Our method for merging branches back to trunk:
branch> svn merge from trunk [rev_last_merged_from_trunk]:[HEAD]
branch> (resolve conflicts, deploy, test)
branch> commit
(at this point, the branch should be exactly what trunk has plus all changes done in the branch)
trunk> svn merge from branch [rev_first_branched_from_trunk]:[HEAD]
For some reason svn still sees a ton of conflicts when doing that last step. In the past I would have to manually go through each file and just copy what was in the branch on top of trunk and then “mark resolved”. However, now there is a faster way: Using at least SVN v1.5 at command line:
svn resolve -R --accept theirs-full
Thats it! Its a life saver. Or at least a time saver.
(This can be dangerous. Make sure you have resolved all true conflicts in the branch before doing the “resolve all”)
2011/06/15
2011/05/27
Wuala: Reliable, secure, distributed storage.
When you store a file, it is first encrypted on your computer and then chunked up and encoded into redundant fragments using erasure codes (Reed-Solomon codes). These encrypted, redundant fragments are then stored in our European data centers and in the Wuala cloud. We make sure that your data is always safe. A complete backup of your encrypted files is always kept on our servers, so that it can always be accessed and restored. The Wuala cloud serves as an optimization that allows us to operate a large-scale infrastructure at low cost and to provide you with better performance. Also, it allows organizations to get access to reliable online storage by providing their own resources to the Wuala cloud.
Wuala protects your privacy: In stark contrast to most other online storage services, all your files get encrypted on your computer, so that no one - including the employees at Wuala and LaCie - can access your private files. Your password never leaves your computer.
Wuala employs the 128 bit AES, 2048 bit RSA and SHA-256 algorithms for encryption, signatures and integrity checks. If you're interested in how Wuala manages encryption, have a look at our publication on Cryptree. More >>
Wuala protects your privacy: In stark contrast to most other online storage services, all your files get encrypted on your computer, so that no one - including the employees at Wuala and LaCie - can access your private files. Your password never leaves your computer.
Wuala employs the 128 bit AES, 2048 bit RSA and SHA-256 algorithms for encryption, signatures and integrity checks. If you're interested in how Wuala manages encryption, have a look at our publication on Cryptree. More >>
Apple's applied for patent to prevent 'sexting' using iOS
Recently, Apple applied for patent to prevent 'sexting' via apple products e.g., iPod, iPad, iPhone. The patent explain who iOS manage to detect 'sex' related messages and prevent them from propagation among people in social network facilitated by apple products.
2011/05/26
Mikogo: Free Web Conferenceing and Desktop Sharing
Mikogo web-conferencing, easy-to-use cross-platform desktop sharing tool,ideal for online meetings or remote support. Currently, it could share screen contents or application over Internet upto ten simultaneously remote people.
Mikogo is best (in term of saving energy, time, and costs) for collaborative environments where people (researcher, engineers, developers, financial advisors, insurance brokers, businessmen, etc) share and discuss their work.
All transmitted information during a web conference or remote support session is compressed with proprietary compression algorithms. Mikogo never sends session content in clear text, but encrypts all data using 256-bit AES encryption. The Mikogo website is secured with 128-bit encryption using Secure Sockets Layer (SSL), which is the most widely used Internet standard for securing sensitive web data communications.
Mikogo is best (in term of saving energy, time, and costs) for collaborative environments where people (researcher, engineers, developers, financial advisors, insurance brokers, businessmen, etc) share and discuss their work.
All transmitted information during a web conference or remote support session is compressed with proprietary compression algorithms. Mikogo never sends session content in clear text, but encrypts all data using 256-bit AES encryption. The Mikogo website is secured with 128-bit encryption using Secure Sockets Layer (SSL), which is the most widely used Internet standard for securing sensitive web data communications.
Vyatta Network OS The Freedom of Software for Custom Network Edge Design
"The Vyatta Network OS delivers advanced routing and security functionality for the enterprise branch and datacenter as well as the service provider edge and CPE. The Vyatta network operating system includes dynamic routing, stateful firewall, VPN support, threat protection, traffic management and more in a package that is optimized to take advantage of multicore x86 processing power, common hypervisor platforms and emerging cloud architectures. All features are configured through Vyatta’s familiar, networking-centric CLI, web-based GUI or third party management systems using the Vyatta Remote Access API.
The Vyatta Network OS is designed to be installed on any standard x86 based system scaling from single core processor desktop units for SME and branch office needs to quad core processors plus for high-performance BGP routing or scalable VPN termination. Advancements in x86 processing power have proven that readily available multi-core systems can easily handle small packet processing and deep packet inspection up to 10Gbps. (link to Intel paper)". More >>
The Vyatta Network OS is designed to be installed on any standard x86 based system scaling from single core processor desktop units for SME and branch office needs to quad core processors plus for high-performance BGP routing or scalable VPN termination. Advancements in x86 processing power have proven that readily available multi-core systems can easily handle small packet processing and deep packet inspection up to 10Gbps. (link to Intel paper)". More >>
2011/05/24
Installation Guide for PPStream in Ubuntu
totem-pps is PPStream plugin for Ubuntu 10.04.
