forkb0mb.org

Child Online Protection Act Overturned

A federal appeals court struck down as unconstitutional a Clinton-era law that would have forced websites with adult material to verify visitors' ages, dealing another blow to the government in a 10-year court battle over net censorship.

The 3rd U.S. Circurt Court of Appeals upheld on Tuesday a 2007 lower-court decision that the Child Online Protection Act violated the First Amendment since it was not the most effective way to keep children from visiting adult websites.

/*
Emphasis is my own.

My question is this: Would this law be constitutional (in other words, not a breach of first amendment rights) if it were the most effective way of keeping children out of "adult" websites?
*/

Both courts also found that the standards for material that had to be hidden from open browsing were so loosely defined that any content not suitable for a four-year-old would have been hidden behind a age-verification firewall.

/*
While I have not read the law myself, nor would I likely comprehend the majority of it, I cannot imagine how one could legally outline unsuitable content. It seems the way to go, in most cases, is to be overly broad. You know, just to make sure you get everyone.

I also find it funny that they mention an "age-verification firewall." Are there firewalls now that can determine the age of the user on the machine that generated those packets? I think not.
*/

"Unlike COPA, filters permit adults to determine if and when they want to use them and do not subject speakers to criminal or civil penalties," the court wrote.

/*
This is the correct way to police your internet connection. If you have children in your home and are concerned about the websites they visit, there is no shortage of parental filtering software available. This is a clear case of over-governance.

What shocks me is the technical savvy and knowledge of filtering alternatives regarding technology by the courts.
*/

COPA was intended to be a narrower version of the 1996 Communications Decency Act, which would have catastrophically extended the rules of television 'decency' to the internet had the Supreme Court not emphatically rejected it in 1997.

...

"It is apparent that COPA, like the Communications Decency Act before it, 'effectively suppresses a large amount of speech that adults have a constitutional right to receive and to address to one another,' Reno, 521 U.S. at 874, 117 S.Ct. at 2346, and thus is overbroad. For this reason, COPA violates the First Amendment," the judges wrote. "These burdens would chill protected speech."

/*
Again, emphasis is my own.
*/

They [the ACLU] also argued the law would apply to anyone who wrote about mature subjects who also happened to have Google or Yahoo ads on their personal blog.

For its part, the government says the law was intended to apply to pornographic websites, not news sites. It also argues COPA's age restrictions would work with content filters.

/*
It was "intended to apply to pornographic websites". Intended. If it were intended for just that, and not just to gain control over part of the internet, the law would have been written as such, in a much narrower fashion. As I mentioned above, it's hard to narrowly define what is "unsuitable", but there is already existing precedent on what is considered "pornographic."

I'm not advocating giving pornography to children, but this is a clear matter of parental responsibility, not government responsibility. Just as the V-chip allows parents to block what their children watch on television, there are many alternatives to blocking websites and content types just the same.
*/

/*
There was an article on Slashdot earlier today bemoaning the uselessness of CAPTCHAs. While I don't agree that they're useless, they have been fairly fruitless at stopping comment spam on my blog here.

The article mentions two possible "successors" to the standard image and audio CAPTCHA, let's take a look at them.

The good:
This one comes from a site called spamfizzle.com. Their approach to going beyond the standard 2-dimensional image is to go 3D. Each object in a scene will be represented by a letter. Hundreds, if not thousands, of 3D images can be created using the exact same 3D "scene" but shown from different angles and with different lighting sources. You will then be required to enter, in order, the letter on the cat's tail, the letter in the upper left window pane, and the number of branches on the tree. Using only letters, no numbers, the possible combinations of the CAPTCHAs requiring only 3 letters is as follows: 26*25*24 = 15,600. At 4 letters, it becomes 358,800 possibilities. At 5 letters, it's now 7,893,600 possible combinations. There are also several other features that make nuking CAPTCHA-cracking programs obsolete within minutes; as well as features for making it easier for humans to work with. I really don't feel that I can do justice to this article by summarizing it here. I strongly encourage you to read the article itself (even though it is hosted on a Windows platform).

The bad:
This site requires that you really know your math. How many people are going to know enough geometry, trigonometry, and calculus to figure out this challenge/response?

