Saving The World, One __________ At A Time

Being Nice is Contagious

Fri, 13 Nov 2009 16:51:13 GMT

What really changes? What stays the same?

Consider the statement "We live in interesting times". Is that true? But was that also true 10 years ago? 20 years ago? 100 years ago? 1000 years ago? you get the point. Do we really face harder challenges today than they faced 100 years ago? The challenges are different, but there are also so many commonalities. Let's consider first some of those commonalities that I think are too often ignored. We are so quick to notice the differences (in technology, etc.), but I think we don't put enough thought into the things that stay the same. First, and one of the most important things that are very common throughout history is people. People haven't really changed all that much. There has always been people that have tried to be helpful and people that have tried to hurt. Human nature is there, we all have strengths and weaknesses, and so it has been with the people that have gone before us. People need to interact with others; that hasn't changed. The types of interactions may change, but people still need to communicate with others in one way or another (If only simply to get food or other goods at the store).

We can make a difference in the world. Individually we make choices everyday that affect others, in positive or negative ways. If you keep an eye out, you will notice so many friendly people in the world. People that help others, that are polite to one another, that hold doors or simply caution others of possible dangers. Even if you don't keep an eye out, you will probably see people that don't seem so friendly, those that are angry with things, frustrated, in a rush, busy, and just not happy with the situation that they are in. They may just be having a bad day and are not reacting well to it. They may in general feel bad about there circumstances. You know what I mean. We are all like these people from time to time. Hopefully not all the time though. Both of these types of people affect the world.

Our surroundings change, technology advances, but people are not that much different than people thousands of years ago. We still all have a choice each day to positively or negatively affect those that we come in contact with. Both or contagious. Contagious like the cold or the flu :) We can pass friendliness to others and they may not catch it, but a lot of people will. And that alone can make the world a better place to live in.

These are my thoughts, but I draw inspiration from others that I come in contact with, things I read, and simply by living. I don't remember everything or everyone, but that doesn't mean that those things or person's didn't have an effect on me. Some things that come to mind related to this specific topic. Nathaniel LaGarry, who goes to my church, once gave a nice speech on society and specifically mentioned the concept of how we think we live in the hardest times, etc. and how that probably isn't necessarily true. I have read the blog of Bruce Schneier, a respected security professional, and I really think he makes some good points on people's perception of terrorism. For a good example of his opinions take a look at this article titled Beyond Security Theater. The basic idea is that terrorism has been very much made into movie plots and the actually reality of terrorism is much harder to accomplish than is perceived. And that simply taking away freedoms and acting different is not helpful compared to using old fashion investigation, emergency response, etc. My explanation is a very oversimplified, but hopefully enough to get you to want to read more. Finally, another story from the Bible comes to mind. The story of the first people born. God created Adam and Eve, but they had kids. Their first kid was Cain and there second kid was Able. Cain killed Able. The first man born was a murderer. Adam and Eve probably tried to be the best parents they could be. They (literally) talked to God. Cain and Able talked to God too. Able made an offering that was pleasing to God, but Cain's offering was not pleasing to God. Cain got upset and although he talked with Able, he ended up killing him. I think the reason that I am reminded of this story is that people are just people, doing the best they can with what they have. We all make mistakes and get angry with others. How we react to things really matters. Obviously we can see that Cain reacted very badly, but we can affect others just as much, both negatively and positively, simply with our words and our actions. I had a math teacher in high school that said "10% of life is what happens to you and 90% is how you react". There is a lot of truth in that. There's a song by John Lennon that has the words "Life is what happens to you when are busy making other plans".