1. Add one of ppa following sources
PPA for lucid
deb http://ppa.launchpad.net/portis25/ppa/ubuntu lucid main
deb-src http://ppa.launchpad.net/portis25/ppa/ubuntu lucid main
PPA for karmic
deb http://ppa.launchpad.net/portis25/cnav/ubuntu karmic main
deb-src http://ppa.launchpad.net/portis25/cnav/ubuntu karmic main
2. Install totem-pps
$ sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 27F5B2C1B3EAC8D9
$ sudo apt-get update
$ sudo apt-get install totem-pps
1. Add one of ppa following sources
PPA for lucid
deb http://ppa.launchpad.net/portis25/ppa/ubuntu lucid main
deb-src http://ppa.launchpad.net/portis25/ppa/ubuntu lucid main
PPA for karmic
deb http://ppa.launchpad.net/portis25/cnav/ubuntu karmic main
deb-src http://ppa.launchpad.net/portis25/cnav/ubuntu karmic main
2. Install totem-pps
$ sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 27F5B2C1B3EAC8D9
$ sudo apt-get update
$ sudo apt-get install totem-pps
Install Linux SopCast Player 0.4.0 In Ubuntu 11.04
SopCast Player is a Linux GUI front-end for the p2p streaming technology developed by SopCast. SopCast can play various TV channels (watch football games, HBO, AXN Movie and so on) for free, using the internet.
Here is how to install the latest SopCast Player 0.4 in Ubuntu 11.04.
1. You must download libstdc++ manually because this package is not included in the Ubuntu repositories. Don't worry, you can use these .deb files:
* 32-bit
* 64-bit
2. Add the SopCast Player PPA and install SopCast Player:
$ sudo add-apt-repository ppa:ferramroberto/extra && sudo apt-get update
$ sudo apt-get install sopcast-player sp-auth
And that's it, now go to Applications > Sound & Video > SopCast Player.
Note: SopCast Player requires VLC < 1.1.0 (VLC version lower than 1.1.0).
Here is how to install the latest SopCast Player 0.4 in Ubuntu 11.04.
1. You must download libstdc++ manually because this package is not included in the Ubuntu repositories. Don't worry, you can use these .deb files:
* 32-bit
* 64-bit
2. Add the SopCast Player PPA and install SopCast Player:
$ sudo add-apt-repository ppa:ferramroberto/extra && sudo apt-get update
$ sudo apt-get install sopcast-player sp-auth
And that's it, now go to Applications > Sound & Video > SopCast Player.
Note: SopCast Player requires VLC < 1.1.0 (VLC version lower than 1.1.0).
Linux Kernal vulnerability and Denial of Service (DoS) attack
PRE-CERT Security Advisory
==========================
* Advisory: PRE-SA-2011-03
* Released on: 13 Apr 2011
* Last updated on: 13 Apr 2011
* Affected product: Linux Kernel 2.4 and 2.6
* Impact: denial-of-service
* Origin: storage devices
* Credit: Timo Warns (PRESENSE Technologies GmbH)
* CVE Identifier: CVE-2011-1577
Summary
-------
The Linux kernel contains a vulnerability that may lead to
a denial-of-service due to corrupted partition tables on storage
devices.
The kernel automatically evaluates partition tables of storage devices.
This happens independently of whether any auto-mounting is enabled or
not. The code for evaluating EFI GUID partition tables contains a buffer
overflow bug that allows to cause kernel oops resulting in a denial of
service.
Workaround
----------
Compile and use a kernel that does not evaluate EFI GUID partition
tables. The corresponding configuration key is CONFIG_EFI_PARTITION.
Solution
--------
A patch is available at
http://www.spinics.net/lists/mm-commits/msg83274.html
References
----------
When further information becomes available, this advisory will be
updated. The most recent version of this advisory is available at:
http://www.pre-cert.de/advisories/PRE-SA-2011-03.txt
Contact
-------
PRE-CERT can be reached under precert@pre-secure.de. For PGP key
information, refer to http://www.pre-cert.de/.
==========================
* Advisory: PRE-SA-2011-03
* Released on: 13 Apr 2011
* Last updated on: 13 Apr 2011
* Affected product: Linux Kernel 2.4 and 2.6
* Impact: denial-of-service
* Origin: storage devices
* Credit: Timo Warns (PRESENSE Technologies GmbH)
* CVE Identifier: CVE-2011-1577
Summary
-------
The Linux kernel contains a vulnerability that may lead to
a denial-of-service due to corrupted partition tables on storage
devices.