The ugly:
What can I say?
*/

Open Security Foundation To Maintain Attrition.org's Data Loss Database - Open Source

The Open Security Foundation (OSF) is pleased to announce that the DataLossDB (also known as the Data Loss Database - Open Source (DLDOS) currently run by Attrition.org) will be formally maintained as an ongoing project under the OSF umbrella organization as of July 15, 2008.

Attrition.org's Data Loss project, which was originally conceptualized in 2001 and has been maintained since July 2005, introduced DLDOS to the public in September of 2006. The project's core mission is to track the loss or theft of personally identifying information not just from the United States, but across the world. As of June 4, 2008, DataLossDB contains information on over 1,000 breaches of personal identifying information covering over 330 million records.

DataLossDB has become a recognized leader in the categorization of dataloss incidents over the past several years. In an effort to build off the current success and further enhance the project, the new relationship with OSF provides opportunities for growth, an improved data set, and expanded community involvement. "We've worked hard to research, gather, and make this data open to the public," says Kelly Todd, one of the project leaders for DataLossDB. "Hopefully, the migration to OSF will lead to more community participation, public awareness, and consumer advocacy by providing an open forum for submitting information."

The Open Security Foundation's DataLossDB will be free for download and use in non-profit work and research. The new website launch (http://www.datalossdb.org/) builds off of the current data set and provides an extensive list of new features. DataLossDB has attained rapid success due to a core group of volunteers who have populated and maintained the database. However, the new system will provide an open framework that allows the community to get involved and enhance the project. "For a data set as dynamic as this, it made sense to build it into a more user-driven format.", states David Shettler, the lead developer for the Open Security Foundation. "With the release of this new site, the project can now be fed by anyone, from data loss victims to researchers".

/*
This site is actually pretty neat. Not only does it have a searchable index, it also provides quick links to things like the latest incidents, largest incidents, most discussed incidents; and even breaks it down by type of loss (credit card numbers, social security numbers, and even medical records!).

This site manages to index so much information in so many useful ways, it's certainly worth supporting!
*/

Seizing Laptops and Cameras Without Cause

Returning from a brief vacation to Germany in February, Bill Hogan was selected for additional screening by customs officials at Dulles International Airport outside Washington, D.C. Agents searched Hogan's luggage and then popped an unexpected question: Was he carrying any digital media cards or drives in his pockets? "Then they told me that they were impounding my laptop," says Hogan, a freelance investigative reporter whose recent stories have ranged from the origins of the Iraq war to the impact of money in presidential politics.

Shaken by the encounter, Hogan says he left the airport and examined his bags, finding that the agents had also removed and inspected the memory card from his digital camera. [...] When customs offered to return the machine nearly two weeks later, Hogan told them to ship it to his lawyer.

...

Citing those lawsuits, Customs and Border Protection, a division of the Department of Homeland Security, refuses to say exactly how common the practice is, how many computers, portable storage drives, and BlackBerries have been inspected and confiscated, or what happens to the devices once they are seized. Congressional investigators and plaintiffs involved in lawsuits believe that digital copies -- so-called "mirror images" of drives -- are sometimes made of materials after they are seized by customs.

...

"As a businessperson returning to the U.S., you may find yourself effectively locked out of your electronic office indefinitely." While Hogan had his computer returned after only a few days, others say they have had theirs held for months at a time. As a result, some companies have instituted policies that require employees to travel with clean machines: free of corporate data.

/*
This is one of the likely scenarios I would use if I was to travel abroad with my laptop and/or digital camera. I'd upload everything to a machine at home while I'm away, and work exclusively off shared-storage applications (i.e., Google Apps, Wiki, etc). When I came back through customs, the camera would be blank, and the laptop would be stock-as-a-rock. I don't think I could let them take the laptop, I think that could turn into a bad situation.
*/

The security value of the program is unclear, critics say, while the threats to business and privacy are substantial. If drives are being copied, customs officials are potentially duplicating corporate secrets, legal records, financial data, medical files, and personal E-mails and photographs as well as stored passwords for accounts from Netflix to Bank of America. DHS contends that travelers' computers can also contain child pornography, intellectual property offenses, or terrorist secrets.

/*
Now this is assuming you're running that one OS. ;) My laptop might be a little more difficult for them to "duplicate" things off of.

This brings me to my other idea. Encrypt the entire disk. Many Linux distributions now support a cryptoloop root file-system (using an initrd).

