Back to Top

Tuesday, March 24, 2009

Mixed links

2300956157_971108d150_oThis post will be quite “video-heavy”, so I won’t embed all the videos (because the post would load very hard), rather I will just link to them.

Nate Koechley: "Professional Frontend Engineering" – a good introduction in the topic. Covers progressive enhancements and similar topics. If you are already well-versed in the basics, there isn’t anything particularly new here.

Gopal Venkatesan: "Writing Efficient JavaScript"  - interesting micro-benchmarks. The presentation itself is not as clear as it could be (there are also some elemental mistakes like measuring at the microsecond level – measurements for such short timeperiods in modern multi-tasking OSs are almost meaningless). But there are a couple of ideas which might be worth considering.

Nicholas Zakas: "Maintainable JavaScript" – the title says it all :-)

Attacking Layer 8: Client-Side Penetration Testing SOURCE Boston Edition – good presentation about the client-side capabilities of Metasploit (“user assisted exploitation” :-)). As a related note: on the Techie working in a corporate world blog you can find a lot of Metasploit scripts, which is encouraging seeing how I ranted about the fact that all the tutorials are videos.

Ether: Malware Analysis via Hardware Virtualization Extentions – nothing incredibly new (in fact my diploma thesis was very similar to this, the difference being that I patched Qemu to do this – with hardware support this is much faster), but still interesting. There is of course the problem of how much you let the (suspected) malware interact with the “interwebs”? Make it too little, and samples won’t run. Make it too much, and you risk participating in a DDoS attack.

Via the Enterprise Application Whitelisting blog: the Cisco guide to check the validity of IOS images before updating the routers. Their recommendation? Check the MD5! Fail! MD5 is insecure and has been broken several times publicly. I understand that their legacy tools only support MD5, but at least publish the SHA1 (or preferably SHA-256 and SHA-512) sums and give people instructions on how to validate them manually. How often do you update the firmware that this is a burden?

From certifiedbug.com: a musical ad from FTC instructing people on how to verify their credit reports and avoid falling for fake sites.

Via glasblog: The 2009 Google Summer of Code ideas from The Honeynet Project have been announced. If you’re a student, check it out and make some good money (4500 USD AFAIK).

From taint.org: How to merge a ramdrive and physical drive under Linux, so that the data overflows to the physical drive when the ramdrive is full. Interesting.

How to blog anonymously (via the Tor blog): Anonymous Blogging with Wordpress & Tor. This can be increasingly important as countries traditionally thought of as “democratic” begin to also severely restrict free speech (see the recent cases in the UK, Australia and New-Zeeland).

From the Security4All blog: EFF Re-Launches Legal Guide for Bloggers. See the complete list of questions. While mainly (only) applies if you are in the USA, it is a good idea for all of us to look trough it. For a more international version see How to avoid libel and defamation from the BBC. It is quite chilling to read trough these texts, as they are a reminder of the fact that law and justice are two separate things.

Via GlasBlog (sorry for all the non German-speakers):

  • A central honeypot to collect RFI attempts – this could be improved with mod_proxy, since there is no telling that the automated scanning tool actually follows 3xx redirects (or that it follows them off-site)
  • The Schnucki project – an other project aimed at watching web-crawlers which collect e-mail addresses

The Enso Launcher – a quick way to launch executables and perform other tasks on your computer. Also, it is free :-)

From dammit.lt: Linux 2.6.29 has been released and it can cause a performance hit if you don't watch the settings.

From absoblogginlutely's Bookmarks on Delicious: 10 things you should know about connecting Macintosh OS X systems to Windows networks – they are mostly Samba related, so you can look at them also from a Linux perspective.

Why I Sued Google (and Won) – a tale about how somebody disputed the fact that their AdSense got closed in court and got a favorable verdict. Now I never used AdSense (or other ad services), but it is good to know that you might have recourse (of course, if you are outside of the USA, it is an entire other case).

Picture taken from Tony the Misfit's photostream with permission.

0 comments:

Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.