The kernel automatically evaluates partition tables of storage devices.
This happens independently of whether any auto-mounting is enabled or
not. The code for evaluating EFI GUID partition tables contains a buffer
overflow bug that allows to cause kernel oops resulting in a denial of
service.
Workaround
----------
Compile and use a kernel that does not evaluate EFI GUID partition
tables. The corresponding configuration key is CONFIG_EFI_PARTITION.
Solution
--------
A patch is available at
http://www.spinics.net/lists/mm-commits/msg83274.html
References
----------
When further information becomes available, this advisory will be
updated. The most recent version of this advisory is available at:
http://www.pre-cert.de/advisories/PRE-SA-2011-03.txt
Contact
-------
PRE-CERT can be reached under precert@pre-secure.de. For PGP key
information, refer to http://www.pre-cert.de/.
Arachni: Web application security scanner framework
Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby. Here is a newer version the Arachni.
The main focus of this release has been on distributed deployment and bugfixing. Which include some main additions: update of the HTML reports to include false positive reporting functionality and an updated WebUI with support for multiple Dispatchers.
In other words, you can report easily when something goes wrong in a more efficient manner and also start a simple Arachni grid in a couple of minutes.
Screenshots of the updated WebUI can be found here:
http://trainofthought.segfault.gr/2011/05/23/arachni-v0-2-3-is-out-with-an-updated-webui-supporting-multiple-dispatchers/
Details at: http://arachni.segfault.gr/latest
ChangeLog: http://arachni.segfault.gr/latest#v0.2.3
Homepage: http://arachni.segfault.gr
Github page: http://github.com/zapotek/arachni
Documentation: http://github.com/Zapotek/arachni/wiki
Google Group: http://groups.google.com/group/arachni
Author: Tasos "Zapotek" Laskos
The main focus of this release has been on distributed deployment and bugfixing. Which include some main additions: update of the HTML reports to include false positive reporting functionality and an updated WebUI with support for multiple Dispatchers.
In other words, you can report easily when something goes wrong in a more efficient manner and also start a simple Arachni grid in a couple of minutes.
Screenshots of the updated WebUI can be found here:
http://trainofthought.segfault.gr/2011/05/23/arachni-v0-2-3-is-out-with-an-updated-webui-supporting-multiple-dispatchers/
Details at: http://arachni.segfault.gr/latest
ChangeLog: http://arachni.segfault.gr/latest#v0.2.3
Homepage: http://arachni.segfault.gr
Github page: http://github.com/zapotek/arachni
Documentation: http://github.com/Zapotek/arachni/wiki
Google Group: http://groups.google.com/group/arachni
Author: Tasos "Zapotek" Laskos
Neubot: A tool for measuring network neutrality
Violations of network neutrality is to be honest providers in studying the small print carefully - or if because of configuration errors on the part of providers at one time World-of-Warcarft no longer works properly . But if the new Linux distribution, despite a 60 Seeders now a fifth of the pay range for the home computer with drips - how can we really prove that is manipulated here?
By sharing experiences with peers the same data on other protocols whether they are transported quickly as slow, or miraculously. So you have at least a clue. It becomes difficult to figure out which node has taken place at the curb. For this we need as many measurements from as many points.
This is the principle of Neubot. The program runs in the background and conduct regular tests by connecting with servers and other Neubot users. The data is collected and made anonymous to the server Neubot sent. The result is a map of network neutrality.
Neubot is just after major revisions in the 0.3.7 for Windows, Mac and Linux released version . Alternatives to Neubot are Switzerland by the EFF (the sleeping seems to be something the last time in, and I never said to have had running honest) and the Glasnost test Measurement Labs (the web application is not nearly as comfortable as how Neubot). Otherwise, there are still Shaperprobe , more on that in a separate article.
Download Neubot
By sharing experiences with peers the same data on other protocols whether they are transported quickly as slow, or miraculously. So you have at least a clue. It becomes difficult to figure out which node has taken place at the curb. For this we need as many measurements from as many points.
This is the principle of Neubot. The program runs in the background and conduct regular tests by connecting with servers and other Neubot users. The data is collected and made anonymous to the server Neubot sent. The result is a map of network neutrality.
Neubot is just after major revisions in the 0.3.7 for Windows, Mac and Linux released version . Alternatives to Neubot are Switzerland by the EFF (the sleeping seems to be something the last time in, and I never said to have had running honest) and the Glasnost test Measurement Labs (the web application is not nearly as comfortable as how Neubot). Otherwise, there are still Shaperprobe , more on that in a separate article.
Download Neubot
IPSO Alliance were parterned with CDM Media Team
"Chicago, IL, May 18, 2011 –(PR.com)– The CDM Media team announced today that it has partnered with the IPSO Alliance for three 2011 technology events.
