Wednesday, October 31, 2007

Super Catholic Heroes

Everybody should have a theme song.

The feast of All Saints is all about Super Catholic Heroes.

A co-worker of mine once dubbed me a Super Catholic. I think he just never actually met a practicing Catholic. (And why do we call it practice? ... So we can keep trying until we get it right). At first I didn't particularly like the moniker, given the implications, but I learned to roll with it. Been there, done that, got the t-shirt. No really, I got the t-shirt.

One day I told him I had to stop by the local Catholic Shop after work.
He responded,
"Why? Are you low on Catholic?".

(Hmm, maybe; see parenthetical #1).

So where do you go when you're low on Catholic? Aside from a good sacrament or two, may I suggest some free Catholic music? Check out the Catholic Rockers podcast or perhaps a quick shot of That Catholic Show on SQPN.

And since it is All Hallows Eve ...
the story of Jack, the Depressed Pumpkin.

Thursday, October 25, 2007

Maslow et al

It's amazing sometimes how tippy the top of a triangle can be.

Ask Maslow.

Wikipedia says:

Representations

This diagram shows Maslow's hierarchy of needs, represented as a pyramid with the more primitive needs at the bottom.
This diagram shows Maslow's hierarchy of needs, represented as a pyramid with the more primitive needs at the bottom.

Maslow's hierarchy of needs is often depicted as a pyramid consisting of five levels: the four lower levels are grouped together as deficiency needs associated with physiological needs, while the top level is termed growth needs associated with psychological needs. Deficiency needs must be met first. Once these are met, seeking to satisfy growth needs drives personal growth. The higher needs in this hierarchy only come into focus when the lower needs in the pyramid are satisfied. Once an individual has moved upwards to the next level, needs in the lower level will no longer be prioritized.


However, if a lower set of needs is no longer being met, the individual will temporarily re-prioritize those needs by focusing attention on the unfulfilled needs. The individual never regresses from one level to a lower one, however. An example of this fact may be a businessman at the esteem level who is diagnosed with cancer. He will spend a great deal of time concentrating on his health (Physiological needs) but would still value his work performance (esteem needs) and is likely to return to work during periods of remission.

Tuesday, October 23, 2007

Liturgical Referee

Saw this on Curt Jester and just couldn't help myself.

Example Liturgical Signals
No Crucifix in sanctuary.
Liturgical dance detected.
Member of laity giving homily - to be evicted from lectern.
Incomplete or no consecration. Occurs when illicit matter is used, wrong formula used, only one of the two elements of bread or wine is not properly consecrated, or no validly ordained male priest/bishop is present. In case where only one element is consecrated a replay is called for.
Illegal use of hands. Normally called when the celebrant has left the sanctuary to shake everybody's hands.
Questionable or just downright heretical theology used in homily. When detected the Liturgical Ref pulls on his lips in a downward direction.
The "What the heck am my hearing" signal is one of the most common signals and indicates syrupy banal liturgical music or the inappropriate use of secular music such as show tunes and popular music (especially from the seventies).
Disregarding the prescribed text of the Order of Mass. This is another common liturgical penalty despite the fact that no other person, even if he be a priest, may add, remove, or change anything in the liturgy on his own authority. (Constitution on the Sacred Liturgy)
Illicit Posture. Usually called when you are being asked to stand instead of kneel or any other poster adaptation not specified by the GIRM or set by your bishop's conference or licitly specified by your local ordinary.
Illicit purification of sacred vessels. This is called when the purification of the sacred vessels is done by an Extraordinary Minister of Holy Communion despite the fact the the Pope revoked the indult in the U.S. for this permission.
Illicit Participation. Called when too many people are in the sanctuary. For example occurs when EMHC arrive before the fraction rite or when some members of the congregation are invited into the sanctuary to pray with the priest during the consecration.
Un-Christian Like Conduct. Can be called when elements of other religions contrary to Christianity are introduced such as new age beliefs. Un-Christian Like Conduct is also often called in the parking lot after Mass.
Illegal Pass. The celebrant is simply not allowed to make a pass at anybody.
Stole Infraction. Normally occurs when the celebrant wears his stole on top of the chasuble. Another penalty can be added if the celebrant does this and the stole is also horrendously ugly or has an seventies themes.
Illegal Receiver of Holy Communion. Those who are excommunicated or interdicted after the imposition or declaration of the penalty and others who obstinately persist in manifest grave sin are not to be admitted to Holy Communion.
Clowns in the sanctuary - run for your life.
Excessive use of inclusive language. Penalty is thrown when grammatical awkwardness is detected in avoiding male pronouns and every other sentence begins brothers and sisters.

Tooth Fairy Trials

My oldest daughter, C., is at that age where her baby teeth are starting to fall out.
This rite of passage inevitably brings up hidden child rearing issues such as:
What To Do About The Tooth Fairy

Now many people don't give our popular myths a second thought and happily pass them on to the next generation. I, of course, have to think about the deep weighty implications of everything before I do it.

Sigh.

Should I go along with it or not? On the one hand, it just ain't so and why fib to the kids? What about teaching them The Truth without mixing in cultural silliness? On the other hand, it is kinda fun (don't tell my family), my parents did it to me, and I'm no worse off for it.

What I settled for was this:

C: Daddy, we have to put my tooth under the pillow so the Tooth Fairy will come.

Me: Hm. I don't know that there is a Tooth Fairy ...

C: Oh, yes, Daddy, there is. They told me that at school.

Me: Really?

C: Yes, Daddy. I know. The Tooth Fairy is real.

Me: Oh. I don't know if I believe in the Tooth Fairy.

C: I believe, Daddy. The Tooth Fairy is real.

Me: Ok honey. Well, we'll see ...

