Calendar
Quicksearch
Categories
Cryptography/Privacy (47)- Steganography (1)
- Database (11)
- DB2 (2)
- MySQL (2)
- Oracle (2)
- PostgreSQL (5)
- SQL Server
- Networking (39)
- Cisco (4)
- Juniper
- Network Security (23)
- AAA (1)
- Firewall (5)
- IDS/IPS (5)
- Sniffers (4)
- SSL (3)
- VPN (1)
- Routing (8)
- VoIP (2)
- News (189)
- Articles (20)
- IBM DeveloperWorks (15)
- Site News (10)
- Software (39)
- Technology (66)
- Operating Systems (83)
- Design (19)
- File Systems (9)
- Schedulers (6)
- VM System (5)
- MacOS (3)
- Microkernels (1)
- Systems Security (8)
- RBAC/MAC (7)
- Unix (60)
- BSD (8)
- Linux (38)
- Solaris (9)
- Windows (18)
- Programming (34)
- Assembly (2)
- C (11)
- JavaScript/AJAX (3)
- Perl (3)
- PHP (5)
- SQL (3)
- Tools (11)
- Vulnerabilities (56)
- Advisories (12)
- Exploits (35)
- Buffer Overflow (4)
- Data Theft (19)
- Development (3)
- Format String (1)
- Local (2)
- Race Conditions (2)
- Remote (2)
- SQL Injection (6)
- Unspecified (8)
- XSS (2)
- Malware (11)
- Spyware (4)
- Worms (6)
Blog Administration
Two Centuries On, a Cryptologist Cracks a Presidential Code
Friday, July 3. 2009
Two Centuries On, a Cryptologist Cracks a Presidential Code
For more than 200 years, buried deep within Thomas Jefferson's correspondence and papers, there lay a mysterious cipher -- a coded message that appears to have remained unsolved. Until now.
/*
An interesting read; a mix of cryptography and history.
*/
For more than 200 years, buried deep within Thomas Jefferson's correspondence and papers, there lay a mysterious cipher -- a coded message that appears to have remained unsolved. Until now.
/*
An interesting read; a mix of cryptography and history.
*/
London Stock Exchange to Abandon Failed Windows Platform
Friday, July 3. 2009
London Stock Exchange to Abandon Failed Windows Platform
Anyone who was ever fool enough to believe that Microsoft software was good enough to be used for a mission-critical operation had their face slapped this September when the LSE (London Stock Exchange)'s Windows-based TradElect system brought the market to a standstill for almost an entire day. While the LSE denied that the collapse was TradElect's fault, they also refused to explain what the problem really wa. Sources at the LSE tell me to this day that the problem was with TradElect.
/*
Whoever Microsoft sent to sell this idea to the LSE could, undoubtedly, sell ice cubes to eskimos. Foolish, indeed.
*/
Since then, the CEO that brought TradElect to the LSE, Clara Furse, has left without saying why she was leaving. Sources in the City -- London's equivalent of New York City's Wall Street -- tell me that TradElect's failure was the final straw for her tenure. The new CEO, Xavier Rolet, is reported to have immediately decided to put an end to TradElect.
/*
The article goes on to describe the system's short-comings and compare it to their competitor, a Linux-based solution. Someone commented that the system should have been based on OpenVMS due to it's stability and availability; and I can't argue.
When it's mission-critical, it doesn't have to be Linux, it just can't be Windows. Simple as that.
*/
Anyone who was ever fool enough to believe that Microsoft software was good enough to be used for a mission-critical operation had their face slapped this September when the LSE (London Stock Exchange)'s Windows-based TradElect system brought the market to a standstill for almost an entire day. While the LSE denied that the collapse was TradElect's fault, they also refused to explain what the problem really wa. Sources at the LSE tell me to this day that the problem was with TradElect.
/*
Whoever Microsoft sent to sell this idea to the LSE could, undoubtedly, sell ice cubes to eskimos. Foolish, indeed.
*/
Since then, the CEO that brought TradElect to the LSE, Clara Furse, has left without saying why she was leaving. Sources in the City -- London's equivalent of New York City's Wall Street -- tell me that TradElect's failure was the final straw for her tenure. The new CEO, Xavier Rolet, is reported to have immediately decided to put an end to TradElect.
/*
The article goes on to describe the system's short-comings and compare it to their competitor, a Linux-based solution. Someone commented that the system should have been based on OpenVMS due to it's stability and availability; and I can't argue.
When it's mission-critical, it doesn't have to be Linux, it just can't be Windows. Simple as that.
*/
Time For Upgrade
Wednesday, June 24. 2009
PostgreSQL 8.3 Cheat Sheet
Sunday, June 14. 2009
PostgreSQL 8.3 Cheat Sheet
/*
A very handy cheat-sheet of common PostgreSQL programming features.
*/
/*
A very handy cheat-sheet of common PostgreSQL programming features.
*/
C Secure Coding Tasks, Skills and Knowledge
Saturday, January 17. 2009
GSSP (GIAC Secure Software Programmer): C Secure Coding Tasks, Skills and Knowledge
/*
This is a PDF file from the SANS Institute on secure C-coding practices.
From the PDF...
*/
This document enumerates common C coding tasks and identifies rules, recommendations, and guidelines for accomplishing these tasks securely.
/*
A lot of the material I've seen so far has been common-sense stuff (input validation, mistrust of environment variables, etc), but it's nice having it in a form not unlike a checklist. You write a new function or new class, and then run down the list; making sure you've followed each item. There's also one of these for Java ("booo") and .Net ("hisssssss").
Weighing in at only 10 pages, I think this one is worth wasting dead trees on.
*/
/*
This is a PDF file from the SANS Institute on secure C-coding practices.
From the PDF...
*/
This document enumerates common C coding tasks and identifies rules, recommendations, and guidelines for accomplishing these tasks securely.
/*
A lot of the material I've seen so far has been common-sense stuff (input validation, mistrust of environment variables, etc), but it's nice having it in a form not unlike a checklist. You write a new function or new class, and then run down the list; making sure you've followed each item. There's also one of these for Java ("booo") and .Net ("hisssssss").
Weighing in at only 10 pages, I think this one is worth wasting dead trees on.
*/
Adobe Labs - Flash Player 10
Tuesday, January 6. 2009
Adobe Labs - Flash Player 10
Furthering Adobe's commitment to the Linux community and as part of ongoing efforts to ensure the cross-platform compatibility of Flash Player, an alpha refresh of 64-bit Adobe Flash Player 10 for Linux operating systems was released on 12/16/2008 and is available for download. This offers easier, native installation on 64-bit Linux distributions and removes the need for 32-bit emulation. Learn more by reading the 64-bit Flash Player 10 FAQ.
Adobe Flash Player 10, code-named "Astro," introduces new expressive features and visual performance improvements that allow interactive designers and developers to build the richest and most immersive Web experiences. These new capabilities also empower the community to extend Flash Player and to take creativity and interactivity to a new level.
This public pre-release is an opportunity for developers and consumers to test and provide early feedback to Adobe on new features, enhancements, and compatibility with previously authored content. Once you’ve installed the Flash Player 10 pre-release, you can view interactive demos. You can also help make Flash Player better by visiting all of your favorite sites, making sure they work the same or better than with the current player.
/*
The page goes on to list many new features and updates in this release. I've not tried it (yet), but the one reference to it that I happened upon said it was pretty stable. Here's to hoping! I'd love to be able to run Flash in native 64-bit; it would remove the need for quite a bit of legacy software on my box.
I'll eventually get around to posting a few comments on the quality and compatibility with various sites and content.
*/
Furthering Adobe's commitment to the Linux community and as part of ongoing efforts to ensure the cross-platform compatibility of Flash Player, an alpha refresh of 64-bit Adobe Flash Player 10 for Linux operating systems was released on 12/16/2008 and is available for download. This offers easier, native installation on 64-bit Linux distributions and removes the need for 32-bit emulation. Learn more by reading the 64-bit Flash Player 10 FAQ.