The IPSO Alliance is an open, informal and thought-leading association of like-minded organizations and individuals that promote the value of using the Internet Protocol for the networking of Smart Objects. The IPSO Alliance performs interoperability tests, documents the use of new IP-based technologies, conducts marketing activities and serves as an information repository for users seeking to understand the role of IP in networks of physical objects.
The IPSO Alliance partnered with CDM Media on the following events:
· CIO Summit – www.ciosummit.us
· CIO Healthcare Summit – www.ciohealthcaresummit.com
· CIO Utilities Summit – www.cioutilitiessummit.com
CDM Media’s CIO Summits bring together CIOs, technology executives, analysts and solution providers to network, attend education sessions and learn about new technology solutions in an intimate, focused business setting. The event is an opportunity for attendees to make new business contacts and discuss current technology topics and trends. The goal is for attendees to leave the events with new information that will help them make better business technology decisions for their organizations.
For more information about CDM Media’s CIO Summits, visit www.ciosummits.com.
If you are interested in attending the upcoming CIO Utilities Summit, contact Rob Simms, VP, Business Development and Event Management, CDM Media, at rob.simms@cdmmedia.com or 312-374-0857.
If you are interested in forming a partnership with CDM Media, contact Kelly Schricker, Events and Marketing Specialist, CDM Media, at kelly.schricker@cdmmedia.com or 808-694-3656.
About CDM Media
CDM Media is a business-to-business media company serving Fortune 1000 clients who want to build relationships with CIOs and senior-level technology executives. CDM Media, the custom design marketing organization, develops unique marketing platforms that attract high-level IT professionals across several verticals. For more information, please visit http://www.cdmmedia.com/ or connect with CDM Media on Twitter, @CDMmedia.
About IPSO Alliance
The IPSO Alliance is the primary advocate for IP networked devices for use in energy, consumer, healthcare and industrial applications. The IPSO Alliance is a non-profit association of more than 55 members from leading technology, communications and energy companies. Their mission is to enable the foundation for a network that will allow any sensor-enabled physical object to communicate to another, just as individuals do over the Internet. Membership is open to any organization supporting an IP-based approach to connecting smart objects. For more information, visit www.ipso-alliance.org." ...
The IPSO Alliance is an open, informal and thought-leading association of like-minded organizations and individuals that promote the value of using the Internet Protocol for the networking of Smart Objects. The IPSO Alliance performs interoperability tests, documents the use of new IP-based technologies, conducts marketing activities and serves as an information repository for users seeking to understand the role of IP in networks of physical objects.
The IPSO Alliance partnered with CDM Media on the following events:
· CIO Summit – www.ciosummit.us
· CIO Healthcare Summit – www.ciohealthcaresummit.com
· CIO Utilities Summit – www.cioutilitiessummit.com
CDM Media’s CIO Summits bring together CIOs, technology executives, analysts and solution providers to network, attend education sessions and learn about new technology solutions in an intimate, focused business setting. The event is an opportunity for attendees to make new business contacts and discuss current technology topics and trends. The goal is for attendees to leave the events with new information that will help them make better business technology decisions for their organizations.
For more information about CDM Media’s CIO Summits, visit www.ciosummits.com.
If you are interested in attending the upcoming CIO Utilities Summit, contact Rob Simms, VP, Business Development and Event Management, CDM Media, at rob.simms@cdmmedia.com or 312-374-0857.
If you are interested in forming a partnership with CDM Media, contact Kelly Schricker, Events and Marketing Specialist, CDM Media, at kelly.schricker@cdmmedia.com or 808-694-3656.
About CDM Media
CDM Media is a business-to-business media company serving Fortune 1000 clients who want to build relationships with CIOs and senior-level technology executives. CDM Media, the custom design marketing organization, develops unique marketing platforms that attract high-level IT professionals across several verticals. For more information, please visit http://www.cdmmedia.com/ or connect with CDM Media on Twitter, @CDMmedia.
About IPSO Alliance
The IPSO Alliance is the primary advocate for IP networked devices for use in energy, consumer, healthcare and industrial applications. The IPSO Alliance is a non-profit association of more than 55 members from leading technology, communications and energy companies. Their mission is to enable the foundation for a network that will allow any sensor-enabled physical object to communicate to another, just as individuals do over the Internet. Membership is open to any organization supporting an IP-based approach to connecting smart objects. For more information, visit www.ipso-alliance.org." ...
