Bookmarks.MD

mcafee/mysql-audit · GitHub

philsci — Thu, 29 Mar 2012 00:45:58 +0000

Audit Plugin This is a release of Audit Plugin for MySQL 5.1 and 5.5. Audit Plugin is brought to you by McAfee, Inc www.mcafee.com.

via mcafee/mysql-audit · GitHub.

vitess – Scaling MySQL databases for the web – Google Project Hosting

philsci — Tue, 27 Mar 2012 08:52:41 +0000

The main goal of the vitess project is to provide servers and tools to facilitate scaling of MySQL databases for the web. The Project Goals page has more details on this.Vtocc is the first usable product of vitess. It acts as a front-end to MySQL providing an RPC interface that accepts and transmits SQL commands. It is capable of efficiently multiplexing a large number of incoming connections 10K+ over a small number of db connections at reasonable throughput ~10kqps. It also has an SQL parser which gives the server the ability to understand and intelligently reshape the queries it receives.Vtocc is already being used in a large scale production environment. It is the core of YouTube’s new MySQL serving infrastructure.

via vitess – Scaling MySQL databases for the web – Google Project Hosting.

Cache them if you can | High Performance Web Sites

philsci — Fri, 23 Mar 2012 07:33:07 +0000

I always smile when I hear a web performance speaker say this. I forget who said it first, but I’ve heard it numerous times at conferences and meetups over the past few years. It’s true! Caching is critical for making web pages faster. I’ve written extensively about caching:

via Cache them if you can | High Performance Web Sites.

OpenFlow – Enabling Innovation in Your Network

philsci — Mon, 05 Mar 2012 01:00:43 +0000

OpenFlow capable firmware for HP switches is now available without requiring special license. It can be downloaded by customers/partners from HP’s website.Current version is K.15.05.5001for OpenFlow researchers only as Early Availability and here is how I downloaded it: Go to http://www.hp.com/networking/support You will be required to sign-in to download the firmware. If you have your account, go to the next step. Otherwise, create it now and come back. To crate your account, place the mouse pointer over the “Sign-in” link on top right corner. Another menu pops up and click “Create new account” and follow the instruction. In Auto Search text-box, type the part of the product name e.g., 5400 or 6600 Select appropriate product check the check box Click “Display Selected” button Click “software downloads” link a bit hard to find.. look for light-blue link on the right side Find the proper firmware and click the link shown as “>>”. As of the timing of this blog post, “K.15.05.5001 for OpenFlow researchers only” in Early Availability is the one. You’re required to sign-in. Click “Sign-in with HP Passport” button. Sign-in Finally. Click “Download” button Read the SUPPORT CAUTION first.

via OpenFlow – Enabling Innovation in Your Network.

ソーシャルマーケティングにブランドコントロールは御法度 – (page 2) – CNET Japan

philsci — Fri, 17 Feb 2012 06:48:13 +0000

こんなこと、いったい何年前から言ってんだよ。

これに熊村氏も同調した。「上から情報を落とすブランドコミュニケーションはソーシャルメディアではやりにくい」。企業のブランディング戦略は、基本的に企業側からテレビCMなどを通じて、ブランドメッセージを一方的に伝えるコミュニケーションが中心だった。ところが、ソーシャルメディアではユーザー同士で、好き勝手にそれぞれが持つブランドに対するイメージを語っており、「ボトムアップでブランドが形成される」（熊村氏）。

via ソーシャルマーケティングにブランドコントロールは御法度 – (page 2) – CNET Japan.

google-api-javascript-client – Google APIs Client Library for JavaScript – Google Project Hosting

philsci — Fri, 17 Feb 2012 06:22:00 +0000

Written by Google, this compact and efficient client library provides access to any HTTP-based REST or JSON-RPC API on the web as well as many of Google’s own public APIs.

via google-api-javascript-client – Google APIs Client Library for JavaScript – Google Project Hosting.