Notice how they manage to bring out three of the Four Horsemen of the Apocalypse. They forgot the drug dealers out there on the internet.
*/

It makes practical sense to X-ray the contents of checked and carry-on luggage, which could pose an immediate danger to airplanes and their passengers. "Generally speaking, customs officials do not go through briefcases to review and copy paper business records or personal diaries, which is apparently what they are now doing now in digital form -- these PDA's don't have bombs in them," says Marc Rotenberg, executive director of the Electronic Privacy Information Center.

/*
Neither does hair gel, but apparently that's a problem, too. If they're worried about the PDAs, cameras, and laptops, just let the dogs sniff 'em. That's all they need to know about what's on my digital devices.
*/

More troubling is what could happen if other countries follow the lead of the United States. Imagine, for instance, if China or Russia began a program to seize and duplicate the contents of traveler's laptops. "We wouldn't be in a position to strongly object to that type of behavior," Rotenberg says.

Indeed, visitors to the Beijing Olympic Games have been officially advised by U.S. officials that their laptops may be targeted for duplication or bugging by Chinese government spies hoping to steal business and trade secrets.

/*
How is it that these asshats get to host the Olympics? Maybe it's just me, but if I'm in a situation where I think someone is trying to "steal my secrets," I would remove myself from that situation as quickly as possible. We're told we can't trust them, but we're having a world-class event there?
*/

pl/pgSQL Programming Guide

With PL/pgSQL you can group a block of computation and a series of queries inside the database server, thus having the power of a procedural language and the ease of use of SQL, but with considerable savings of client/server communication overhead.

Extra round trips between client and server are eliminated

Intermediate results that the client does not need do not have to be marshaled or transferred between server and client

Multiple rounds of query parsing can be avoided

This can result in a considerable performance increase as compared to an application that does not use stored functions.

Also, with PL/pgSQL you can use all the data types, operators and functions of SQL.

/*
This is a link to the PostgreSQL 8.3 documentation for the pl/pgSQL procedural programming language. You can greatly speed up application performance by moving much of the decision-making to the database.
*/

George Carlin has Died

ET breaks the news that comedian George Carlin has died from heart failure. The man who made famous the "seven words you can never say on television" passed away at 5:55 p.m. Sunday at Saint John's Hospital in Santa Monica, his longtime publicist said. He was 71.

/*
...another dead hero.
*/

Spacewalk: Free & Open Source Systems Management

Spacewalk is an open source (GPLv2) Linux systems management solution. It is the upstream community project from which the Red Hat Network Satellite product is derived.

Spacewalk is an open source (GPLv2) Linux systems management solution that allows you to:

Inventory your systems (hardware and software information)

Install and update software on your systems

Collect and distribute your custom software packages into manageable groups

Provision (kickstart) your systems

Manage and deploy configuration files to your systems

Monitor your systems

Provision and start/stop/configure virtual guests

Distribute content across multiple geographical sites in an efficient manner.

/*
This is a beautiful management system! It's what RedHat used to sell as their RHN Satellite service. I've had the opportunity to work with it in the past, while it was still a commercial-only product. Not only does this sytem allow you to register all your hosts, and group in any fashion (by function, by OS version, by hardware type, etc), but it also keeps local caches of the packages for those systems. Instead of having to hit a busy ftp mirror every time you upgrade packages, it will hit the site once per package, and then distribute downstream from master to slave; somewhat like a tiered web proxy approach.

In terms of how happy I am to see this product become open source, I'd put it at an 8/10 or 8.5/10. This is truly a nice product. The only downside I can think of is the fact that you're _required_ to use an Oracle backend. But with the Oracle Express product being free, it should still be a no-cost setup.
*/

Mac OS X Root Escalation Through AppleScript

/*
Unfortunately, this is one of those root exploits that's so simple, you don't even need a canned 'sploit to hit. This is one you can write off the top of your head. Ouch!
*/

Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal user wasn't switched to via fast user switching. Secure? I think not.

/*
This does, however, require physical access to the box. I've found that you can generally crack anything you have physical access to.
*/

/*
Miscellaneous Microsoft Docs

Occasionally I come across some Microsoft articles that are of use to myself or those I know. I've gathered a list of Windows Server 2K3 and IIS 6.0 commands and tools that will help in automating processes.

