VMware replaces CEO - and why didn't they just virtualize their CEO?
sysadmin - 1.2.2008 - 9.7.2008
Apple just gave out my Apple ID password because someone asked - ouch. Very poor show, Apple.
Drobo - doesn't sound uncool, that thing. Data redundancy at array level when using heterogeneous disk configurations, that's already nice. Classic arrays often have the problem that only equal disk sizes are used (larger disks then have unused free space), which is why increasing the capacity forces you to replace all disks. Something like the Drobo is of course much more flexible, and behind the Time Capsule it would also be a quite practical device. And the price is not really shockingly high - considering what you get for it.
WikidBASE - interesting mix of wiki and structured database. Found at Schockwellenreiter.
ICANN and IANA Defacements - the domains of the domain authority temporarily stolen. Ouch.
Graphite - sounds very interesting, a package for visualizing time series data. Basically what RRDTool would have wanted to become if it were big. Possibly a good alternative to Munin in our monitoring. And it is Python code.
iPhone 3G: T-Mobile promises unlimited VPN usage - T-Mobile's argumentative wavering is simply ridiculous and proves that the company has no clue about a) what customers expect today and b) what the iPhone actually represents and offers. But fortunately, c) also applies - T-Mobile is simply too stupid to effectively prohibit or restrict anything. Nevertheless, with their behavior, they would easily become the laughing stock of the industry if the competitors were not even more stupid and ridiculous.
AVG is a pig of a software - because it makes background accesses to search results during search queries, in order to set its own silly malware scanners on them, before the user even decides whether to visit one of the links. And it blows up the web traffic - and then also disguises these accesses as normal user accesses - fake weblogs, distorted access statistics, web traffic up - and all just for the sale of some digital snake oil ...
Keylogger in JavaScript with IE up to version 8beta - ouch. That hurts. And I wonder again why one has to install such essential functions as NoScript via extension even with Firefox. Such things belong as basic tools directly into every browser. And no, the simple on/off for JavaScript, which is offered, is no alternative - in times of Ajax interfaces you need JavaScript again and again.
It's L-i-n-u-x, that is an Operating System - ouch. You can't make this up, only reality can bring this.
One Man, One Long List, No More Web Ads - what surprises me about this discussion on "ad blockers threaten the business model of websites that rely on advertising" is that no one questions this pathetic and dumb business idea. It's quite simple: if you run a business and don't make profits, the business idea is simply useless. Find another one. Ad blockers threaten your income? Well, then it's probably time to return to honest work, isn't it?
Telekom eavesdropped on alleged hackers - "According to the report, electronic surveillance of four telephone numbers in Hennef, Rhineland, began in December 1996 under the codename 'Bunny'. Conversation contents were also recorded. A total of nearly 120 calls were reportedly captured." - another reason why such fundamental infrastructure as telecommunications simply does not belong in private hands, as it can be controlled far too little. However, abuse cannot be ruled out even in state-owned companies or agencies, but at least there are rudimentary controls in place.
Old Google Mail domain banned in Germany - click and laugh to death. Absurdistan, thy name is Germany ...
The Mundaneum Museum Honors the First Concept of the World Wide Web - steampunk web aus Belgiens 30er Jahre ...
Google is just playing - "«He just wants to play» dog owners often say when their animal obsessively runs towards a stranger, harasses, barks at, jumps on them, and generally restricts their freedom in a highly intrusive manner." - google, the Doberman Pinscher of the Internet.
RetroShare: a secure combined file sharing-Chat-IM F2F service - sounds interesting in concept, would be fun to play around with it. Surveillance by the music industry currently carried out in other networks is of course circumvented - or at least massively hindered - via closed P2P networks, since you can explicitly define trust in partners (like in the PGP Web-of-Trust).
Cocoa Text System - everything you want to know about the text system configuration under OS X (or don't want to know, but can still read about it)
Final farewell to voting computers in the Netherlands - Golem.de - "The Dutch Ministry of the Interior announced the final farewell to voting computers on Friday. In the future, citizens in the country will once again cast their votes with pen and paper. The Dutch Council of Ministers was prompted to make this decision after massive security vulnerabilities in the voting computers were proven last year. The Chaos Computer Club (CCC) demonstrated in mid-2007 how the ROM memory of a Nedap computer can be replaced with a manipulated ROM within 60 seconds. Researchers and the civil rights initiative "Wij vertrouwen stemcomputers niet" ("We do not trust voting computers") had demonstrated further security vulnerabilities." - wouldn't it be great if our politicians would react similarly? However, this is less likely to be expected.
