GlowWorm FW Lite
About Download Contact Support History Screenshots Developer
20060830-005    Release of GlowWorm FW Lite v1.0.11

                Mostly new interface features and kernel extension improvements. -cj

20060830-004    Provide English Description of "Don't Remember" Option

                Provide an English description of what will happen, when answering an authorization
                dialog when the "Don't remember" option is selected. -cj [Suggested by Jeremy 

20060830-003    Modify Authorization Dialog "Remember..." Text

                Capitalized the "Remember..." phrases by getting rid of the "Allow or deny..."
                title to the box enclosing the radio buttons, and placing "Remember" in front of
                each option. Changed the "just this once" option to "Don't Remember". Consequently,
                was able to shrink (vertically) the authorization dialog window a little bit. -cj
                [Suggested by Jeremy Jones]

20060830-002    Add Rule Match Count in Rules Window

                Added a "rule match count" text field at the top-right of the rules window, which
                shows the total number of times all of the rules in the current rule set have 
                matched on an event. -cj

20060830-001    Add Service Name Support in Rules Window

                Added a preference item to enable/disable service name (as opposed to port number)
                support in the rules window. -cj

20060826-003    Make Text Fields in Authorization Dialog Selectable

                Made the text fields in the authorization selectable, so that one can copy-and-paste
                the values. -cj [Suggested by Jeremy Jones]

20060826-002    Add Explicit Check for Kernel Extension Load Success

                Added an explicit check to ensure that the kernel extension load succeeded. -cj

20060826-001    Display Registration Code Window Does Funky Resizing

                When trying to resize the Display Registration Code window, it would immediately
                jump to a very narrow width because the minimum dimensions were set to something
                less than the current dimensions ... which is odd. Fixed. -cj

20060825-006    Release of GlowWorm FW Lite v1.0.10 r2

                Emergency fixed of a stupid bug that prevented pretty much everyone's registration
                codes from verifying properly. -cj

20060825-005    Registration Verification Fails

                I managed to do the 1.0.10 release with a bug that only allowed registration codes
                with a single "special" character in it to work - how cool is that? Anyway, fixed
                that bug and quickly uploaded the new release. -cj

20060825-004    Release of GlowWorm FW Lite v1.0.10

                Because of the severity of the bugs, I'm releasing this build early. The reverse
                dns support seems to be working well, despite limited testing. -cj

20060825-003    Does not Properly Support non-ASCII Characters in Registration Information

                Added (better) support for non-ascii characters in the registration XML. I still
                need to take the additional step of adding UTF-8 support. -cj

20060825-002    Does not Properly Create Directories on Install

                Who knows how long this bug has been haunting me. When performing an initial 
                install, it did not create the ~/Library/Application Support/GlowWorm FW Lite/
                directory before trying to create the RegCodes directory within that (nonexistent)
                directory. Fixed. -cj

20060825-001    Verify Successful Load of All Saved Rule Lists

                Instead of blindly assuming that the rule lists are successfully loaded, verify
                that the plist parse succeeded and if it did not, alert the user and quit. -cj

20060824-011    Improve Error Messages in Download Form

                If one of the required fields was left blank, the resulting page was mal-formed
                because it lacked the "body" of the html. Fixed for all of the possible error
                messages. -cj

20060824-010    Make CAPTCHA Image More Readable

                After several complaints, I modified the settings of the captcha program so that it
                would draw the letters on top of the lines. It improved the readability quite a bit.
                If people still complain, I can either have it draw fewer lines or draw no lines at
                all. -cj

20060824-009    Release of GlowWorm FW Lite v1.0.10 d1

                After adding reverse dns support, incremented the version number and released the
                "beta" for testing. -cj

20060824-008    Enabled 'Reverse DNS' Preference Item

                Enabled the checkbox in the Preferences window to enable/disable reverse dns 
                support. -cj

20060824-007    Geocoding Overwrites Displayed Values in Race Condition

                If the authorization dialog is present, and another event occurs which requires
                authorization, the possibility exists that the results from the second geocode will
                over-write the values displayed for the current authorization alert. Fixed. -cj

20060824-006    Add Support for Reverse DNS in Authorization Alert

                Added support for reverse dns in the authorization dialog. The dns request is 
                performed by a thread dedicated to the task, so the display and functionality of an
                authorization alert should not be hurt by a slow or un-responsive dns server. I had
                to shrink the text size in order to fit the reverse dns name into the top of the
                authorization alert. -cj

20060824-005    Port Number Sheet Not Updating

                If you changed the port number for a rule and click "Cancel", when you again tried
                to change the port number for that same rule, the values you typed in previously
                were still there. Fixed. -cj [Reported by Jeremy Jones]