How to Restart IIS
Additional Resources for the IIS 6.0 Metabase
Command-Line Tools Included in IIS
Using Command-Line Administration Scripts
Starting and Stopping Services (IIS 6.0)
*/

Wine 1.0 Released

It took them 15 years. During those years, the project grew from something that didn't work, to something that sometimes under special circumstances could maybe perhaps work, to something that sometimes just worked, all the way to something that works in a number of pre-defined cases. You won't believe it, but Wine 1.0 is here.

/*
I don't believe it! I haven't used Wine in quite some time (when I was unable to get PartyPoker to work through it!), I'm hoping this 1.0 release will stablize a lot of the bugs I'd seen previously. I mean, how hard is it to emulate a broken OS? Logic would dictate that you handle X this way, but no, it has to be Windows-compatible, so you take the wrong way. Their developers must be extreme masochists.

Check out the Application Compatibility List at AppDB.
*/

IBM May Open Source DB2

IBM is positive about the possibility of bringing out its DB2 database management software under an open source license.

While the computing giant has no immediate plans to open source DB2, market conditions may make it unavoidable, according to Chris Livesey, IBM's U.K. director of information management software.

"We have a light version of the product offered for free, which is a step towards exposing our core (DB2) technology," said Livesey. "Looking at IBM's heritage in contributing to the open source market, we've been particularly keen to lead that market. Open source is an interesting space, as a whole. As the future unfolds, and the economics become clearer, there's going to be more commitment to open source by everybody. We've made good steps towards that."

/*
While this is speculation at this point, it would be nice to see an open-source DB2. I expect some pushback from the financial industry (banks are almost exclusively IBM hardware/OS/database setups), but everyone else should benefit from this; including IBM. I'd like to see the replication code from DB2 make it's way into PostgreSQL, or eventually just switch to an open-source DB2.

Does anyone remember when "open source" became a verb?
*/

Linux Weather Forecast

Welcome to the Linux Weather Forecast. This page is an attempt to track ongoing developments in the Linux development community that have a good chance of appearing in a mainline kernel and/or major distros sometime in the near future. Your "chief meteorologist" is Jonathan Corbet, Executive Editor at LWN.net. If you have suggestions on improving the forecast (and particularly if you have a project or patchset that you think should be tracked), please add your comments to the Discussion page.

There's a blog that reports on the main changes to the forecast. You can view it directly or use a feed reader to subscribe to the blog feed. You can also subscribe directly to the changes feed for this page to see feed all forecast edits.

/*
This site is pretty neat. It tracks major features and enhancements to the kernel as they are merged and tested.
*/

Anatomy of Linux Journaling File Systems

In recent history, journaling file systems were viewed as an oddity and thought of primarily in terms of research. But today, a journaling file system (ext3) is the default in Linux. Discover the ideas behind journaling file systems, and learn how they provide better integrity in the face of a power failure or system crash. Learn about the various journaling file systems in use today, and peek into the next generation of journaling file systems.

You can define journaling file systems in many ways, but let's get right to the point. Journaling file systems are for people who tire of watching the boot-time fsck, or file system consistency check process. (Journaling file systems are also for anyone who likes the idea of a fault-resilient file system.) When a system using a traditional, non-journaling file system is improperly shut down, the operating system detects this and performs a consistency check using the fsck utility. This utility scans the file system (which can take a considerable amount of time) and fixes any issues that can be safely corrected. In some cases, the file system can be in such bad shape that the operating system boots into single user mode to allow the user to further the repair process.

/*
It is due to a lack of a journal that Windows must be cleanly shut down or else you risk damaging your file-systems.
*/

So, now you know for whom journaling file systems were created, but how do they obviate the need for fsck? In general, journaling file systems avoid file system corruption by maintaining a journal. The journal is a special file that logs the changes destined for the file system in a circular buffer. At periodic intervals, the journal is committed to the file system. If a crash occurs, the journal can be used as a checkpoint to recover unsaved information and avoid corrupting file system metadata.

To sum up, journaling file systems are fault-resilient file systems that use a journal to log changes before they're committed to the file system to avoid metadata corruption. But like many Linux solutions, more than one option is available to you. Let's take a short walk through journaling file system history, and then review the file systems available and how they differ.

/*
As usual, this is another excellent entry on IBM's DeveloperWorks. With my interest in file-system development, this was quite a worthwhile read.

