Saturday, August 28, 2010
RIM proposes crypto forum to dodge India BlackBerry ban
RIM has prosed that an industry forum be established to help governments manage lawful intercept, in the hope of forestalling India's threatened ban.
The proposed body would be led by RIM, but the company is clearly hoping that others will join in. There's strength in numbers and India has made it clear that Skype and Google are next in the firing line, so RIM would like such powerful allies at the table beside them rather than watching from the sidelines. But it remains to be seen if that's enough to stop India pulling the plug on Wednesday.
India isn't the first government to demand access to messages encrypted by RIMs servers, but its demands do seem to go further than other countries in a similar situation, and that might make resolving the issue impossible.
But India's demands are more intrusive and less palatable to the Canadian company behind the BlackBerry service, which might mean a million Indians lose connectivity next Wednesday.
There are two distinct kinds of BlackBerry user: employees of a company that runs its own BlackBerry Enterprise Server, and ordinary members of the public who buy a BlackBerry handset and sign up to the service, then forward their existing email accounts to one provided and hosted by RIM.
It's those members of the public that have been the focus up to this point, as emails sent to the RIM-hosted BES are encrypted before being forwarded to the handset. That encryption is, in this context, unbreakable, but if you get a copy of the message before it's encrypted then there's no problem. If the server is located in a friendly country then that can be arranged - lawful intercept will permit the government to copy messages just like every other email service. But if the server is in a less agreeable country then it gets more difficult.
This is exactly the same as checking a Gmail account over an SSL connection, which is why RIM is hoping companies like Google will join its new body.
"Singling out and banning one solution, such as the BlackBerry solution, would be ineffective and counter-productive," RIM said. "It would be ineffective because anyone perpetrating the misuse of the technology would continue to have easy access to other wireless and wireline services that utilize strong encryption and are readily available in the market today."
More @ http://www.theregister.co.uk/2010/08/27/rim_india/
BlackBerry says no 'master key' to access encrypted data
In a bid to dispel what it called three "misperceptions" about its smart phone Thursday, the Canadian company said misperception number one is that "RIM has the keys to decode or decrypt the encrypted data that flows through the BlackBerry Enterprise Solution."
However, the company said, "RIM does not possess a 'master key,' nor does any 'back door' exist in the system that would allow RIM or any third party, under any circumstances, to gain access to encrypted corporate information.
"In order to provide corporate customers with the necessary confidence that the transmission of their valuable and confidential data is completely secure, the BlackBerry security architecture for enterprise customers was purposely designed to exclude the capability for RIM or any third party to read encrypted information. RIM would simply be unable to accommodate any request for a copy of a customer's encryption key since at no time does RIM, ever possess a copy of the key.''
Referring to another misperception that "locating BlackBerry Infrastructure within India, or within any particular geography, will somehow aid the government's access to encrypted information,'' RIM said, "In fact, the BlackBerry Enterprise Server security architecture was also purposefully designed to perform as a global system independent of geography. The location of infrastructure and the customer's choice of wireless network are irrelevant factors from a security perspective where end-to-end encryption is employed.
"The transmission of encrypted data is no more decipherable or less secure based on the location of RIM's BlackBerry Infrastructure or the customer's selection of a wireless network. All data remains encrypted at all times and through all points of transfer between the customer's BlackBerry Enterprise Server and the customer's device (at no point in the transfer is data decrypted and re-encrypted).
Hackers accidentally give Microsoft their code
When hackers crash their systems while developing viruses, the code is often sent directly to Microsoft, according to one of its senior security architects, Rocky Heckman.
When the hacker's system crashes in Windows, as with all typical Windows crashes, Heckman said the user would be prompted to send the error details — including the malicious code — to Microsoft. The funny thing is that many say yes, according to Heckman.
"People have sent us their virus code when they're trying to develop their virus and they keep crashing their systems," Heckman said. "It's amazing how much stuff we get."
At a Microsoft Tech.Ed 2010 conference session on hacking today, Heckman detailed to the delegates the top five hacking methods and the best methods for developers to avoid falling victim to them. Heckman explained how to create malicious code that could be used in cross-site scripting or SQL injection attacks and, although he said it "wasn't anything you couldn't pick up on the internet", he suggested delegates use the code responsibly to aid in their protection efforts.
According to Heckman, based on the number of attacks on Microsoft's website, the company was only too familiar with what types of attacks were most popular.
"The first thing [script kiddies] do is fire off all these attacks at Microsoft.com," he said. "On average we get attacked between 7000 and 9000 times per second at Microsoft.com," said the senior security architect.
ExtremeAsses.com - The world's biggest asses!!!
This summary is not available. Please
click here to view the post.
Did Gmail make you look like a spammer this week?
How mortified would you feel if you found that you had been spamming someone through no fault of your own? Well, up to 4 million Gmail users found out this week.
