![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
"Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures."
A lot of truth in this article, especially for new users. What do you think?
http://picasaweb.google.com/deshantm/We
 |
| Wedding Album |
I commented on most of the photos.
For my earlier reaction to the wedding see:
http://deshantm.livejournal.com/36750.h
and in case you missed them, the honeymoon pics:
http://picasaweb.google.com/deshantm/Ho
 |
| Honeymoon |
“Why do strong passwords matter?” “Who cares about my data? I don’t have anything worth stealing.” These are common arguments raised by users when presented with the requirement of using strong passwords. The strongest counter-example to these arguments came this week in the form of a compromised user account. Let’s travel back in time…
A nice article from Google Chrome developers on browser security.
"There is no silver bullet for providing a perfectly secure browser, but there are several techniques that browser developers can use to help protect users. Each of these techniques has its own set of challenges.
In particular, browsers should minimize the danger that users face using three techniques:
Reduce attack severity by applying the principle of least privilege in the browser architecture. This technique limits the damage caused when an attacker exploits a vulnerability.
Reduce the window of vulnerability by ensuring updates are developed and deployed as quickly as possible. This technique minimizes the number of vulnerable browsers an attacker can target.
Reduce how often users are exposed to attacks by filtering out known malicious content. This technique protects users during vulnerable time windows.."
"is based on a core chassis which can accommodate many modular types of exterior designs. Going further with the modularity concept, it has daisy-chained organic light-emitting diodes (OLEDs) under its surface that allow the user to configure the look of everything from headlamps to brake lights to the car's interior. Although EDAG is approaching other companies to help with the design, it's a stretch to call this car open source, but it does leverage open source concepts."
"The team decided to release the car's designs under an open source license in order to speed up the time it takes to develop the vehicle while also driving down the cost of its components. There's an altruistic value to the idea as well:
Human society is facing the twin challenges of peak oil and climate change, and transport represents a significant proportion of global emissions.We urgently need more fuel efficient vehicles, and by sharing our ideas and our designs we hope to encourage others to adopt this novel technology. "
A really good explanation of the Conficker worm's evolution
They call it the worst they have seen, but we have been hearing about these types of things for a long time.
A good defense: don't use the most popular systems
"Any application can use any port and firewalls tend to make all policies and assumptions based on ports so they don't really do anything anymore," said Chris King, Palo Alto Networks director of product marketing. "You've got this whole crop of firewall helpers that came up into orbit around the firewall and our contention is if you fix the firewall . . . you can rip off a lot of the band-aids."
A really nice howto on writing a PhD Thesis
Old mass mailing worm that pretends to be the windows calculator.
It also listens on a port.
The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of funfilled games. To find out more about a certain wargame
Symposium on Operating Systems Principles 2007
Operating Systems Design and Implementation
File and Storage Technlogies (USENIX)
A really nice audio interview.
The TCP/IP pioneer discusses the promise of content-centric networking with BBN chief scientist Craig Partridge.
It seems that prime numbers very much correlate with ages of prime. Prime ages, for different things of course.
Some examples:
2 is a prime age (anybody that has met most 2-year olds knows why this is true)
3 is still prime age to be a little kid
5 is a prime age to start school
7 is a prime age, 7 is a great time to be in second grade, 7 is also a lucky number and good second grade teachers are most common.
11 is prime time to get good at math and memorize multiplication tables.
13 is a prime age to become a teenager.
[Notice nothing prime between 13 and 17]
17 is prime age to be in high school, hanging out.
19 is a prime age to play sports (athletic prime), be in college, and all that goes with that.
23 is a prime age to go to grad school or finish college and get a job.
[Notice again nothing prime between 23 and 29]
29 is a prime age to be married.
I'll stop here for now. I am not yet 29 even, but my wife is.
Notice that interestingly enough 16, 18 and 21 are not prime, I bet a lot of people would consider these key/prime ages...
Ok, so as far as I know (I couldn't find anything with a google.com or searchme.com search), you heard it here first - prime numbers seem to very much correlate with prime ages. Your mileage may vary of course and as always, feel free to comment, disagree, or give your personal experiences.
HCI and Theology: Chalk and Cheese by Steve Clough.
