software development, security, opinion
Archive for May 2003
Michael Malone: The Empire of Ants:
This cycle is the endless vacillation between centralization and decentralization. This wave affects every part of the modern, tech-driven corporation, from products to organization charts. If you’ve been around this industry any length of time, you know what I’m talking about.
Techdirt:
Court Says DMCA Users Don’t Need To Investigate Sites They Take Down
«
Yet another ridiculous ruling surrounding the always popular DMCA rule. This one says that a copyright holder does not need to “investigate” the site they claim is distributing their copyrighted works, as long as they have a “good faith” belief that the site is infringing.
…
This is particularly scary considering that the RIAA recently admitted (though, after some denial) that they’ve been sending out takedown notices accidentally when no infringement was occurring.
»
Crosby and Wallach (Rice University): Denial of Service via Algorithmic Complexity Attacks, includes source code for a universal hashing library with good performance.
«
We present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications’ data structures. Frequently used data structures have “average-case” expected running time that’s far more efficient than the worst case. For example, both binary trees and hash tables can degenerate to linked lists with carefully chosen input. We show how an attacker can effectively compute such input, and we demonstrate attacks against the hash table implementations in two versions of Perl, the Squid web proxy, and the Bro intrusion detection system. Using bandwidth less than a typical dialup modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU. We show how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks.
»
Bill Venners: What’s Wrong with XML APIs:
«
Elliotte Rusty Harold talks with Bill Venners about the five styles of XML APIs, and the problems with data-binding APIs.
»
CRN: Daily Archives:
«
Rule #915, released Tuesday, contained a routine that quarantined all incoming e-mail containing the letter P. Trend Micro discovered the bug soon after releasing Rule #915 and issued Rule #916 to fix it an hour and a half later.
The eManager product is unrelated to Trend Micro’s antivirus software or its Spam Prevention Service (SPS), which was released in March, the spokesman said.
»
E-BUSINESS IN THE ENTERPRISE – Web services: IT churn or IT revolution?:
I will leave you this week with a joke that illustrates the risks inherent in treating a new technology (Web Services) as an old technology revisited (RPC).
A lumberjack walks into a hardware shop and explains that his manual saw method limits him to felling four trees a day. He expresses an interest in one of those new chain-saws he has heard so much about and read about in the trade magazines.
The shop sells a chain-saw to the delighted lumberjack and promises him a five-fold increase in productivity. A week later, a very tired looking lumberjack comes back into the shop looking for his money back. He claims that with the chain-saw, he cannot fell more than six trees a day.
The shop assistant takes the chain-saw and starts it up to examine it.
The lumberjack steps back in amazement and exclaims: “What’s that noise?”
Sometimes, the real value in a new technology lies in looking at things differently. Bear this in mind the next time you hear a developer waxing lyrical about the benefits of putting a web services wrapper on an existing application or on an existing integration architecture.
Tim Bray:
Yooster, v0.1:
« The design goals are correct Unicode semantics, support for as much of the Java String API as reasonable, and support for the familiar, efficient null-terminated byte array machinery from C. »
You are currently browsing the Liudvikas Bukys weblog archives for May, 2003.