Adobe Flash Player 10, code-named "Astro," introduces new expressive features and visual performance improvements that allow interactive designers and developers to build the richest and most immersive Web experiences. These new capabilities also empower the community to extend Flash Player and to take creativity and interactivity to a new level.
This public pre-release is an opportunity for developers and consumers to test and provide early feedback to Adobe on new features, enhancements, and compatibility with previously authored content. Once you’ve installed the Flash Player 10 pre-release, you can view interactive demos. You can also help make Flash Player better by visiting all of your favorite sites, making sure they work the same or better than with the current player.
/*
The page goes on to list many new features and updates in this release. I've not tried it (yet), but the one reference to it that I happened upon said it was pretty stable. Here's to hoping! I'd love to be able to run Flash in native 64-bit; it would remove the need for quite a bit of legacy software on my box.
I'll eventually get around to posting a few comments on the quality and compatibility with various sites and content.
*/
Kubuntu 8.10 - First Reactions
Friday, December 12. 2008
/*
Where did my desktop go?!
I'm slowly but surely finding my programs. From the installer, I believe it was trying to reinstall what I already had, but with the newer packages. I'm not sure on that as I watching more TV than the screen. ;) I'm about 1000 packages short, so I'm guessing it missed a few.
KDE 4.1 is quite a change having been a long-time 3.x user. I'm not sure I like it just yet, but everything I've read says that after a couple days, you can't imagine computing without it. I'm willing to give it a shot.
I'm hoping to get Xen installed and configured under this new installation. I've had problems with bootloaders in the past, I'm hoping this changes things. I can certainly spare 768 - 1024 MB of RAM, 50 - 100 GB of hard drive, and a good share of one core. For as much as I don't like the idea of software virtualization (that opens a can of security worms, if you ask me), I'm really dying to try out Xen and set up a secured shell server for my friends.
Konqueror 4.1.2 works pretty darn well, too. It works with at least 95% of the AJAX and other trickery on facebook.com. It work s with the administration page of this blog; something previous versions had problems with. I give Konqueror -- just on it's own merits -- two thumbs up.
More thoughts to come...
*/
Where did my desktop go?!
I'm slowly but surely finding my programs. From the installer, I believe it was trying to reinstall what I already had, but with the newer packages. I'm not sure on that as I watching more TV than the screen. ;) I'm about 1000 packages short, so I'm guessing it missed a few.
KDE 4.1 is quite a change having been a long-time 3.x user. I'm not sure I like it just yet, but everything I've read says that after a couple days, you can't imagine computing without it. I'm willing to give it a shot.
I'm hoping to get Xen installed and configured under this new installation. I've had problems with bootloaders in the past, I'm hoping this changes things. I can certainly spare 768 - 1024 MB of RAM, 50 - 100 GB of hard drive, and a good share of one core. For as much as I don't like the idea of software virtualization (that opens a can of security worms, if you ask me), I'm really dying to try out Xen and set up a secured shell server for my friends.
Konqueror 4.1.2 works pretty darn well, too. It works with at least 95% of the AJAX and other trickery on facebook.com. It work s with the administration page of this blog; something previous versions had problems with. I give Konqueror -- just on it's own merits -- two thumbs up.
More thoughts to come...
*/
DNA Database Violates Privacy
Friday, December 5. 2008
DNA Database Violates Privacy
/*
All I'll say is you're damn right it does.
*/
Europe's human rights court ruled on Thursday that Britain had violated two people's privacy by storing their DNA profiles, even though they had not been convicted of a crime.
The decision calls into question rules governing use of the DNA database under which police can take samples from anyone arrested for a recordable offence.
Civil liberties groups jumped on the ruling to demand a change in the law, which the government rejected.
/*
It's nice to see someone trying to put things in check over there. While I've never been to England, everything I see and read tells of more cameras and massive databases. Seems very Orwellian to me.
*/
/*
All I'll say is you're damn right it does.
*/
Europe's human rights court ruled on Thursday that Britain had violated two people's privacy by storing their DNA profiles, even though they had not been convicted of a crime.
The decision calls into question rules governing use of the DNA database under which police can take samples from anyone arrested for a recordable offence.
Civil liberties groups jumped on the ruling to demand a change in the law, which the government rejected.
/*
It's nice to see someone trying to put things in check over there. While I've never been to England, everything I see and read tells of more cameras and massive databases. Seems very Orwellian to me.
*/
Five more PHP design patterns
Friday, December 5. 2008
Five More PHP Design Patterns
/*
A follow-up to the previous Five Common PHP Design Patterns on IBM's DeveloperWorks.
This one covers the Adaptor, Iterator, Decorator, Delegate, and State patterns.
Both articles are definitely worth a read!
*/
/*
A follow-up to the previous Five Common PHP Design Patterns on IBM's DeveloperWorks.
This one covers the Adaptor, Iterator, Decorator, Delegate, and State patterns.
Both articles are definitely worth a read!
*/
Five Common PHP Design Patterns
Friday, December 5. 2008
Five Common PHP Design Patterns
/*
Yet another IBM DeveloperWorks article. This is a good read, for any programmer, especially a PHP programmer.
This article covers the following design methods:
Factory
Singleton
Observer
Chain-of-Command
Strategy pattern
I thought I'd already linked to this article ages ago. It's been in my bookmarks for ages; along with the next article.
*/
/*
Yet another IBM DeveloperWorks article. This is a good read, for any programmer, especially a PHP programmer.
This article covers the following design methods:
Factory
Singleton
Observer
Chain-of-Command
Strategy pattern
I thought I'd already linked to this article ages ago. It's been in my bookmarks for ages; along with the next article.
*/
NASA ISS On-Orbit Status 6 September 2008
Sunday, September 7. 2008
NASA ISS On-Orbit Status 6 September 2008
After transitioning the JSL (Joint Station LAN) network to the new Netgear wireless APs (Access Points, WAPs) which provide the ISS with WiFi (wireless+Ethernet) connectivity, Gregory today repeated functionality tests, abandoned earlier this week, in three Kibo JPM (JEM Pressurized Module) locations from the wireless SSC -11 laptop, and later also in the COL (Columbus Orbital Laboratory). Afterwards switching to "Proxim" APs, the new WiFi "Dolphin" BCRs (Barcode Readers) were also tested.
/*
There's just this one little blurb about the wireless network in the whole article. I wonder how long before one of the laptops gets the latest 0day worm that turns it into a SPAM zombie?
*/
After transitioning the JSL (Joint Station LAN) network to the new Netgear wireless APs (Access Points, WAPs) which provide the ISS with WiFi (wireless+Ethernet) connectivity, Gregory today repeated functionality tests, abandoned earlier this week, in three Kibo JPM (JEM Pressurized Module) locations from the wireless SSC -11 laptop, and later also in the COL (Columbus Orbital Laboratory). Afterwards switching to "Proxim" APs, the new WiFi "Dolphin" BCRs (Barcode Readers) were also tested.
/*
There's just this one little blurb about the wireless network in the whole article. I wonder how long before one of the laptops gets the latest 0day worm that turns it into a SPAM zombie?
*/
Why is the Internet So Infuriatingly Slow?
Sunday, September 7. 2008
Why is the Internet So Infuriatingly Slow?
Plus, two horrible things your Internet service provider wants to do to make it speedier.
Everyone hates their Internet service provider. And with good cause: In the age of ubiquitous Internet access, Web service in America is still often frustratingly slow. Tired of being the villain, telecom companies have assigned blame for this problem to a new bad guy. He's called the "bandwidth hog," and it's his fault that streaming video on your computer looks more like a slide show than a movie. The major ISPs all tell a similar story: A mere 5 percent of their customers are using around 50 percent of the bandwidth—sometimes more during peak hours. While these "power users" are sharing three-gig movies and playing online games, poor granny is twiddling her thumbs waiting for Ancestry.com to load.
/*
I can't say I believe their argument that everyone hates their ISP. I don't hate mine. Long gone are the days of the independent ISPs, so for bandwidth reasons I've gone with Big Cable. I can't complain about the 10 Mb service. I've probably gotten between 2 and 3 9's as far as availability.