... She got a quarter.


J.R.R Tolkien would tell me to lighten up about the faeries.

  • "First, he suggests that fairy stories allow the reader to review his or her own world from the "perspective" of a different world. This concept, which shares much in common with phenomenology, Tolkien calls "recovery," in the sense that one's unquestioned assumptions might be recovered and changed by an outside perspective.
  • Second, he defends fairy stories as offering escapist pleasure to the reader.
  • And third, Tolkien suggests that fairy stories (can) provide moral or emotional consolation, through their happy ending, which he terms a "eucatastrophe.""
Ok. Cool. So what does the Tooth Fairy tell us about our Reality? I'm not sure, but I went ahead and knocked out a couple more of her teeth. ;-)

Me: More loose teeth. Hold still ...

C: Ow!

Me: Sorry, just a little bit more

C: (whimper)

Me: Sorry, honey

C: Ooh, oh, stop ...

Me: (wiggle, wiggle)

C: (whimper)

Me: There!

C: That was fun, Daddy.

Weird.

Numbers 13

Went to our first NVDSA event at Numbers 13 Farm.


The people there are the friendliest people I have ever met. At first I was a little taken aback by some people's forward social advances. But then I realized that since everyone was there with the same purpose, we could do away with the awkward preambles.
Um, excuse me, does your child have DS? Oh, what a coincidence, so does mine ...

That, and the kids are going to do that to you, DS or no. So I didn't even blink when some random child came within 3 inches of my face to show me his horseback riding ribbon. He thought I looked too hot (I was sweating) so he "let" me wear his plastic fire engine hat.

Looking back on it: free food, music, horse rides, sack races, pumpkin picking, hay rides, and really, really neat people, it is already a fond memory.

I think I'll do it again.

Thursday, October 4, 2007

Distributed Cfengine & CVS

Here is a short article on one way to integrate cfengine and CVS.

Configuration management meets version control.

Tuesday, October 2, 2007

XML attacks

XML XDoS attacks
  • recursive payload
  • attribute explosion
  • dangling XML
The only thing we've run into are the DoS attacks, and those were resolved by coding in a timestamp

SOAP and XML Web services are liable to:
  • cross-site scripting vulnerabilities,
  • cookie poisoning attacks and
  • changes to URL parameters.
"XDoS attacks are DTD [document type definitions] external entity attacks," O'Neill said. "They rely on an XML parser supporting DTD. They're generally called SOAP bombs. They expand hugely."

XML can expose data contained in Web services messages, and attackers can use available inspection tools to their advantage

The modular nature of XML allows elements, like large attachments, to be embedded in Web services requests.

The WSDL itself may expose structure such as file directories or open ports of a server

Schema not reflecting business rules.
  • Integers that are not constrained to positive values when they logically should be
  • Sequence numbers that don't increment
  • Contamination of stored data or DOSes
  • No robust set of validations - usually "this node is a string", which is insufficient.
  • Adding additional nodes or the same node (YMMV as to *which* node will be selected in XPath queries for a given XML parser)
  • Insufficient validation, leads to inject bad strings with impunity (i.e. javascript)
  • Validation is rarely turned on, and even it is ... how many times has the DTD not been available to the XML processor?
Recursive definitions of elements are a security risk. This causes reduction of performance and complication in the implementation of validation runtimes, especially when implemented in hardware. Ability to restrict the recursion depth, either locally for a given element or globally could prevent potential security attacks.

Another issue is validating canonicalized version of XML messages, where the XML Schemas was written for the non-canonical form of the XML message.

In XML Schema 1.0, we cannot define or restrict the values of datatypes based on some condition. For example, attribute 'a' in element 'x' can have values < 10 when element 'y' has and attribute 'b' = 3.

As schemas are auto generated, support for multiple targetNamespaces in a single schema, without using imports, could be a great addition. We always ran into the issue of applying a schema to a part of the message.

Most of the times, schemas do not define facets, such as maxLength, on the datatypes. This causes security concerns such as denial of service attacks. Users should be made aware of their benefits and the XML Schema could have support for parameters/policys for such facets that have global effects across all datatypes in a schema (even though proper usage of inheritance does address this).




In the grand security schematic, an external Web service call should enter through an XML security gateway for vetting, be passed to the Web services manager for policy adherence and distributed to the host system Web services via the agents provided by the management tool.



Powered by ScribeFire.

XML Solutions

Functionality of XML Schema was exploited to implement many features of the security module. Some of these features are:
  1. WSDL Based Validation
    Mechanism to prevent invalid and corrupt SOAP requests from reaching the server and limit messages to the once defined WSDLs. To achieve this, we developed an application that converted given WSDL into an XML Schema which when applied on the SOAP messages reports messages that do not conform to the WSDL definition.
  2. Web Services Access Control
    Limits a user's access to particular services or operations defined in the WSDL file. In addition converting WSDL into a XML Schema, our schema runtime had the ability to register callbacks on any element in the XML Schema. This was used to implement ACLs for operations in the WSDL.
  3. SQL and Command Injection Protection
    Detect and block command injection attacks, commonly hidden as valid parameters. XML Schema facets support for regular expressions was exploited to prevent SQL and Command injection.
  4. Schema Structural and Data-type Validation
    As performance is critical for network devices, we had to provide different levels of support for XML Schema. When validation XML messages against XML Schema, we provided options to do only structural validation or structural and data-type validation. This was useful as data-type validation was too much of a performance hit for some applications.


    The only thing we've run into are the DoS attacks, and those were resolved by coding in a timestamp

    XML hardware accelerators: http://www.tarari.com/products.html


Powered by ScribeFire.

LinkWithin

Related Posts with Thumbnails