|
|
site admin | May 29th, 2009 | Comments are closed
These are my links for May 29th from 05:17 to 12:45:
- Some stats from Twitter conference compared to… – Robert Scoble – FriendFeed – Anecdotal data from 140tc this week. 200 tweets/second at peak. Didn't see an estimate of current user account population though, I keep seeing site unique visitor estimates, which aren't useful.
- Microsoft Silverlight vs Google Wave: Why Karma Matters | Zoho Blogs – "The real interesting contrast to us, as independent software developers, is the way developers responded to Silverlight as opposed to the reaction yesterday to Google Wave. Both Silverlight and Wave are aimed at taking the internet experience to the next level. To be perfectly honest, Silverlight is a great piece of technology. Google Wave, as yet, is not much more than a concept and an announcement. It is easy to dismiss all this with "Oh, the press just loves to hype everything Google, and loves to hate Microsoft," but that cannot explain why even competitors like us are willing to embrace Google's innovations, but stay away from perfectly good innovations from Microsoft, such as Silverlight? It comes down to one word: karma."
- makerfaire.com: Maker Faire – This weekend at San Mateo Expo Center
- Google Wave Federation Protocol –
- Google Wave API Overview – Google Wave API – Google Code – APIs for Google Wave email / bbs / wiki / chat / collaboration / communications mashup platform introduced yesterday.
- What Emacs Commands Do You Use Most and Find Most Useful? : programming – Reddit thread discussing favorite emacs commands
site admin | March 6th, 2009 | Comments are closed
These are my links for March 4th through March 6th:
- Welcome to VIPERdb – Scripps – VIPERdb is a database for icosahedral virus capsid structures . The emphasis of the resource is on providing data from structural and computational analyses on these systems, as well as high quality renderings for visual exploration.
- Virus images at VIPERdb – If you have ever wanted to make beautiful images of viruses, in colors of your choice, then go to VIPERdb, the virus particle explorer.
- Reverse HTTP – IETF draft-lentczner-rhttp-00.txt – Formal description of the reverse HTTP proposal for initiating connections through firewalls then reversing server and client roles.
- Reverse HTTP – Second Life Wiki – Experimental protocol which takes advantage of the HTTP/1.1 Upgrade: header to turn one HTTP socket around. When a client makes a request to a server with the Upgrade: PTTH/0.9 header, the server may respond with an Upgrade: PTTH/1.0 header, after which point the server starts using the socket as a client, and the client starts using the socket as a server.
- WTFs/m – The only valid measurement of code quality, WTFs/min
site admin | March 3rd, 2009 | Comments are closed
These are my links for March 2nd from 10:48 to 21:40:
site admin | February 24th, 2009 | Comments are closed
These are my links for February 23rd through February 24th:
I hadn’t stopped by the SDForum Security SIG in a while. A few notes from last Thursday’s meeting in Palo Alto:
Gerhard Eschelbeck, CTO at network security company Qualsys, gave a presentation on his analysis of aggregated vunerability data. Their company provides network vunerability scanning and monitoring services, and the 2004 data set used in his study includes over 14 million IP scans, both within corporate firewalls and on the public network. They turned up over 3 million exposed critical vunerabilities, or just over 20% of the scanned systems.
He’s publishing a monthly list of the top 10 internal and external vunerabilities, along with his report on the Laws of Vunerability.
In aggregate, exposure to new vunerabilities decreases exponentially, i.e. with a half life, as patches are deployed or services are disabled. The average half-life in 2004 was 21 days for a critical exploit, meaning that after 21 days, half the vunerable systems had been patched. The time between announcement of a vunerability and the onset of new exploits is coming down faster than the vunerability half-life. As an example, the Zotob patch was released on August 9th, and by the 12th the exploit was propagating in the wild (but the corresponding half life has also been quite short).
