Browsing Posts published in January, 2006
Sun’s Schwartz talks about licensing Solaris under the GPL3:
Sun continues its dance with open source as it contemplates changing the license under which the Solaris source code is released. Is Sun finally serious about working with the open source community?
Shmoocon 2006: The Church of Wi-Fi presents: An evil bastard, a rainbow and a great dane!:
The Church of WiFi gave a presentation on some of their recent projects. The first was coWPAtty, a program for brute forcing WPA-PSK. To speed up the process they created a table for pre-hashed WPA-PSK. WPA-PSK is seeded using the SSID of the router, so they grabbed the top 1000 SSIDs from Wigle.net and calculated the hashes when using a 170,000 word dictionary. Now they are able to check 18,000 keys/sec instead of just 12 keys/sec.
The next project was Evil Bastard, a custom WRT firmware. It is similar to Rogue Squadron which is a firmware designed to spoof an access point and collect user information by phishing. Evil Bastard has even more tools like Aircrack and Driftnet. It even features a “Point ‘n 0wn” interface that lets you just click on the target you want to automatically spoof.
The CoWF is also responsible for Kiswin, Kismet for Windows, which saves you from having to install Cygwin.
OpenWrt, the GPLed Linux distribution for wireless routers, is at RC4 and is nearing the 1.0 release. We looked at RC2 last August, but things have changed since then — for the better.
Solaris OS Networking — The Magic Revealed:
Detailed article describing networking under Solaris.“This paper discusses the networking advancements in the Solaris 10 OS, as well as the evolution of networking in previous releases. Topics include TCP, UDP, IP, the device driver framework, and tuning for performance.” BigAdmin Feature Article: Solaris OS Networking — The Magic Revealed
Network Computing covers the tiny details that make WPA2 work: If you wanted to know the ugly innards of the beast that is the WPA2/802.11i implementation of Advanced Encryption System (AES) ciphers, read on. Frank Bulk dissects how the AES keys work within the certified WPA2 framework, including in an 802.1X environment….
Wireless Man in the Middle Attack Part I:
Typical hacks against both wired and wireless networks include traffic sniffing. Man-in-the-Middle attacks are really a derivative of packet sniffing. Instead of listening to all packets that pass through a network, man-in-the-middle attacks attempt to pick one or more hosts with which to interfere.
This tutorial describes how to install and configure OpenSSH so that it will allow chrooted sessions for users. With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of.
Sun is keener than ever to port Linux to its new multicore T1 chip, even if it’s not expected to happen for six to nine months. The company has made T1 servers available to Linux developers and is working with unnamed Linux distributors to develop the port.
DORMITORY
When you rearrange the letters:
DIRTY ROOM
PRESBYTERIAN
When you rearrange the letters:
BEST IN PRAYER
ASTRONOMER
When you rearrange the letters:
MOON STARER
THE EYES
When you rearrange the letters:
THEY SEE
GEORGE BUSH
When you rearrange the letters:
HE BUGS GORE
THE MORSE CODE
When you rearrange the letters:
HERE COME DOTS
SLOT MACHINES
When you rearrange the letters:
CASH LOST IN ME
ANIMOSITY
When you rearrange the letters:
IS NO AMITY
ELECTION RESULTS
When you rearrange the letters:
LIES – LET’S RECOUNT
MOTHER-IN-LAW
When you rearrange the letters:
WOMAN HITLER
SNOOZE ALARMS
When you rearrange the letters:
ALAS! NO MORE Z’S
A DECIMAL POINT
When you rearrange the letters:
IM A DOT IN PLACE
THE EARTHQUAKES
When you rearrange the letters:
THAT QUEER SHAKE
ELEVEN PLUS TWO
When you rearrange the letters:
TWELVE PLUS ONE
AND FOR THE GRAND FINALE:
PRESIDENT CLINTON OF THE USA:
When you rearrange the letters
(With no letters left over and using each letter only once):
TO COPULATE HE FINDS INTERNS
A Statistical Review of 1 Billion Web Pages:
“As part of a recent examination of the most popular html authoring techniques, my colleague Ian Hickson parsed through a billion web pages from the Google repository to find out what are the most popular class names, elements, attributes, and related metadata. We decided that to publish this would be of significant utility to developers. It’s also a fascinating look into how people create web pages. For instance one thing that surprised me was that the <title> is more popular than <br>. The graphs in the report require a browser with SVG and CSS support (like Firefox 1.5!). Enjoy!”
User level: Advanced Other system administrators have fantastic toolboxes for their work. My tools consist of two everyday programs: OpenSSH and the GNU Bourne-Again Shell (bash). No other tool, whether console-based or GUI, has been so consistently useful to me as these two programs.
Add an extra layer of security with systrace:
Niels Provos’ Systrace is a utility that monitors and controls what an application can access on a system by creating and enforcing access policies for system calls. For the Linux crowd, it’s something like the US National Security Agency’s SE Linux, but it’s more flexible and, if used properly, it can improve a system’s overall security by “sandboxing” untrusted applications and users.
