Hi, i was performing an update on a “centos” test bed machine.
I was not happy to discover that an old php site was no more operational. So I was puzzled, and unhappy. The first thing that i have done was to read the log and verify that the upgrade operations gave no errors.
I upgraded to: mysql-server-5.5.
No errors. So what? I asked to google and so i learnt that mysql dropped and changed some things.
“find” and “send” was very good friends to fix the problem.
The “changed” things that have affected my poor old php scripts:
- TYPE=MyISAM must change in ENGINE=MyISAM
- TIMESTAMP(14) must change in TIMESTAMP
sed -i.bak '1,$ s/TYPE=MyISAM/ENGINE=MyISAM/g' .
So now i have to check if the new behaviour of timestamp impacts on other points of my scripts…
I will see, but it is evident that my approach to test on a “test bed” before to implement in a production system is correct.
I suggest you to copy my approach.
Seems that in this period, a lot of people is involved in “eavesdropping” the people’s communication. Seems that both data and voice communications are involved.
So just now I bring you some links to some app that maybe can help you to maintain a ‘bit’ of privacy:
(I will just enumerate these app… if possible i will give you the link on wikipedia, and please remember that i prefer open source applications when possible)
So seems that YOU CAN DO SOMETHING TO PROTECT YOUR PRIVACY…
In these economically troubled times (or, at least are trouble times for the country where I live: Italy) I am involved in some projects themed on otp/totp. So I have to inform myself about pros and cons of this interesting technology.
‘OTP Token’ seems a technoloy far away from our day-by-day life. It seems far away from us in every aspect of our life. But if you start to think about “scratch card” maybe otp tokens technologies may appear quite near. If you have an on-line bank account, maybe you are already accustomed to this technology.
Maybe you want to know some of the “technicality” behind these fancy tokens:
Maybe now, you knows everything and, maybe not. However i am not a crypto-analyst, nor a “mathemagician” but I am a mere it worker. I was interested in the physical thing also. Incidentally in the proceding of my study, I have developed some (interesting?) code in php that you can find here and, here) .
I found this interesting page from a (former?) otp token seller: www.gooze.eu. It is an interesting text. The important things (from my point of view) are their statements about the “seed” security. Seems to me that they are not trusting anymore the whole seed management system. Maybe they know something that we don’t know (yet) ?
However, from my point of view, this not sufficient to make obsolete this technology. But is sufficient to make me think that open techonolgies/open proceedings does it better. Maybe it is sufficient to use a “seed configurable” software otp token”. Can we trust our mobile phone sufficiently to install one of these software apps?
Sorry to make you unhappy, but “only paranoid will survive”… Or not?
Hi to everybody… sorry for the “latency” between the latests posts… But i was very busy on some crypto/net/social things… I really hope to show something really soon.
For now this information: if you love ssh and use it for connection/s, file/data transfer, vpn to solve some (inexistent) routing problems, you will be aware of the computational costs of both data compression and data encryption. In some cases i have to transfer a lot of data on already secure connections using scripts referering some tools of openssh family. I really miss the ‘-e none’ switch. Good that oday i have found that i am not alone, and, that some guy implemented a set of patch to give us back this lovable switch.
The url of this lovable thing is: http://www.psc.edu/index.php/hpn-ssh.
I relly hope thatyou will enjoy these patch (btw i am still compiling … )
Today i have found this article: https://plus.google.com/u/0/116960357493251979546/posts/RZpndv4BCCD… She had found a possible explanation for the issue on xHCI devices… We will see but the article seems really interesting to me … I suggest to read comments too…
Recently i have spent some time to search and choose a free slide service on the web.
I have evaluated a lot of services, some of these services had a license too much complex for my needs, some other had an user interface that simply do not like to me. ..
So the shortlist follow:
You can find other interesting site from: http://www.webuildlink.com/presentation-sharing-sites-list/.
Some words about my criteria:
- i want a place where i can put my technical slides (some presentations, some projects some it-related-courses-slide)
- i want a place where people can easily find it
- i want a place compatible with both fdl and cc license
- i want a really simple user interface
Just now i have put the first slides on speakerdeck.. if you are interested in router “reconfiguration” and are able to understand italian: https://speakerdeck.com/gvieri/mie-slide-x-linux-day-2012 .
I am testing the service… So we will see!
I am well aware that the “A” word (arithmetic) in title it is not a good idea… Normally it is a really bad idea. But this post seems interesting and important to me, so important that i have to put the “A” word in title…
Before to start please make some “common ground” please read:
So now we know that the “same” program with the same data can give different results. These difference can be related not to the programs but, to the underlying “math library”, operating systems, and different hardware.
But these programs are really complex… how can these (interesting?) facts impact our daily lives?
Try to imagine what happens if the simulation of your real-estate mortgage run on these affected systems. Try to imagine if one of the chemical simulation software used to verify the new drugs is affected by these problems…
Try to imagine too if some of software used to recognize suspect’s faces are running on these systems…
Now you can put a stop to your imagination, and maybe you can start to love bcd math libraries.
I confess that i started to love bcd math hardware 25 years ago… I still love it. Maybe, you should love it, too!
And now a citation: “Contemplate this on the tree of woe” …
Now after that you contenplate enough start to read this: https://randomascii.wordpress.com/2013/07/16/floating-point-determinism/
…. This article probably contains both the best explanation of the problem, and contains some part of solution too.
I am interested to new technologies so, when i read about a quadcopter entirely controlled by “brainwaves” i was excited. At this point i “googled” to find other informations. I was thinking that this techology use costly sensors… This was wrong:
There is a guy that wrote an open source software for a “brainwave interface”:
If you are interested to other open source project on this theme:
EEG devices for a few Euro… amazing…
Hi! I like strategy games and on-line games. So i am a fan of WarCommander (a facebook game). In this game a lot of players talks about “cheat” or “hacking” and so on. Two words on this game: it is a flash game, it is a tactical war game, it is multiplayer. So evidently it has a server where the informations related to the players are stored and managed. I am involved in IT security field. So i was really curious about all these “hacking”. I started to search about cheating and i have found two useful tools:
These two tools are both open source….
The first one runs on Microsoft os, and the second one run on linux …
These due programs are much more that simply patch/patcher program… Both of these program are valuable tools for everybody (skilled in the “IT arts”) .
- can “attach” itself to other programs
- can patch code/data of the selected process
- can search/show/watch selected memory location/s
The second one can be used with or without gui. So you can make script to automate operations…
Now: what we can do with these tools?
- games cheating…
- debugging programs
- hacking programs
The most obvious application for these tools. If you “google” you will find a lot of tutorials on game cheating using scanmem. The most simple is http://eryanbot.com/jtp/2012/06/26/game-hacking-basics-memory-editing-linux/…. If you are going to be a linux game cheater, i suggest to try this program: http://code.google.com/p/scanmem/wiki/GameConqueror… Enjoy your preferred game!
We have two tools that are both simply to use and very powerful, that consent to us to “attach” to a process (you have to own the proper “rights” to do so…) and then to monitor. show, dump modify both data and code… You can look for a string, or a double value, than set a watch on this/these memory area/s. After that you are sure you can easily test every single branch in you own application, or you can verify that the new application installed on you server have not obvious security hole.
A simple example: do you now that a well-know linux browser store the security certificate in process memory and, retains it, after that you have closed any tab referring to the site that needs the certificate?
I am able to make all of these things using gdb and other tools, but scanmem have really impressed me. It is simple and fast to use…