I've spent almost the entirety of the last 10 years working in various capacities - ranging from front-line tech support to Unix engineering and on-site network technician - in the ISP world. I've worked at independent ISPs, Big Telco, Big Cable, and a transit provider. Far and wide, the vast majority of the customers I spoke with liked their service and was very friendly and cooperative.
*/
The ISPs are certainly correct that there's a problem: The current network in the United States struggles to accommodate everyone, and the barbarians at the gate—voice-over-IP telephony, live video streams, high-def movies—threaten to drown the grid. (This Deloitte report has a good treatment of that eventuality.) It's less clear that the telecom companies, fixated as they are on the bandwidth hogs, are doing a good job of managing the problem and planning for the future. The ISPs have put forward two big ideas, in recent months, about how to fix our bandwidth crisis. We can arrange these plans into two categories: horrible now and horrible later.
/*
I don't see the "struggle," either. Considering my experience in a wide range of ISP/ASP/NSP roles, I've never seen backbone and/or uplink capacity as a major concern. There was always plenty of bandwidth to go around, and they were already planning the "new" network design to bring in even more.
I'm beginning to wonder if this isn't more of a willful restriction of bandwidth to create an artificially low supply thus driving up prices (read: profits) on the demand side.
*/
/* On the topic of paying per GB for internet access: */
The criticism is easy to condense: No one joyrides in a taxi. A plan like this, as its many opponents have noted, will cramp the freewheeling, inventive nature of the Internet. The Internet owes its success to two pillars of human activity: masturbation and procrastination. (Seriously: We have the porn companies to thank for pioneering all sorts of technologies, from VHS to secure credit-card transactions online.) Is the Internet really the Internet if people don't use it to waste time?
/*
Finally, a kernel of truth to this article! You know you've had too much internet when you're too lazy to rub one out.
*/
Beyond that, capping data transfer is simply a crude way to get people to curb their data appetites. Imposing limits on gigabytes per month is as sensible as replacing speed limits with a total number of miles you can drive in a given day. A more reasonable scenario—though one that's still decidedly unfun—would be to charge for Internet access as we charge for cell phones, running the meter during peak hours and letting people surf and download for free on nights and weekends, when there's far less competition for bandwidth.
/*
I guess the pay hours/free hours would be about the opposite of internet traffic. It's those 3:30 - 4:00 PM and 5:30 - 6:30 PM spans when you see the biggest spikes - people coming home from school or work and checking email, reading the news, playing online games, etc.
How many times have you set up a big download (like a Linux DVD ISO) before bed to just let it run overnight?
*/
Comcast now says it will pursue a more compliant strategy that slows the connections of power users during peak times without singling out specific types of traffic. This tactic is similar to the more general practice of "traffic shaping": prioritizing data packets for applications like video that shouldn't lag at the expense of something like e-mail, which can wait in line an extra few seconds without anyone noticing—except that it's deprioritizing users, not data packets. (People who hate the concept of traffic shaping prefer to call this "throttling" or "choking.")
/*
I have no problem whatsoever with basic QoS. Obviously you'll want to give higher precedence to things like VoIP and video conferencing to keep latency as low as possible, but there should be enough bandwidth that nobody gets "starved." Rate-limiting just for the sake of "throttling" is evil.
*/
This plan is "horrible later" because it fails to account for the natural evolution of the Web toward larger file sizes and higher bandwidth activities. While it isn't a God-given right to be able to downloaded pirated DVDs all day long, the ISPs should not adopt a long-term strategy that penalizes high-bandwidth activity. As FCC commissioner Robert M. McDowell pointed out in the Washington Post a few weeks ago, this is not the first time we've reached a crisis level of congestion. If Time Warner and Comcast had structured their networks around anti-bandwidth-hogging policies, say, 20 years ago, revolutionary services like YouTube and BitTorrent might not even exist.
/*
I'm certain that they would not. If we had signed away our rights to the internet as quickly as we did our telco infrastructure, good old corporate greed would have ensured that we had the slowest average internet access in the industrialized world.
I do find the joke about pirated DVDs worth a chuckle.
*/
Cold, hard cache. Shortly before the start of the 2008 Olympics, some commentators feared the global network wouldn't be able to handle all the demand for streaming Web video. The fact that the Internet didn't "melt," as one ZDNet author feared, set tongues wagging about NBC's use of third-party "content-delivery networks." To deliver nonlive content, these companies can store popular content on many different servers around the country—a method of ensuring that data packets don't have to travel as far to reach their destination. In general, your machine will retrieve information much faster from a "nearby" server on the network than from one across the globe. If a copy of the movie you want is stored by your ISP on a local server, you'll both get it faster and hold up fewer people in the process.
/*
How many times have we heard "chicken little" foretelling of an "internet meltdown?" It's not going to happen, people. There's a lot of really smart people who get paid to make sure those things don't happen.
It certainly makes sense to use things like Anycast to serve content as close to the subscriber as possible. The fewer hops it is to your destination, theoretically, the faster you should be able to get your content.
*/
Plus, two horrible things your Internet service provider wants to do to make it speedier.
Everyone hates their Internet service provider. And with good cause: In the age of ubiquitous Internet access, Web service in America is still often frustratingly slow. Tired of being the villain, telecom companies have assigned blame for this problem to a new bad guy. He's called the "bandwidth hog," and it's his fault that streaming video on your computer looks more like a slide show than a movie. The major ISPs all tell a similar story: A mere 5 percent of their customers are using around 50 percent of the bandwidth—sometimes more during peak hours. While these "power users" are sharing three-gig movies and playing online games, poor granny is twiddling her thumbs waiting for Ancestry.com to load.
/*
I can't say I believe their argument that everyone hates their ISP. I don't hate mine. Long gone are the days of the independent ISPs, so for bandwidth reasons I've gone with Big Cable. I can't complain about the 10 Mb service. I've probably gotten between 2 and 3 9's as far as availability.
I've spent almost the entirety of the last 10 years working in various capacities - ranging from front-line tech support to Unix engineering and on-site network technician - in the ISP world. I've worked at independent ISPs, Big Telco, Big Cable, and a transit provider. Far and wide, the vast majority of the customers I spoke with liked their service and was very friendly and cooperative.
*/
The ISPs are certainly correct that there's a problem: The current network in the United States struggles to accommodate everyone, and the barbarians at the gate—voice-over-IP telephony, live video streams, high-def movies—threaten to drown the grid. (This Deloitte report has a good treatment of that eventuality.) It's less clear that the telecom companies, fixated as they are on the bandwidth hogs, are doing a good job of managing the problem and planning for the future. The ISPs have put forward two big ideas, in recent months, about how to fix our bandwidth crisis. We can arrange these plans into two categories: horrible now and horrible later.
/*
I don't see the "struggle," either. Considering my experience in a wide range of ISP/ASP/NSP roles, I've never seen backbone and/or uplink capacity as a major concern. There was always plenty of bandwidth to go around, and they were already planning the "new" network design to bring in even more.
I'm beginning to wonder if this isn't more of a willful restriction of bandwidth to create an artificially low supply thus driving up prices (read: profits) on the demand side.
*/
/* On the topic of paying per GB for internet access: */
The criticism is easy to condense: No one joyrides in a taxi. A plan like this, as its many opponents have noted, will cramp the freewheeling, inventive nature of the Internet. The Internet owes its success to two pillars of human activity: masturbation and procrastination. (Seriously: We have the porn companies to thank for pioneering all sorts of technologies, from VHS to secure credit-card transactions online.) Is the Internet really the Internet if people don't use it to waste time?
/*
Finally, a kernel of truth to this article! You know you've had too much internet when you're too lazy to rub one out.
*/
Beyond that, capping data transfer is simply a crude way to get people to curb their data appetites. Imposing limits on gigabytes per month is as sensible as replacing speed limits with a total number of miles you can drive in a given day. A more reasonable scenario—though one that's still decidedly unfun—would be to charge for Internet access as we charge for cell phones, running the meter during peak hours and letting people surf and download for free on nights and weekends, when there's far less competition for bandwidth.
