May 20th 2015

Using multiple Firefox profiles on OS X

If you’re developing Firefox extensions, it may be useful to have multiple profiles: one for every day use containing the extensions/setting you use regularly, and another as a development environment. Separate profiles ensure that if you accidentally break something during development, your usual browser environment will remain the same. I’ve found this to be particularly useful so thought I’d write a post about it. Before I get started, I should point out this post is geared towards OS X users.

First of all, you will need to access Firefox’s profile manager tool. To do this, type the following into the Terminal-

/Applications/Firefox.app/Contents/MacOS/firefox-bin --profilemanager

This will cause the Profile Manager window to appear. If you’re already a Firefox user, your default profile should appear. Click on the Create Profile button to make a new profile. Give it a name (remember this name) and choose the folder in which you wish to store your profile information. For the purpose of this post we’ll call our profile “devProfile”. That’s all there is to creating a new profile however, if you wish to use it as a development environment, you must launch it with Firefox. The next part of this tutorial will show you how to create a second instance of Firefox for your development profile.

Open the Script Editor app. On Yosemite, this can be found in Applications > Utilities > Script Editor. Type in the following-

do shell script "/Applications/Firefox.app/Contents/MacOS/firefox-bin -P devProfile"

When typing in the script, watch the quote- ensure they are regular double quotes, rather than smart quotes. Save the file as an Application. Now we need to Info.plist file. This can be found by right-clicking on the Application you just saved > Show Package Contents > Contents. Find these 2 lines-

<key>LSRequiresCarbon</key>
<true></true>

Under the true tag, add the following 2 lines-

<key>LSUIElement</key>
<string>1</string>

LSUIElement is a Launch Key in OS X. Launch keys help to launch apps and figure out which apps should open certain document types. According to Apple’s Documentation, LSUIElement Specifies whether the app is an agent app, that is, an app that should not appear in the Dock or Force Quit window.

That’s really all there is to it. You can change the icon on the new Launcher Application you have just created (or leave it as the default script icon, but that’s a bit boring). When clicked, the Application will cause another Firefox icon to appear in the Dock. This instance of Firefox will launch with the development profile you created.

Of course, an alternative way of launching a new instance of Firefox with a development profile is to use the Automator app.

May 19th 2015

Wicked, His Majesty’s Theatre, Aberdeen, 11th May 2015

wicked

Wicked. I finally got to see it! I had purchased tickets (5th row) all the way back in November 2013 and it had been a LONG wait.

For those of you who aren’t familiar with the musical, here’s a bit of background. The show is based on the novel “Wicked: The Life and Times of the Wicked Witch of the West” written by Gregory Maguire in 1995. The novel is the first of a 4 part series, and aims to offer an alternative side to the story told in L. Frank Baum’s “The Wonderful Wizard of Oz”, and the subsequent 1939 film adaptation.

I’m a huge fan of the Wizard of Oz story- I had an abridged version of the story in magazine form when I was a toddler and when I was a little older, I got to see the film. Personally, I didn’t enjoy Maguire’s book. Whilst I thought it was an excellent concept for a story, it wasn’t well executed. The first section showed a lot of promise by introducing Elphaba in all her verdigris glory, who would later become the Wicked Witch of the West. The book then skipped a number of years to her time at Shiz University where Elphaba meets Galinda. From there on in, the book becomes a meandering, dark, mess (and it’s definitely not for children!). I finished it, but it was extremely disappointing.

So how did the musical compare? It was AMAZING! The storyline changed significantly, cutting out the rubbish from the book. I’m not going to post spoilers here but the play provides a more satisfying story that wraps the characters up nicely, with plenty of references to the Wizard of Oz.

In Aberdeen, I saw Jacqueline Hughes in the role of Elphaba and Emily Tierney as Galinda (with a “gah”). The pair of them had amazing voices, as did the supporting cast. Many of the songs have been made “populer….lar” by Glee- For Good and the aforementioned Popular. Of course, the biggest song from the musical is “Defying Gravity” and it was fantastic to hear that live.

The costumes were great and in particular, I liked that the residents of Emerald City wore green glasses. This was the case in L. Frank Baum’s book and matched the illustrated version I had as a child. The entire stage set-up looked rather steampunk and featured The Clock of the Time Dragon- the picture in this post. I’m not going to explain that (spoilers).

Wicked was well worth the wait and I enjoyed it so much that I’m seeing it next week too- I’ve snagged front row matinee seats!

March 29th 2015

Securi-Tay IV Conference, 27th February 2015, Dundee

Back in February, I attended the Securi-tay IV infosec conference, run by the students from Abertay’s Ethical Hacking Society. It included fantastic talks, great networking opportunities, and a chance to catch up with people I hadn’t seen for a while. A good day all round. The students deserve a huge well done for arranging and managing the event.

I thought I’d give a brief overview of the talks I attended on the day.

The Five Stages of Security Grief by Gavin Millard (Tenable)
This talk was based on the Kϋbler-Ross model of grief (denial, anger, bargaining, depression and acceptance) and how it applies to the world of computer security. Due to security issues, companies will spend $76.9 billion on the topic in 2015 alone. It was mentioned that education is the key to moving on from denial- this was an interesting point as my research is currently focussed around educating users about security issues.