2011/05/23
New Samsung Galaxy Tab
You want to make yourself comfortable with your Galaxy Tab prefer home or in a café and indulge in unlimited multimedia enjoyment? Then the new Samsung WiFi Galaxy Tab perfectly adapted to your needs. The variant offers all the advantages of the known Galaxy Tab as unbeatable manageability, 17.8 inch screen, great entertainment, thanks to e-book function and video playback in HD quality video calls via VoIP, Adobe ® Flash ® support for full Internet enjoyment and a pleasantly low weight. The Samsung Galaxy Tab WiFi - unlimited variety - even over WLAN.
2011/05/18
Using Android Powered Smart Gadget at the Cost of Privacy.
'New research from computer scientists at the University of Ulm in Germany have found that 99.7 percent of Android-powered smart phones are leaking data that, if stolen, can allow criminals into the personal data stored on Google's online services, or cloud.
The issue, say the researchers, is how the Google Android system uses software code—called authTokens—that allow users to log in to Google Calendar, Google Contacts, and other cloud-based services. According to the researchers, these tokens sometimes aren't encrypted or specific to the smart phone sending them. What's more, the tokens are valid for weeks at a time.
These three factors make it easy for a hacker to grab the data and access the personal data stored on Google's cloud. The researchers wrote on the University of Ulm's blog:
“
To collect such authTokens on a large scale an adversary could setup a Wi-Fi access point with a common SSID (evil twin) of an unencrypted wireless network, e.g., T-Mobile, attwifi, starbucks. With default settings, Android phones automatically connect to a previously known network and many apps will attempt syncing immediately...the adversary would capture authTokens for each service that attempted syncing. Due to the long lifetime of authTokens, the adversary can comfortably capture a large number of tokens and make use of them later on from a different location.
”
The researchers suggest if you're an Android user, you should:
Update your phone to the current Android version (2.3.4) as soon as possible. Depending on your phone vendor, however, you may have to wait weeks or months before an update is available for your phone. Hopefully this will change in the future.
Switch off automatic synchronization in the settings menu when connecting with open Wi-Fi networks.
Avoid open Wi-Fi networks when using affected apps.
You'll find other security threats from cell phones in our report, Mobile phones: The new risk. And for tips on protecting your personal data on all your devices, see Consumer Reports' Guide to Online Security.' ...
The issue, say the researchers, is how the Google Android system uses software code—called authTokens—that allow users to log in to Google Calendar, Google Contacts, and other cloud-based services. According to the researchers, these tokens sometimes aren't encrypted or specific to the smart phone sending them. What's more, the tokens are valid for weeks at a time.
These three factors make it easy for a hacker to grab the data and access the personal data stored on Google's cloud. The researchers wrote on the University of Ulm's blog:
“
To collect such authTokens on a large scale an adversary could setup a Wi-Fi access point with a common SSID (evil twin) of an unencrypted wireless network, e.g., T-Mobile, attwifi, starbucks. With default settings, Android phones automatically connect to a previously known network and many apps will attempt syncing immediately...the adversary would capture authTokens for each service that attempted syncing. Due to the long lifetime of authTokens, the adversary can comfortably capture a large number of tokens and make use of them later on from a different location.
”
The researchers suggest if you're an Android user, you should:
Update your phone to the current Android version (2.3.4) as soon as possible. Depending on your phone vendor, however, you may have to wait weeks or months before an update is available for your phone. Hopefully this will change in the future.
Switch off automatic synchronization in the settings menu when connecting with open Wi-Fi networks.
Avoid open Wi-Fi networks when using affected apps.
You'll find other security threats from cell phones in our report, Mobile phones: The new risk. And for tips on protecting your personal data on all your devices, see Consumer Reports' Guide to Online Security.' ...
What if you control a system physicaly or control firewire?
Controlling computer systems physically or controlling Firewire port of those systems via intrusion could open a Pandora of attacks. For instance, controlling Firewire port like PCMCIA/Cardbus/Express card, etc., could lead to: memory leakage attack, RAM tampering, RAM spoofing, Dumping RAM contents, Grabbing ssh-agent keys, grabbing screen contents, modifying screen contents, bypassing logins/password, etc...
A small epic of unattended leaving of your system is enough for an attacker to grab your desktop session.
Web link [1] contains papers and tools to explain physical memory attacks and analysis them with open source tools. The same links has several pointers to mitigation techniques to counter measure these attacks.
References:
[1] freearchive.com
A small epic of unattended leaving of your system is enough for an attacker to grab your desktop session.
Web link [1] contains papers and tools to explain physical memory attacks and analysis them with open source tools. The same links has several pointers to mitigation techniques to counter measure these attacks.