A really interesting ACM Crossroads article on HCI + Theology
The date is May 12th 2009 and you are a mild mannered IT manager anticipating a single bulletin from Microsoft and a possible update from Adobe. The team has their assignments; their computers are locked and loaded. The team is ready to execute on the planned patch release mechanisms.
"Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control.
But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.
This is bad. I see it as a sign that the botnet wars are heating up, and botnet designers would rather destroy their networks than have them fall into "enemy" hands."
A bunch of researchers at the University of California Santa Barbara took control of a botnet for ten days, and learned a lot about how botnets work
The 7 Habits of Highly Effective Developers
Passionate
Able to Learn, Unlearn and Re-learn
Balance Principle and Practice
Keep It Simple Software (KISS)
If You Don't Know the Answer, Know Someone Who Does
Focus on Value
Puts the Needs of the Many Before the Needs of the One
The latest nmap release can test Windows machines for Conficker infection
Port scanning techniques like sound very familiar...
Easily support another browser (lynx) with the Lynx viewer
The Lynx Viewer allows webmasters to see what their pages will look like when viewed with Lynx , a text-mode web browser. It is also presumably, how search engines see your site. In addition to that, it can help determine if web pages are accessible to the vision impaired.
Note: For best results, you should download a copy of Lynx itself and run it locally on your own computer. Lynx for MAC OS X.
This service is intended to be used only by content developers, on their own pages.
Lacking in computer knowledge? Here are 40 computer technology courses that can be taken for free online.
Frequent Slashdot contributor Bennett Haselton writes with his idea for mass adoption of anti-virus software: "If the US government did more to encourage people to keep their computers secure — by buying TV ads to publicize free private-sector anti-virus programs, or subsidizing the purchase of anti-virus software — we'd all be better off, on average. That's not just idealistic nanny-statism, but something you can argue mathematically, to the point where even some libertarians would agree." Read on for the rest of Bennett's thoughts.
I don't disagree that there is a problem, but don't agree with the solution. Anti-virus doesn't block everything. Users are still susceptible to zero day exploits
intel page for the isolated exec project
Google's take on the cloud and also some on virtualization.
"The New York Times called it an "unthinkable disaster", the television news show 60 Minutes said it could "disrupt the entire internet" and we at the Guardian warned that it might be a "deadly threat". Naysayers were few, and drowned out.
The first of April passed without incident, but Conficker is no less dangerous today. About 2.2m computers worldwide, are still infected with Conficker.A and B, and about 1.3m more are infected with the nastier Conficker.C. It's true that on 1 April Conficker.C tried a new trick to update itself, but its authors could have updated the worm using another mechanism any day. In fact, they updated it on 8 April, and can do so again.
...
But people being people, it takes a specific story for us to protect ourselves."
(Re-delicious ~ Re-Tweet RT) RD @sdague
The Wall Street Journal quoted the Oracle CEO's remarks: "The interesting thing about cloud computing is that we've redefined cloud computing to include everything that we already do. I can't think of anything that isn't cloud computing with all of these announcements. The computer industry is the only industry that is more fashion-driven than women's fashion. Maybe I'm an idiot, but I have no idea what anyone is talking about. What is it? It's complete gibberish. It's insane. When is this idiocy going to stop? "We'll make cloud computing announcements. I'm not going to fight this thing. But I don't understand what we would do differently in the light of cloud." (yes, it's an old article, but the quote is awesome, and spot on)
"Should the code running a virtual machine be as robust as a desktop operating system or thin and transparent? That question was debated Thursday at the 2009 RSA Conference."
"This article addresses a problem of performance monitoring inside virtual machines (VMs)"
Probably a good benchvm reference
"That's a PHP script, running as root, and DoSing a website. (I've taken out the website URL, but it is one that has recently been under a documented DDoS attack.)"
"Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the U.S. "
"According to the DarkReading article, 'Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the US. The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains — 51 of which are in the US government. Researchers from Finjan who found the botnet say it's controlled by six individuals, and includes machines in major banks.'"
"The latest version of the Linux kernel includes an experimental driver module that tears apart the fabric of space-time. Keir Thomas tested this module, and in doing so managed to retrieve the following article, posted on PC World supersite in the year 2025."
