Mixed links


From the “Things that make you go hmmm” blog: Do most people vote on five star ratings in extremes? [analysis, MySQL queries] – interesting look, however I’m not sure how much value there is in such analysis. I don’t really feel an urge to “please the public”, however on some more technical posts (“how to” type posts) this might be useful.

Ask a Google Engineer – some interesting tidbits there. Also, I found out about Andrew Morton that he works at Google 🙂

Innovation in free desktops: What I’ve got open – an interesting suggestion to improve the communication between applications. I especially like the idea for browsers (and other applications) to accept pasted data directly wherever they accept files.

From taint.org: pixenate on demand – an online service, accessible via JS APIs to upload and transform images. Interesting concept, but I’m not very sure that it is a viable business model (my basic problems are that (a) you introduce an other dependency in your system – if they go down, your site or part of it will go also down and (b) you introduced an additional, repeated – because it is subscription based – cost, which takes away from your revenue).

Also from taint.org comes an interesting technique for fighting spam. It is very cool how you can keep track of items securely, without actually storing the IDs (which is very cool because you don’t need storage, and also it is very scalable).

From terminal23 comes this useful (and very true) post: 10 things your tech guy wants you to know .

From the SDL blog comes the following piece: Secure Coding Secrets? Interesting opinion.

Bruce Schneier is part of a team working on SHA-3 and he shares some news on this matter. While current hash algorithms should be sufficient for the near future, it is nice to see that NIST is thinking ahead.

The Financial Cryptography blog talks about the balance of closed vs. open information (yeah, the cert is broken). Interesting read.

Since everybody else blogged about it: you can listen to the latest Guns’n’Roses album on MySpace. Here is a review about it.

Via the Donkey On A Waffle blog: solving the halting problem? The fine folks at GetACoder are “100% confident for a successful delivery of your Project”, while staying in “constant communication online”.

Over at the Rational Survivability there is a comparison between cloud services. Nice overview.

On OpenRCE we have an article about Memoryze, a memory forensics tool from Mandiant. Interesting. The only thing I have an issue with is the description of the tools as “not reliant on API calls”. Now I didn’t download and look at it, but somehow I feel that it just opens “DevicePhysicalMemory”. While it is true that it doesn’t use API’s to list processes / DLL’s / etc, (most probably) it does use APIs to obtain the initial data, and as such, it can be undermined (then again, probably because memory analysis is a relatively new field, there isn’t much out there which does so).


Leave a Reply

Your email address will not be published. Required fields are marked *