References:
[1] freearchive.com
2011/05/17
Chromebook from Acer
Specifications
11.6" HD Widescreen CineCrystalTM LED-backlit LCD
3.19 lbs | 1.45 kg
6 hours of continuous usage 1
Intel® AtomTM Dual-Core Processor
Built in dual-band Wi-Fi and World-mode 3G (optional)
HD Webcam with noise cancelling microphone
High-Definition Audio Support
2 USB 2.0 ports
4-in-1 memory card slot
HDMI port
Fullsize Chrome keyboard
Oversize fully-clickable trackpad
Order on June 15th: 바이 at amazon.com
Samsung Chromebooks
12.1" (1280x800) 300 nit Display
3.26 lbs / 1.48 kg
8.5 hours of continuous usage 1
Intel® AtomTM Dual-Core Processor
Built in dual-band Wi-Fi and World-mode 3G (optional)
HD Webcam with noise cancelling microphone
2 USB 2.0 ports
4-in-1 memory card slot
Mini-VGA port
Fullsize Chrome keyboard
Oversize fully-clickable trackpad
For anyone who has used the Cr-48 prototype Chrome OS notebook, you can breathe a sigh of relief: The Samsung Chromebook is much faster. The biggest change from the Cr-48 is that the Chromebook boasts an Intel dual-core processor, providing a noticeable performance boost. The Chromebook is also sleeker and includes a more vibrant screen.
Here’s an overview of the specs for the Samsung Chromebook:
Size: 0.79-inch case, 3.3 pounds total
Memory: 2 GB RAM, 16 GB SSD
Processor: Intel dual-core processor (Samsung and Google aren’t disclosing processor speed) Update:Amazon says it’s an Intel Atom Processor N570 running at 1.66 GHz
Screen: 12.1-inch SuperBright Display, 16:10 resolution — Samsung claims it is 36% brighter than a standard LCD display.
Battery: Up to 8.5 hours of normal usage, up to 5 hours of video playback
Software: Google Chrome OS. Bootup time is less than 10 seconds
Peripherals: Two USB ports and an SD/SDHC/MMC card reader
Price: $429 for Wi-Fi. $499 for the 3G version, which includes 100 MB free per month for two years
Input: The trackpad is “oversized” and the Chromebook sports a full-sized Chiclet-style keyboard.
Who want a Chromebook?
In developer conference Google announced Chroomebook which would be launched on 15th June, 2011. Hardware made by Acer and Samsung would contain Google's Chrome OS. It will cost 20$ per month to get a Chromebook from Google.
The most attractive feature of Chromebooks is the security it provides. Normally, Internet users i.e., surfer, faces passwords and web-browser history[1] steal without proper acknowledgement. Chromebook is envisioned to provide layered security to provide provable and reliable security. Chromebooks are claimed to give a faster Internet experiences though cost of layered security is not clear. It would be cool to experience Chrome OS on Chromebooks!
[1] Bilge, Leyla;Strufe, Thorsten;Balzarotti, Davide;Kirda, Engin All your contacts are belong to us : automated identity theft attacks on social networks WWW'09, 18th International World Wide Web Conference, April 20-24, Madrid, Spain , pp 551-560
The most attractive feature of Chromebooks is the security it provides. Normally, Internet users i.e., surfer, faces passwords and web-browser history[1] steal without proper acknowledgement. Chromebook is envisioned to provide layered security to provide provable and reliable security. Chromebooks are claimed to give a faster Internet experiences though cost of layered security is not clear. It would be cool to experience Chrome OS on Chromebooks!
[1] Bilge, Leyla;Strufe, Thorsten;Balzarotti, Davide;Kirda, Engin All your contacts are belong to us : automated identity theft attacks on social networks WWW'09, 18th International World Wide Web Conference, April 20-24, Madrid, Spain , pp 551-560
2011/05/12
What Will The Internet Look Like In 10 Years?
'The Internet Society engaged in a scenario planning exercise to reveal plausible courses of events that could impact the health of the Internet in the future. While obviously not intended to be a definitive overview of the landscape or all potential issues, we believe the results are interesting and, we hope, thought-provoking.
We are sharing them in the hope that they will inspire thought about possibilities for the future development of the Internet, and involvement in helping to make that happen in the best possible way', more ...
We are sharing them in the hope that they will inspire thought about possibilities for the future development of the Internet, and involvement in helping to make that happen in the best possible way', more ...
2011/05/11
Google I/O 2011
'Google I/O 2011
brings together thousands of developers for two days of deep technical content, focused on building the next generation of web, mobile, and enterprise applications with Google and open web technologies such as Android, Google Chrome, Google APIs, Google Web Toolkit, App Engine, and more.'
Together with our GTUG partners and Student Ambassadors, we are hosting free viewing parties of Google I/O worldwide.
'Even if you can't attend Google I/O in person, this is a way to still connect with other talented developers and watch the keynote and other major sessions live. Part viewing party and part community building, Google I/O Extended are free events focused on live-streaming parts of Google I/O. Depending on location, the event could also include local developer demos and other speaker sessions.