The well-known Microsoft patch release schedule, intended to help customers in the IT resource planning, has also become the production schedule for exploit writers, who set up shop with parallel systems, one with and one without the new patches, and rush their code into “production” as soon as possible to hit the vunerability window. IT managers are increasingly faced with bad choices between living with a known vunerability for longer, or rushing into production with an untested patch that may break other systems.
Gerhard’s laws of vunerability:
1. Half-Life – The half-life of critical vulnerabilities is 21 days on external systems and 62 days on internal systems, and doubles with lowering degrees of severity
2. Prevalence -50% of the most prevalent and critical vulnerabilities are replaced by new vulnerabilities on an annual basis
3. Persistence – The lifespan of some vulnerabilities and worms is unlimited
4. Exploitation – The vulnerability-to-exploit cycle is shrinking faster than the remediation cycle. 80% of worms and automated exploits are targeting the first two half-life periods of critical vulnerabilities
Before Gerhard’s talk, Ira Victor also presented some notes from DefCon:
- Going mainstream – half non-tech hackers, people use real names instead of handles
- Physical security getting a lot of attention – QuikSet and Master locks often cited as example of nearly useless locks. Medeco locks were considered good, hard to pick.
- Hotel safes are often similar to kryptonite locks, cylindrical pen hack frequently works.
- ATM vunerability talk by former NSA guy – old atm machines available on ebay -buy it now price = $200, leave atm machine somewhere and acquire card data and pins, then collect the machine and use the data. Defense – look for machines that are built in to a real bank building etc vs transportable ATMs.
- IR hacking – hotel – billing, television, minibar, etc, all hotel traffic appears on the IR link, lots of discussion on Slashdot
Other miscellaneous stuff:
Adobe PDF reader update to 7.0.3 addresses a new critical exploit. New attack vectors appearing through content, rather than direct code. Historically content has been viewed as innocuous, with corresponding user behaviors.
Ira likes Kaspersky or Nod32; says that Symantec and McAfee don’t pick up as many malware packages.
Nod32 on desktop, has low cpu load vs other packages, recently hired many kaspersky staffers. Likes diversity in security vendors across network layers. Ira likes to put kaspersky on server side. Symantec Antivirus, Corporate Edition has local privilege escalation vunerability in past few days.
In a previous post I observed that the PhoneGnome looks like a SPA-3000, with a simpler configuration process for normal people who aren’t interesting in hacking their phone system.
Today, PhoneGnome is offering to convert unlocked SPA-3000 hardware into PhoneGnome adapters for $34.95. (link)
Not sure if you can undo the firmware change afterwards, or what’s in their load. I may check this out when I get some time for Asterisk and phone hacking.
See also: Using the SPA-3000 as an Asterisk PSTN Trunk, PhoneGnome Analog to VOIP adapter
Update 08-23-2005 – the upgrade offer appears to be temporarily suspended, due to configuration issues between various customer supplied SPA-3000 hardware.
An interesting speculative article by Om Malik in the upcoming issue of Business 2.0:
What if Google (GOOG) wanted to give Wi-Fi access to everyone in America? And what if it had technology capable of targeting advertising to a user’s precise location? The gatekeeper of the world’s information could become one of the globe’s biggest Internet providers and one of its most powerful ad sellers, basically supplanting telecoms in one fell swoop. Sounds crazy, but how might Google go about it?
First it would build a national broadband network — let’s call it the GoogleNet
The article goes on to claim that Google has already been purchasing dark fiber from distressed telecoms such as AboveNet, and points out that the bandwidth-intensive services (print, video, music, voice) that lie in Google’s future make it increasingly attractive to consider becoming a network itself, both for control and to avoid transit fees by peering directly to end user ISPs.
via PaidContent
Om Malik writes about a new product called the PhoneGnome, which combines an analog phone line and a LAN port for use with a VOIP service.
But the best part about the gizmo is that, when you try and outgoing call, it basically uses your selection of service provider to place that outgoing call. For someone else with a PhoneGnome to call you for free. They would not have to dial any different number or address. For instance, if my # is 415-555-1212, (and I have PhoneGnome), as a PhoneGnome user, you call 415.555.1212. In case I don’t have PhoneGnome, your call will get routed over the PSTN. On this website, my.phonegnome.com website, PhoneGnome can select a provider for national long-distance, international calls, or both, and select separate providers and plans for each.