Consequences of the SSH/SSL weakness - clear words about the impact of the bug. Only 32767 different keys were generated for the machines during the time the defective OpenSSL version was in use (at least since spring 2007, if you were on stable). Ouch.
Debian OpenSSL Predictable PRNG Toys - and here are the matching toys to play with the hole. Generating the 32767 keys for various key architectures.
Debian and OpenSSL: The Aftermath - for anyone who has doubts whether they need to recreate their keys: "However, rather than fix the calls to RAND_add(), the Debian maintainer instead removed the code that added the buffer handed to ssleay rand add() to the pool. This meant that the pool ended up with essentially no entropy. Clearly this was a very bad idea." - yes, "essentially no entropy" when generating keys is a really bad idea. Ouch.
Vendors Are Bad For Security - about the "bugfix" in Debian that has made all generated OpenSSL keys more or less unusable since 2006. Thanks for the extra work, you idiots. Funny also the comments in which the OpenSSL developer gets his own rant stuffed back down his throat because the OpenSSL idiots did not deem it necessary to deal with the fix suggested by the Debian developers (except for one who actually signaled thumbs-up). Well. All software sucks.
US officer wants deterrence in cyberspace - cute, these military types, strutting around and talking nonsense.
Munster stands still for a moment - Nonsense, damn it!
hacksector.cc as a model case for § 202 c? - this is where we see what this infamous "hacker paragraph" leads to. Pointless action against a forum. Where is the alleged technical competence of the investigating authorities and the appropriate assessment of the tools in question? All the stupid soothing talk of the prolethicians in Berlin turns out to be exactly that: stupid nonsense without any reference to reality. Yes, credit card data was probably pushed around - which is illegal, but which was already illegal before. But all the fuss about the alleged hackers, the great investigative work and the great success with the "breakup" is simply ridiculous.
Victorian All-in-One PC - nice mod job.
RFID System Mifare Classic cracked? - "According to the recently published work of Nicolas Courtois, Karsten Nohl and Sean O'Neil, it is possible to crack the encryption within seconds using PC hardware without having to pre-calculate extensive tables (Rainbow Tables). The security of the algorithm, according to the researchers' conclusion, is 'close to zero'."
Infection tool for SQL Server and IIS - interesting story. The attacks are becoming more professional.
Lighthouse - also does dynamic port forwarding on the router, but with more options to define things and, for example, bind them to certain applications. However, it is not free, but shareware.
Port Map and TCMPortMapper - a nice little tool that can open ports on routers (provided that the router supports corresponding protocols for remote control). Useful for temporarily making services on your own computer accessible from the internet.
Amazon Web Services Blog: Storage Space, The Final Frontier - it's getting more interesting. Amazon wants to add persistent storage space to EC2 (again paid according to usage).
Network Solutions: Not Just Thieves and Hijackers, Now Using Tactics That Can Get Your Site Banned From Google - oh wow. Network Solutions set up a wildcard A-record for unused subdomains on domains using their DNS, and put ads on them. Someone registers a name to connect it with their business, uses Network Solutions' service for operating the name server, and then is simply screwed over by their service provider.
Strange TCP-networking problems with Mac OS X 10.4 and Solaris 10 - obscure TCP parameters you might want to tweak to possibly boost OS X's sluggish networking.
Google App Engine - wow. Google offers hosted applications based on Python and delivers Django pre-installed. Genius. However, Django is quite crippled, as the entire model part cannot be used (there is no SQL database, only the Google Datastore). Hmm. Maybe it's time to try something new with my blog. It has been running reliably for a long time, it's time to destroy it again ...