Click on a map location to register for the Google I/O Extended event in your area. Since these events are being organized by local developer community leaders and university ambassadors, please reach out to them specifically if you have any questions about the details.
Space is limited and registration is required.'
Agenda
Subscribe via RSS or Email | Read 56 times
2011/05/06
Tracking stolen or lost camera
Here is a nice tracking site for stolen or lost cameras. One need to enter serial code of camera to the site which will search missing camera by searching photo (were taken by the camera) on web. The site's database has over million of camera sightings.
Normally, every photo consist of secret information such as camera model, dates, etc This sort of information is called Exchangeable Image File Format (EXIF)
Search algorithms, essentially crawlers, extract EXIF from the photos and tally them with serial numbers and hence track the up-loader of the photos.
A faq related on using the site is maintain here: http://www.stolencamerafinder.com/faq.jsp
Some results: my results.
The 'SAMSUNG SAMSUNG ES70, ES71 / VLUU ES70, ES71 / SAMSUNG SL600' does not write serial information in the exif. See the supported cameras page for a list of models that do.
Normally, every photo consist of secret information such as camera model, dates, etc This sort of information is called Exchangeable Image File Format (EXIF)
Search algorithms, essentially crawlers, extract EXIF from the photos and tally them with serial numbers and hence track the up-loader of the photos.
A faq related on using the site is maintain here: http://www.stolencamerafinder.com/faq.jsp
Some results: my results.
The 'SAMSUNG SAMSUNG ES70, ES71 / VLUU ES70, ES71 / SAMSUNG SL600' does not write serial information in the exif. See the supported cameras page for a list of models that do.
2011/05/05
Cisco IOS SNMP Message Processing Denial Of Service Vulnerability
------------------------------------------------------------------
I. Summary
Cisco Internetwork Operating System (IOS) 15.0 attempts to process SNMP solicited operations on improper ports (UDP 161,162), which allows remote attackers to cause a denial of service when SNMP is disabled.
------------------------------------------------------------------
II. Description
It has been reported that the Cisco Internet Operating System (IOS) is affected by a remote SNMP message processing denial of service vulnerability. This issue may be leveraged to cause a denial of service condition in the affected device. The denial of service is due to the process consumed all available CPU resources in the affected device.The device may have to be reset manually if the attack is successful.
------------------------------------------------------------------
III. Impact
Denial of service (process consume all available CPU resources)
------------------------------------------------------------------
IV. Affected
Cisco router 2921/K9 IOS 15.0<1r>M6, tested with kubuntu 10.10. Previous versions may also be affected due to code reuse.
------------------------------------------------------------------
V. Solution
Currently there are not any vendor-supplied patches for this issue.
------------------------------------------------------------------
VI. Credit
The penetration test team Of NCNIPC (China) is credited for this vulnerability.
[Ref] www.securityfocus.com
I. Summary
Cisco Internetwork Operating System (IOS) 15.0 attempts to process SNMP solicited operations on improper ports (UDP 161,162), which allows remote attackers to cause a denial of service when SNMP is disabled.
------------------------------------------------------------------
II. Description
It has been reported that the Cisco Internet Operating System (IOS) is affected by a remote SNMP message processing denial of service vulnerability. This issue may be leveraged to cause a denial of service condition in the affected device. The denial of service is due to the process consumed all available CPU resources in the affected device.The device may have to be reset manually if the attack is successful.
------------------------------------------------------------------
III. Impact
Denial of service (process consume all available CPU resources)
------------------------------------------------------------------
IV. Affected
Cisco router 2921/K9 IOS 15.0<1r>M6, tested with kubuntu 10.10. Previous versions may also be affected due to code reuse.
------------------------------------------------------------------
V. Solution
Currently there are not any vendor-supplied patches for this issue.
------------------------------------------------------------------
VI. Credit
The penetration test team Of NCNIPC (China) is credited for this vulnerability.
[Ref] www.securityfocus.com
Cisco IOS UDP Denial of Service Vulnerability
------------------------------------------------------------------
I. Summary
Cisco routers running IOS 15.0 allows a remote attacker to cause a denial of service via a flood of UDP packets (a randomly chosen UDP port).
------------------------------------------------------------------
II. Description
A potential denial of service condition may exist in Cisco's IOS firmware.
The problem reportedly occurs when a large number of UDP packets are sent to device running IOS. This causes the system to use all available CPU resources and thus become unresponsive. The device may have to be reset manually if the attack is successful.
------------------------------------------------------------------
III. Impact
Denial of service (process consume all available CPU resources)
------------------------------------------------------------------
IV. Affected
Cisco router 2921/K9 IOS 15.0<1r>M6, tested with kubuntu 10.10. Previous versions may also be affected due to code reuse.
------------------------------------------------------------------
V. Solution
Currently there are not any vendor-supplied patches for this issue.
