Recent Posts
| Hi all. Not much to say this week. I still haven't worked out how I will do a table of contents. If anyone would like to recommend some regex, it will need to match every instance of [anchor=*] it finds in the given string. Also, there are three articles this week that have been discussed elsewhere, please be sure to contribute to the original threads if you have any thoughts on the topic. As usual, you may find last week's news here. |
The Open Information Security Foundation (OISF, www.openinfosecfoundation.org) is proud to announce its formation, made possible by a grant from the U.S. Department of Homeland Security (DHS). The OISF has been chartered and funded by DHS to build a next-generation intrusion detection and prevention engine. This project will consider every new and existing technology, concept and idea to build a completely open source licensed engine. Development will be funded by DHS, and the end product will be made available to any user or organization.
President Bush yesterday signed a bill that toughens current laws on the theft of intellectual property and establishes a new White House cabinet position to oversee the IP infringement effort.
The Prioritizing Resources and Organization for Intellectual Property Act (Pro-IP), which was passed by the House and Senate earlier this month, establishes the position of intellectual property enforcement coordinator ("IP czar"). It also steepens penalties for IP infringement and increases resources for the Department of Justice to coordinate for federal and state efforts against counterfeiting and piracy.
Russian security company Elcomsoft just posted a press release (original PDF) detailing a new method to crack WPA and WPA2 keys:
With the latest version of Elcomsoft Distributed Password Recovery, it is now possible to crack WPA and WPA2 protection on Wi-Fi networks up to 100 times quicker with the use of massively parallel computational power of the newest NVIDIA chips. Elcomsoft Distributed Password Recovery only needs a few packets intercepted in order to perform the attack.
Apple has patented the OS X Dock, nearly a decade after the operating system made its public debut with a new slant on the taskbar.
The late arrival isn't due to a lack of initiative, however. Apple applied for the patent December 20, 1999, and it was approved by the US Patent Office only yesterday.
Apple summarizes the Dock as a "user interface for providing consolidation and access." The patent (available here) puts a particular focus on the Dock's ability to magnify icons to a predetermined size when the cursor is near, the user's ability to rearrange icons, and the way it overlaps the desktop and active windows. Other touches such as indicating which applications are running, label tiles appearing on mouse-over, and the ability to drag and drop files into applications on the Dock are also described.
The World Bank has denied reports that hackers penetrated its network on multiple occasions over the last year.
Fox News reports the financial institution has suffered at least six attacks since the middle of 2007. The assault emerged in the course of a separate FBI investigation, prompting the bank to issue a memo (pdf) to warn workers.
An American hacker has been sentenced to two years in federal prison for waging potent attacks that took down two volunteer websites for days at a time.
Gregory C. King of Fairfield, California, was also ordered to pay more than $69,000 in restitution for distributed denial of service (DDoS) attacks on CastleCops and KillaNet Technologies. In June, King admitted he used a bot army to wage a relentless campaign of destruction on the sites in a scheme to punish the operators for behavior he thought was unfair. The attacks were so fierce that his victims sustained as much as $70,000 in damage, according to court documents.
Leaked documents have confirmed that carder forum DarkMarket was actually an FBI sting operation.
For the last two years until its shutdown earlier this month DarkMarket.ws posed as a forum where identity thieves, credit card fraudsters, crackers and other ne'er do wells could hang out and exchange tips as well as trading hacker tools and stolen data. In reality, the site was run by Federal agents based in Pittsburgh.
Security watchers Marshal claim the infamous Storm botnet is no more, after waning spam emails finally dried up altogether last month.
Other security researchers have noted a similar decline, but warn that while the botnet is currently inactive it may yet return, possibly in a more potent form.
After laying low for the better part of a year, the Warezov botnet is back - with some new tricks up its sleeve.
In the past week, trojan horse programs that install the Warezov bot have been spotted on websites offering free MP3 downloads, according to Joe Stewart, director of malware research at security provider SecureWorks. The attacks are a big change for Warezov, which burst on the scene in 2006 with malware attacks spread in email attachments. The new methodology is an acknowledgment of the futility of email attacks given the difficulty of sneaking malicious payloads past today's email filters.