The article also links to many other "Anatomy of..." articles, including all DeveloperWorks articles by M. Tim Jones:

Anatomy of Linux Flash File Systems
Anatomy of Real-Time Linux Architectures
Anatomy of the Linux SCSI Subsystem
Anatomy of the Linux File System
Anatomy of the Linux Networking Stack
Anatomy of the Linux Kernel
Anatomy of the Linux Slab Allocator
Anatomy of Linux Synchronization Methods

*/

China Denies Hacking into US Computers

China denied accusations by two U.S. lawmakers that it hacked into congressional computers, saying Thursday that as a developing country it wasn't capable of sophisticated cybercrime.

/*
Excuse me? They don't have the technical know-how because they're still a "developing country?" I don't think so. First of all, developing nations do not get to host the Olympics. A developing nation doesn't have the money to build a huge new stadium for the Olympics. The last I heard, China was trying to create a technology to control the weather to avoid rain during the Olympics. That's pretty damn technically advanced.

Second, and most importantly, how do they explain the Golden Shield Project (i.e., the Great Firewall of China)?

How about their iPhone clones? Most to all of that technology is either produced there, or at least reverse-engineered.
*/

China has a thriving information technology industry and claims to have 221 million Internet users — equal to the U.S. as the most in the world.

...

The allegations are the latest in a series of cybersecurity problems blamed on China. Reports last year cited officials in Germany, the United States and Britain as saying government and military networks had been broken into by hackers backed by the Chinese military.

2 Lawmakers Say Computers Hacked by Chinese

Two House members said Wednesday their Capitol Hill computers, containing information about political dissidents from around the world, have been hacked by sources apparently working out of China.

Virginia Rep. Frank Wolf says four of his computers were hacked. New Jersey Rep. Chris Smith says two of his computers were compromised in December 2006 and March 2007.

The two lawmakers are longtime critics of China's record on human rights.

/*
I'd be more inclined to just blame China because the computers were hacked. There doesn't really need to be a reason behind it. If you've got a hacked machine, chances are good that the attack or malware originated in China.

I null-route any block out of APNIC as I come across it. I don't know anyone in China, nor do I do business with anyone from China, so I don't care to receive packets from China.
*/

In an interview Wednesday, Wolf said the hacking of computers in his Capitol Hill office began in August 2006. He says a computer at a House committee office also was hacked, and he suggested others in the House and possibly the Senate could be involved.

The FBI declined to comment.

/*
The FBI knows, as well as anyone else with any security clue, that China is behind the majority of all attacks on the internet. No need to comment.
*/

Wolf said that in his office, the hackers "got everything," including all the casework regarding political dissidents around the world.

/*
Yet another loss of sensitive data.
*/

Separately, U.S. authorities are investigating whether Chinese officials secretly copied the contents of a government laptop computer during a visit to China by Commerce Secretary Carlos M. Gutierrez and used the information to try to hack into Commerce Department computers.

/*
They're still not using encryption on hard drives. It's so easy to implement, costs little to nothing, but yet they never seem to learn.
*/

"My own suspicion is I was targeted by China because of my long history of speaking out about China's abysmal human rights record," Wolf says in his remarks. He said Congress should hold hearings, specifically the House Intelligence Committee, Armed Services Committee and Government Operations Committee.

Wolf's resolution calls for the chief administrative officer and sergeant at arms of the House, in consultation with the FBI, to alert House members and their staffs to the danger of electronic attacks. He also wants lawmakers to be fully briefed on ways to safeguard official records from electronic security breaches.

Steganography of VoIP Streams

In this paper, we circumscribe available steganographic techniques that can be used for creating covert channels for VoIP (Voice over Internet Protocol) streams. Apart from characterizing existing steganographic methods we provide new insights by presenting two new techniques.

First one is network steganography solution and exploits free/unused fields of the RTCP (Real-Time Control Protocol) and RTP (Real-Time Transport Protocol) protocols. The second method provides hybrid storage-timing covert channel by utilizing delayed audio packets.

The results of the experiment, that was performed, regardless of steganalysis, to estimate a total amount of data that can be covertly transferred in VoIP RTP stream during the typical call, are also included in this article.

/*
I've reformatted the overview here for readability. This is a truly brilliant idea. I'm already a huge fan of cryptography; steganography in particular. There are plenty of applications out there for "hiding" messages in the least-significant-bits of images, MP3s, and several other file formats. This article brings steganography into the realm of real-time, two-way communication.