20060824-004    Add 'Email Confirm' Field to Registration Form

                Given the number of typos I found, amongst email addresses, I added a 'confirm'
                field for email. Hopefully this will cut down on some of it. -cj

20060824-003    Release of GlowWorm FW Lite v1.0.9

                Fixed a few noticeable bugs and usability issues. -cj

20060824-002    Reduce the Number of Password Requests

                People were complaining about the number of times that their password was being
                requested. It was needed on startup to load the kernel extension and on quit to 
                unload the kernel extension. A preference item now exists that allows the kernel
                extension to remain loaded on quit. Additionally, the permissions of the pid2pathd
                file are verified before they are repaired, so that we do not request the password
                for that purpose, unnecessarily, either. -cj

20060824-001    Really Fix Thread Synchronization Issue

                The thread synchronization issue that I thought I fixed (20060821-002) was not 
                really fixed, and now it is. I think. -cj

20060822-003    Redefine "too short" for the Registration Server

                Some people seem to type in a single initial for either their first or last name,
                so I redefined for the registration server what "too short" meant for a value. Now
                they can type in those single initials. -cj

20060822-002    Find memory Leaks in Registration Server (bignum)

                Found and fixed a memory leak in the bignum library, in the bignum_pow() function.
                Fixed. -cj

20060822-001    Find Memory Leaks in Registration Server

                There is at least one memory leak in the registration server. I found and fixed
                one, so now we'll see if there were in fact two or more. -cj

20060821-012    Added to HyperJeff

                HyperJeff?? Yeah. I thought the same thing. GlowWorm is now listed in their index.
                They don't really have individual pages dedicated to each program. The main web
                site is here:

20060821-011    Added to Softpedia

                I had not previously heard of Softpedia, so it is fortuitous that they found me;
                or GlowWorm, anyway. The url is: 
       Added the award image
                to the About page, with a link back to Softpedia.

20060821-010    Add Link to TPN Hosting

                Added link to TPN Hosting for "graciously providing web hosting for GlowWorm". -cj

20060821-009    Remove Document Related Menu Items from the File Menu

                Removed the document related menu items (Open, New, Open Recent, etc.) from the 
                File menu, since this is not a document based application. -cj [Suggested by Jeremy

20060821-008    Add Link for "Free Registration Code" to Serial Window

                Some of the download sites I'm finding wanting to direct-link to the file, or even
                host the file themselves - thus a user might end up with the software without having
                seen the registration page. I added a sentence to the Serial Window, which is the
                first thing a new user will see, which instructs the user on how to get a free
                registration code. -cj

20060821-007    Added to Freshmeat

                I had previously submitted GlowWorm FW Lite v1.0.7 to Freshmeat. The url is:

20060821-006    Added to MacUpdate

                I had previously submitted GlowWorm FW Lite v1.0.7 to MacUpdate. They quickly added
                it. The url is: -cj

20060821-005    Added to VersionTracker

                I submitted GlowWorm FW Lite v1.0.8 to VersionTracker, and they quickly added it.
                The url is: -cj

20060821-004    Release of GlowWorm FW Lite v1.0.8

                New release fixes endianness issue on Intel and a thread synchronization issue. -cj

20060821-003    Registration Code Validation Fails on Intel

                Previously, the sha2-512 code which required endian-specific operations, was 
                decided at compile time via an #ifdef. That was fine until I switched to a 
                universal binary, where compilation for both architectures happens at the same time.
                I replaced the #ifdef with an if-statement that verified endianness and acted
                accordingly. -cj [Reported by Heribert Watzke]

20060821-002    Second Connection is Sometimes Ignored

                When an application rapidly opens two connections, both of which require 
                authorization, the second request was sometimes ignored in the sense that the 
                authorization dialog never appeared - although the sound would play. This was a
                synchronization issue and is now fixed. -cj

20060821-001    Release of GlowWorm FW Lite v1.0.7

                First public release. All of the testing feedback so far had uncovered very few 
                bugs and almost entirely just good interface suggestions. I'll be implementing them
                over the next week or two. -cj

20060819-007    Prototype Interface for Application Info Panel

                The application info panel will show process information plus information for each
                socket connection and a means of accessing the connection history for that

20060819-006    Prototype Interface for Application Monitor

                The application monitor window will show each application that has (or had) one or
                more socket connections open. It is iChat-Buddy-List-like. Additional information 
                for a given application and its individual socket connections will be available in
                a panel. Basic information for the sum of the sockets for a given application 
                (data rate TX/RX, total TX/RX, etc.) will be visible in this window.

