| |
| Current Topic: Miscellaneous |
|
Schneier on Security: The Continuing Cheapening of the Word 'Terrorism' |
|
|
|---|
| Topic: Miscellaneous |
3:28 pm EDT, Aug 19, 2009 |
The Continuing Cheapening of the Word "Terrorism" "Terroristic threats"? A pickup truck driver is accused of trying to run over a bicyclist and then coming after him brandishing an ax after a road-rage incident in Burnsville last weekend. The driver, Mitchel J. Pieper, 32, of Burnsville, was charged in Dakota County District Court on Tuesday with making terroristic threats, a felony, in connection with the altercation Saturday. The bicyclist was not seriously hurt. Seems like a normal threat to me. Or assault, with intent to do bodily harm. What's wrong with those criminal statutes? Let's save the word "terrorism" for things that actually are terrorism.
Exactly. I'm getting pretty annoyed with all these DA recently who are pursuing overblown charges to get some bona fides for their political future. Maybe this has always happened and I just didn't notice it because it was not in the computer/national security space. Schneier on Security: The Continuing Cheapening of the Word 'Terrorism' |
|
Microsoft Monopoly hurts again. |
|
|
|---|
| Topic: Miscellaneous |
2:40 pm EDT, Aug 19, 2009 |
Yup, I think you read that correctly (if you can see the type). No processor over 2GHz, no screen over 10.2-inches, only 1GB of RAM, at most 250GB of hard drive space.
This is pretty lame. Heard a report on Marketplace yesterday that Netbooks make up 20% of all laptop sales. This is a pretty clear example of Microsoft's monopoly and the problems that causes. Clearly there is a demand in the market place of the Netbook product class. Clearly it is in the interests of Microsoft and the traditional Laptop OEMs to sell laptops instead of netbooks due of the margins they make. Microsoft is using its operating system dominance to harm the Netbook market. It is artificially and arbitrarily restricting OEMs from using the low cost versions of Windows except on an extremely small subset of current and future Netbooks. Instead, it requires OEMs use a more expensive version of Windows 7 which will make the current Netbook market price-point impossible. Should companies be able to decide for themselves the price and usage of their products? Of course, because if their decisions do not satisfy the market someone else can come in and fill that need. The problem is Microsoft is a monopoly and so no one else can easily come in and address the need. Microsoft's business interests are in direct conflict with the market and the consumers' interests. Due to its size Microsoft will win and we all lose. I have a fundamental problem with this. Microsoft Monopoly hurts again. |
|
Timefire: On Reducing the Size of Compressed Javascript (by up to 20%) |
|
|
|---|
| Topic: Miscellaneous |
1:55 pm EDT, Aug 19, 2009 |
One idea I started to think about was to repurpose Document Clustering techniques towards code. Document Clustering is commonly used in information retrieval systems to find related documents. Typically, a document is encoded using some technique to measure word importance, such as representing each word by its term frequency inverse document frequency. Then, any two documents can be compared by some distance metric, for example, taking the tf-idf weightings of terms as a vector in N-space and computing the cosine between them. In this case, we'd let each function be a separate document, and the entire program be like the corpus of documents. We'd then choose some encoding to weigh Javascript grammar nodes by importance in a way that would produce good LZ77 matches, and then proceed in a bottom-up clustering fashion. First, we'd construct all the pairs of functions which match best. Pick a function, pair it with its best match, call that Cluster 1. Pick another function, pair it with its best match, call that Cluster 2, and so on. After this procedure is done, pick a Cluster, and find its nearest Cluster (according to some metric) and pair them up in a Cluster of 4 functions. After that's done, pair up 4-Clusters into Clusters of 8, and so on, until the final cluster encompasses the whole program.
The idea to rearrange the layout of functions in a JS file to better utilize the sliding window characteristics of the Deflate compression algorithm is very sexy! Timefire: On Reducing the Size of Compressed Javascript (by up to 20%) |
|
Bad Behavior Anti-bot Screener not very good |
|
|
|---|
| Topic: Miscellaneous |
12:57 pm EDT, Aug 17, 2009 |
Instead, Bad Behavior pioneered an HTTP fingerprinting approach. Instead of looking at the spam, we look at the spammer. Bad Behavior analyzes the HTTP headers, IP address, and other metadata regarding the request to determine if it is spammy or malicious. This approach has proved, as one user said, “shockingly effective.” After all, spammers write their bots on the cheap, and have little incentive to code very well. If they could code very well, they probably wouldn’t be spammers.