I'm not talking about your computer being taken over by remote hackers who use it as part of a botnet to spew spam (although that, of course, is a common scenario). After all, if you'd kept your wits about you and your anti-virus software and security patches up to date you can reduce the chances of that ever happening.
No, I mean if it really wasn't your fault at all that messages are being sent multiple times from your email account.
Users of Gmail found themselves in precisely that predicament this week, finding their email messages being sent multiple times, horrifying the senders and - no doubt - annoying recipients.
Google says "less than 2.5%" of their Gmail users were impacted by the problem - but as there are believed to be over 170 million accounts on Gmail, that could still mean over 4 million people have been turned into spammers by a bug in their web email system.
The "Composing and Sending Messages" section of Google's help forum has been swamped with upset users asking why their Gmail messages were being sent repeatedly, with some complaining that as a result their email addresses had been added to spam blacklists.
Here's a typical message from an aggrieved Gmail user:
More @ http://www.sophos.com/blogs/gc/g/2010/08/27/gmail-spammer-week/I am involved in this problem as well. Could you please tell me how to freeze my account, so that no messages at all are sent? I am bombarding my managers of this useless mail continuously and this is costing me a lot in terms of personal relations. This is extremely embarassing and in a few days I am supposed to sign my contract, so please let me (and us) know at least how to stop our accounts from sending mails.
House of Cards
Time flies. Although it was over 18 months ago, it seems just like yesterday that a small Czech provider, SuproNet, caused global Internet mayhem by making a perfectly valid (but extremely long) routing announcement. Since Internet routing is trust-based, within seconds every router in the world saw this announcement and tried to pass it on. Unfortunately, due to the size of this single message, quite a few routers choked - resulting in widespread Internet instability. Today, over a year later, we were treated to a somewhat different version of the exact same story.
First, let's review the Czech incident from February 2009. There were many positives to take away.
- It was precipitated by an honest mistake.
- It was an extremely unlikely event, as many stars had to be in exact alignment.
- Most of the Internet's core survived.
- The response from operators was fast and efficient, with the damage largely contained within an hour.
The complete technical details can be found here.
Friday, August 27, 2010
Thursday, August 26, 2010
Pirate Bay Receives Notice To Keep a Torrent
The founder of the small software company Coding Robots was shocked when he found out that one of his works had been cracked and shared on The Pirate Bay. However, instead of asking The Pirate Bay to remove the torrent the company’s founder did quite the opposite. He sent a ‘Notice of Ridiculous Activity’ because the crack didn’t live up to his expectations.
More @ http://torrentfreak.com/pirate-bay-receives-notice-to-keep-a-torrent-100825/
More @ http://torrentfreak.com/pirate-bay-receives-notice-to-keep-a-torrent-100825/
The strange case of virtual machines on telephones
- "Look, theory says that a JIT can run as fast as, or maybe faster than, a statically compiled language. It might be slow right now, but it'll be much better when we get a real/better JIT. Plus, the new version is already a lot faster, and I'm looking forward to the next version, which they promise will have huge speed improvements."-- Every Java user since 1996
I'm often mystified at the rejection of reality displayed by the proponents of Java-like virtual machines. It seems a simple statement of fact: even after 14 years, Java is still much slower than native code, and you can see it clearly just by looking at any app for 10 seconds. And yet the excuses above keep coming. 14 years.
But then I think, I know how this delusion works. I've been guilty of it myself. At my first company, I pushed to have all our data interchange sent through an API that I designed - UniConf - which was unfortunately slower in almost all cases than not using it. The idea was that if only all our code could be 100% pure UniConf then we'd suddenly be able to realize tons of wonderful advantages.
But despite herculean efforts, the advantages never materialized. What materialized was a lot of slowness, a lot of excessive memory usage, and a lot of weird bugs that forced us to backtrack through seven layers of overly-generalized code to diagnose.
Luckily for me, lack of resources prevented my own madness from spreading too far. I'm much better now.1
But what would it be like if the madness had been successful? What if I had been responsible for a system that spread to millions of users worldwide, which in nearly every case made things visibly and obviously worse? What would that do to my psyche? I think it would be unbearable.
Which brings us to Java-like VMs on cell phones. I have a lot of sympathy here, because:
Java used to be a good idea. Really.
Java on cell phones has not always been obviously a bad idea. To see why, you have to understand a bit about how these systems evolved.
First of all, we have little visibility into the Java's original reason for being. We know what people said, but we don't know if they said that for marketing or retroactive justification. What we do know is that the original sales push behind Java was applets for your web browser. Rich, client-side web applications.
Client-side web applications have exactly one super difficult critical requirement: security. You're downloading random apps from the Internet automatically and you want to run them automatically, and some of these apps will definitely be written by evil people and try to screw you, so you need a defense mechanism. Moreover, most people doing this will be doing it on Windows, which at the time meant Windows 95, which had no actual security whatsoever. Any native code could do anything it wanted. This situation persisted, mostly, up to and including Windows XP. (NT-based kernels have security, but the average person just ran everything as an administrator, negating literally all of it.)