Make the most of life. When life gives you lemons make lemonade. Being nice is contagious :)

Free as in salvation

Mon, 02 Nov 2009 00:59:27 GMT

In the software world the word free is confusing. Free software doesn't mean the same thing to everybody. Let me give you an example to help you understand what I mean. There are lots of programs that are freely downloadable from the Internet with no strings attached. Now many of you may read that and consider those programs to be free software. And in one sense (in terms of cost) you would be correct. However, there is another definition of free software that doesn't count all of these programs, but only counts software that is not only free to download, but also free to modify. The free software foundation uses the word free to refer to freedom and not to cost. They believe that software should be distributable in such a way that the source code that makes the program work is also available for those that are able to make changes to it and then redistribute those changes. Making the source code available has others benefits. For example, if more people are able to see how something works, they might be able to find ways for it to work better or find flaws or security vulnerabilities etc. Some of the best examples of free (as in freedom) software are Mozilla's Firefox web browser and the Linux operating system, which was created by Linus Tovalds. There are countless other fee software projects that have had very good success as well.

Quite some time ago I came up with another interesting personal analogy. Free software has some interesting analogies to Christianity. I wondered if other people had had the same thought, so I searched on Google and one of the things I found was a site called Linux for Christians with a motto "Free as in salvation" referencing the bible verse Ephesians 2:8-9, which says "For it is by grace you have been saved, through faith--and this not from yourselves, it is the gift of God--not by works, so that no one can boast." I thought it was really neat that someone had seen the same the analogy that I had. Just recently I had a conversation with Pat about technology and Christianity and I promised to write up an blog post on this topic in hopes of being included on his new website. We both agree that there is a lot of possibilities when combining technology and Christianity. For instance, we have been discussing the concept of cloud Christianity, which could be understood simply as using the cloud to spread Christianity.

In conclusion, it is fun to apply different parts of your life together in order to find interesting analogies and you never know what you will come up with. You may also be surprised that others have had the same thought. In Ecclesiastes 1:9, it says "What has been will be again, what has been done will be done again; there is nothing new under the sun." I think it is important not to take such statements out of context however. The author of Ecclesiastes is king Solomon (I wrote about this king before), who was given much wisdom from God and in this book he is trying to share some of those ideas. I don't think it should be read that you can't think of new ideas, but more in the sense that God already knows everything and we can't think up something new that he doesn't already know about. New to us, sure. That is my understanding anyway. Feel free to give your thoughts on it.

Changing Hearts vs. Changing Minds

Thu, 15 Oct 2009 03:22:17 GMT

I wonder if too much emphasis is placed on the idea of changing people to think just like we do or to get people to stop doing the things that they do or the way that they do them. Trying to change people in this way is probably not a good idea. Instead, I think we should focus on changing hearts. How? Through our actions. For example, by loving, or caring, or listening. I don't think that everyone should have to agree on everything and things shouldn't be forced on people. Maybe people forget about the importance of the freedoms that we have, especially here in the United States. Having the freedom of speech, freedom of religion (or lack of religion, if we so choose) should be protected. Even if you agree with some policy of the government, doesn't mean that it needs to be forced on others.

Let's consider a specific example. Should "In God We Trust" be printed on all of our money? Does that really matter that much? If individually we trust in God shouldn't that simply show itself in our actions? Conversely, if we don't trust in God that could also show. Does it send a false message to both the world and also to (potential/hypothetical) future generations that might dig up the remains of our civilization and find it on our money? I think it is much more important to live a God-trusting life than to try to force others to even when they choose not to. Arguing close-mindedly against ever removing the phrase from our money probably hurts theism and Christianity more that it helps. Stopping to understand, stopping to think critically, and stopping to be open-minded is bad practice.

The concept of changing hearts doesn't simply have to apply to politics or religion or the like. Changing hearts can also apply to our lives in a general sense, regardless of our goals, mission, vision, or causes. If we simply argue based on ideals and don't actually live up to them or have a character that supports the types of things we support, then we won't be likely to change hearts or minds. People need to see something different before they can ever think about changing their mind on something. Even if they never change their mind on something, they may be able to have a change of heart toward specific situations. Persistence is one key to success. Let's take an example from the Bible. In Luke 18, verses 1 through 8, we find the parable of persistent widow. It reads:

