A Special Message For Tickets.com

2013-03-28 21:14:14 by chort

After spending 15 unsuccessful minutes doing battle with their website and infuriating phone menu, I sent an email to customerhelp@tickets.com in a last ditch effort to actually be able to spend money on them.

I have to complain about the huge waste of time to walk through the annoying, automated phone menu with no hope of talking to a human. It's ridiculous for the synthetic voice to have a name, and it's patronizing for the message to claim "I found the seat you're looking for" when the only piece of information I supplied was a price. I was never given an option to select a section, side of the stadium, deck level, etc. How does your ignorant system determine that the seat it choose is one I'll enjoy sitting in? If your phone system was designed to piss people off, your product folks have done an outstanding job. If instead, they were trying to design a system that people would enjoy using and that would actually help them find what they wanted, perhaps you should actually use human beings who can listen and understand.

PS charging me an $8 "convenience fee" for using your phone menu must be one of these ironic hipster jokes I hear so much about.

Arrogant Anti-virus Doesn't Appreciate Your Choices

2013-03-15 08:00:35 by chort

I'm all for having safe defaults in security software, i.e. erring on the side of turning on protection, and leaving it up to the user to disable it if they feel it's too restrictive. Recently I had an experience with a particular anti-virus program that went well beyond this. Every time I turned me head, the program had overridden my choices.

Read the rest of this story...

Building YARA 1.7 on OSX

2013-03-05 21:10:11 by chort

Several people have been having issues building YARA on OSX. This is what I did to get it working on Snow Leopard with Macports. Testing working with -r 164

$ sudo port install re2
$ svn checkout http://yara-project.googlecode.com/svn/trunk/ yara-project-read-only
$ cd yara-project-read-only
$ export LDFLAGS='-L/opt/local/lib'
$ export CPPFLAGS='-I/opt/local/include'
$ aclocal
$ automake
$ autoconf
$ ./configure --with-re2
$ ./bootstrap.sh
$ make
$ sudo make install

POW!

$ cd yara-python
$ python setup.py build
$ sudo python setup.py install

PS the first version of this blog post missed ./bootstrap.sh, which is required.

Export and Import GPG Secret Keys with OpenSSL Protection

2013-03-03 14:37:50 by chort

Some times I need to move GPG/PGP secret keys around, but I get very nervous about having them "in flight." Of course the passphrase protects they key, but call me paranoid. I had been encrypting with OpenSSL, then decrypting right before import, than rm -P (or shred -u) the file. Wouldn't it be nice to skip the step of having the key decrypted on disk at all? Turns out gpg can read from STDIN (and so can OpenSSL), so it's very simple.

srchost$ gpg --export-secret-key -a "user@domain" \
| openssl aes-256-cbc -a -salt -out user.key.enc

dsthost$ openssl aes-256-cbc -d -a -in user.key.enc \
| gpg --allow-secret-key-import --import -

gpg:    secret keys imported: 1