20060819-005    Switch "No Email" Checkbox Value

                When creating the XML for the registration server when the user submits the 
                registration form, the "bequiet" checkbox value was being inverted. Fixed. -cj

20060819-004    Fix 'Registration Server Not Responding' Error Message in Registration Form

                The HTML displayed if the registration server could not be reached, when a person
                submits a registration form, was all messed up. Fixed. -cj

20060819-003    Add 'Expiration' and 'Version' to Registration Record

                Added the 'expire' and 'version' columns to the registration table. Also added the
                'expire' element to the registration xml - which might be useful for controlling
                beta testing registration codes. -cj

20060819-002    Personalize Registration Email

                Added the registrant's name, email and serial number to the registration email,
                along with links to the main web page and the support page. -cj

20060819-001    Add Explanation for Password to the Registration Form

                Added an explanation as to what the 'password' field is for, in the registration
                form. -cj [Reported by Paul Jones]

20060818-006    Version Number in Splash Screen is Gibberish

                I was printing the version number as a C string instead of an NSString. Whoops. -cj
                [Reported by Paul Jones]

20060818-005    Add Default .Mac Rules

                Added a set of .Mac rules to the default "System" rule set so that .Mac sync'ing
                can occur without any authorization dialogs. -cj

20060818-004    Add Registration Code Questions to Support Page

                Added two registration code related questions to the support page, describing, in
                brief, what it is and how it works. -cj

20060818-003    Programmatically set Splash Screen Version Info

                The splash screen version info is now pulled from the bundle's plist file. -cj

20060818-002    Release of GlowWorm FW Lite v1.0.6

                Needed to increment version number due to changes in kernel extension. -cj

20060818-001    Escape all Strings Before Performing SQL Statement

                All input from an external source (ie, the web site form) is now escaped before
                becoming part of a sql statement. I can sleep better at night, now. -cj

20060817-011    More Pid-to-Path Mayhem

                I realized that even if I copied the trailing \0 onto the buffer, inside getopt(),
                in the kernel extension, that if I indicated a return length that did not include 
                that \0, that it was not actually copied back to the user space. I just added a
                call to bzero() for the buffer, in user space, before calling getopt(). -cj

20060817-010    Update Website with new Screenshots, Content

                Replaced all of the dated (all of them) screen shots, plus added a bunch more to
                fill in the blanks found in the Support page. Also, filled in the answers to the
                various support questions. -cj

20060817-010    Some Windows do not Resize Properly

                Several windows did not re-size properly; that is, the elements within the window
                did not know how to react to a change in the window size. Fixed all of the issues
                that I could find. -cj

20060817-009    Kernel Supplied Pid-to-Path Comes with Extra Garbage

                Sometimes the kernel supplied pid-to-path paths come with an extra character or two
                on the end of the path. This was due to the lack of a terminating \0. It has been
                added. -cj

20060817-008    Resolve Symlinks During Rule Evaluation

                The pid-to-path paths can sometimes include symlinks, and rules, in general, do not.
                Thus, the two paths might be referring to the same executable, albeit indirectly. 
                Resolve symlinks in the pid-to-path path when performing rule evalution. -cj

20060817-007    Update Random Serial Number Generator

                A unique, random serial number is created for each registration code. Updated the
                test format to the real format, which is xxxx-xxxx-xxxx-xxxx. -cj

20060817-006    Release of GlowWorm FW Lite v1.0.5

                Needed to increment version number due to changes in kernel extension. -cj

20060817-005    De-Register Event Handlers with Kernel Extension on Workspace Resign

                It is not generally a good idea to have GlowWorm running and active when the user
                who is running it does not have the active session. That is, if the user starts GW
                and then switches to the Login Window or to another user, we should de-register all
                event listeners with the kernel extension. The reasoning is this: first, the user
                who is running GW is the user who is interested in network security, and if such a
                user has multi-user enabled, he really doesn't care about security. Further, if
                another user performs an action which is evaluated by GW to "Ask", there is no way
                for that user to answer the authorization request. And the security-conscience user
                who started GW wouldn't want him to be able to, either. GlowWorm now listens for
                two workspace events: NSWorkspaceSessionDidBecomeActiveNotification and 
                NSWorkspaceSessionDidResignActiveNotification. Upon receiving the "resign active" 
                notification, we de-register our event handlers, and upon receiving "become action",
                we re-register those event handlers. -cj

20060817-004    Enable "Quit" Button on Registration Code Install Window

                The "Quit" button was no connected to anything. It is now. -cj

20060817-003    Fix Permissions on pid2pathd File on Start

                While I was repairing the permissions of pid2pathd on start by setting the sticky
                bit and changing the owner to root, I was not also setting the executable bit. -cj