"Then Jesus told his disciples a parable to show them that they should always pray and not give up. He said: "In a certain town there was a judge who neither feared God nor cared about men. And there was a widow in that town who kept coming to him with the plea, 'Grant me justice against my adversary.' "For some time he refused. But finally he said to himself, 'Even though I don't fear God or care about men, yet because this widow keeps bothering me, I will see that she gets justice, so that she won't eventually wear me out with her coming!' " And the Lord said, "Listen to what the unjust judge says. And will not God bring about justice for his chosen ones, who cry out to him day and night? Will he keep putting them off? I tell you, he will see that they get justice, and quickly. However, when the Son of Man comes, will he find faith on the earth?"

So, even though the judge didn't fear God or care about men, he appeased the women so that she would stop bothering him. Being persistence in our love or actions can make a much bigger impact than simply stating a case for something (and then not even bothering to live it out).

Delicious LiveJournal Links for 10-4-2009

Sun, 04 Oct 2009 23:06:27 GMT

DHS to hire up to 1,000 cybersecurity experts - CNN.com

"Cybersecurity is one of our most urgent priorities," said Homeland Security Secretary Janet Napolitano

(tags: security internet us government dhs phd)

Delicious LiveJournal Links for 9-10-2009

Thu, 10 Sep 2009 23:08:53 GMT

7 Reasons Websites Are No Longer Safe

1. Polluted ads
2. SQL injection attacks
3. User-provided content
4. Stolen site credentials
5. Compromised hosting service
6. Local malware
7. Hacker-engineered fakes

(tags: security web-based malware phd)
Pro Git - Pro Git Book

Free online, creative commons book on git

(tags: github creativecommons ebook git free online opensource)
Git - Fast Version Control System

(tags: versioncontrol git opensource tutorials reference)
YouTube - O'Reilly Webcast: Git in One Hour

Good introduction to git

(tags: git screencast tutorial)

Delicious LiveJournal Links for 8-26-2009

Wed, 26 Aug 2009 23:08:45 GMT

15 most dangerous celebrity searches - Boston.com

While searching the Web for the latest celebrity news and photos may be your favorite Internet pastime, it can also potentially lead to some unintended pain.

(tags: security malware phd)

Delicious LiveJournal Links for 8-25-2009

Tue, 25 Aug 2009 23:10:36 GMT

VMchannel Requirements - KVM

Use Cases

* Guest - Host clipboard copy/paste operations
o By a VMM or via an internal API within qemu
* libguestfs (offline usage)
o For poking inside a guest to fetch the list of installed apps, etc.
* Online usage
o Locking desktop session when vnc session is closed
* Cluster I/O Fencing aka STONITH
o Current models require networking between guest/host
+ fence_virsh, xen0 -> ssh to defined host and to perform fencing; no migration tracking; requires ssh key distribution to work.
+ fence_xvm -> tracks migrations, but requires multicast between guest/host; distributed key recommended but not required
o Using VMChannel-Serial, the requirement of guest-host can be avoided
o Key distribution of any sort can be avoided, making this easier to configure than existing solutions

(tags: virtualization kvm phd)
Microsoft Application Virtualization Technical Overview

Application virtualization is at the heart of Microsoft Application Virtualization (App-V). It decouples applications from the operating system and enables them to run as network services. Application virtualization can be layered on top of other virtualization technologies—network, storage, machine—to create a fully virtual IT environment where computing resources can be dynamically allocated in real-time based on real-time needs. App-V's patented application virtualization, dynamic streaming delivery, and centralized management technologies make everything from deployments and upgrades to migrations and business continuity initiatives easier and faster with better agility

(tags: virtualization microsoft technology app-v phd)
Metasploit: Browser fuzzing for fun and profit

From Metasploit blog (3 years ago): Considering how many browser bugs are turning up, maybe its time we develop a consistent, reusable API for exploiting browsers. So many exploits are using Skylined's heap spraying technique, we may as well add animated progress bars, DHTML layers, and trance background music to the Metasploit Framework modules :-)

(tags: security bugs malware phd)
Heap spraying - Wikipedia, the free encyclopedia

heap spraying is a technique used in exploits to facilitate arbitrary code execution. The term is also used to describe the part of the source code of an exploit that implements this technique. In general, code that sprays the heap attempts to put a certain sequence of bytes at a predetermined location in the memory of a target process by having it allocate (large) blocks on the process' heap and fill the bytes in these blocks with the right values. They commonly take advantage from the fact that these heap blocks will roughly be in the same location every time the heap spray is run.