Dare Obasanjo – Google+

philsci — Sun, 05 Feb 2012 23:49:37 +0000

This is really crazy when you think about it and makes that video where SteveB laughed at the iPhone even more ironic. Have to agree with the article that Microsoft’s Google obsession was focusing on the wrong competitor.

via Dare Obasanjo – Google+.

Introducing Times » nvie.com

philsci — Fri, 03 Feb 2012 06:37:17 +0000

Lately I’ve been getting sick of working with datetimes and timezones in Python. The standard library offers many different conversion routines, but does not prescribe a best practice way to deal with them. Luckily, Armin Ronacher did in his article Dealing with Timezones in Python.The summary is to never ever work with local datetimes. When a local datetime is input, immediately convert it to universal time and only ever store or calculate with those. Only when presenting datetimes to the end user, convert them to local time again.This seems simple enough, alright. But to actually do it in Python, you still have to think about how to implement it correctly. Every. Single. Time. pytz does help a bit here, but it still isn’t trivial. It should be.Meet Times, a very small Python library to deal with conversions from universal to local timezones and vice versa. It’s focused on simplicity and opinionated about what is good practice.

via Introducing Times » nvie.com.

ACTA fact sheet | EDRI

philsci — Fri, 03 Feb 2012 01:49:47 +0000

Recently, we have seen many rumours and half-truths about ACTA being circulated by campaigners on all sides. And, as the European Commission’s “fact sheet” 10 Myths about ACTA shows, there are also still a lot of misunderstandings. Many decision makers and citizens seem not yet to be aware of ACTA’s serious implications.

via ACTA fact sheet | EDRI.

Nine ways scientists demonstrate they don’t understand journalism | Ananyo Bhattacharya | Science | guardian.co.uk

philsci — Wed, 01 Feb 2012 00:08:25 +0000

Have you heard of Futurity? How about The Conversation? In different ways, these sites and others are bypassing the traditional media model – cutting out the journalist middleman and letting researchers speak more directly to the public. In the case of Futurity, which is backed by a growing number of research-intensive universities, university press officers act as mediators with the site posting more-or-less edited “stories” press releases that are uncontaminated by any sordid contact with the grubby mitts of the reporting classes.

The Conversation, based in Melbourne, is a more interesting hybrid with hacks drafted in to commission and edit contributions from academics.

There’s nothing wrong with these sites. As a critical friend of science, I regard anything that improves informed public debate about research to be a good thing. But if you browse them a little while you can’t help but notice that they’re, well, a little bit dull.

If you’re a scientist or just a science nerd, this should surprise you. Because judging from many people’s reactions to my post on copy-checking this is exactly the sort of “journalism” that you would like to see.

So why doesn’t it work?

Below are some common criticisms and requests that science journalists receive from researchers. I’m not arguing that science journalism cannot be improved, but responding to these criticisms by changing what we do would do nothing to improve the coverage of science. Here’s why.

via Nine ways scientists demonstrate they don’t understand journalism | Ananyo Bhattacharya | Science | guardian.co.uk.

hash-identifier – Hash Identifier – Google Project Hosting

philsci — Tue, 31 Jan 2012 09:14:19 +0000

Software to identify the different types of hashes used to encrypt data and especially passwords.

via hash-identifier – Hash Identifier – Google Project Hosting.

cityhash – The CityHash family of hash functions – Google Project Hosting

philsci — Tue, 31 Jan 2012 08:50:07 +0000

CityHash provides hash functions for strings. The latest stable version is cityhash-1.0.3.tar.gz. Differences between versions are explained in the NEWS file.

The functions mix the input bits thoroughly but are not suitable for cryptography. We provide reference implementations in C++, with a friendly MIT license. The code’s portable; let us know if you encounter problems. To download the code use the .tar.gz file or use svn with these instructions.

The README contains a good explanation of the various CityHash functions. However, here is a short summary:

CityHash64() and similar return a 64-bit hash. Inside Google, where CityHash was developed starting in 2010, we use variants of CityHash64() mainly in hash tables such as hash_map.