I've not yet had the chance to read the entire paper (16 pages), but it's loaded with formulas and figures that should give you a fairly realistic estimate of exactly how much bandwidth you have. The conclusion states that they were able to achieve 1.3 Mbit/sec of one-way throughput. A typical POTS telephone line requires only 64 Kbit/sec to carry voice.

Picture this: The modem in your computer places an outbound call, you pick up your headset and put it on. The other end answers, and you're immediately placed on hold. Are you? While you're listening to the muzak on the other end, your computer is pulling out bits here and there. You hear a voice say "Hello?" You speak, and the "hold" music stops; now your computer is playing music to the other party. The person on the other end hears your voice, and upon recognizing it, responds with a hearty "hello!"

Couple this technique with a strong, public-key-based encryption algorithm and you've got truly secure real-time communication. Using this technique in combination with strong cryptography makes your conversation exponentially more secure. Obfuscated amongst the elevator music playing back and forth is PKI-encrypted voice. Assuming someone is snooping on your communications, this in itself makes it difficult to detect the "out of band" voice chatter. With the added benefits of PKI cryptography, you have the ultimate in caller ID (only the caller's public key would decrypt any useful voice data; and in theory, only the caller would have access to their private key to encrypt that voice data), confidentiality to an extreme degree, and guaranteed integrity (any altered data would not checksum out correctly and would immediately be identified as having been altered).

I would expect to see some implementation of this theory very soon. A likely project to be "first to market" with it would be Asterisk.
*/

Military Supercomputer Sets Record

An American military supercomputer, assembled from components originally designed for video game machines, has reached a long-sought-after computing milestone by processing more than 1.026 quadrillion calculations per second.

/*
These "components originally designed for video game machines" are Sony's [along with Toshiba and IBM] Cell processors, such as the one in the PlayStation 3. I've long known these processors were destined for huge things.
*/

The new machine is more than twice as fast as the previous fastest supercomputer, the I.B.M. BlueGene/L, which is based at Lawrence Livermore National Laboratory in California.

The new $133 million supercomputer, called Roadrunner in a reference to the state bird of New Mexico, was devised and built by engineers and scientists at I.B.M. and Los Alamos National Laboratory, based in Los Alamos, N.M. It will be used principally to solve classified military problems to ensure that the nation’s stockpile of nuclear weapons will continue to work correctly as they age. The Roadrunner will simulate the behavior of the weapons in the first fraction of a second during an explosion.

/*
There's already talk on top500.org about the Roadrunner. Presumably, it will take the top spot in the June 2008 list, set to come out in a week. The list will be released June 17, 2008, during the International Supercomputing Conference in Dresden, Germany.

In all fairness, the Roadrunner isn't quite twice as fast as BlueGene/L anymore. It was when BGL was installed (at 478,200 PetaFLOPs), but it's received quite an upgrade since. It currently performs at 596,378 PetaFLOPs, which still pales in comparison to the Roadrunner's 1,026,000 PetaFLOPs.
*/

To put the performance of the machine in perspective, Thomas P. D’Agostino, the administrator of the National Nuclear Security Administration, said that if all six billion people on earth used hand calculators and performed calculations 24 hours a day and seven days a week, it would take them 46 years to do what the Roadrunner can in one day.

/*
This formula also assumes 100% accuracy, which is something us humans rarely achieve, and never sustain.
*/

The high-performance computing goal, known as a petaflop — one thousand trillion calculations per second — has long been viewed as a crucial milestone by military, technical and scientific organizations in the United States, as well as a growing group including Japan, China and the European Union. All view supercomputing technology as a symbol of national economic competitiveness.

...

"This is equivalent to the four-minute mile of supercomputing," said Jack Dongarra, a computer scientist at the University of Tennessee who for several decades has tracked the performance of the fastest computers.

...

The Roadrunner is based on a radical design that includes 12,960 chips that are an improved version of an I.B.M. Cell microprocessor, a parallel processing chip originally created for Sony’s PlayStation 3 video-game machine. The Sony chips are used as accelerators, or turbochargers, for portions of calculations.

The Roadrunner also includes a smaller number of more conventional Opteron processors, made by Advanced Micro Devices, which are already widely used in corporate servers.

...

Roadrunner, which consumes roughly three megawatts of power, or about the power required by a large suburban shopping center, requires three separate programming tools because it has three types of processors. Programmers have to figure out how to keep all of the 116,640 processor cores in the machine occupied simultaneously in order for it to run effectively.

...