20060817-002    Fix Kauth Pid-to-Path Code

                Something changed in 10.4.7 that made my VNODE scope kauth listener cease to 
                function properly. In particular, while the vp->v_name (for a vnode_t) used to 
                always be populated, it no longer is. I changed the listening scope to FILEOP, which
                is definitely more appropriate for my needs. -cj

20060817-001    Add Support for Customizable Features in Kernel Extension via Registration Code

                Added support in the kernel for customizing the available feature set, based on a
                registration code. The user app sends the registration code (first thing) to the
                kernel extension, which authenticates the signature and activates whatever features
                the registration code specifies. -cj

20060815-004    Expand Receive Capabilities of Kernel Control Code in Kext

                Expand the receive capabilities of the kernel control code in the kext, such that
                it can handle post-head data for "data" and "regc" events. In the case of the 
                former, the client will eventually be sending backing altered packet data to be
                injected into a socket stream; and in the case of the latter, the registration code
                will be sent for verification purposes, and to enable functionality within the 
                kernel extension. I've got things stubbed out. -cj

20060815-003    Add CAPTCHA Support to Registration Web Form

                Added captcha support (securimage) to the registration web from, so that we only
                get human-submitted registration requests ... hopefully. -cj

20060815-002    Fix Endianess Issues

                While testing the registration server under Linux on Intel hardware and the user 
                app under OS X on PowerPC hardware, I found endianess issues, mostly pertaining to
                bignum and sha2. Fixed. Additionally, removed a bunch of unnecessary print 
                statements. -cj

20060815-001    Finish User Interface f or Registration Installation

                Added a splash screen and got the various user interface elements working that allow
                the user to install a new registration code on startup. Additionally, the splash
                screen indicates the progress of GW as it starts up.

20060814-002    Store and Retrieve Registration Codes

                When a registration code is installed, it is saved to disk. When the application
                starts up the next time, it reads that registration code in, verifies it, and 
                populates the various registration windows - the installation window with the raw
                registration code, and the display window with the associated xml. -cj

20060814-001    Get Signature Verification in App Working

                Got the application parsing a registration code, pulling out the two signature
                values and the message, base64-decoding everything, computing the hash on the xml
                and verifying the signature against the hash. -cj

20060812-001    Remove boolean_t Type

                Removed my boolean_t type from all of the code, because it was far more hassle than
                it was worth ... what with conflicting with ot her definitions of boolean types. -cj

20060811-006    Add User Interface for Registration Installation

                Continued work on creating a graphical interface for performing registration code
                installation. -cj

20060811-005    Create Registration Result Web Pages

                Created registration result web pages, to be seen after a user submits the form for
                a registration code ... instead of embedding the html in the registration client,
                which is just a little bit ugly. No dynamic content this way, however. Oh well. -cj

20060811-004    Create makefiles for regd/regc for compilation under linux

                Created makefiles (since there is no Xcode - or even close) for Linux for compiling
                the registration server and cgi client, under Linux. -cj

20060811-003    Get Registration Client Working

                Worked through the various bugs and got the registration client working via Apache,
                parsing the query string, sending the form input to the registration server and
                subsequently returning a result page to the http user agent. -cj

20060811-002    Get Registration Server Working

                Worked through the rest of the bugs and got the multi-threaded registration server
                working well with Postgres, sending email and everything else. -cj

20060811-001    Update Database and Separate Account from Registration

                Revised the database to reflect that a given account (email address) can have
                multiple registration codes associated with it. -cj

20060810-001    Create registration server

                Got the registration server reading input from my test-cgi program, parsing the 
                input, creating a new db record, notifying a worker thread, locking the record, 
                generating a signature, sending the email and updating the record accordingly.

20060807-001    Memory bug in Bignum

                Found and fixed a memory bug in Bignum, where a successful result of growing the
                capacity of the bignum instance, was not verified. Caused the potential for a write
                beyond the end of the array, which was very infrequent, but not a good thing when it
                did happen. -cj

20060802-005    Create registration server

                Created a registration server. It will take (indirectly) registration submissions
                from the web site, generate registration codes, store the information in the 
                database and email the registration code to the registrant. Got it compiling and 
                running. Still got bugs to work out. -cj

20060802-004    Add a string class

                Added a string class to the framework. Written in C. Basic string level operations
                are supported. It still needs to do substring and such. -cj

20060802-003    Add a base-64 encode/decode library

                Added code to the framework for performing base-64 encoding and decoding. -cj

20060802-002    Improve method for finding random-k for elgamal signatures

                Improved the method for finding a random-k when generating elgamal signatures.
                Specifically, the code loops until it finds a k that is relatively prime to 
                p - 1. -cj

20060802-001    Add sign-ed-ness support to bignum

                Generating and verifying elgamal signatures requires supporting negative numbers.
                Added fairly basic support for representing negative numbers, as well as performing
                operations on them. There are still some missing pieces, but it works for my 
                purposes, so far. -cj

20060725-004    Add logo to application as icon

                Removed the name from the logo and scaled to 16x16, 32x32, 48x48 and 128x128, and
                dumped into a new icon and added to the project. I have an icon!