CityHash128() and similar return a 128-bit hash and are tuned for strings of at least a few hundred bytes. Depending on your compiler and hardware, it may be faster than CityHash64() on sufficiently long strings. It is known to be slower than necessary on shorter strings, but we expect that case to be relatively unimportant. Inside Google we use variants of CityHash128() mainly for code that wants to minimize collisions.

CityHashCrc128() and CityHashCrc256() and similar are additional variants, specially tuned for CPUs with SSE4.2.

via cityhash – The CityHash family of hash functions – Google Project Hosting.

SpookyHash: a 128-bit noncryptographic hash

philsci — Tue, 31 Jan 2012 08:49:34 +0000

SpookyHash is a public domain noncryptographic hash function producing well-distributed 128-bit hash values for byte arrays of any length. It can produce 64-bit and 32-bit hash values too, at the same speed, just use the bottom n bits. The C++ reference implementation is specific to 64-bit x86 platforms, in particular it assumes the processor is little endian. Long keys hash in 3 bytes per cycle, short keys take about 1 byte per cycle, and there is a 30 cycle startup cost. Keys can be supplied in fragments. The function allows a 128-bit seed. It’s named SpookyHash because it was released on Halloween.

via SpookyHash: a 128-bit noncryptographic hash.

magnusvw/hollywoodr – GitHub

philsci — Tue, 31 Jan 2012 08:45:27 +0000

The script will check if the user viewing the page is using an IP address that is suspected to be owned or used by RIAA, MPAA or such. This calls a service on another server because Javascript has no way of determining a users IP. This service stores no information about the caller.

You can test the script by adding #iamabastard to the URL of the page where it is included.

via magnusvw/hollywoodr – GitHub.

Backbone.js

philsci — Tue, 31 Jan 2012 08:43:12 +0000

Backbone.js gives structure to your serious JavaScript web applications by supplying models with key-value binding and custom events, collections with a rich API of enumerable functions, views with declarative event handling, and connects it all to your existing API over a RESTful JSON interface.

via Backbone.js.

Measurement Science for Complex Information Systems

philsci — Wed, 18 Jan 2012 08:02:52 +0000

This project aims to develop and evaluate a coherent set of methods to understand behavior in complex information systems, such as the Internet, computational grids and computing clouds. Such large distributed systems exhibit global behavior arising from independent decisions made by many simultaneous actors, which adapt their behavior based on local measurements of system state. Actor adaptations shift the global system state, influencing subsequent measurements, leading to further adaptations. This continuous cycle of measurement and adaptation drives a time-varying global behavior. For this reason, proposed changes in actor decision algorithms must be examined at large spatiotemporal scale in order to predict system behavior. This presents a challenging problem.

via Measurement Science for Complex Information Systems.

NIST Randomness Beacon

philsci — Wed, 18 Jan 2012 08:01:19 +0000

NIST is implementing a proof-of-concept prototype of a trusted public source of randomness, conformant to Sp 800-90. The source is designed to provide unpredictability, autonomy, and consistency. Unpredictability means that users cannot algorithmically predict bits before they are made available by the source. Autonomy means that the source is resistant to attempts by outside parties to alter the distribution of the random bits. Consistency means that a set of users can access the source in such a way that they are confident that they all receive the same random string.

The theoretical community has developed many clever cryptographic security protocols over the years for access, authentication, privacy, and authorization in networking and e-commerce applications. However, except for the simplest and most basic protocols, few have been widely deployed. A major reason concerns efficiency. Many of the more sophisticated security protocols, such as Zero Knowledge proof systems, are highly interactive and require too many communication rounds to be feasible in most situations. Other privacy-preserving protocols eliminate the need for many rounds of communication but assume the availability of a trusted source of randomness, an assumption that is not generally valid at present.

via NIST Randomness Beacon.