Adobe has published an update to its popular Flash Player software, addressing a much-publicised clickjacking flaw.
Clickjacking affects multiple applications (including browsers and media players) and creates a means for hackers to trick prospective marks into unknowingly clicking on a link or dialogue. Adobe Flash Player - specifically the microphone and camera access dialogue - was among the products affected.
Australians may not be able to opt out of the government's Internet filtering initiative like they were originally led to believe. Details have begun to come out about Australia's Cyber-Safety Plan, which aims to block "illegal" content from being accessed within the country, as well as pornographic material inappropriate for children. Right now, the system is in the testing stages, but network engineers are now saying that there's no way to opt out entirely from content filtering.
When the 12,000 person city of Monticello, Minnesota voted overwhelmingly to put in a city-owned and -operated fiber-optic network that would link up all homes and business to a fast Internet pipe, the local telco sued to stop them. Wednesday, District Court Judge Jonathan Jasper dismissed the suit with prejudice after finding that the city was well within its rights to build the network by issuing municipal bonds. In this case, however, a total loss for the telco might actually turn out to be a perverse sort of victory.
An uproar erupted when iPhone users discovered a so-called remote kill switch on their phones -- will it spur the same reaction in users of the G1, the first Android phone?
In the Android Market terms of service, Google expressly says that it might remotely remove an application from a user's phone. "Google may discover a product that violates the developer distribution agreement ... in such an instance, Google retains the right to remotely remove those applications from your device at its sole discretion," the terms, linked to from the phone, read.
Version 3.1 doesn't seem to have any major improvements, but a large number of potentially noteworthy ones. There is a new version of the Gecko rendering engine that claims improvements in web compatibility, standards compliance, ease of use and performance. There is more support for CSS 2.1 and 3.0 properties.
The Smart Location Bar has support for new characters to restrict searches.
Developers get a lot of new features to use: There are new video and audio elements from HTML 5. There are many additions to the DOM and Canvas and SVG (Scalable Vector Graphics) support.
The final version of OpenOffice 3 is out today, and if you're looking to save yourself plenty of money, download it instead of buying Microsoft Office --- you could save yourself hundreds of dollars, and not lose out on many features.
I put the Windows version through its paces, and am about to download the Linux version as well. The suite has six full-blown applications: the Writer word processor, Calc spreadsheet, Impress presentations program, Base database program, Math equation editor, and Draw graphics program.
Mozilla’s mobile version of Firefox, code-named Fennec, has reached the alpha 1 milestone. As with the previous, pre-alpha releases, Fennec alpha 1 will only work with the Nokia N800/N810 internet tablet. While Mozilla says that it has made great progress on the Windows Mobile version, there’s still no release available. There also won’t be an iPhone version anytime soon; as Mozilla execs have previously stated, Apple’s software requirements for the device are too restrictive.
Launcher? Application? What are you talking about?It's not often I comment just to express amusement, but...
FARR is my favorite operating system... although I have some reservations toward one of its plugins... what was its name... oh, yeah, Microsoft Windows!-Jabberwock (October 15, 2008, 03:01 PM)
I would never discourage people to post news items they consider important. Last week's news contained an article that Carol had already posted. I just direct people to the original thread in hopes of directing peoples attention to the location where discussion is already going on.
)You're missing my point. Your previous quote was simply Jeff's opinion on PHP, an unsupported one at that. This one has a basis in fact, and even goes so far as to describe them in detail. I'll even give you that PHP is prone to adding random features and in a way that completely disregards any form of classification. I fail to see, however, how this flaw makes PHP such a horrifying language to use, how it breeds bad programming habbits, and why it's such travesty given all the other options available should one wish to be rid of this oversight. PHP does teach procedurally oriented programming, it is a highly marketable language, and it does complement HTML in (arguably) the most practical fashion currently.in future you may want to consider backing up your opinion with more than a quote from someone with the same opinion.-Ehtyar (October 12, 2008, 06:54 PM)
Why am I obligated to provide more than one, when you provided no citations whatsoever? I was going to be a smarta** and post a search to 473,000 hits on "PHP sucks", but just consider this one:First, let's try to be a bit more specific. Does PHP the language suck, or does PHP the environment suck?