By breaking the petaflop barrier sooner than had been generally expected, the United States’ supercomputer industry has been able to sustain a pace of continuous performance increases, improving a thousandfold in processing power in 11 years. The next thousandfold goal is the exaflop, which is a quintillion calculations per second, followed by the zettaflop, the yottaflop and the xeraflop.

/*
Here's something I didn't know; that we've increased processing power a thousandfold in the past 11 years. It's strange to think back to when there was a noticeable difference between my Pentium 166 Mhz and my friend's Pentium 133 Mhz. That was about 11 years ago, give or take.

All in all, they never mention what operating system this beast will run. I'm sure the details will come out, little at a time, but for now, the idea of 116,640 cores has me drooling!
*/

BackTrack Linux

BackTrack is the most Top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.

It's evolved from the merge of the two wide spread distributions - Whax and Auditor Security Collection. By joining forces and replacing these distributions, BackTrack has gained massive popularity and was voted in 2006 as the #1 Security Live Distribution by insecure.org. Security professionals as well as new comers are using BackTrack as their favorite toolset all over the globe.

...

Because Metasploit is one of the key tools for most analysts it is tightly integrated into BackTrack and both projects collaborate together to always provide an on-the-edge implementation of Metasploit within the BackTrack CD-Rom images or the upcoming remote-exploit.org distributed and maintained virtualization images (like VMWare images appliances).

Currently BackTrack consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals. This structure allows even newcomers to find the related tools to a certain task to be accomplished. New technologies and testing techniques are merged into BackTrack as soon as possible to keep it up-to-date.

/*
This live-CD Linux distribution truly has every tool you could imagine using for a security audit. There are 24 information gathering tools; 21 network mapping tools; 65 vulnerability identification tools; 11 penetration tools; 48 privilege escalation tools; 15 backdoors; a log cleaner; 29 wireless analysis tools; 7 VoIP analysis tools; 13 digital forensics tools; 7 reverse engineering tools; and the Snort IDS. Quite a collection!

The live-CD boots to a KDE desktop, with support for various ethernet NICs and wireless cards both natively and through ndiswrapper. The website even includes screenshots.

The current version is 141207 (12/14/2007 - Beta 3). MD5 checksums are available on the download page.
*/

ArpON

ArpON is an ARP handler. It is able to handle network devices automatically or manually, to print a list of up network interfaces of the system (it uses the last of the list). It identifies the interface's datalink layer you are using but it supports only Ethernet/Wireless as datalink. ArpON sets the netowrk interface and it deletes the PROMISCUE flag.

Among all its features ArpON is able to ping using ARP a host, the possibility to ping the broadcast address (it can compute the number of up host through netmask address, it recognizes the address class INET/IPV4), then it prints a up host's list of the LAN.

ArpON can be also a passive sniffer and so it can capture all inbound/outbound ARP packets, requests and replies, in TcpDump style.

/*
This utility just came through the focus-linux mailing list today. It appears to be a Linux-based version of Cisco's port-security for MAC filtering, with additional features.

The aim is to block faked ARP replies; both solicited and unsolicited. While it claims to work well even with DHCP, I have a feeling it might cause breakage in certain scenarios. In a virtualized environment, the MAC address assigned to the virtual NIC may well change between boots. In a hot-failover scenario, it may cause the host to ignore gratuitous ARP.

This tool also supports ARP-level "ping", in both unicast and broadcast mode. This works in the same fashion as the ARPing utility.

While this tool looks like it might be useful in smaller, semi-static environments, I think Cisco's port-security is likely a more reliable option.
*/

Speed Up Your Ajax Applications While Dodging Web Services Vulnerabilities

Deploying bandwidth-efficient Ajax applications does not guarantee that the service levels in a Service Level Agreement will stay high. No matter how well you change code in the Ajax format to make it more bandwidth efficient, there will be always risks and vulnerabilities you'll need to watch out for and mitigate. Regular developerWorks author Judith Myerson gives a brief Ajax recap, shows what Web services vulnerabilities are and why Service Level Agreements (SLA) are important, and suggests some solutions for speeding up Ajax applications.

/*
This DeveloperWorks article covers AJAX concepts such as vulnerabilities (excessive bandwidth, corrupted data, frequent small requests, and memory leaks), SLAs, and improvements.

Improvement topics include speeding up applications, web services standards, and traffic monitoring.
*/