Mixed links

Installing DokuWiki on a SourceForge account – it seems that SF has some more complex security policies (which is good), but it takes a little command-line kung-fu to install DW (because it needs write access to some directories).

Guaranteeing deletion – an interesting thought-experiment on how to guarantee the fact that a hostile system executes your commands. The proposed solution: make it repeat back the things you have written to it and hope that it doesn’t have enough “off-line” storage to keep it separate from the disk. What I see as a problem: the system could still keep a part of the info in RAM, preserving at least part of the disk. Also, the data must be as random as possible, because otherwise much more can be kept in a smaller space using compression.

Optimizing strlen – an interesting article exploring different low-level optimizations. That said, measure first, optimize second. Or more precisely: set goals first, measure second and optimize third.

A collection of Linux performance measurement related posts:

• How do I examine the Linux Page Cache?
• System Activity Data - What is the System up to? – about sadc, which seems to be the equivalent of System Performance Counters under Windows
• iostat -x

In Oracle everything is a NUMBER – while this is a nice abstraction, I really hope that there is some optimized code for specific use-cases behind the scene (like INTEGERS), otherwise it seems to be a big waste of performance.

A Perl one-liner for testing primeness – it is complicate and less efficient than even my naive implementation, but nonetheless cool.

The end-rant about the Ask toolbar – wondered why some people were so touchy about products (big brand-name products!) bundling the Ask toolbar? Read this.

Something funny from ChuckChat:

From MarkMonitor we can get a nice whitepaper about entities involved in a phish take-down. Nothing particularly new, but it is nice to seem them summarized in one place.

From BlogSecurity, we have a link to 10 tips to make Wordpress hack-proof. While the title is a little overstated (it won’t make your site 100% secure), but it is still worth implementing. Also check out How to Firewall Your WordPress Blog.

Staple and Unstaple – some cryptographic transforms which offering interesting guarantees.

A good webcomic

Plotting SVG from PostgreSQL with PLPython – interesting, regardless of your opinion about which layer this code should reside in.

From the SANS diary I got the link to the Ubuntu Security Notices page. They also have an RSS feed, so that you can subscribe to the notifications.

Infosec can be fun, especially when coupled with karaoke:

Part 2 for top 10 RDP misconceptions – interesting, but the security part is still marketing blah-blah. Crypto is hard to get right, even if it is “full-blown” and “standard based” (just take a look how the Wii public-key crypto got broken).

Independent Attack Discoveries – why it is infeasible to assume that you can keep vulnerabilities secret. Even for highly technical stuff we have multiple independent parties working on it, so any website vulnerabilities are almost certainly known to multiple parties (many of whom are probably malicious!)

Penny Arcade Podcast – it’s not listed elsewhere on their site.

From Roger's Security Blog: how virtualization can hurt you – the virtualized DC synchronized its time with the NTP server, but then it was forced to synchronize with the host, which had the wrong time (BTW, a cool fact: time.windows.com is part of pool.ntp.org! Very good MS!)

Via the WinDirStat blog: National Language Support (NLS) API Reference on MSDN. A handy little table if you are interested in different values (like codepages, LCID, etc) for a particular language / culture.

Picture taken from donnamarijne's photostream with permission.