High Performance Enabled SSH/SCP [PSC]

philsci — Wed, 11 Jan 2012 09:22:53 +0000

SCP and the underlying SSH2 protocol implementation in OpenSSH is network performance limited by statically defined internal flow control buffers. These buffers often end up acting as a bottleneck for network throughput of SCP, especially on long and high bandwith network links. Modifying the ssh code to allow the buffers to be defined at run time eliminates this bottleneck. We have created a patch that will remove the bottlenecks in OpenSSH and is fully interoperable with other servers and clients. In addition HPN clients will be able to download faster from non HPN servers, and HPN servers will be able to receive uploads faster from non HPN clients. However, the host receiving the data must have a properly tuned TCP/IP stack. Please refer to this tuning page for more information.

via High Performance Enabled SSH/SCP [PSC].

Roger and Mike’s Hypernet Blog • Technology Waves and Valuations: Are We in a Social Networking Bubble? • Technology Waves and Valuations: Are We in a Social Networking Bubble?

philsci — Tue, 10 Jan 2012 06:40:50 +0000

In what felt like a less exciting turn of events, an aspiring lawyer friend of mine talked me into taking an Intro class on Logic. I didn’t expect to like it very much, but since I was suspicious of lawyers for the most part, I thought it would be good to learn a few things about how they practiced their craft. I was really surprised at how cool it was. One of the topics that fascinated me was how people use logical and rhetorical fallacies to win an argument. My favorite example was the “false dilemma” which is also called the “either-or fallacy.” After that class, I learned to always be on the lookout for the various rhetorical weapons used by people to advance their agendas.

via Roger and Mike’s Hypernet Blog • Technology Waves and Valuations: Are We in a Social Networking Bubble? • Technology Waves and Valuations: Are We in a Social Networking Bubble?.

Introducing “Python for Android” « Txzone

philsci — Tue, 10 Jan 2012 06:21:45 +0000

Pro:

A blacklist.txt file that can be used to exclude files in the final APK

Reusable distribution for other applications

Modular recipes architecture

Be able to build independents python distributions

Cons:

You need a main.py file that will be used for starting your application

Only one java bootstrap available, using OpenGL ES 2.0.

Only Kivy toolkit is working. I’m sure that other people can enhance it to add other toolkit recipes. But for example, pygame is not gonna to work because the android project is OpenGL ES 2.0: pygame drawing will not work.

via Introducing “Python for Android” « Txzone.

kivy/python-for-android – GitHub

philsci — Tue, 10 Jan 2012 06:20:26 +0000

Python for android is a project to create your own Python distribution including the modules you want, and create an apk including python, libs, and your application.

via kivy/python-for-android – GitHub.

nowjs for Node – Directly call remote functions in Javascript

philsci — Tue, 10 Jan 2012 02:21:47 +0000

NowJS creates a magic namespace “now”, accessible by server and client

Functions and variables added to now are automatically synced, in real-time

Call client functions from the server and server functions from client

via nowjs for Node – Directly call remote functions in Javascript.

LearnBoost/socket.io – GitHub

philsci — Tue, 10 Jan 2012 02:21:17 +0000

Socket.IO is a Node.JS project that makes WebSockets and realtime possible in all browsers. It also enhances WebSockets by providing built-in multiplexing, horizontal scalability, automatic JSON encoding/decoding, and more.

via LearnBoost/socket.io – GitHub.

The Joy of Quiet – NYTimes.com

philsci — Tue, 03 Jan 2012 23:56:11 +0000

ABOUT a year ago, I flew to Singapore to join the writer Malcolm Gladwell, the fashion designer Marc Ecko and the graphic designer Stefan Sagmeister in addressing a group of advertising people on “Marketing to the Child of Tomorrow.” Soon after I arrived, the chief executive of the agency that had invited us took me aside. What he was most interested in, he began — I braced myself for mention of some next-generation stealth campaign — was stillness.

via The Joy of Quiet – NYTimes.com.