20060725-003    Add logo to web site

                Having received the final version of the logo from The Logo Company, added it to the
                web site. -cj

20060725-002    Release of GlowWorm FW Lite v1.0.4

                Needed to increment version number due to changes in kernel extension. -cj

20060725-001    Find alternate pid-to-path method

                The current pid-to-path method fell short; it only returned the path as it was 
                passed as the first argument to exec(). Thus, in the case of the Finder launching
                an application, this was acceptable. In the case of cron or a user in Terminal,
                the path was likely to be ambiguous (ie, 'telnet'). Found an alternate method to 
                cover these instances; implemented it in the kernel. Likely, I will move the 
                pidToPathDaemon functionality into the kernel as well, and just let it all reside
                there. -cj

20060721-003    Unix processes are not matching manually added rules

                Clicking the plus (+) button to add a new rule, and selecting a unix program, such
                as '/usr/bin/telnet' adds the new rule, but it will not match for most 'telnet'
                events, because the path-to-executable is just the value passed as the first 
                argument to the executable, which in most circumstances is just going to be 
                'telnet' (with no absolute path). -cj

20060721-002    Clicking on the application column of the Rules table causes an exception

                Probably due to my custom cell for the application column, clicking (just once) on
                the column causes a message to be sent to the setObjectValue method in the data
                source. The 'anObject' passed along is nil. This causes an exception. For the time
                being I just added a check for nil in setObjectValue. -cj

20060721-001    Add modpow() functionality to bignum library

                Applied Cryptography (Bruce Shneier) has a simple algorithm for doing binary modular
                exponentiation, which is the basis for my modpow() implementation. With any luck,
                this is the last thing I'll need to implement for ElGamal signatures. -cj

20060720-008    Add application name to English rule description for "until quit"

                The rule description now starts with "Remember until Safari quits that...". This
                makes the application name stated twice in the sentence, but oh well.

20060720-007    Add application name, dynamically, to the "until quit" radio button

                Added the application name to the title of the "until quit" radio button in the
                authorization dialog, so that instead of reading "until the application quits",
                it might read, "until Safari quits". Slightly more understandable.

20060720-006    Install default "quit" rule set

                Although it is blank, the install code now copies the "quit.plist" file as 

20060720-005    Make "until quit" feature work the way it ought to work

                In my ignorance, I was thinking that "until quit" would mean "until GlowWorm 
                quits", like, "I want to add some temporary rules that'll auto-expire when I quit.
                Not what everyone else expected. Changed the code (and it only required very
                minimal changes) such that such rules are only in effect during the lifetime of the
                target application. After the application quits, the next time that rule is 
                evaluated for that same application (as a different process id), the rule is 
                expired and removed from the list.

20060720-004    Add interface for customizing details when remembering an authorization

                Based on my own testing, and feedback from The One Other Tester, it became obvious
                that assuming that all details (application, address, port) of a given event should
                be used when remembering an Allow/Deny action, was naive. Added an interface to
                the Details section of the authorization dialog window that allows one to customize
                which of those three details are included in the remembered rule (if remembering).
                Besides the three checkboxes is a plain English description of what the rule will
                allow/deny if it is accepted as-is. -cj

20060720-003    Add default "main" rule for Mali to access any port 995 host

                Added a new default "main" rule for Mail to access any host on port 995, which is
                pop3s. -cj

20060720-002    Add default "main" rule for Mail to access any port 143 host

                Added a new default "main" rule for Mail to access any host on port 143, which is
                imap. -cj

20060720-001    Add default "main" rule for Mail to access any port 80 host

                Added a new default "main" rule for Mail to access any host on port 80. This is for
                "html email". A privacy-conscience user can easily un-check or delete the rule. -cj

20060719-016    Make obvious the double-click-to-edit nature of the Rules table

                Added a faint text block above the Rules table that says to double-click on a value
                to edit it. I think that's the best I can do for the time being. No other ideas are
                coming to mind. -cj