Ran across a blog "protected" by this today. Pretty liberal use of the word "fingerprint." It doesn't even check if the "Accept" header value is valid for a given "User-Agent" header. In fact, base bones all you need is:
GET / HTTP/1.1
Accept: */*
Host: [host]
blog.xmpp.org uses this so you can play with any HTTP editor. Bad Behavior Anti-bot Screener not very good |
|
Feds Support $1.92 Million RIAA File Sharing Verdict | Threat Level | Wired.com |
|
|
|---|
| Topic: Miscellaneous |
4:58 pm EDT, Aug 14, 2009 |
The Obama administration told a federal judge Friday the $1.92 million jury verdict against a Minnesota woman for sharing 24 music tracks on Kazaa was constitutionally sound, despite defense claims it was unconstitutionally excessive.
Oh you got to be kidding me! Feds Support $1.92 Million RIAA File Sharing Verdict | Threat Level | Wired.com |
|
|
|---|
| Topic: Miscellaneous |
4:50 pm EDT, Aug 14, 2009 |
John Terrill: Its 8am Airport bar doesn't open yet. Although, if it was I'd be there. And them pull some airport bathroom booty. Like larry craig minus the gay.
Billy: I'm putting this on Memestreams.
John:I would expect nothing less of you ;) on a side note, I just told some chick that I invented velcro shoes when I was a kid so now I'm retired. She wants me.
|
|
Career Limiting Moves: #1 |
|
|
|---|
| Topic: Miscellaneous |
4:00 pm EDT, Aug 13, 2009 |
Career Limiting Moves #1: Shooting the big boss in the temple with a rubber band. |
|
TIM WILLIAMS's review of Ajax Security |
|
|
|---|
| Topic: Miscellaneous |
3:18 pm EDT, Aug 13, 2009 |
5.0 out of 5 stars Clear book that ALL web developers & security specialists should read, August 10, 2009
By TIM WILLIAMS
I have many 100's of books, mostly technical, accumulated over 20 years of working in IT. In my view this is one of the most important books I have ever read, not because it's long (it's not) or very advanced (it's not) but because it explains very, very clearly: - why AJAX is such an important technology (so far the most widely accessible technology to deliver on the promise of 'write once, run anywhere', already in its short life far more widely available and useful than any other client/server technology, including Java, has ever become) - why security such a big issue for AJAX applications (they have all of the risks of fat clients, plus all of the risks of thin clients) - what can be done practically, and at comparatively little cost and effort, through the application of good security design practices to mitigate the risks In simple terms, this is a book about the positive 'enabling' side of security, providing valuable insight into how to deliver all the benefits of AJAX without suffering negative consequences. I can't think of many books I've read that contain this much valuable content and insight in such a concise and clearly written form. Even if I were only to use the insight that this book provides for one small personal project, it would be worth far more than the cover price. What makes the content all the more valuable though, is that the insight provided by this book is not a 'one hit wonder', it's actually a look ahead into the next few years of where the major volume of new IT Security work is likely to come from. How many books can you think of that actually show you clearly where a vast new line of work is going to come from? It's safe to say that if your work involves web applications, IT security or both to any extent (whether you're hands on, a sales person, a supplier or a budget holder) then the insights that this book provides will be relevant to you time after time after time.
I want to find, and sexual service, Mr Tim Williams. TIM WILLIAMS's review of Ajax Security |
|
|
|---|
| Topic: Miscellaneous |
3:08 pm EDT, Aug 13, 2009 |
During the early stages of development at Google, the initial thinking did not include plans for building a new file system. While work was still being done on one of the earliest versions of the company’s crawl and indexing system, however, it became quite clear to the core engineers that they really had no other choice, and GFS (Google File System) was born.
Google 's GFS case study |
|