/*
I guess the pay hours/free hours would be about the opposite of internet traffic. It's those 3:30 - 4:00 PM and 5:30 - 6:30 PM spans when you see the biggest spikes - people coming home from school or work and checking email, reading the news, playing online games, etc.
How many times have you set up a big download (like a Linux DVD ISO) before bed to just let it run overnight?
*/
Comcast now says it will pursue a more compliant strategy that slows the connections of power users during peak times without singling out specific types of traffic. This tactic is similar to the more general practice of "traffic shaping": prioritizing data packets for applications like video that shouldn't lag at the expense of something like e-mail, which can wait in line an extra few seconds without anyone noticing—except that it's deprioritizing users, not data packets. (People who hate the concept of traffic shaping prefer to call this "throttling" or "choking.")
/*
I have no problem whatsoever with basic QoS. Obviously you'll want to give higher precedence to things like VoIP and video conferencing to keep latency as low as possible, but there should be enough bandwidth that nobody gets "starved." Rate-limiting just for the sake of "throttling" is evil.
*/
This plan is "horrible later" because it fails to account for the natural evolution of the Web toward larger file sizes and higher bandwidth activities. While it isn't a God-given right to be able to downloaded pirated DVDs all day long, the ISPs should not adopt a long-term strategy that penalizes high-bandwidth activity. As FCC commissioner Robert M. McDowell pointed out in the Washington Post a few weeks ago, this is not the first time we've reached a crisis level of congestion. If Time Warner and Comcast had structured their networks around anti-bandwidth-hogging policies, say, 20 years ago, revolutionary services like YouTube and BitTorrent might not even exist.
/*
I'm certain that they would not. If we had signed away our rights to the internet as quickly as we did our telco infrastructure, good old corporate greed would have ensured that we had the slowest average internet access in the industrialized world.
I do find the joke about pirated DVDs worth a chuckle.
*/
Cold, hard cache. Shortly before the start of the 2008 Olympics, some commentators feared the global network wouldn't be able to handle all the demand for streaming Web video. The fact that the Internet didn't "melt," as one ZDNet author feared, set tongues wagging about NBC's use of third-party "content-delivery networks." To deliver nonlive content, these companies can store popular content on many different servers around the country—a method of ensuring that data packets don't have to travel as far to reach their destination. In general, your machine will retrieve information much faster from a "nearby" server on the network than from one across the globe. If a copy of the movie you want is stored by your ISP on a local server, you'll both get it faster and hold up fewer people in the process.
/*
How many times have we heard "chicken little" foretelling of an "internet meltdown?" It's not going to happen, people. There's a lot of really smart people who get paid to make sure those things don't happen.
It certainly makes sense to use things like Anycast to serve content as close to the subscriber as possible. The fewer hops it is to your destination, theoretically, the faster you should be able to get your content.
*/
New Hardware Rocks!
Sunday, September 7. 2008
/*
Apparently the I/O controller in desktop1 was dying on me, so I had to replace the motherboard. I figured if I was going to buy a new board, I'd get a new processor, too. This time, I was definitely going multi-core.
As it turns out, the one board that they had in stock that would take both a dual-core and quad-core AMD64 was not compatible with anything I already had. I ended up having to replace everything except the hard drives and the DVD burner. I even had to replace the boot/OS drive, an 80 GB IDE, because it was giving seek errors even with the new motherboard. The drive is older than dirt, so I'm not surprised.
They had single and dual-core AMD64's, but no quads (Phenom). They had single-, dual-, and quad-core Pentium chips, but all of my software is built for AMD64, and the price difference was almost 3-to-1. I went ahead and bought the dual-core AMD64 for now; but I have a feeling that within a couple months, I'll probably end up hitting PriceWatch and buying a quad-core AMD64 Phenom.
In having to replace everything, I decided to splurge a little and put together a machine that won't need to be upgraded for a while. Here's a quick list of old -> new hardware.
Unknown motherboard -> MSI K9A2 Neo
3 GB PC 2700 RAM (3 x 1GB) -> 4 GB PC5300 RAM (2 x 2GB - with 2 slots left free)
Unknown video (NVidia driver) AGP 8x -> MSI-branded GeForce 8400 (256 MB VRAM) PCI-E 16x
500 Watt P/S -> 650 Watt P/S
AMD64 2.0 Ghz processor -> AMD64 X2 Dual-Core 2.3 Ghz
RealTek Rtl8139 NIC (10/100) -> RealTek Rtl8111 (10/100/1000) && 3Com 3c905 (10/100)
The sound card that came on-board has full 7.1 surround-sound, which is easily better than the PCI soundcard I had previously. This new board takes me down to 1 IDE controller and only 2 PCI slots. I put the 4-port USB controller back in one of the PCI slots, and the 3Com NIC in the other.
I previously had an 80 and 320 GB IDE hard drive, an IDE CD/DVD burner, a 250 GB SATA disk, and a 500 GB SATA disk. I had to scrap the 80 GB as it was dying, and I replaced it with another 250 GB SATA that was not in use. So now I'm down to just the 320 GB hard drive and CD/DVD burner on the one IDE controller. I also have 2 x 250 GB SATA, and a 500 GB SATA, for a grand total of 1.3 TB of storage.
The OS runs much faster being on a SATA drive instead of an older, 5400-rpm IDE hard drive. I still have 1 (of 4) SATA ports available, so any further expansion of storage will most likely be an additional SATA drive instead of something IDE.
With the new boot drive, new SMT processor, and new video, I went ahead and re-installed Linux on the machine as well. I'm now running Kubuntu 8.04.1, stock kernel, that recognizes all of my RAM, the dual cores on the processor, and the stock 'nv' driver is handling my basic desktop resolution for the time being. I'm still trying to track down all of the packages I need to reinstall; everything from the PostgreSQL client and development libs to nmap to Perl modules.
The next big project for the new hardware is to set up Xen. I've used VMware off and on for probably 5 or 6 years, and it's just a pain to have to remember to allow localhost to connect to my X session, su(1) to root, launch VMware, and then boot the secondary OS. With Xen, I'm planning on shaving off about 1/2 GB of RAM, about 1/4 of my CPU time (if I can tune it that granularly), and 20 - 50 GB of storage for the virtual disk. I'm going to turn this into a shell server that will run along-side my KDE desktop.
All in all, I have to say it was money well spent!
*/
Apparently the I/O controller in desktop1 was dying on me, so I had to replace the motherboard. I figured if I was going to buy a new board, I'd get a new processor, too. This time, I was definitely going multi-core.
As it turns out, the one board that they had in stock that would take both a dual-core and quad-core AMD64 was not compatible with anything I already had. I ended up having to replace everything except the hard drives and the DVD burner. I even had to replace the boot/OS drive, an 80 GB IDE, because it was giving seek errors even with the new motherboard. The drive is older than dirt, so I'm not surprised.
They had single and dual-core AMD64's, but no quads (Phenom). They had single-, dual-, and quad-core Pentium chips, but all of my software is built for AMD64, and the price difference was almost 3-to-1. I went ahead and bought the dual-core AMD64 for now; but I have a feeling that within a couple months, I'll probably end up hitting PriceWatch and buying a quad-core AMD64 Phenom.
In having to replace everything, I decided to splurge a little and put together a machine that won't need to be upgraded for a while. Here's a quick list of old -> new hardware.
Unknown motherboard -> MSI K9A2 Neo
3 GB PC 2700 RAM (3 x 1GB) -> 4 GB PC5300 RAM (2 x 2GB - with 2 slots left free)
Unknown video (NVidia driver) AGP 8x -> MSI-branded GeForce 8400 (256 MB VRAM) PCI-E 16x
500 Watt P/S -> 650 Watt P/S
AMD64 2.0 Ghz processor -> AMD64 X2 Dual-Core 2.3 Ghz
RealTek Rtl8139 NIC (10/100) -> RealTek Rtl8111 (10/100/1000) && 3Com 3c905 (10/100)
The sound card that came on-board has full 7.1 surround-sound, which is easily better than the PCI soundcard I had previously. This new board takes me down to 1 IDE controller and only 2 PCI slots. I put the 4-port USB controller back in one of the PCI slots, and the 3Com NIC in the other.