20060719-015    Disable the dashboardadvisord auto-deny rule

                If I'm hoping that Apple will list this program amongst the pile of other third
                party software, I was thinking that I probably shouldn't auto-deny this. I left
                the rule present, however, but un-checked. A user could easily re-check it. And
                its mere presence might be sufficient to get people wondering. -cj

20060719-014    Add default "main" rule for Software Update to access Akamai

                The Akamai IP address allocation range is from -, and I
                do not believe that my subnet mask feature is sophisticated enough to be able to
                handle this exactly. Instead, I added a rule that'll at least restrict it to the
                first two octets, plus the high five (5) bits of the third octet. I hope that the
                additional range this allows for isn't occupied by l33t h4k3rs from Russia. -cj

20060719-013    Add Help menu items for visiting web site

                Added Help menu items, "Visit Website", "Online FAQ" and "Send Feedback". Added 
                code to open the appropriate URLs in the default web browser. -cj

20060719-012    Release of GlowWorm FW Lite v1.0.3

                Needed to increment version number due to changes in kernel extension. -cj

20060719-011    Send SIGTERM signal to pid2pathd when application is terminating

                From the applicationShouldTerminate method, the SIGTERM signal is sent to the 
                pid2pathd process so that it'll hopefully die off promptly. -cj

20060719-010    Add default "main" rule for iTunes

                Added a default rule to the "Main" Rule Set to allow iTunes to connect to any
                port 80 server. iTunes creates nearly sixty (60) socket connections while loading
                the iTunes Music Store. It's too much of a pain to figure out which (if any) of
                those connections are unnecessary connections pertaining to the sending of personal
                data. Some other time. -cj

20060719-009    Added handler for SIGCHLD signals (for pid2pathd)

                The application needs to know when the pid2pathd process terminates (possibly due
                to some error). Added a SIGCHLD handler so that we can be notified when (the only)
                child process changes state. Calls waitpid() to let the process be reaped. Need to
                add code to re-start the pid2pathd if we are not trying to quit, and also need to
                limit the speed at which pid2pathd can be re-spawned. -cj

20060719-008    Added handler for SIGBUS signals

                Found that if the application terminates due to a SIGBUS signal, that it stays 
                zombie-ed forever. Because the process did not terminate normally, the kernel
                control connection still exists, which makes it impossible for the kernel 
                extension to unload. Added a handler for the SIGBUS signal which causes the 
                application to cleanly disconnect from the kernel extension and exit. -cj

20060719-007    Add threod to perform geocoding operation

                The geocoding operation is subject to extreme delays, and just given the fact that 
                it is not instantaneous even when it is performing well, it still causes a rather
                noticeable delay in the drawing of the authorization dialog window. Added a thread
                to performing the geocoding operation. It is woken up when a new event is added to
                the list of events which require user authorization, by a second call to sem_post().
                There's probably a better way to do that, but I'll figure that out later. For each
                event in the authorization list, it performs the geocode, and updates the dialog
                if the dialog is still showing the event for which it geocoded. -cj

20060719-006    Add application icon to Application column in rules table

                Display the applicable icon for each rule in the Rule table, from the application
                bundle. When the application is a unix executable that is not associated with an
                application bundle, then use the Terminal icon. It looks pretty generic. When an
                icon is not available for an application, use the generic application icon. -cj

20060719-005    Replace polling for pid2pathd response with select()

                The largest performance bottleneck came from the half-second sleep() that was
                performed while doing a non-blocking wait for a response from pid2pathd. Replaced
                this with a call to select(). Amazing performance increase. Superficially not 
                possible to see a performance difference in a network application when running with
                GW and when not. -cj

20060719-004    Add service name along side port number in authorization dialog

                Added a call to getservbyport() in the showNextAuthEvent method, which appends the
                applicable service name to the dialog text, if such a service name exists. -cj

20060719-003    Add authorization processing thread to controller

                Changed procRule in the controller to only add a new ConnEvent to the auth list,
                and not actually decide whether to display the authorization dialog. Added a thread
                and a processing loop, sleeping on a semaphore, which is notified when a new event
                is added to the authorization list. That thread will then display the authorization
                dialog window as necessary. With this change, the thread that runs in the GlowWorm
                fmwk will be able to return to processing events sitting in the receive queue,
                much faster. -cj