 

Virtual Terminals and POS Security; How I Had the Chance to Become a Billionaire by Dr Greg Fragkos
This was perhaps one of my favourite talks at the conference and a lot of people were talking about it afterwards! The talk essentially explained just how easy it could be to abuse POS terminals. Obviously, much of the vital information was redacted from the talk (such as specific keypress combinations needed) but the theory alone was terrifying!

 

Robbing Banks and Other Fun Tales by Freaky Clown
An interesting talk on how to use penetration testing techniques and social engineering to get into buildings. He made it sound so simple and I’m amazed at the places he managed to get into without being questioned. Great talk!

 

We Don’t Take Kindly to Your Types Around Here by Graham Sutherland
The software developer in me had been looking forward to this talk. Serialization is a concept that I’ve been discussing in one of my classes this semester and, this talk covered some of the security issues involved when serializing/deserializing objects in languages such as PHP, C# and Java. The talk has made we want to write a few test programs to see if I can replicate some of the flaws in Java.

 

Guest to Root- How to Hack Your Own Career Path and Stand Out by Javvad Malik
I’d heard of Javvad via Twitter and knew he had published many infosec videos, so I was looking forward to his talk. He focussed on how to get noticed in the security industry, and how to prevent yourself from just blending in as just another “faceless” employee. A very engaging talk.

 

Social Security by Dr Jessica Barker
Jessica’s talk sounded like one which might fit in with my research- I was right! The talk concentrated on various aspects of infosec, leaning towards the sociological/psychological side. It largely confirmed what I’ve concluded from my work- the biggest security flaw nowadays is humans! Many people simply suggest that users are stupid, which is a form of victim blaming. Instead, it depends on how you teach the user about security- if you make a user feel stupid during this process, they will shut down. Users must be encouraged to see why the topic of security matters to them.

 

Abusing Blu-ray Players- Stephen Tomkinson (NCC Group)
This talk considered a security issue I hadn’t really thought about: how to circumvent the sandboxed system of a device like a blu-ray player. Stephen demonstrated a number of ways in which he bypassed the security measures the player had implemented, so an attack could begin. If you want to read a little bit more on the subject, Security Week wrote an article about the research- http://www.securityweek.com/attackers-can-use-blu-ray-discs-breach-networks-researcher.

 

If these talks sound interesting, a selection of them were filmed and will be available to watch on YouTube shortly. They will be available from https://www.youtube.com/user/AbertayHackers

March 28th 2015

Jersey Boys, His Majesty’s Theatre, Aberdeen, 7th March 2015

Oh what a night (well, afternoon….see what I did there?). I’d heard a lot about Jersey Boys, and I even passed the theatre it was playing in on Broadway a few years ago. When the UK tour rolled around, I had to get tickets.

The premise of the show: it’s a jukebox musical that chronicles the story of The Four Seasons: how they got together, their successes, their money issues and how they broke-up. Bonus: it’s full of songs you’ve probably heard before.

What did I think of it? Absolutely brilliant show, great performances by the cast. Another show to see again!

February 16th 2015

Benchmarking the Raspberry Pi

raspberry pi
Since I now have various models of the Raspberry Pi sitting on my desk, I figured I’d benchmark them (to satisfy my own curiosity). Obviously, the new Raspberry Pi 2 Model B is faster, that’s a no brainer, given the improved spec of the system.

A few points before I begin. My Raspberry Pi Model B is the version with 512MB RAM. As for cases, my Model B is in an original Pibow case, the other 2 devices are encased within Pibow Coupes. All have 16GB class 10 SD Cards in them. No overclocking, no overvolting. I’m not going to list the full spec of each of the devices; this page contains information for each revision.

The benchmarking tools came from Roy Longbottom. Longbottom’s site provides a comprehensive library of benchmarking tools, along with an explanation of what each of the tests actually do.

Here’s a summary of the tests I ran.

Whetstone Benchmark
Raspberry Pi Model B Raspberry Pi Model B+ Raspberry Pi 2 Model B
MWIPS (million whetstones instructions per second) 270.808 272.801 530.060
secs 10.044 9.934 9.980
Dhrystone Benchmark
Raspberry Pi Model B Raspberry Pi Model B+ Raspberry Pi 2 Model B
Nanoseconds one Dhrystone run 671.88 668.75 370.00
Dhrystones per Second 1488372 1495327 2702703
VAX MIPS rating 847.11 851.07 1538.25
Linpack Double Precision Unrolled Benchmark
Raspberry Pi Model B Raspberry Pi Model B+ Raspberry Pi 2 Model B
MFLOPS (mega floating-point operations per second) 41.76 44.02 119.79
Livermore Loops Benchmark (overall ratings)
Raspberry Pi Model B Raspberry Pi Model B+ Raspberry Pi 2 Model B
Maximum 146.7 148.6 250.1
Average 64.4 64.7 126.6
Geomean 54.8 55.0 115.4
Harmean 46.7 46.7 104.3
Minimum 21.3 17.6 41.8

I also ran a few temperature tests though I’m not convinced the results I got were accurate. The tests showed that the Model B produced temperature readings which were 7-8 degrees celcius higher than the other 2 Pis. It had been sitting running constantly for a few days prior to testing so I’d expect it to be warmer in this case. The other 2 Pis had only just been switched on.

So there you have it. The Raspberry Pi 2 Model B is definitely faster (duh). Still, I think the figures presented in each of the tables make for an interesting comparison.