(tags: security malware phd)
DriverDomain - Xen Wiki

A driver domain is unprivileged Xen domain that has been given responsibility for a particular piece of hardware. It runs a minimal kernel with only that hardware driver and the backend driver for that device class. Thus, if the hardware driver fails, the other domains (including Dom0) will survive and, when the driver domain is restarted, will be able to use the hardware again.

(tags: xen virtualization phd)
Real-Time Keyloggers

Real-time keyloggers were first discovered in the wild last year, but the court filing and the Times article should bring new attention to the threat. The technique menaces the 2-factor authentication that some banks have instituted

(tags: security keylogging malmare phd)

Delicious LiveJournal Links for 8-18-2009

Tue, 18 Aug 2009 23:07:42 GMT

Researchers Boot Million Linux Kernels to Help Botnet Research

Scientists at Sandia National Laboratories are harnessing more than a million Linux kernels as virtual machines as part of an effort to aid researchers to better analyze botnet behavior.

(tags: security botnets virtualization linux)

Delicious LiveJournal Links for 8-10-2009

Mon, 10 Aug 2009 23:08:13 GMT

Twitter crippled by denial-of-service attack | The Social - CNET News

Twitter was inaccessible for several hours on Thursday morning, followed by a period of slowness and sporadic time-outs (and more outright downtime). The company is blaming an "ongoing" denial-of-service attack but has not said anything further. Facebook has also confirmed that it was targeted by a DoS attack that rendered some of its features slow or non-functional.

(tags: security internet twitter news ddos facebook botnets phd)

Delicious LiveJournal Links for 7-29-2009

Wed, 29 Jul 2009 23:07:58 GMT

Almost all Windows users vulnerable to Flash zero-day attacks

More than 9 out of every 10 Windows users are vulnerable to the Flash zero-day vulnerability that Adobe won't patch until Thursday, a Danish security company said today.

(tags: security windows flash phd)

Delicious LiveJournal Links for 7-25-2009

Sat, 25 Jul 2009 23:06:32 GMT

Flash security vulnerability exploited in PDFs - Ars Technica

When Adobe released Acrobat 9 last year, the company introduced support for embedding Flash media in PDF files. This feature is now being used by attackers who are exploiting a new vulnerability in Adobe's Flash media plugin. The vulnerability allows remote code execution, making it a potential vector for malware deployment.
...
As a temporary measure to eliminate the security risk, Adobe recommends disabling Flash support in Acrobat Reader by renaming or deleting the "authplay.dll" file. Doing so will cause Acrobat Reader to abort when it attempts to reads a Flash-enabled PDF.
...
Wouldn't it be nicer if it was running in a sandbox instead (Virtual Machine Appliance, for example)

(tags: security malware windows PDF flash adobe phd)

Delicious LiveJournal Links for 7-11-2009

Sat, 11 Jul 2009 23:04:23 GMT

Slashdot News Story | Firefox To Get Multi-Process Browsing

"...multi-process browsing will be coming to Firefox. The project is called Electrolysis, and the developers "have already assembled a prototype that renders a page in a separate process from the interface shell in which it is displayed." Mozilla's Benjamin Smedberg says they're currently "[sprinting] as fast as possible to get basic code working, running simple testcase plugins and content tabs in a separate process," after which they'll fix everything that breaks in the process. Further details of their plan are available on the Mozilla wiki, and a summary is up at TechFragments."