20060719-002    Geocode remote endpoint address when authorization connection

                Added a "Location" NSTextField to the "details" are of the authorization dialog.
                Added a check box to the preferences window, allowing the user to enable or disable
                geocoding. Added the Geocode and GeocodeEntry classes, the former of which provides
                the method for performing geocoding, as well as an NSDictionary based caching 
                machanism. A timeout of 5 seconds is imposed upon the http request. Added a rule to
                the system rules, allowing any application to contact on port 80.
                If this rule is not present, and a geocoding operation is performed, a deadlock 
                state can occur. -cj

20060719-001    Fix error in kernel extension gw_eh_remove()

                Although it had not yet caused a problem, because I had never had multiple kernel
                control connections, simultaneously, the gw_eh_remove() function would 
                indiscriminately OSFree() handlers, while only removing the correct one(s) from the
                global eh_list. That would have seriously been a pain to track down. Fixed. Will 
                have to increment the version number at some point. -cj

20060718-001    Add rule for /usr/sbin/lookupd on

                Despite my best efforts, I neglected to change the lookupd system rule in the master
                copy of the rule sets, from port 53 to port 1033. Fixed. Neglecting this one 
                particular rule can result in all manner of system crashedness. -cj

20060717-006    Kernel extension GlowWormSocket locking issue

                At one point, it seemed like a good idea to release the lock on the GlowWormSocket
                when sleeping on authorization. I was being stupid. What can happen (and did 
                happen) is that that same GlowWormSocket instance can be released when detach() is
                called, and when the GlowWormSocket thread that was sleeping, wakes up, it is 
                looking at a bone fide piece of invalid memory. So, I fixed that. Now, when detach
                is called, it also calls wakeup() on the relevant GlowWormSocket, and then waits on
                an exclusive mutex lock, which it can only get after the sleeping thread wakes up,
                and returns from the function, having released the read-only lock. -cj

20060717-005    Re-process authorization events before displaying them

                If a single application (ie, Safari) tries to create a series of identical 
                connections, each of which process to an "Ask", whereby causing an authorization
                dialog to be displayed, the user might possibly indicate that the decision he
                makes should be remembered (ie, remember forever, until quit, until reboot), then
                we should not show the user identical events. To accomplish this, the code which
                displays the authorization dialog (or advances to the next authorization event),
                GlowWormController:showNextAuthEvent, re-processes the event through the rules,
                and if a match is found, and the action is Allow or Deny, then it is carried out
                accordingly, and then it moves on to the next event. -cj

20060717-004    Include default with application, and install if missing

                A default rule set for "Main", "System" and "Reboot" is now packaged with the 
                application, and the installation process for the kext has been completely 
                re-written, and now also includes the installation of these default rule sets. The
                default "Main" rules mostly include common applications (Safari, Mail, iCal, etc.),
                the default "System" rules are mostly utilities necessary for the system to run
                normally, and the default "Reboot" rule set is empty. -cj

20060717-003    Resolve full path to executable from bundle name

                When a user modifies the application for a rule by selecting a bundle (such as a
                .app), only the path up to the was being stored. This was in contrast
                to the behavior if one were to browse within the bundle, and select a specific
                executable. Now, when a bundle is selected, the "/Contents/MacOS/" directory is 
                searched for an executable by the same name as the bundle (less the .app, of 
                course), and that full path to an executable is stored, and the executable name is
                displayed. -cj

20061717-002    Add periodic save

                A flag, mLastChangeSaved, is set in GlowWormController, each time an event is
                matched against a rule, because matching an event against a rule causes the "count"
                for that rule to be updated. If the application subsequently crashes, and the user
                has not performed any other actions that would have caused the rule table to be
                saved, then that count is lost. A loop, sleeping for 5 minutes at a time, checks
                to see if this flag is set, saves the rule tables, and then un-sets the flag. -cj

20060717-001    Add system rule set and system-neccesary default rules

                There are many system utilities that are necessary for basic operation, and several
                in fact that are run when the machine makes up, which if disallowed, will cause the
                machine not to function properly. I added a "System" rule table, and included those
                system utilities that were run on wake, plus some others that are generally helpful.
                The user can always modify these to his liking, but at least the default settings
                will allow the machine to work. -cj

20060715-009    Release of GlowWorm FW Lite v1.0.2

                Needed to increment version number due to changes in kernel extension. -cj

20060715-008    Cache pidToPath result for a given ConnEvent

                During the course of processing a single ConnEvent, the pidToPath code was being
                called at least four times. Given that each such call involved a messages being sent
                to the pid2pathd daemon, a wait, reading the response, and so forth, this needed to
                be fixed. Now, the result is cached in the ConnEvent, and the user application is
                using the method GlowWorm::pidToPathWithConn:(ConnEvent *), and the path is cached
                in the ConnEvent.

