software development, security, opinion
Archive for September 2004
www.newslettercartoons.com
has a pretty good selection of cartoon suitable for business presentations. You can
browse by category; see, for example,
security cartoons.
The artist, Ted Goff, licenses his work at various rates that depend on whether the use is for a presentation, newsletter, magazine, etc.
I happened across web site of Victor Yodaiken who had some piquant remarks on security
(“Someone made serious money from construction of the Maginot line.”) and
the Common Criteria (giving a beautifully clear example of how they might be translated into plain acronym-free English). Now if only he published an RSS feed; I don’t know of a currently-open public scraper (myRSS is not accepting new feed requests).
So a full install of a Red Hat Enterprise Linux 3 box that was connected to the internet in November 2003 even without the firewall and without receiving updates would still remain uncompromised (and still running) to this day.
It’s not to say that a RHEL3 user couldn’t get compromised – but that’s not the point of the survivability statistuc. In order to get compromised, a user would have to have either enabled anonymous rsync, SWAT, or be running an open CVS server, none of which are default or common. Or a user would have to take some action like visiting a malicious web site or receiving and opening a malicious email.
EarthLink SIPshare: SIP-based P2P Content Sharing Prototype contibutes an open-source P2P favoring end-to-end principles:
EarthLink believes an open Internet is a good Internet. An open Internet means users have full end-to-end connectivity to say to each other whatever it is they say, be that voice, video, or other data exchanges, without the help of mediating servers in the middle whenever possible. We believe that if peer-to-peer flourishes, the Internet flourishes. SIPshare helps spread the word that SIP is more than a powerful voice over IP enabler — much more. SIP is a protocol that enables peer-to-peer in a standards-based way.
The emerging ubiquity of SIP as a general session-initiation enabler provides a rare opportunity to offer users all manner of P2P applications over a common protocol, instead of inventing a new protocol for each new P2P application that comes along.
[via Many-to-Many]
We describe an efficient technique that automatically detects duplicated regions in a digital image. This technique works by first applying a principal component analysis to small fixed-size image blocks to yield a reduced dimension representation. This representation is robust to minor variations in the image due to additive noise or lossy compression. Duplicated regions are then detected by lexicographically sorting all of the image blocks. We show the efficacy of this technique on credible forgeries, and quantify its robustness and sensitivity to additive noise and lossy JPEG compression.
[via Simson Garfinkel]
Yakov Shafranovich on Sender ID and software patents from Microsoft: Part I,
Part II
Update: Eric Raymond is “quoted a promise of a license with no royalties and no requirement to sign an agreement.” That would be helpful if such a license came to pass.
You are currently browsing the Liudvikas Bukys weblog archives for September, 2004.