(tags: firefox security google chrome browser phd)

Delicious LiveJournal Links for 7-7-2009

Tue, 07 Jul 2009 23:09:29 GMT

Postini: Google's take on e-mail security | Security - CNET News

"Spam volumes were at a peak in November before the McColo ISP was shut down, prompting an estimated 70 percent drop in spam volumes practically overnight. Within about four months, the spam spigot was flowing as heavy as before as spammers found new hosters for their operations..."

"...Postini found that one attack alone, on June 18, unleashed 50 percent of a typical day's spam volume in just two hours. The attack featured an e-mail that looked like a legitimate newsletter from CNN but which had malicious links and images in it"

(tags: security internet virus email spam phd google botnets)

Delicious LiveJournal Links for 6-26-2009

Fri, 26 Jun 2009 23:07:05 GMT

Stop Password Masking (Jakob Nielsen's Alertbox)

"Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures."

A lot of truth in this article, especially for new users. What do you think?

(tags: security passwords usability)

Wedding Photo Album

Thu, 25 Jun 2009 03:53:03 GMT

The wedding photos are online:
http://picasaweb.google.com/deshantm/WeddingAlbum

Wedding Album

I commented on most of the photos.

For my earlier reaction to the wedding see:
http://deshantm.livejournal.com/36750.html

and in case you missed them, the honeymoon pics:
http://picasaweb.google.com/deshantm/Honeymoon

Honeymoon

Delicious LiveJournal Links for 6-24-2009

Wed, 24 Jun 2009 23:08:43 GMT

Analysis of an Intrusion

“Why do strong passwords matter?” “Who cares about my data? I don’t have anything worth stealing.” These are common arguments raised by users when presented with the requirement of using strong passwords. The strongest counter-example to these arguments came this week in the form of a compromised user account. Let’s travel back in time…

(tags: security clarkson phd)

Delicious LiveJournal Links for 6-20-2009

Sat, 20 Jun 2009 23:05:49 GMT

Browser Security - ACM Queue

A nice article from Google Chrome developers on browser security.

"There is no silver bullet for providing a perfectly secure browser, but there are several techniques that browser developers can use to help protect users. Each of these techniques has its own set of challenges.

In particular, browsers should minimize the danger that users face using three techniques:

Reduce attack severity by applying the principle of least privilege in the browser architecture. This technique limits the damage caused when an attacker exploits a vulnerability.
Reduce the window of vulnerability by ensuring updates are developed and deployed as quickly as possible. This technique minimizes the number of vulnerable browsers an attacker can target.
Reduce how often users are exposed to attacks by filtering out known malicious content. This technique protects users during vulnerable time windows.."

(tags: security browser google chrome phd)

Delicious LiveJournal Links for 6-13-2009

Sat, 13 Jun 2009 23:08:15 GMT

German Design Firm Calls Its Car Concept "Open Source"

"is based on a core chassis which can accommodate many modular types of exterior designs. Going further with the modularity concept, it has daisy-chained organic light-emitting diodes (OLEDs) under its surface that allow the user to configure the look of everything from headlamps to brake lights to the car's interior. Although EDAG is approaching other companies to help with the design, it's a stretch to call this car open source, but it does leverage open source concepts."

(tags: opensource writing cars)
Riversimple to Unveil Open Source Car in London This Month

"The team decided to release the car's designs under an open source license in order to speed up the time it takes to develop the vehicle while also driving down the cost of its components. There's an altruistic value to the idea as well:

Human society is facing the twin challenges of peak oil and climate change, and transport represents a significant proportion of global emissions.We urgently need more fuel efficient vehicles, and by sharing our ideas and our designs we hope to encourage others to adopt this novel technology. "

(tags: opensource car fuel technology)
The inside story of the Conficker worm - tech - 12 June 2009 - New Scientist

A really good explanation of the Conficker worm's evolution

They call it the worst they have seen, but we have been hearing about these types of things for a long time.

