to enter this information separately.

The Hit List is in semi-private beta since December 23rd and I’ve been using it on-and-off (not fulltime since it’s a beta and I have serious doubts if I like to reenter all the items from omnifocus again in THL, since there is currently no import/export functionality, also, THL does not have recurring tasks, which is necessary for me for THL to be a OmniFocus replacement. But do I like what I see so far?

  • It looks good, very good.
  • It’s stable.
  • You can organize your projects (why does the menuitem say ‘List’ btw?) in any way you want. Tagging can be done in any way you want, for contexts as well as ‘ordinary tags’.
  • There are shortcuts for just about anything to speed you up.
  • You can approach the tasks in the list as the project-breakdown, but also as a ‘card’ (with shuffle-eye-candy when going from one task to the next). This invites you to create more extensive notes. Since I use the note to describe the result of the task, I think this way of viewing a task is a plus.
  • You can time the duration of a task.

But there are some things I think should be added:

  • I couldn’t find how you can create a list of ‘next’ tasks. But, for this to be useful, you have to be able to specify that a (sub-)project is parallel or serial.
  • Make it scriptable, so you can hook it to mail via mail rules.
  • Make a task that is due more obvious than making it bold.
  • If you have subsubtasks it’s not obvious from the card-view for the task. Ideally the top project card would show a gantt chart of the subtasks. Featuritis, I know.
  • Create an import-feature for plaintext or any of the competitor’s file formats.
  • Due times could be displayed as ‘in 3 days’ like Things has. That’s quite nice.

The Conclusion for me is that it’s going to be either THL or OmniFocus.