The photo looks pretty similar to my Sipura SPA-3000, which also provides both analog phone interfaces and VOIP and a laundry list of configurable bridging functions. I’ve been using the SPA-3000 as a front end to Asterisk, so I’m not as familiar with it’s standalone modes. The PhoneGnome looks like it might be the Sipura hardware, but bundled as a consumer-friendly solution. The SPA-3000 provides lots of configuration options, but isn’t exactly user friendly.
Step-by-step article on using the Sipura SPA-3000 for Asterisk PSTN trunking at GeekGazette, via Sineapps:
For us serious Asterisk PBX geeks out there, the SPA-3000 provides a cost-effective means of bring a PSTN trunk into the PBX while still functioning as an ATA. Not only can you use the SPA-3000 as inbound and/or outbound trunk, you can also easily configure the SPA-3000 as a PSTN failover should the primary trunk into Asterisk fail. Considering what you can buy the SPA-3000 for right now, this is one of the best deals going.
I see from the GeekGazette site that Slashdot has been here as well.
This follows a recent firmware upgrade to the SPA-3000, as described at Voxilla a few days ago:
The enhancements to the SPA-3000, a very popular adaptor among “do-it-yourself” VoIP enthusiasts because of its built-in gateway functionality, includes an often-requested feature allowing PSTN calls to be routed directly to a VoIP destination without the SPA-3000 “answering” the PSTN line until the VoIP destination answers.
Light Reading notes that today’s Q3 report from Cisco had “disappointing” performance in the advanced technology group (VoIP, wireless, security, and other “new” stuff), but
Still, the IP telephony group “blew past” the $1 billion run rate, joining security in the billion-dollar club, Chambers said. Orders in storage networking cooled down, to “mid-single digits” sequentially, but that was after a 40 percent boom in the second quarter. Orders in wireless grew double digits sequentially and in the “high teens” compared with last year’s third quarter.
Cisco is in the process of buying Sipura, which should help grow that $1B run rate as VoIP interfaces sprout in everything on the network.
Update: 08-16-2005 20:46 – You can convert the SPA-3000 to a PhoneGnome, if you’re interested.
via Joi Ito’s Web:
David Beckemeyer writes about an R&D activity at Earthlink which has implemented dual IPv4 / IPv6 access on modified firmware for a Linksys WRT54G wireless home gateway router.
The Linksys WRT54G is inexpensive, widely used, and is similar to many other home gateways providing NAT routing and wireless access. (It’s also popular as a platform hacking wireless router code, as it runs Linux internally). After loading the modified firmware, the router still provides IPv4 NAT functionality, but in addition provides a publicly routable /64 IPv6 network, and can directly route to other public IPv6 networks via the experimental Earthlink IPv6 routing service. You do not need to be an Earthlink customer to use the free service.
In general, IPv6 hasn’t been compelling to home users since it’s been obscure, expensive, and didn’t do anything useful for them. Even if one had a computer running IPv6 software, most home users are behind a NAT router. So providing a migration path via the low cost home routers could be a great enabler for actually starting to use IPv6 end-to-end network applications, and could help solve many of the NAT- and QoS-related problems observed in VoIP and video applications.
Here’s how it works: Simply get an account at http://www.research.earthlink.net/ipv6/accounts.html to get your own personal block of 18,446,744,073,709,551,616 IPv6 addresses; install the firmware onto your standard Linksys WRT54G router, and blamo, you have IPv6. With this special code installed on your Linksys router, your IPv4 works as normal; you’ll still have your NAT IPv4 LAN. But in addition to that, any IPv6 capable machine on the LAN will get a real, honest to goodness, routable IPv6 address too. It couldn’t be easier. This works for Mac OS X, Linux/UNIX, as well as Windows XP. You don’t have to do anything special on the machines on the LAN. They just work, as they say.
