A relatively long discussion about some AV’s having a false detection for VirtualDub. It is useful in the sense that you can see the (mis)conceptions people have about the matter.
Originally I wasn’t going to comment on this, but I just can’t take it: Bill Pytlovany, who with I had run-ins before, posted what I consider to be a joke of very poor taste. Since than he has taken it down, but you can still see it in the Google cache. Now, I haven’t made up my mind on the Tibet issue either way (I didn’t have time to study in-depth enough to say that I have an informed opinion), but using it in a joke is disrespectful either way.
From the Database Geek blog: Playstations 2 will be available for under 100 USD – w00t, an other cheap device to run Linux on!
From Oraclenerd: Unskilled and Unaware of It [PDF]. A very sad (or frightening, depending on how you look at it) article explaining that most people are the more likely to overestimate they capabilities as their knowledge in the area shrinks.
From a SUN blog: Effects of Flash/SSD on PostgreSQL – PostgreSQL East 2009. Of course this is from a SUN employee and SUN sells SSD’s for servers, but still an interesting read.
On the zillablog we have a presentation about the new features to come in PostgreSQL 8.4. Very cool, and we have very little until it is released (it should be released on the 1st of May if everything goes well):
From a good friend of mine (even though he uses WordPress :-P): Top ten striptease songs.
From taint.org: Creator of Cyc reviews Wolfram Alpha. Very cool (also, I haven’t heard about cyc until now, so it was interesting also from that point of view). Also from taint.org: on url shorteners, which mentions a site having quite a large list with URL shortening services (might come in handy some day).
From the Old New Thing blog: Windows 95 almost had floppy insertion detection but the training cost was prohibitive and the follow up – very interesting to know that floppy drives had the capability of detecting (and signaling) the presence of disks without spinning them up. I just wonder: does this apply to both 3” and 5.25” floppy drives? 🙂
Detecting event support without browser sniffing – browser sniffing is bad, and this is a cool thing.
NAS Troubleshooting via the Back Door – yes, web interfaces for such equipment is quite insecure. On a similar note, I started looking at CGILua and noted several security problems at the first glance (using a very small space for session id’s, not always checking the passed in session id, being prone to truncating strings due to NUL characters – although that might have been because of mini-httpd, I didn’t check the details).
From the Reverse Engineering Reddit: ZIP Attacks with Reduced Known-Plaintext – oldie, but goodie. The problem with the ZIP format is that there are too many variations out there, and you can never be sure what a program means when it says that it supports “ZIP encryption”.
A cool way to geolocate the client – unfortunately it doesn’t always work.
Dealing with those pesky “unnamed” threats – an other explanation of why whitelisting is better than blacklisting if you can afford it.
A Quick Survey on Intermediate Representations for Program Analysis – should be interesting for reverserser / decompiler (or other analysis tool) authors.
The MSHTML Host Security FAQ: Part I of II and Part II. Interesting, but the fact that most options are opt-in for backward compatibility reasons (I assume), so existing applications won’t take advantage of them :-(.
A quote from the HolisticInfoSec blog:
The difference is that… IF… you own, and run, your own servers, or systems/software… AND, a "common vulnerability" exists, and is exploited… You MAY be vulnerable… you MAY have a security issue… you MAY be targeted… you MAY not have adequately protected your system… you MAY be hit by the problem… you MAY have issues, and losses… possibly.
If, however, you are dependent upon any, EXTERNAL, single point-of-attack/vulnerable-point… then you WILL be hit… you WILL be affected… you WILL have losses… and you WILL be totally-dependent upon EXTERNAL-interests in "fixing", and recovering… based upon THEIR competence, and on THEIR time-table… and, to suit THEIR perception of THEIR interests.
In other words, ALL YOUR EGGS in [SOMEONE ELSES] basket.
From games.slashdot.org: a new version (2.5) of Nexuiz, an open-source FPS game, has been released. It looks good, and for an Unreal 2003 fan like me, is very good (OpenArena looked a little too cartoonish for my taste). With the previous version (2.4) I had some negative experience of Ubuntu, and 2.5 isn’t the repos yet. It also seems that they are implementing some interesting anti-cheat mechanisms.
Common Apache Misconception – an important catch of the standard Apache/PHP (and possibly other scripting engines) configuration.
This is funny, even if you don’t follow Formula 1:
From the Google Code blog: Google Code Blog: AJAX APIs Playground Ver. 2 – some very cool updates. The Firebug Lite integration is especially nice!
From the the Mailinator(tm) Blog I found my way to this post: Thread per connection : NIO, Linux NPTL and epoll which asserts that the Java NIO (New IO) is actually slower on modern systems than the old model, which highlights the need to profile before “optimizing” your code. A similar post/video: Java Performance Myths. Again, measure twice, cut once.
Picture taken from MinivanNinja’s photostream with permission.