Waffles

philsci — Tue, 27 Dec 2011 08:14:41 +0000

Waffles seeks to be the world’s most comprehensive collection of command-line tools for machine learning and data mining. Our native tools have minimal dependencies no interpreter, VM, or runtime environment is necessary, and build cross-platform. If you have a useful data mining tool that meets these criteria, we want it in Waffles.

via Waffles.

Modern Encryption – So Easy a Caveman Could Do It

philsci — Wed, 21 Dec 2011 05:20:07 +0000

One of the obstacles we often face when selling encrypted flash drives involves the “ease of use” argument. Companies want to add security, but are reluctant to inconvenience their users or add costly infrastructure. It’s understandable; if a solution is difficult to utilize, users won’t use it (or won’t use it correctly).

We’ve all seen those Geico commercials where the offended Neanderthal storms off over his portrayal as a simpleton. We chuckle; maybe think of someone we know that fits that description, then don’t give it much of a second thought.

via Modern Encryption – So Easy a Caveman Could Do It.

CryptDB

philsci — Wed, 21 Dec 2011 05:18:26 +0000

Online applications are vulnerable to theft of sensitive information because adversaries can exploit software bugs to gain access to private data, and because curious or malicious administrators may capture and leak data. CryptDB is a system that provides practical and provable confidentiality in the face of these attacks for applications backed by SQL databases. It works by executing SQL queries over encrypted data using a collection of efficient SQL-aware encryption schemes. CryptDB can also chain encryption keys to user passwords, so that a data item can be decrypted only by using the password of one of the users with access to that data. As a result, a database administrator never gets access to decrypted data, and even if all servers are compromised, an adversary cannot decrypt the data of any user who is not logged in. An analysis of a trace of 126 million SQL queries from a production MySQL server shows that CryptDB can support operations over encrypted data for 99.5% of the 128,840 columns seen in the trace. Our evaluation shows that CryptDB has low overhead, reducing throughput by 14.5% for phpBB, a web forum application, and by 26% for queries from TPC-C, compared to unmodified MySQL. Chaining encryption keys to user passwords requires 11-13 unique schema annotations to secure more than 20 sensitive fields and 2-7 lines of source code changes for three multi-user web applications.

via CryptDB.

Bernardo Damele A. G.

philsci — Mon, 19 Dec 2011 08:30:39 +0000

In the previous post of this series, I briefly explained what the Windows Security Account Manager SAM is, how to dump Windows local users’ password hashes from SAM having physical access to the target system or following a remote compromise of the machine, post-exploitation.Remotely, there exist three possible techniques: legacy, volume shadow copies and in-memory dump. Lastly, I highlighted the most widely used tools for the in-memory hashes dump and I collected and released them in this spread-sheet along with other tools that I will discuss later.

via Bernardo Damele A. G..

beef – Browser Exploitation Framework – Google Project Hosting

philsci — Mon, 19 Dec 2011 02:12:10 +0000

The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors. The framework allows the penetration tester to select specific modules in real-time to target each browser, and therefore each context.The framework contains numerous command modules that employ BeEF’s simple and powerful API. This API is at the heart of the framework’s effectiveness and efficiency. It abstracts complexity and facilitates quick development of custom modules.

via beef – Browser Exploitation Framework – Google Project Hosting.

Five years of open-source Java: Freedom isn’t (quite) free • The Register

philsci — Mon, 05 Dec 2011 07:22:45 +0000

Open-source Java: Part One Open source Java has a long and torrid history, rife with corporate rivalry, very public fallings-out, and ideological misgivings. But has all the effort and rumpus that went into creating an officially sanctioned open JDK been worth it?

Java co-creator James Gosling certainly thinks so – although he didn’t seem entirely open to the idea in the early days.

Gosling told The Reg that putting Java under the GPL has helped unify what was a fractured community while making the code freely available has helped uptake from a grassroots up.

via Five years of open-source Java: Freedom isn’t (quite) free • The Register.