I previously had an 80 and 320 GB IDE hard drive, an IDE CD/DVD burner, a 250 GB SATA disk, and a 500 GB SATA disk. I had to scrap the 80 GB as it was dying, and I replaced it with another 250 GB SATA that was not in use. So now I'm down to just the 320 GB hard drive and CD/DVD burner on the one IDE controller. I also have 2 x 250 GB SATA, and a 500 GB SATA, for a grand total of 1.3 TB of storage.
The OS runs much faster being on a SATA drive instead of an older, 5400-rpm IDE hard drive. I still have 1 (of 4) SATA ports available, so any further expansion of storage will most likely be an additional SATA drive instead of something IDE.
With the new boot drive, new SMT processor, and new video, I went ahead and re-installed Linux on the machine as well. I'm now running Kubuntu 8.04.1, stock kernel, that recognizes all of my RAM, the dual cores on the processor, and the stock 'nv' driver is handling my basic desktop resolution for the time being. I'm still trying to track down all of the packages I need to reinstall; everything from the PostgreSQL client and development libs to nmap to Perl modules.
The next big project for the new hardware is to set up Xen. I've used VMware off and on for probably 5 or 6 years, and it's just a pain to have to remember to allow localhost to connect to my X session, su(1) to root, launch VMware, and then boot the secondary OS. With Xen, I'm planning on shaving off about 1/2 GB of RAM, about 1/4 of my CPU time (if I can tune it that granularly), and 20 - 50 GB of storage for the virtual disk. I'm going to turn this into a shell server that will run along-side my KDE desktop.
All in all, I have to say it was money well spent!
*/
Child Online Protection Act Overturned
Wednesday, July 23. 2008
Child Online Protection Act Overturned
A federal appeals court struck down as unconstitutional a Clinton-era law that would have forced websites with adult material to verify visitors' ages, dealing another blow to the government in a 10-year court battle over net censorship.
The 3rd U.S. Circurt Court of Appeals upheld on Tuesday a 2007 lower-court decision that the Child Online Protection Act violated the First Amendment since it was not the most effective way to keep children from visiting adult websites.
/*
Emphasis is my own.
My question is this: Would this law be constitutional (in other words, not a breach of first amendment rights) if it were the most effective way of keeping children out of "adult" websites?
*/
Both courts also found that the standards for material that had to be hidden from open browsing were so loosely defined that any content not suitable for a four-year-old would have been hidden behind a age-verification firewall.
/*
While I have not read the law myself, nor would I likely comprehend the majority of it, I cannot imagine how one could legally outline unsuitable content. It seems the way to go, in most cases, is to be overly broad. You know, just to make sure you get everyone.
I also find it funny that they mention an "age-verification firewall." Are there firewalls now that can determine the age of the user on the machine that generated those packets? I think not.
*/
"Unlike COPA, filters permit adults to determine if and when they want to use them and do not subject speakers to criminal or civil penalties," the court wrote.
/*
This is the correct way to police your internet connection. If you have children in your home and are concerned about the websites they visit, there is no shortage of parental filtering software available. This is a clear case of over-governance.
What shocks me is the technical savvy and knowledge of filtering alternatives regarding technology by the courts.
*/
COPA was intended to be a narrower version of the 1996 Communications Decency Act, which would have catastrophically extended the rules of television 'decency' to the internet had the Supreme Court not emphatically rejected it in 1997.
...
"It is apparent that COPA, like the Communications Decency Act before it, 'effectively suppresses a large amount of speech that adults have a constitutional right to receive and to address to one another,' Reno, 521 U.S. at 874, 117 S.Ct. at 2346, and thus is overbroad. For this reason, COPA violates the First Amendment," the judges wrote. "These burdens would chill protected speech."
/*
Again, emphasis is my own.
*/
They [the ACLU] also argued the law would apply to anyone who wrote about mature subjects who also happened to have Google or Yahoo ads on their personal blog.
For its part, the government says the law was intended to apply to pornographic websites, not news sites. It also argues COPA's age restrictions would work with content filters.
/*
It was "intended to apply to pornographic websites". Intended. If it were intended for just that, and not just to gain control over part of the internet, the law would have been written as such, in a much narrower fashion. As I mentioned above, it's hard to narrowly define what is "unsuitable", but there is already existing precedent on what is considered "pornographic."
I'm not advocating giving pornography to children, but this is a clear matter of parental responsibility, not government responsibility. Just as the V-chip allows parents to block what their children watch on television, there are many alternatives to blocking websites and content types just the same.
*/
A federal appeals court struck down as unconstitutional a Clinton-era law that would have forced websites with adult material to verify visitors' ages, dealing another blow to the government in a 10-year court battle over net censorship.
The 3rd U.S. Circurt Court of Appeals upheld on Tuesday a 2007 lower-court decision that the Child Online Protection Act violated the First Amendment since it was not the most effective way to keep children from visiting adult websites.
/*
Emphasis is my own.
My question is this: Would this law be constitutional (in other words, not a breach of first amendment rights) if it were the most effective way of keeping children out of "adult" websites?
*/
Both courts also found that the standards for material that had to be hidden from open browsing were so loosely defined that any content not suitable for a four-year-old would have been hidden behind a age-verification firewall.
/*
While I have not read the law myself, nor would I likely comprehend the majority of it, I cannot imagine how one could legally outline unsuitable content. It seems the way to go, in most cases, is to be overly broad. You know, just to make sure you get everyone.
I also find it funny that they mention an "age-verification firewall." Are there firewalls now that can determine the age of the user on the machine that generated those packets? I think not.
*/
"Unlike COPA, filters permit adults to determine if and when they want to use them and do not subject speakers to criminal or civil penalties," the court wrote.
/*
This is the correct way to police your internet connection. If you have children in your home and are concerned about the websites they visit, there is no shortage of parental filtering software available. This is a clear case of over-governance.
What shocks me is the technical savvy and knowledge of filtering alternatives regarding technology by the courts.
*/
COPA was intended to be a narrower version of the 1996 Communications Decency Act, which would have catastrophically extended the rules of television 'decency' to the internet had the Supreme Court not emphatically rejected it in 1997.
...
"It is apparent that COPA, like the Communications Decency Act before it, 'effectively suppresses a large amount of speech that adults have a constitutional right to receive and to address to one another,' Reno, 521 U.S. at 874, 117 S.Ct. at 2346, and thus is overbroad. For this reason, COPA violates the First Amendment," the judges wrote. "These burdens would chill protected speech."
/*
Again, emphasis is my own.
*/
They [the ACLU] also argued the law would apply to anyone who wrote about mature subjects who also happened to have Google or Yahoo ads on their personal blog.
For its part, the government says the law was intended to apply to pornographic websites, not news sites. It also argues COPA's age restrictions would work with content filters.
/*
It was "intended to apply to pornographic websites". Intended. If it were intended for just that, and not just to gain control over part of the internet, the law would have been written as such, in a much narrower fashion. As I mentioned above, it's hard to narrowly define what is "unsuitable", but there is already existing precedent on what is considered "pornographic."
I'm not advocating giving pornography to children, but this is a clear matter of parental responsibility, not government responsibility. Just as the V-chip allows parents to block what their children watch on television, there are many alternatives to blocking websites and content types just the same.
*/
New CAPTCHA Concepts
Wednesday, July 16. 2008
/*
There was an article on Slashdot earlier today bemoaning the uselessness of CAPTCHAs. While I don't agree that they're useless, they have been fairly fruitless at stopping comment spam on my blog here.
The article mentions two possible "successors" to the standard image and audio CAPTCHA, let's take a look at them.