So the typical user's operating system provided no strict memory protection or any other security features. This is where Java made perfect sense: if you can provably enforce security at the application layer, you can make a virtual machine that actually includes these missing security features, thus making it safe to run random applications on the Internet, and propelling us into the Internet Age. Sweet.
Java happened to fail at that, mostly due to slowness and crappiness and licensing, but the idea was sound, and it was a valiant and worthwhile effort that deserves our respect even if it didn't work out. Flash and Javascript won out in the end because they were somewhat better in some ways, but they both use VMs (whether interpreted or JITed), and rightly so.
More @ http://apenwarr.ca/log/?m=201008#26
I love ass, and I especially love sexxy women with great asses.
This summary is not available. Please
click here to view the post.
The story of round rectangles
Bill had added new code to QuickDraw (which was still called LisaGraf at this point) to draw circles and ovals very quickly. That was a bit hard to do on the Macintosh, since the math for circles usually involved taking square roots, and the 68000 processor in the Lisa and Macintosh didn't support floating point operations. But Bill had come up with a clever way to do the circle calculation that only used addition and subtraction, not even multiplication or division, which the 68000 could do, but was kind of slow at.
Bill's technique used the fact the sum of a sequence of odd numbers is always the next perfect square (For example, 1 + 3 = 4, 1 + 3 + 5 = 9, 1 + 3 + 5 + 7 = 16, etc). So he could figure out when to bump the dependent coordinate value by iterating in a loop until a threshold was exceeded. This allowed QuickDraw to draw ovals very quickly.
Bill fired up his demo and it quickly filled the Lisa screen with randomly-sized ovals, faster than you thought was possible. But something was bothering Steve Jobs. "Well, circles and ovals are good, but how about drawing rectangles with rounded corners? Can we do that now, too?"
"No, there's no way to do that. In fact it would be really hard to do, and I don't think we really need it". I think Bill was a little miffed that Steve wasn't raving over the fast ovals and still wanted more.
More @ http://folklore.org/StoryView.py?story=Round_Rects_Are_Everywhere.txt
How Scribd's HTML5 conversion works ... even when it shouldn't
How Scribd's HTML5 conversion works ... even when it shouldn't @ http://coding.scribd.com/2010/08/26/plan-b-font-fallbacks/
What's better about Ruby than Python? - comp.lang.python
Erik Max Francis wrote:
> "Brandon J. Van Every" wrote:
>> What's better about Ruby than Python? I'm sure there's something.
>> What is it?
> Wouldn't it make much more sense to ask Ruby people this, rather than
> Python people?
Might, or might not, depending on one's purposes -- for example, if > "Brandon J. Van Every" wrote:
>> What's better about Ruby than Python? I'm sure there's something.
>> What is it?
> Wouldn't it make much more sense to ask Ruby people this, rather than
> Python people?
one's purposes include a "sociological study" of the Python community,
then putting questions to that community is likely to prove more
revealing of informaiton about it, than putting them elsewhere:-).
Personally, I gladly took the opportunity to follow Dave Thomas'
one-day Ruby tutorial at last OSCON. Below a thin veneer of syntax
differences, I find Ruby and Python amazingly similar -- if I was
computing the minimum spanning tree among just about any set of
languages, I'm pretty sure Python and Ruby would be the first two
leaves to coalesce into an intermediate node:-).
Sure, I do get weary, in Ruby, of typing the silly "end" at the end
of each block (rather than just unindenting) -- but then I do get
to avoid typing the equally-silly ':' which Python requires at the
_start_ of each block, so that's almost a wash:-). Other syntax
differences such as '@foo' versus 'self.foo', or the higher significance
of case in Ruby vs Python, are really just about as irrelevant to me.
Others no doubt base their choice of programming languages on just
such issues, and they generate the hottest debates -- but to me that's
just an example of one of Parkinson's Laws in action (the amount on
debate on an issue is inversely proportional to the issue's actual
importance).
More @ http://groups.google.com/group/comp.lang.python/msg/28422d707512283
Wednesday, August 25, 2010
Vikki Blows Full Nude, Topless, Hot Ass and Opening Legs in Dirty Pics for Front Magazine February 2010 HQ x17
This summary is not available. Please
click here to view the post.
10 super-cool Linux hacks you did not know about
This article is a compilation of several interesting, unique command-line tricks that should help you squeeze more juice out of your system, improve your situational awareness of what goes on behind the curtains of the desktop, plus some rather unorthodox solutions that will melt the proverbial socks off your kernel.
More @ http://www.dedoimedo.com/computers/linux-cool-hacks.html
Subscribe to:
Posts (Atom)