20060715-007    Play the "tink" sound when a connection event occurs

                A very fast "tink" sound is played by GlowWormController::procEventConnAuth() upon
                receiving an event. This way there is an audible clue as to how many events are 
                being processed ... even if those events are all automatically handled by the 
                current rule set. People might find this annoying. It should be moved to a 
                preference window, but, unfortunately, no such window exists. -cj

20060715-006    Play "pop" on authorization event received

                Previously, the "pop" sound was played when the authorization dialog appeared,
                instead of when the authorization event original occurred. I moved the code to the
                rule-handling code, so that as soon as the rule handling code determines that an
                authorization dialog needs to be displayed, it will play the sound. -cj

20060715-005    Catch signals in user application

                Added code to catch SIGINT and SIGTERM in the application, so that we can cleanly
                quit - save rules, unload the kext, terminate pid2pathd, etc. - instead of just
                dying. Also added code such that subsequent signals would cause an immediate call
                to exit(-1), instead. -cj

20060715-004    Terminate pid2pathd process when quitting application

                Added code to GlowWorm::stop() to send SIGTERM to the pid2pathd process. I believe
                that it will already automatically die when the application process terminates, but
                just in case there is some reason for calling start() and stop() on GlowWorm in
                the midst of operation - like to reset things or something - then, this is
                necessary. -cj

20060715-003    Repair pid2pathd permissions

                Added code to GlowWormController:actionInstall() to chown and chmod the pid2pathd 
                resource to "root" and "+s". At some point I need to revise the code to first check 
                the owner and permissions and only run chown/chmod if it is actually necessary. 
                Presently, it simply runs every time the application is launched. -cj

20060715-002    Run pid-to-path translation as root
                Some alert messages appear with a process name of  because the sysctl() 
                call used to resolve a pid into a name will only function for processes that belong 
                to the user making the call ... unless of course that user is root. I did not want 
                to run the entire application setuid-root, and repeated calls to a simple unix 
                executable to do the pid-to-path resolution incurred a lot of over-head, so I 
                instead put the code into a daemon which listens on a unix domain socket. I added 
                code to the GlowWorm framework for launching the daemon and connecting. All of the 
                rest of the code remained the same, because I simply modified "pidToPath:" to make 
                the call to the p2pd process instead of sysctl()'ing itself. -cj

20060715-001    Kernel extension unload issue

                After loading and unloading the kernel extension many, many times, I found that the
                call to sflt_unregister() never made it to its gw_sflt_unregister() callback, and 
                therefore the kernel extension would never unload. I added code to check to see if
                this call to glowworm_stop() was in fact a subsequent call, and if the call to 
                sflt_unregister() had already been made, then it now simply returns KERN_SUCCESS.
                The only casualty is that any memory that had not already been OSFree()'ed would
                be leaked. But the kernel extension *will* unload. -cj

20060714-002    Release of GlowWorm FW Lite v1.0.1

                Needed to increment version number so that I could distribute a build which would 
                automatically upgrade the installed kernel extension. -cj

20060714-001    Kernel extension unload issue

                If the user application crashed (and therefore did not call 
                kextunload, and if there were any pending authorizations, those kernel threads that
                were sleeping on authorization would not immediately wake up and return because the
                gw_ctl_disconnect() function was not telling them to wake up. Also, a check was 
                added to gw_flt_connect_in() and gw_flt_connect_out() in the sleep loop, to make
                sure that the kctl associated with the auth_handler on which it was sleeping, is
                always TRUE, because gw_ctl_disconnect() sets that to FALSE before waking the 
                threads. -cj

20060713-001    Kernel extension unload issue

                When unloading the kext (via quitting the app) while an authorization request is 
                still pending, the kext freaks out. Specifically, the call to sflt_unregister() 
                happened before the loop which would wake up any sleeping threads, and since the 
                socket filter won't unregister until all of its threads are no longer executing, it 
                simply didn't do anything. But at the same time, the system would be hosed, and it 
                would no longer be possible to make any socket connections, or to even simply 
                shutdown the computer. I re-arranged the stop() process such that all threads were 
                woken up first, then we sleep for a couple of seconds, then we try to get the 
                exclusive execution lock and then we call sflt_unregister(). It is likely that the 
                two second sleep is unnecessary as long as I wait on the execution lock. Maybe. But 
                it lets me sleep better at night this way. -cj [Reported by Denis Bueno]

20060712-001    Release of GlowWorm FW Lite v1.0.0

                Released. Sent to father and a friend. Brave souls. Friend gave up easily. Father
                persisted in testing. -cj

Copyright 2004-2006 Symphonic Systems, Inc. <[email protected]>. All Rights Reserved.