The good:
This one comes from a site called spamfizzle.com. Their approach to going beyond the standard 2-dimensional image is to go 3D. Each object in a scene will be represented by a letter. Hundreds, if not thousands, of 3D images can be created using the exact same 3D "scene" but shown from different angles and with different lighting sources. You will then be required to enter, in order, the letter on the cat's tail, the letter in the upper left window pane, and the number of branches on the tree. Using only letters, no numbers, the possible combinations of the CAPTCHAs requiring only 3 letters is as follows: 26*25*24 = 15,600. At 4 letters, it becomes 358,800 possibilities. At 5 letters, it's now 7,893,600 possible combinations. There are also several other features that make nuking CAPTCHA-cracking programs obsolete within minutes; as well as features for making it easier for humans to work with. I really don't feel that I can do justice to this article by summarizing it here. I strongly encourage you to read the article itself (even though it is hosted on a Windows platform).
The bad:
This site requires that you really know your math. How many people are going to know enough geometry, trigonometry, and calculus to figure out this challenge/response?
The ugly:
What can I say?
*/
There was an article on Slashdot earlier today bemoaning the uselessness of CAPTCHAs. While I don't agree that they're useless, they have been fairly fruitless at stopping comment spam on my blog here.
The article mentions two possible "successors" to the standard image and audio CAPTCHA, let's take a look at them.
The good:
This one comes from a site called spamfizzle.com. Their approach to going beyond the standard 2-dimensional image is to go 3D. Each object in a scene will be represented by a letter. Hundreds, if not thousands, of 3D images can be created using the exact same 3D "scene" but shown from different angles and with different lighting sources. You will then be required to enter, in order, the letter on the cat's tail, the letter in the upper left window pane, and the number of branches on the tree. Using only letters, no numbers, the possible combinations of the CAPTCHAs requiring only 3 letters is as follows: 26*25*24 = 15,600. At 4 letters, it becomes 358,800 possibilities. At 5 letters, it's now 7,893,600 possible combinations. There are also several other features that make nuking CAPTCHA-cracking programs obsolete within minutes; as well as features for making it easier for humans to work with. I really don't feel that I can do justice to this article by summarizing it here. I strongly encourage you to read the article itself (even though it is hosted on a Windows platform).
The bad:
This site requires that you really know your math. How many people are going to know enough geometry, trigonometry, and calculus to figure out this challenge/response?
The ugly:
What can I say?
*/
Open Security Foundation To Maintain Attrition.org's Data Loss Database - Open Source
Wednesday, July 16. 2008
Open Security Foundation To Maintain Attrition.org's Data Loss Database - Open Source
The Open Security Foundation (OSF) is pleased to announce that the DataLossDB (also known as the Data Loss Database - Open Source (DLDOS) currently run by Attrition.org) will be formally maintained as an ongoing project under the OSF umbrella organization as of July 15, 2008.
Attrition.org's Data Loss project, which was originally conceptualized in 2001 and has been maintained since July 2005, introduced DLDOS to the public in September of 2006. The project's core mission is to track the loss or theft of personally identifying information not just from the United States, but across the world. As of June 4, 2008, DataLossDB contains information on over 1,000 breaches of personal identifying information covering over 330 million records.
DataLossDB has become a recognized leader in the categorization of dataloss incidents over the past several years. In an effort to build off the current success and further enhance the project, the new relationship with OSF provides opportunities for growth, an improved data set, and expanded community involvement. "We've worked hard to research, gather, and make this data open to the public," says Kelly Todd, one of the project leaders for DataLossDB. "Hopefully, the migration to OSF will lead to more community participation, public awareness, and consumer advocacy by providing an open forum for submitting information."
The Open Security Foundation's DataLossDB will be free for download and use in non-profit work and research. The new website launch (http://www.datalossdb.org/) builds off of the current data set and provides an extensive list of new features. DataLossDB has attained rapid success due to a core group of volunteers who have populated and maintained the database. However, the new system will provide an open framework that allows the community to get involved and enhance the project. "For a data set as dynamic as this, it made sense to build it into a more user-driven format.", states David Shettler, the lead developer for the Open Security Foundation. "With the release of this new site, the project can now be fed by anyone, from data loss victims to researchers".
/*
This site is actually pretty neat. Not only does it have a searchable index, it also provides quick links to things like the latest incidents, largest incidents, most discussed incidents; and even breaks it down by type of loss (credit card numbers, social security numbers, and even medical records!).
This site manages to index so much information in so many useful ways, it's certainly worth supporting!
*/
The Open Security Foundation (OSF) is pleased to announce that the DataLossDB (also known as the Data Loss Database - Open Source (DLDOS) currently run by Attrition.org) will be formally maintained as an ongoing project under the OSF umbrella organization as of July 15, 2008.
Attrition.org's Data Loss project, which was originally conceptualized in 2001 and has been maintained since July 2005, introduced DLDOS to the public in September of 2006. The project's core mission is to track the loss or theft of personally identifying information not just from the United States, but across the world. As of June 4, 2008, DataLossDB contains information on over 1,000 breaches of personal identifying information covering over 330 million records.
DataLossDB has become a recognized leader in the categorization of dataloss incidents over the past several years. In an effort to build off the current success and further enhance the project, the new relationship with OSF provides opportunities for growth, an improved data set, and expanded community involvement. "We've worked hard to research, gather, and make this data open to the public," says Kelly Todd, one of the project leaders for DataLossDB. "Hopefully, the migration to OSF will lead to more community participation, public awareness, and consumer advocacy by providing an open forum for submitting information."
The Open Security Foundation's DataLossDB will be free for download and use in non-profit work and research. The new website launch (http://www.datalossdb.org/) builds off of the current data set and provides an extensive list of new features. DataLossDB has attained rapid success due to a core group of volunteers who have populated and maintained the database. However, the new system will provide an open framework that allows the community to get involved and enhance the project. "For a data set as dynamic as this, it made sense to build it into a more user-driven format.", states David Shettler, the lead developer for the Open Security Foundation. "With the release of this new site, the project can now be fed by anyone, from data loss victims to researchers".
/*
This site is actually pretty neat. Not only does it have a searchable index, it also provides quick links to things like the latest incidents, largest incidents, most discussed incidents; and even breaks it down by type of loss (credit card numbers, social security numbers, and even medical records!).
This site manages to index so much information in so many useful ways, it's certainly worth supporting!
*/
Posted by TJE
in Advisories, Data Theft, Exploits, News, Software, Technology, Vulnerabilities
at
03:36
Seizing Laptops and Cameras Without Cause
Thursday, June 26. 2008
Seizing Laptops and Cameras Without Cause
Returning from a brief vacation to Germany in February, Bill Hogan was selected for additional screening by customs officials at Dulles International Airport outside Washington, D.C. Agents searched Hogan's luggage and then popped an unexpected question: Was he carrying any digital media cards or drives in his pockets? "Then they told me that they were impounding my laptop," says Hogan, a freelance investigative reporter whose recent stories have ranged from the origins of the Iraq war to the impact of money in presidential politics.
Shaken by the encounter, Hogan says he left the airport and examined his bags, finding that the agents had also removed and inspected the memory card from his digital camera. [...] When customs offered to return the machine nearly two weeks later, Hogan told them to ship it to his lawyer.
...
Citing those lawsuits, Customs and Border Protection, a division of the Department of Homeland Security, refuses to say exactly how common the practice is, how many computers, portable storage drives, and BlackBerries have been inspected and confiscated, or what happens to the devices once they are seized. Congressional investigators and plaintiffs involved in lawsuits believe that digital copies -- so-called "mirror images" of drives -- are sometimes made of materials after they are seized by customs.
...
"As a businessperson returning to the U.S., you may find yourself effectively locked out of your electronic office indefinitely." While Hogan had his computer returned after only a few days, others say they have had theirs held for months at a time. As a result, some companies have instituted policies that require employees to travel with clean machines: free of corporate data.
/*
This is one of the likely scenarios I would use if I was to travel abroad with my laptop and/or digital camera. I'd upload everything to a machine at home while I'm away, and work exclusively off shared-storage applications (i.e., Google Apps, Wiki, etc). When I came back through customs, the camera would be blank, and the laptop would be stock-as-a-rock. I don't think I could let them take the laptop, I think that could turn into a bad situation.
*/
The security value of the program is unclear, critics say, while the threats to business and privacy are substantial. If drives are being copied, customs officials are potentially duplicating corporate secrets, legal records, financial data, medical files, and personal E-mails and photographs as well as stored passwords for accounts from Netflix to Bank of America. DHS contends that travelers' computers can also contain child pornography, intellectual property offenses, or terrorist secrets.