------------------------------------------------------------------
VI. Credit
The penetration test team Of NCNIPC (China) is credited for this vulnerability.
[Ref] http://www.securityfocus.com/
I. Summary
Cisco routers running IOS 15.0 allows a remote attacker to cause a denial of service via a flood of UDP packets (a randomly chosen UDP port).
------------------------------------------------------------------
II. Description
A potential denial of service condition may exist in Cisco's IOS firmware.
The problem reportedly occurs when a large number of UDP packets are sent to device running IOS. This causes the system to use all available CPU resources and thus become unresponsive. The device may have to be reset manually if the attack is successful.
------------------------------------------------------------------
III. Impact
Denial of service (process consume all available CPU resources)
------------------------------------------------------------------
IV. Affected
Cisco router 2921/K9 IOS 15.0<1r>M6, tested with kubuntu 10.10. Previous versions may also be affected due to code reuse.
------------------------------------------------------------------
V. Solution
Currently there are not any vendor-supplied patches for this issue.
------------------------------------------------------------------
VI. Credit
The penetration test team Of NCNIPC (China) is credited for this vulnerability.
[Ref] http://www.securityfocus.com/
Is over-qualification need of time?
"Software has also been replacing engineers in such tasks as chip design. More
broadly, the idea that modern technology eliminates only menial jobs, that
well-educated workers are clear winners, may dominate popular discussion, but
it's actually decades out of date." more ...
Searching for over-qualified persons are hard and here is an article for those who are over-qualified. more ...
broadly, the idea that modern technology eliminates only menial jobs, that
well-educated workers are clear winners, may dominate popular discussion, but
it's actually decades out of date." more ...
Searching for over-qualified persons are hard and here is an article for those who are over-qualified. more ...
Cloud computing and risk management
"The cloud computing model is being adopted by many organizations because of it's efficiency, performance and cost benefits. But some organizations may be shying away from cloud because of security concerns. Read this data sheet from IBM to learn about services from IBM that can help you secure your cloud computing solutions. Discover how IBM experts can guide you through the security and privacy concerns, help identify and prioritize security requirements, and develop a high-level roadmap for risk mitigation." more ...
Free comic books
Big news for those, enthusiasts, who spend money on buying comic books and reading materials. freecomicbookday.com is going to offer free books on 7th of May 2011. Their collection include:
* Amazing Spider-man
* Avatar Last Airbender and Star Wars: The clone wars
* Elric the Balance Lost
* Mouse Guard and Dark Crystal Flip Book
For more info: www.freecomicbookday.com
* Amazing Spider-man
* Avatar Last Airbender and Star Wars: The clone wars
* Elric the Balance Lost
* Mouse Guard and Dark Crystal Flip Book
For more info: www.freecomicbookday.com
2011/05/04
Security and Privacy threats effects big business
Recently, Sony Online Entertainment (SOE) faced a total fiasco when intruders stolen personal information of about 77 million users and around 24.6 million credit and debt cards credentials. SOE provides online entertainment services (with monthly/annual subscriptions) to hundred million of users. These include online-multi-player games like EverQuest II, Free Realms, DC Universe, etc., via Sony's PlayStation Network (SPN). Intruders had stolen PSN and Qriocity's databases which brought great dis-satisfactions for paid customers and even worries for those who ever used their credit cards for subscription. The question arises that what could be the possible security measures or decisions which could give upper-hand to PSN/SOE in the hand-race with intruders? What if those attacker stole personal info from FB? Is P2P a choice to provide security?
Web-based application security project
2011/05/03
2011/05/02
Setbacks for Honeycomb.
"A lot of ink has been spilled about the failings of the Android tablet in the market. The Motorola XOOM has been a failed first product intended to showcase Google’s version of Android that is optimized for tablets. Google threw Android under the proverbial bus by stating that versions of the OS prior to Honeycomb were just not good enough to run tablets. You’d think Google would be doing everything it could to get Honeycomb tablets high on consumer’s buy lists, but in my view it is failing in a very significant way." Link
2011/04/30
SecurityTube with cool videos and security tips and tricks.
'Was searching for how to run my Alfa at 30dbM and found this video on
how to add your own country into the regulatory domain file.'
http://goo.gl/o9QxF
how to add your own country into the regulatory domain file.'
http://goo.gl/o9QxF
PhD comics new adition.
PhD comic introduced PhDComic TV. It awesome and exciting to have overview of theories in few minutes. :)
http://www.phdcomics.com/comics.php
http://www.phdcomics.com/comics.php
2011/04/09
How to enhance your services?
I found this site very interesting to see who visit your profile. It is helpful for professors to see visitor of their courses and online profiles and hence they could configure their web-pages audience specifics. Similar parallel lines could be drawn for online shopping.
2011/03/25
Subscribe to:
Comments (Atom)