They both suck.
In fact, they suck for the same reason: PHP-the-language and PHP-the-environment both grew by accretion of random features, not by any purposeful design for orthogonality. So you have idiot "features" like magic quotes ("Assuming it to be on, or off, affects portability. Use get_magic_quotes_gpc() to check for this, and code accordingly) and register globals (same disclaimer applies, only more so).
...
In short, PHP sucks because, PHP's authors are prone to confuse "pragmatism" (a fine design goal, if done well) with "adding random features without considering how they impact the language as a whole." Thus, its authors have found it necessary to correct obvious flaws in both minor and major releases, with the result that the recent PHP5 breaks with the past to an unprecedented degree while still leaving many fundamental flaws un-addressed.
I wouldn't have posted this whole quote, but I think it actually supports my point in the real discussion. Design issues are every bit as important as the programming language. If you don't know what you're doing, you may just wind up with a magnificent monstrosity. Knowing how to write a program isn't sufficient: you need to know how to decide just which program to write: what does the user really need; what are the best algorithms to achieve those goals; any design patterns extant where people have already proven the solutions.-CWuestefeld (October 12, 2008, 07:11 PM)
ps: other interesting options could by python (where's tinjaw?I try to steer clear of recommending such things because I know my personal bias is overwhelming), perl or javascript for example.
-jgpaiva (October 12, 2008, 06:14 PM)
Python is known as a very good teacher, however Perl is definitely the language to start with, you would learn some very bad habits as a first-timer coder in Perl.Josephus, I think you're starting well in the way you've asked the question -- as opposed to others that Ehtyar linked to, that asked simply what language to use, since that's only one part of the question.*sigh* Had you bothered to check any of the links, you'd have found the first is a link to article discussing the best beginner languages. And your contribution to his question is...?
It's like saying "I want to learn how to drive" is better than asking "how do you use the steering wheel and brake?". There are so many other factors: understanding traffic control devices and the rules of the road; vehicle dynamics; etc.
Extending the analogy, then, to learn software development you must obviously learn a particular language. But there's so much to learn beyond the language itself. You should also be looking for an understanding of data structures and algorithms (e.g., how does one sort a list?; what's a linked list for and how do I create one?), design patterns (common solutions to the problems that recur frequently; I recommend the book of the same name by Gamma et al), understanding how operating systems work, and so forth.-CWuestefeld (October 12, 2008, 12:03 PM)
If your idea is to progress, I'd recommend something like Java or C#. A good start could be a web technology like php, if you intend to follow that path.Although I personally detest the philosophy of C#, and find Suns behavior regarding the development of Java as a language appalling, I must agree that both languages offer possibly the best opportunities for money making, and an understanding of object oriented programming.
Anyways, even though autohotkey (the language mostly used here at DC for making coding snacks) is a great language for making fun and useful stuff, it really isn't very good for those that want to progress, as it's pretty limited.-jgpaiva (October 12, 2008, 12:28 PM)
Thanks tomos Actually I found a kinda neat use for it...Which you have been able to with Prism since almost a year prior to Google releasing Chrome. Why does everyone get hot and bothered when Google release something "innovative", but when Firefox gets an upgrade all you hear are complaints?
You know the "make a web app look like a normal app" feature?
I used that for the web interfaces for Popfile and my router.
They look a little less cluttered and it behaves the same as in a browser, but really that's not a big deal at all.
Cute maybe, but necessary? Nah.-Edvard (October 10, 2008, 07:57 PM)
Fine fine fineA TOC would be, to put it simply, just too much extra work.Script it?-Ehtyar (October 10, 2008, 06:41 PM)-f0dder (October 10, 2008, 06:47 PM)
Am I the only one who still doesn't understand the point of Chrome (and these alternates) and promptly uninstalled it without looking back?Certainly not. I move to establish the Tinfoil Hat Brigade (THB) to make Deo and I feel less alone!-Deozaan (October 10, 2008, 03:23 PM)