David adds in a comment on Joi Ito’s post:
We’re not really promising anything with this sandbox (see disclaimers). That said, we don’t expect to have to take these addresses back any time soon. If anything, the main factor that could cause us to have to shut down the testbed would be if the network load or other real costs assocuted with the IPv6 testbed hits the radar of the bean counters.
I’ll have to dig up a WRT54G and give it a try.
|
Some notes on network access during this most recent trip to Hawaii…
This was a vacation, so I didn’t spend much time with the computer, and even less online. However, I did take a few notes.
|
|
The Westin Maui has free broadband service included with the rooms. (Well, actually, it’s bundled into the $18 daily resort fee). There also appeared to be wireless service of some sort available around the pool and lobby areas. I didn’t try this myself, leaving the notebook packed up except for checking e-mail once a day. There were a few people at the hotel who were either there for work or just couldn’t bring themselves to unplug, they seemed to spend most of their day sitting around outside with their computers. There were also a surprising number of people plinking away at their Blackberries while sitting in the pool.
At the Westin Maui, there is no charge to use the broadband service, but you still need to click through the service agreement and it manages the access in 24-hour chunks from noon to noon. Their system runs via a captive portal application which traps DHCP/DNS/HTTP requests to redirect new users to their registration page. The physical installation appears to use Cisco Long Reach Ethernet technology, including an RJ-45 plug at the end of a cable on the desk in the hotel room, so you don’t need to bring your own. The network there assigns real IP addresses, such as 12.36.110.76, which is registered as 1028host76.starwoodbroadband.com. Ping times to the continental US are something like 80-100ms.
Continue reading Broadband at the Westin Maui, Moana Surfrider, Spring 2005
One of the nuisances of installing wireless access points, VOIP phones, and other small networked devices, is the need for power in the vicinity of the device. This can be a major challenge, if you’re building a small wireless ISP using an access point on an antenna mast, which is why wireless user groups have come up with homebrew POE hacks. In the past, power-over-ethernet support has been for relatively expensive equipment geared toward commercial, large-scale installation, such as rolling out a building full of Cisco 7940 IP phones.
There are a some cheap power-over-ethernet adapters available now from Linksys and D-Link:
D-Link DWL-P200 (5V or 12V, list price $39.00)
Linksys WAPPOE (5V only, list price $39.99)
Linksys WAPPOE12 (12V only, list price $49.99)
The 802.11af standard for power-over-ethernet has been published, so products are beginning to come onto the market that can directly accept power and ethernet over a single RJ-45 connection, without requiring a power splitter at the device end. I would be happy to see all the little power cube transformers under my desk go away sometime in the near future…
Forwarded this morning from Andy Fitzhugh:
WiFi Wok and the Chinese cookware 2.4GHz repeaters (at Engadget).
As some of the comments point out, earlier versions of this appeared on Slashdot sometime last year, but the pictures with overlaid captions accompanying this writeup are quite nice.
Perhaps we can make some of these to go with the collection of coffee can antennas for the Kuppam wireless program, not sure how widely available woks or similar shaped metal pans are in India.
Not a new electronica group, but an ongoing project by New Zealander Stan Swan to make some seriously DIY WiFi repeaters out of — what else? — Chinese cookware, among other kitchen and household gadgets. Turns out cheap cooking scoops make great 2.4GHz parabolic mesh dishes. Who knew? We don’t see too many WiFi extenders with bamboo handles in the States — surely a missed opportunity for the wireless adapter market.
The original site is here.
Advertised in EETimes, December 20/27, 2004
www.rabbitethernetize.com
Includes development board with RCM3720, 512K flash, 256K SRAM, 1MB Serial Flash, 33 digital I/O, full version of development software, TCP/IP stack, sample programs, AC adapter
Promotional price $99, normally $199.
Could be handy for building ethernet devices of various sorts.
|
|