Cheat Knoppix to Improve Performance:
Learn how to run your personal, live-Knoppix configuration on any PC. MozillaQuest Magazine (MozillaQuest.Com) reports: “. . . in Part 4 of our Knoppix cheats article, you will learn how to put together all the stuff you learned in Parts 1 through 3 to make a very portable, Live-Knoppix setup. It’s really very slick and it is very handy too . . . we are going to put the Persistent Knoppix image on the same USB key that we put the live Knoppix CD that we used for the performance cheats in
Phone record revelation
Published: 2006-01-24
In order to obtain the information necessary to pull off a convincing imitation, details about the person are often needed. This is where the phone record companies turn to public data providers such as ChoicePoint and LexisNexis for enough information to build a profile on the individual, according to a Network World article.
This affiliation with legitimate data providers was not expected by many, and explains some of the ease and proficiency with which records are obtained. Another method mentioned was dire
Online crime matures beyond adolescence:
Online crime matures beyond adolescence
Published: 2006-01-24
Cybercrime is moving from broad ego-driven outbreaks to much smaller targeted attacks aimed at stealing sensitive data or extorting money from companies, IBM stated in its 2005 Global Business Security Index Report released on Monday.
The conclusion explains the apparent drop in high-profile attacks in 2005, a year that saw only moderate threats such as the Zotob worm and the Sober virus. The company, however, saw a major increase in the number of targeted attacks, which generally are not well c
I used to be almost exclusively a database developer, writing complex queries and stored procedures in Oracle and MySQL. Of late I’ve been doing more and more web based work, HTML, JavaScript, CSS, PHP and Perl, this means of course that I’m doing less and less SQL especially the more complex stuff that I would have been doing in the past.
“PC Magazine is running a review of several popular BitTorrent clients. They review uTorrent, an app that ‘packs an outstanding array of features in 107KB, and doesn’t even create a folder in your Program Files’ and give it 4.5 stars. BitTorrent Client from BitTorrent.com, ‘whose clean interface has three basic elements: a large progress bar for each torrent you’re working on, a slider that controls your maximum upload rate, and a link to the BitTorrent Search engine’, gets 4 stars. BitPump ‘features an attractive interface that sacrifices a detailed feature set for BitTorrent tweakers in favor of simplicity and ease of use’ and gets 4 stars. Finally, Azureus, ‘a favorite with advanced users, who enjoy its plug-in system and huge range of tweakable settings’, gets 4.5 stars. An interview with Bram Cohen from BitTorrent is available as well.”
Wouldn’t you know it just a few weeks after I bought my father a Mac for Christmas, Steve Jobs beats his previous target dates by announcing and shipping Intel-based Macs at MacExpo last week. I don’t think my father is enough of a power user to notice the difference, but for most Mac heads, the new Intel-based Macs are nothing but good news.
Not only do a lot of the MySQL developers and the open source community in general use and love the Mac, it seems to be an increasingly popular platform among our customers. In our most recent user survey over the holidays, Mac OS/X users accounted for about 12% of respondents. This is an increase over the last year, and puts the Mac on par with Solaris. It’s still a far cry from Linux or Windows, but the trend for the Mac is going up whereas the trend for Solaris, AIX, HP-UX, Netware is not.
Thanks to some fast work from our build team and the web team, we now have Mac intel binaries of the MySQL community edition available for download. Since MySQL runs on more than 2 dozen platforms, it was a pretty straightforward recompile with GCC; but its still great to have it so quickly.
Apple’s reasons for switching to Intel are clear. They can deliver higher performance CPUs with lower power consumption and ride the Intel commoditization curve making their machines more competitive. The side benefit is that the Mac may become a more attractive and easier platform for ISVs to support. That should increase the number of software titles available for the Mac, further increasing the size of the market.
The new Intel iMac’s run at a theoretical speed that is 2-3x faster than the old G5 processor, but that’s based on somewhat arbitrary (and unrealistic) benchmarks. For most casual users, you might notice a modest 25-30% performance on some tasks. That’s not bad, but it’s an incremental improvement at best. For certain CPU-bound tasks, like crunching video files, there can be more significant improvements. However, it does appear that the I/O is more efficient on the Intel-based Macs, so copying files and presumably compiling source code or running a database should see more significant improvements. One of our partners, Zimbra, has seen significant performance improvements on the Intel-based Macintoshes.
For now, all of the Apple supplied software has been ported to the Intel chip set with nice performance improvements for QuickTime, iTunes, iLife etc. We’re also starting to see a steady supply of announcements form third party Mac ISVs who have or are planning on native ports to Intel. Most older Mac software will run automatically using the built-in Rosetta fancy-pants dynamic binary translator software developed by the high-IQ code wonks from a company called Transitive The added oomph of the Intel Core Duo will be pretty much offset by the Rosetta translator, so its a bit of a wash. Graphics programs, like PhotoShop are the programs that will most benefit from native Intel performance, so you may wish to wait until they’re available before switching to Intel.
For more info, take a look at the articles and links below. And if anyone wants to report on their experience with the Intel Macs, post comments and let me know.
- PCMag: Apple iMac (Intel Core Duo)
- Apple: Intel-based iMacs
- CNET: The Brains Behind Apple’s Rosetta
- MySQL: Mac Intel downloads