/*
Now this is assuming you're running that one OS. ;) My laptop might be a little more difficult for them to "duplicate" things off of.
This brings me to my other idea. Encrypt the entire disk. Many Linux distributions now support a cryptoloop root file-system (using an initrd).
Notice how they manage to bring out three of the Four Horsemen of the Apocalypse. They forgot the drug dealers out there on the internet.
*/
It makes practical sense to X-ray the contents of checked and carry-on luggage, which could pose an immediate danger to airplanes and their passengers. "Generally speaking, customs officials do not go through briefcases to review and copy paper business records or personal diaries, which is apparently what they are now doing now in digital form -- these PDA's don't have bombs in them," says Marc Rotenberg, executive director of the Electronic Privacy Information Center.
/*
Neither does hair gel, but apparently that's a problem, too. If they're worried about the PDAs, cameras, and laptops, just let the dogs sniff 'em. That's all they need to know about what's on my digital devices.
*/
More troubling is what could happen if other countries follow the lead of the United States. Imagine, for instance, if China or Russia began a program to seize and duplicate the contents of traveler's laptops. "We wouldn't be in a position to strongly object to that type of behavior," Rotenberg says.
Indeed, visitors to the Beijing Olympic Games have been officially advised by U.S. officials that their laptops may be targeted for duplication or bugging by Chinese government spies hoping to steal business and trade secrets.
/*
How is it that these asshats get to host the Olympics? Maybe it's just me, but if I'm in a situation where I think someone is trying to "steal my secrets," I would remove myself from that situation as quickly as possible. We're told we can't trust them, but we're having a world-class event there?
*/
Returning from a brief vacation to Germany in February, Bill Hogan was selected for additional screening by customs officials at Dulles International Airport outside Washington, D.C. Agents searched Hogan's luggage and then popped an unexpected question: Was he carrying any digital media cards or drives in his pockets? "Then they told me that they were impounding my laptop," says Hogan, a freelance investigative reporter whose recent stories have ranged from the origins of the Iraq war to the impact of money in presidential politics.
Shaken by the encounter, Hogan says he left the airport and examined his bags, finding that the agents had also removed and inspected the memory card from his digital camera. [...] When customs offered to return the machine nearly two weeks later, Hogan told them to ship it to his lawyer.
...
Citing those lawsuits, Customs and Border Protection, a division of the Department of Homeland Security, refuses to say exactly how common the practice is, how many computers, portable storage drives, and BlackBerries have been inspected and confiscated, or what happens to the devices once they are seized. Congressional investigators and plaintiffs involved in lawsuits believe that digital copies -- so-called "mirror images" of drives -- are sometimes made of materials after they are seized by customs.
...
"As a businessperson returning to the U.S., you may find yourself effectively locked out of your electronic office indefinitely." While Hogan had his computer returned after only a few days, others say they have had theirs held for months at a time. As a result, some companies have instituted policies that require employees to travel with clean machines: free of corporate data.
/*
This is one of the likely scenarios I would use if I was to travel abroad with my laptop and/or digital camera. I'd upload everything to a machine at home while I'm away, and work exclusively off shared-storage applications (i.e., Google Apps, Wiki, etc). When I came back through customs, the camera would be blank, and the laptop would be stock-as-a-rock. I don't think I could let them take the laptop, I think that could turn into a bad situation.
*/
The security value of the program is unclear, critics say, while the threats to business and privacy are substantial. If drives are being copied, customs officials are potentially duplicating corporate secrets, legal records, financial data, medical files, and personal E-mails and photographs as well as stored passwords for accounts from Netflix to Bank of America. DHS contends that travelers' computers can also contain child pornography, intellectual property offenses, or terrorist secrets.
/*
Now this is assuming you're running that one OS. ;) My laptop might be a little more difficult for them to "duplicate" things off of.
This brings me to my other idea. Encrypt the entire disk. Many Linux distributions now support a cryptoloop root file-system (using an initrd).
Notice how they manage to bring out three of the Four Horsemen of the Apocalypse. They forgot the drug dealers out there on the internet.
*/
It makes practical sense to X-ray the contents of checked and carry-on luggage, which could pose an immediate danger to airplanes and their passengers. "Generally speaking, customs officials do not go through briefcases to review and copy paper business records or personal diaries, which is apparently what they are now doing now in digital form -- these PDA's don't have bombs in them," says Marc Rotenberg, executive director of the Electronic Privacy Information Center.
/*
Neither does hair gel, but apparently that's a problem, too. If they're worried about the PDAs, cameras, and laptops, just let the dogs sniff 'em. That's all they need to know about what's on my digital devices.
*/
More troubling is what could happen if other countries follow the lead of the United States. Imagine, for instance, if China or Russia began a program to seize and duplicate the contents of traveler's laptops. "We wouldn't be in a position to strongly object to that type of behavior," Rotenberg says.
Indeed, visitors to the Beijing Olympic Games have been officially advised by U.S. officials that their laptops may be targeted for duplication or bugging by Chinese government spies hoping to steal business and trade secrets.
/*
How is it that these asshats get to host the Olympics? Maybe it's just me, but if I'm in a situation where I think someone is trying to "steal my secrets," I would remove myself from that situation as quickly as possible. We're told we can't trust them, but we're having a world-class event there?
*/
pl/pgSQL Programming Guide
Monday, June 23. 2008
pl/pgSQL Programming Guide
With PL/pgSQL you can group a block of computation and a series of queries inside the database server, thus having the power of a procedural language and the ease of use of SQL, but with considerable savings of client/server communication overhead.
Extra round trips between client and server are eliminated
Intermediate results that the client does not need do not have to be marshaled or transferred between server and client
Multiple rounds of query parsing can be avoided
This can result in a considerable performance increase as compared to an application that does not use stored functions.
Also, with PL/pgSQL you can use all the data types, operators and functions of SQL.
/*
This is a link to the PostgreSQL 8.3 documentation for the pl/pgSQL procedural programming language. You can greatly speed up application performance by moving much of the decision-making to the database.
*/
With PL/pgSQL you can group a block of computation and a series of queries inside the database server, thus having the power of a procedural language and the ease of use of SQL, but with considerable savings of client/server communication overhead.
This can result in a considerable performance increase as compared to an application that does not use stored functions.
Also, with PL/pgSQL you can use all the data types, operators and functions of SQL.
/*
This is a link to the PostgreSQL 8.3 documentation for the pl/pgSQL procedural programming language. You can greatly speed up application performance by moving much of the decision-making to the database.
*/
George Carlin has Died
Monday, June 23. 2008
George Carlin has Died
ET breaks the news that comedian George Carlin has died from heart failure. The man who made famous the "seven words you can never say on television" passed away at 5:55 p.m. Sunday at Saint John's Hospital in Santa Monica, his longtime publicist said. He was 71.
/*
...another dead hero.
*/
ET breaks the news that comedian George Carlin has died from heart failure. The man who made famous the "seven words you can never say on television" passed away at 5:55 p.m. Sunday at Saint John's Hospital in Santa Monica, his longtime publicist said. He was 71.
/*
...another dead hero.
*/
Spacewalk: Free & Open Source Systems Management
Monday, June 23. 2008
Spacewalk: Free & Open Source Systems Management
Spacewalk is an open source (GPLv2) Linux systems management solution. It is the upstream community project from which the Red Hat Network Satellite product is derived.
Spacewalk is an open source (GPLv2) Linux systems management solution that allows you to:
Inventory your systems (hardware and software information)
Install and update software on your systems
Collect and distribute your custom software packages into manageable groups
Provision (kickstart) your systems
Manage and deploy configuration files to your systems
Monitor your systems
Provision and start/stop/configure virtual guests
Distribute content across multiple geographical sites in an efficient manner.
