About this blog…

I am employed by Netnod as head of engineering, research and development and am among other things chair of the Security and Stability Advisory Committee at ICANN. You can find CV and photos of me at this page.

As I wear so many hats, I find it being necessary to somewhere express my personal view on things. This is the location where that happens. Postings on this blog, or at Facebook, Twitter etc, falls under this policy.

The views expressed on this post are mine and do not necessarily reflect the views of Netnod or any other of the organisations I have connections to.

A new world

The Foreign Minister of Sweden, Carl Bildt, writes in his blog that he has encountered A New World. One might think in these days of financial crisis and instable situations in many countries, that some new idea sprung up. But no, he in the post say he changed from using Windows to use a Mac.

 Att säga att jag inte ångrar det steget är månadens stora understatement. Min enda kritik av mig själv är varför jag väntade så länge att ta steget. 
 Den nya världen är alldeles definitivt bättre än den gamla. 

A new world indeed. […]

Security Update to MacOSX released

A security update to MacOSX is now released. Among other things it updates the DNS software Bind according to this notice you can see below. An update that is really important to install given that we just started to see effective attacks using this attack vector:

 BIND CVE-ID: CVE-2008-1447 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4 Impact: BIND is susceptible to DNS cache poisoning and may return forged information Description: The Berkeley Internet Name Domain (BIND) server is distributed with Mac OS X, and is not enabled by default. When enabled, the BIND server provides translation between host names and IP addresses. A weakness in the DNS protocol may allow remote attackers to perform DNS cache poisoning attacks. As a result, systems that rely on the BIND server for DNS may receive forged information. This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks. For Mac OS X v10.4.11 systems, BIND is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1. Credit to Dan Kaminsky of IOActive for reporting this issue. 


Addressbook Sync problems in MacOSX

I have got ghost records in my addressbook. Records that have only an email address in them. The problem is that there are now and then thousands of those records. I have also, like many others, got problems with the updated format of images in the records in MacOSX 10.5.x. Many findings on the net suggest doing complete reset of the sync database on all computers (iPhone etc), but I do not want that. Why should I? Then rumors said the sync problem would go away in 10.5.3, but it did not. Or rather, the image syncing is better (but not resolved), but I get these bogus records. To remove all of those records, I could either select those (one can find them in the Address Book by searching), do select-all, and then delete. The problem is that the “select-all” operation was never succeeding with the 16k bogus records. I had to kill Addressbook application after 4-5 hours with 100% CPU load. I could mark about 50 records at a time, and do manual delete, confirm etc, but each one of those took 20-30 seconds. Not a good solution either. So I wrote an AppleScript. When running it, I could delete about 200 records every 25 minutes. Good enough. After running this, the 16k bogus records where gone. But, of course about 2k of them came back when syncing (again) with my iPhone that seems to have got some of them from my Mac. I am happy I wrote this script, as I now could run it again. Much faster when only having 2k bogus records. But still slow.

 tell application "Address Book" set r to 0 set nr to 0 set pp to every person repeat with p in pp set ee to every email of p repeat with e in ee if (value of e) = "bogus-email@example.com" then set r to 1 end if end repeat if r = 1 then delete p set nr to nr + 1 if nr = 200 then save addressbook set nr to 0 end if end if set r to 0 end repeat save addressbook end tell 

AppleScript that remove records with certain email address […]

MacOSX 10.5.3 is out

It is not Tuesday, but a new version of MacOSX is out. Early reports from friends say the upgrade (although 420MByte on my MacBook Air) went flawlessly, so I am upgrading now. I saw early lists of the changes as a Developer, and the list was massive. The 420MB of course show that. Hope some bugs in Mail.App parsing of local messages are fixed. I also hope Spaces is better. And I hope some irritating bugs in MacOSX Server regarding how serveradmin is editing the configuration files for bind and apache is fixed. As it is now, it is hard to edit files manually as serveradmin is messing around with the files as well — in a way that is not according to the documentation (in the config files). I also hope they have in the user interface in the iCal client the ability to change permissions in the CalDav server on the server. As it is now (as I understand it), there are manny features there that one in reality can not use… Bummer. […]

MacOSX 10.5.2 is out

At last 10.5.2 is released. It took some time, but on the other hand, it contains tons of stuff that I look forward to. Just the size of the update (approx 350 MByte) indicates large portions of the operating system has changed. The update exists both for the client and server. Updated: Oh, I forgot the link to Apples site where they have more information about the upgrade. […]

Comment function turned off by mistake…

Because I had not learned the settings in the software I now use for blogging, Mars Edit, the ability to comment on my postings has been turned off by mistake. I now went back in time and turned on the ability to comment again. Sorry for this. […]

The unmanageable Airport

Paul Hoffman writes about him not being able to configure an old Apple Airport base station after upgrading to MacOSX 10.5. The same problem exists if one upgrade to MacOSX 10.5 Server and want to administrate both a MacOSX Server 10.4 and MacOSX Server 10.5 from the same client. The admin software is simply not backward compatible. I think this is a bad thing. Really bad thing. Specifically to not have the MacOSX Server utilities backward compatible with old versions of MacOSX server. Who is upgrading all of their servers at the same time? It is though possible to use the old software (from 10.4) in 10.5. If one remember to name the software differently of course. The links inside the Server Utilities one can use to “jump” between admin and open directory management does not work though. This is broken Apple. Really broken. […]

Enigma simulator for MacOSX version 1.2.1 released

Thought I could be faster than my Joachim (with the Kryptoblog in swedish) noticing that version 1.2.1 of the Enigma emulator is released. I am very fascinated on how these machines worked, the people inventing them and (more importantly) the people that cracked the code. One day I will visit Churchill Museum and Cabinet War Rooms in London that friends say are such good exhibitions. […]

Apple Mail.App is behaving weird again

I have no idea how many messages I am supposed to fetch (again). […]

Apple Security Update – WPA support, at last

Now Apple as well as many others have support for WPA and WPA2. That was good, as some hardware vendors have support already, which imply policy on some enterprise networks is that WPA and WPA2 must be used. This update make it possible for people that use MacOSX can use the wireless network. […]