Towers of Hanoi - written only with VIM commands (yes, if you paste VIM commands into a buffer and execute them again, you get something like a - very strange - programming language, based on visual text modification. And yes, someone had too much free time)
Norway seeks to reverse Open XML vote at ISO - "Reports of the voting process surfaced on Friday at Computerworld Norge. In a translation of the article at Groklaw, participants said that representatives from Microsoft and Statoilhydro on the Standards Norge committee voted for approval of Open XML. But the other members of the committee were opposed because their comments on the specification were not addressed. Yet the overall vote changed from changed from No to Yes."
OOXML: Waiting for the ISO Decision - if Microsoft's garbage heap (sorry, a "standard" with thousands of pages of explanations and thousands of critical notes and corrections and counter-corrections is simply a garbage heap) were to actually become a standard in the "Fast Track" procedure, the entire ISO procedure would have made itself completely ridiculous and it would be time to find a functioning alternative to this farce. If technical standards are now decided solely on the basis of political intrigues and economic interests, and in a way that clearly and unequivocally ignores the established regulations of the ISO ("Fast Track" is not intended for standards that require extensive discussion), then ISO is simply worthless.
Usability problems with .Mac sync - I can only confirm what Jeffrey Zeldman writes here. Apple's sync tools are simply terrible. I have had the sync of trivial data between my iMac under Leopard and my notebook under Tiger crash multiple times - fortunately, only one is leading, and in an emergency I can simply reset everything. But worse than the sync of simple data (contacts, calendar, etc.) was the sync of the keychain - it took me quite a while to clean up the damage. And the iDisk? Oh man, I only tried to edit 4 OmniOutliner documents on both computers in turn. Result: dreadful. Simply and plainly junk. For documents, I have simply switched back to Mercurial (I use it anyway for my other documents, the outliner files were just a test). It is reliable and stable. Even if it only offers a command line as an interface - for data synchronization, I want stability and not gimmicks. Sync services that crash my data are simply garbage.
After Security Update today: "Bus ... - if you, like me, suddenly get bus-errors with ssh after the update on 18.3, Nicecast has an update for their tools - Instant Highjack is the actual culprit. Install the update from Nicecast and everything seems to run smoothly again.
iTimeMachine - another way to back up to network drives with Time Machine. Not tried, but it should be able to back up to any (not just Time Capsule and Airport) network drives (even those mounted via SMB).
The RIPE analyzes the Youtube-Hijacking - interesting to read.
vimperator - ok, I've seen something like this before, an extension that transforms Firefox into VI operation, but this one seems to go a few steps further than others. Strange.
Murphy's Law Strikes Again: AS7007 - what Pakistan did with Youtube, it has already happened in a much more severe way. In 1997.
Cryptanalysis of A5/1 - "What's new about this attack is: 1) it's completely passive, 2) its total hardware cost is around $1,000, and 3) the total time to break the key is about 30 minutes. That's impressive."
New Research Result: Cold Boot Attacks on Disk Encryption - wow. Simply amazing. This looks really bad for disk encryption - at least when it comes to high security requirements.
Cooperative Linux - crazy, the Linux kernel recompiled as a Windows executable. Booting Linux happens by running the Linux kernel and all drivers are redirected to Win32 APIs.
WiebeTech Micro Storage Solutions - HotPlug - Move a computer to battery power and transport it without ever shutting it down. - coolio, easily pack up and carry a computer while it's running. And thus, for example, negate disk encryption - because if the user is logged in, access to the encrypted media is usually possible (at least if the encrypted drive is logged in). Clever idea.
SCO vs. Linux: Complaints until the end, but without Darl McBride - "An additional $95 million should be provided as a loan over a period of five years, which will be offset against the claims from the lawsuits with Novell, IBM, Red Hat, Autozone, and other companies. The interest on this million-dollar loan should be 17 percent above the current interbank credit rate. Currently, the interest would be approximately 21 percent." - And if they don't pay, the big men with the clubs come and smash a few kneecaps? That sounds more like loan sharks. Therefore, it's probably bearable if they go down with the nonsense of SCO.
In-Depth TimeVault Review: Backing up in Ubuntu is Finally Made Simple!! - when I look at something like this, it's a nice example of a problem in the Open Source community: they understand the features and techniques, but they have no clue about user interface design.
Upload with SCP - with Automator. No idea if I already have it, but it could be useful.