/*
This is a beautiful management system! It's what RedHat used to sell as their RHN Satellite service. I've had the opportunity to work with it in the past, while it was still a commercial-only product. Not only does this sytem allow you to register all your hosts, and group in any fashion (by function, by OS version, by hardware type, etc), but it also keeps local caches of the packages for those systems. Instead of having to hit a busy ftp mirror every time you upgrade packages, it will hit the site once per package, and then distribute downstream from master to slave; somewhat like a tiered web proxy approach.
In terms of how happy I am to see this product become open source, I'd put it at an 8/10 or 8.5/10. This is truly a nice product. The only downside I can think of is the fact that you're _required_ to use an Oracle backend. But with the Oracle Express product being free, it should still be a no-cost setup.
*/
Spacewalk is an open source (GPLv2) Linux systems management solution. It is the upstream community project from which the Red Hat Network Satellite product is derived.
Spacewalk is an open source (GPLv2) Linux systems management solution that allows you to:
/*
This is a beautiful management system! It's what RedHat used to sell as their RHN Satellite service. I've had the opportunity to work with it in the past, while it was still a commercial-only product. Not only does this sytem allow you to register all your hosts, and group in any fashion (by function, by OS version, by hardware type, etc), but it also keeps local caches of the packages for those systems. Instead of having to hit a busy ftp mirror every time you upgrade packages, it will hit the site once per package, and then distribute downstream from master to slave; somewhat like a tiered web proxy approach.
In terms of how happy I am to see this product become open source, I'd put it at an 8/10 or 8.5/10. This is truly a nice product. The only downside I can think of is the fact that you're _required_ to use an Oracle backend. But with the Oracle Express product being free, it should still be a no-cost setup.
*/
Mac OS X Root Escalation Through AppleScript
Thursday, June 19. 2008
Mac OS X Root Escalation Through AppleScript
/*
Unfortunately, this is one of those root exploits that's so simple, you don't even need a canned 'sploit to hit. This is one you can write off the top of your head. Ouch!
*/
Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal user wasn't switched to via fast user switching. Secure? I think not.
/*
This does, however, require physical access to the box. I've found that you can generally crack anything you have physical access to.
*/
/*
Unfortunately, this is one of those root exploits that's so simple, you don't even need a canned 'sploit to hit. This is one you can write off the top of your head. Ouch!
*/
Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal user wasn't switched to via fast user switching. Secure? I think not.
/*
This does, however, require physical access to the box. I've found that you can generally crack anything you have physical access to.
*/
Miscellaneous Microsoft Docs
Wednesday, June 18. 2008
/*
Miscellaneous Microsoft Docs
Occasionally I come across some Microsoft articles that are of use to myself or those I know. I've gathered a list of Windows Server 2K3 and IIS 6.0 commands and tools that will help in automating processes.
How to Restart IIS
Additional Resources for the IIS 6.0 Metabase
Command-Line Tools Included in IIS
Using Command-Line Administration Scripts
Starting and Stopping Services (IIS 6.0)
*/
Miscellaneous Microsoft Docs
Occasionally I come across some Microsoft articles that are of use to myself or those I know. I've gathered a list of Windows Server 2K3 and IIS 6.0 commands and tools that will help in automating processes.
How to Restart IIS
Additional Resources for the IIS 6.0 Metabase
Command-Line Tools Included in IIS
Using Command-Line Administration Scripts
Starting and Stopping Services (IIS 6.0)
*/
Wine 1.0 Released
Wednesday, June 18. 2008
Wine 1.0 Released
It took them 15 years. During those years, the project grew from something that didn't work, to something that sometimes under special circumstances could maybe perhaps work, to something that sometimes just worked, all the way to something that works in a number of pre-defined cases. You won't believe it, but Wine 1.0 is here.
/*
I don't believe it! I haven't used Wine in quite some time (when I was unable to get PartyPoker to work through it!), I'm hoping this 1.0 release will stablize a lot of the bugs I'd seen previously. I mean, how hard is it to emulate a broken OS? Logic would dictate that you handle X this way, but no, it has to be Windows-compatible, so you take the wrong way. Their developers must be extreme masochists.
Check out the Application Compatibility List at AppDB.
*/
It took them 15 years. During those years, the project grew from something that didn't work, to something that sometimes under special circumstances could maybe perhaps work, to something that sometimes just worked, all the way to something that works in a number of pre-defined cases. You won't believe it, but Wine 1.0 is here.
/*
I don't believe it! I haven't used Wine in quite some time (when I was unable to get PartyPoker to work through it!), I'm hoping this 1.0 release will stablize a lot of the bugs I'd seen previously. I mean, how hard is it to emulate a broken OS? Logic would dictate that you handle X this way, but no, it has to be Windows-compatible, so you take the wrong way. Their developers must be extreme masochists.
Check out the Application Compatibility List at AppDB.
*/
IBM May Open Source DB2
Wednesday, June 18. 2008
IBM May Open Source DB2
IBM is positive about the possibility of bringing out its DB2 database management software under an open source license.
While the computing giant has no immediate plans to open source DB2, market conditions may make it unavoidable, according to Chris Livesey, IBM's U.K. director of information management software.
"We have a light version of the product offered for free, which is a step towards exposing our core (DB2) technology," said Livesey. "Looking at IBM's heritage in contributing to the open source market, we've been particularly keen to lead that market. Open source is an interesting space, as a whole. As the future unfolds, and the economics become clearer, there's going to be more commitment to open source by everybody. We've made good steps towards that."
/*
While this is speculation at this point, it would be nice to see an open-source DB2. I expect some pushback from the financial industry (banks are almost exclusively IBM hardware/OS/database setups), but everyone else should benefit from this; including IBM. I'd like to see the replication code from DB2 make it's way into PostgreSQL, or eventually just switch to an open-source DB2.
Does anyone remember when "open source" became a verb?
*/
IBM is positive about the possibility of bringing out its DB2 database management software under an open source license.
While the computing giant has no immediate plans to open source DB2, market conditions may make it unavoidable, according to Chris Livesey, IBM's U.K. director of information management software.
"We have a light version of the product offered for free, which is a step towards exposing our core (DB2) technology," said Livesey. "Looking at IBM's heritage in contributing to the open source market, we've been particularly keen to lead that market. Open source is an interesting space, as a whole. As the future unfolds, and the economics become clearer, there's going to be more commitment to open source by everybody. We've made good steps towards that."
/*
While this is speculation at this point, it would be nice to see an open-source DB2. I expect some pushback from the financial industry (banks are almost exclusively IBM hardware/OS/database setups), but everyone else should benefit from this; including IBM. I'd like to see the replication code from DB2 make it's way into PostgreSQL, or eventually just switch to an open-source DB2.
Does anyone remember when "open source" became a verb?
*/
Linux Weather Forecast
Sunday, June 15. 2008
Linux Weather Forecast
Welcome to the Linux Weather Forecast. This page is an attempt to track ongoing developments in the Linux development community that have a good chance of appearing in a mainline kernel and/or major distros sometime in the near future. Your "chief meteorologist" is Jonathan Corbet, Executive Editor at LWN.net. If you have suggestions on improving the forecast (and particularly if you have a project or patchset that you think should be tracked), please add your comments to the Discussion page.
There's a blog that reports on the main changes to the forecast. You can view it directly or use a feed reader to subscribe to the blog feed. You can also subscribe directly to the changes feed for this page to see feed all forecast edits.
/*
This site is pretty neat. It tracks major features and enhancements to the kernel as they are merged and tested.
*/
Welcome to the Linux Weather Forecast. This page is an attempt to track ongoing developments in the Linux development community that have a good chance of appearing in a mainline kernel and/or major distros sometime in the near future. Your "chief meteorologist" is Jonathan Corbet, Executive Editor at LWN.net. If you have suggestions on improving the forecast (and particularly if you have a project or patchset that you think should be tracked), please add your comments to the Discussion page.
There's a blog that reports on the main changes to the forecast. You can view it directly or use a feed reader to subscribe to the blog feed. You can also subscribe directly to the changes feed for this page to see feed all forecast edits.
/*
This site is pretty neat. It tracks major features and enhancements to the kernel as they are merged and tested.
*/
(Page 1 of 12, totaling 296 entries)
» next page