A good defense: don't use the most popular systems

(tags: security conficker worm botnets phd)

Delicious LiveJournal Links for 6-11-2009

Thu, 11 Jun 2009 23:09:27 GMT

eChannelLine USA - Palo Alto Networks announces new breed of firewall software

"Any application can use any port and firewalls tend to make all policies and assumptions based on ports so they don't really do anything anymore," said Chris King, Palo Alto Networks director of product marketing. "You've got this whole crop of firewall helpers that came up into orbit around the firewall and our contention is if you fix the firewall . . . you can rip off a lot of the band-aids."

(tags: security firewall phd)

Delicious LiveJournal Links for 6-6-2009

Sat, 06 Jun 2009 23:05:04 GMT

How to Write a PhD Thesis

A really nice howto on writing a PhD Thesis

(tags: phd research howto advice dissertation)

Delicious LiveJournal Links for 5-27-2009

Wed, 27 May 2009 23:08:21 GMT

W32/Bagle@MM | Virus Profile &amp; Definition | McAfee Inc.

Old mass mailing worm that pretends to be the windows calculator.

It also listens on a port.

(tags: security virus worm phd)
OverTheWire - Wargames

The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of funfilled games. To find out more about a certain wargame

(tags: hacking games challenge security research wargames)

Delicious LiveJournal Links for 5-22-2009

Fri, 22 May 2009 23:40:08 GMT

SOSP 2007 Program

Symposium on Operating Systems Principles 2007

(tags: conferences operating_systems phd)
OSDI '08 Technical Sessions

Operating Systems Design and Implementation

(tags: conferences operating_systems phd)
FAST '09 Technical Sessions

File and Storage Technlogies (USENIX)

(tags: conferences filesystem phd)
A Conversation with Van Jacobson - ACM Queue

A really nice audio interview.

The TCP/IP pioneer discusses the promise of content-centric networking with BBN chief scientist Craig Partridge.

(tags: internet content-centric networking)

Prime numbers and age correlation

Tue, 19 May 2009 04:37:09 GMT

So, I can't find any other people claiming this, so I thought I would throw it out there (for fun and for discussion).

It seems that prime numbers very much correlate with ages of prime. Prime ages, for different things of course.

Some examples:

2 is a prime age (anybody that has met most 2-year olds knows why this is true)
3 is still prime age to be a little kid
5 is a prime age to start school
7 is a prime age, 7 is a great time to be in second grade, 7 is also a lucky number and good second grade teachers are most common.
11 is prime time to get good at math and memorize multiplication tables.
13 is a prime age to become a teenager.
[Notice nothing prime between 13 and 17]
17 is prime age to be in high school, hanging out.
19 is a prime age to play sports (athletic prime), be in college, and all that goes with that.
23 is a prime age to go to grad school or finish college and get a job.
[Notice again nothing prime between 23 and 29]
29 is a prime age to be married.

I'll stop here for now. I am not yet 29 even, but my wife is.

Notice that interestingly enough 16, 18 and 21 are not prime, I bet a lot of people would consider these key/prime ages...

Ok, so as far as I know (I couldn't find anything with a google.com or searchme.com search), you heard it here first - prime numbers seem to very much correlate with prime ages. Your mileage may vary of course and as always, feel free to comment, disagree, or give your personal experiences.

Delicious LiveJournal Links for 5-18-2009

Mon, 18 May 2009 23:09:02 GMT

Crossroads - Spring 2009

HCI and Theology: Chalk and Cheese by Steve Clough.

A really interesting ACM Crossroads article on HCI + Theology

(tags: computers hci theology)

Delicious LiveJournal Links for 5-16-2009

Sat, 16 May 2009 23:06:16 GMT

Why Common Risk Scores Matter (Sync)

The date is May 12th 2009 and you are a mild mannered IT manager anticipating a single bulletin from Microsoft and a possible update from Adobe. The team has their assignments; their computers are locked and loaded. The team is ready to execute on the planned patch release mechanisms.

(tags: security IT patches phd)