Saturday, December 31, 2011

The Buzz

You may have heard that using Bash for web applications is an open invitation for security issues.  There is some real truth to that but there is also much not understood.

In the modern era of web 2.0 the everyday programmer has it easy.  If they want to implement an email function they import a module for it.  If they want to compress data, they import a module for it too.  Indeed modules add a luxury to programming making it fun and the programmer grin from cheek to cheek. While the load of work is being reduced so other important tasks can be accomplished.  No more breaking the back, or neck or whatever it is that breaks!

Modules are created for the masses. This means modules are written so they will work for most all situations.  At least that was the intentions. In Bash there aren't any modules. Instead there exists pipes.  Now unlike modules, pipes aren't written to work for the masses.  They are not even intended to work with bash!  They are independent applications.

Because there are no modules to exploit, any security holes that may crop up from Bash would have to be exploited by the unique code of the user.  In reality this is never an issue.

Bash is quite unique in and of itself. It is flexible enough to be the default shell on most Linux distributions.  It is this flexibility that has actually hurt it.

Sunday, May 29, 2011


I was messing around with today and it is pretty nice. Lots of useful tools. Though I'm not much of a blogger I think keeping a blog would be good practice. These days a lot of people should write more. The task of jotting down ones thoughts on paper or computer is a task worth doing. I for one believe it helps clear the mind. So much time is spent rushing around that there is no time left for for our selves.

Bash Myths

Myth 1: #/bin/sh is Bash
Fact: sh is sh, bash is bash they are two different things.

Myth 2: To do much with Bash, you need to use standard UNIX tools like sed, awk, and grep.
Fact: There's a saying "don't use a sledge hammer to hang a picture". Similar when using bash. Don't use sed, awk and grep to do simple things bash already handles.

Myth 3: Bash is not the most efficient language and requires more resources on your server than some other languages.
Fact: Bash is quite efficient, however if the programmer is using sed, awk and grep that may not be the case.

Myth 4: For maintenance reasons, Bash is not well suited for large or complex CGI programs.
Fact: Maintenance from patches, security holes are very rare. Sort of like how viruses are rare on Linux based operating systems.

Myth 5: Bash is bad security for production servers.
Fact: This one is plausible due to the asinine Bash scripts rampant on the internet.

Interested in trying Insteon products? You might want to read this

I've dealt a little with SmartHome products, but not a whole lot. Most of the products I install and repair are X10 based. In fact, until recently I had never came across a home that had incorporated SmartHome products.

Let me introduce you to a client of mine. We'll call him Mr. K to preserve his privacy. Mr. K's home is what you would call a smart home. Every room, closet, flood light, hall, and bathroom fan was on a SmartHome smart switch. Mr. K's home was struck by lightening. The lightening pretty much ripped him a new one leaving him with some serious woes.

So the fun part was given to me to see what worked and what did not. Interesting enough half of the smart dimmers still worked. Easy enough, I said to myself. Just total up the bad ones, and order the new ones. But first I want to call SmartHome and just be sure. So I called SmartHome and they informed me they no longer offer support for SwitchLinc, in fact they said they did not even have a manual at their disposal! I was shocked. You mean to tell me just because you upgrade a product you no longer keep the manual handy for the older version? Serious, no joke. Needless to say I by found the manual online myself off SmartHome's web site.

The following day I call back and talk to a different person who sounded somewhat more knowledgeable then the previous yoyo the following day. The one question I really cared about was the compatibility between what my client had and what I was about to order. He tells not to worry they are compatible. Mr. K's existing product line is known as a SwitchLinc. It is X10 based, comes shipped with a primary address: A1, and supports scenes. SmartHome's current product line is known as Insteon. It is uses Insteon technology, is X10 ready, does not come shipped with a primary X10 address, and supports scenes.

Now Mr. K has an "all lights off" scene and that's really the extent of his scenes. Not so difficult right? So I place my order, which comes close to $1000 dollars worth of Insteon products. They arrive, I test them, they don't work. I know why but I wanted to hear it from the SmartHome technician. So I called SmartHome back and ask them politely if the two products were compatible. They again say yes, I ask again if the two products were compatible with scenes, and lo' the SmartHome technician says no.

So here I am stuck with almost $1000 dollars worth of dimmers. What options do I have I asked myself? I really want to make these things work. I don't wont to replace every switch in Mr. K's home with Insteon. That would easily run close to $2500 just in material not to mention labor. Fed up with SmartHome's help I study the manuals for the SwitchLinc and the Insteon backwards and forwards going through every scenario possible. I came up with two solutions and the only viable solution was to use a multi-button Insteon keypad that utilizes two buttons for my all lights off scenes. Button 1 controlled the older SwitchLinc switches with a simple X10 scene command, and the other button controlled the newer Insteon dimmers via the Insteon linking mode. The other solution was to put both functions on one button. Insteon can do this. What it can't do is handle the X10 side very well. The Insteon function works like a charm, but the X10 function develops a serious side effect from the Insteon signals being processed so close together to the X10 signal that it just fails horribly. So two buttons one for older SwitchLinc and one for Insteon. Job completed and Mr. K is happy.

So if you do decide to use Insteon just remember there's a chance the product you buy now wont be compatible with future products. And if you're lucky you might even get to talk to a technician that knows what they're talking about.