Technical News

SteveManorGoogle Hacking evolve (alert system)-

Tuesday, August 3rd, 2010

Google hacking is getting a reboot. Researchers dig through the search engine with specialized queries in order to locate vulnerabilities on websites.

At the Black Hat security conference, researchers Rob Ragan and Francis Brown from security firm Stach & Liu, detailed their new efforts for hacking both Google (NASDAQ: GOOG) and the Microsoft (NASDAQ: MSFT) Bing search engine. The new tools and techniques are intended to provide a rapid alert system for enterprises to help identify risk within their organizations.

The GoogleDiggity and the BingDiggity projects, these are the tools that enable users to perform security research with pre-built query strings to locate common vulnerabilities. The GoogleDiggity tool uses the Google AJAX API and Google’s custom search to deliver results.

Ragan noted that back in 2004, researcher Johnny “I Hack Stuff” Long created a Google Hacking Database, which included queries that could be used to detect potential security issues. Ragan and his colleagues are now using a similar idea to build a Bing Hacking Database for vulnerability search queries using Microsoft’s search engine.

Brown noted from an enterprise scalability perspective that it’s not practically feasible for companies to periodically Google hack themselves. But for an enterprise, it is important to have a way of knowing when they have some kind of vulnerability or information leakage as soon as possible, he argued.

The researchers have leveraged their Google hacking work to create search-engine-powered back alerts. The approach is similar in scope to the Google Alerts system in which users select a keyword and are then sent emails or RSS updates whenever new instances of that keyword are found.

Ragan said, “What we did is we imported our hacking query database into Google and Bing hacking alerts”. “So we’re looking at over 2,300 queries and getting updates via RSS as they happen.”

Brown noted that the hack alerts system will be made available as an OPML file so that others can simply import the RSS feeds into a feed reader.

In an effort to help enterprises scale and customize the hack alerts, Ragan said that his team is working on a Google desktop gadget as well.

Tags: , , ,
Posted in Database, Technical News

BobbyeM71hxwUbuntu 10.10 Might Make btrfs the Default Filesystem

Friday, May 21st, 2010

The next version of Ubuntu 10.10 could include btrfs as the default filesystem replacing ext4, said Ubuntu Developer Manager Scott James Remnant.

A lot has to go right between now and the Ubuntu 10.10 feature freeze before btrfs can get promoted to the default.

According to the Wiki, Btrfs is a new copy on write filesystem for Linux aimed at implementing advanced features while focusing fault tolerance, repair and easy administrative. Initially developed by Oracle, Btrfs is licensed under the GPL.

According to Remnant, the btrfs needs to not be marked “experimental” in the kernel config. He also added, “This is planned for 2.6.35, which is the kernel version and expecting to ship” with Ubuntu 10.10.

Currently, the new filesystem is not supported by Grub2, Ubuntu’s boot loader, or the installer. That would need to be finished, before feature freeze, said Remnant.

He explained, if that happens, we may make it the default for Alpha releases to gain testing, that testing must go smoothly. And the btrfs upstream must be happy with the idea and, we must be happy with the idea.

He put the odds of all of this working out at 1 in 5.

Tags: , ,
Posted in Technical News

BobbyeM71hxwOpen Source Squeak 4.1 Released

Tuesday, April 27th, 2010

On Friday, Squeak developers released version 4.1 of the Smalltalk open source programming language, and just before six weeks Squeak 4.0 was pushed out.

According to the release announcement, this version combines the licence change occurring in the 4.0 release with the development work that has been going on while the re-licensing process took place.

The latest version includes integration of Cog’s closure implementation, improved user interface look and feel, new anti-aliased fonts, core library improvements and advances in modularity.

According to the Weekly Squeak, one key focus for this release was to address the issues that have been known to frustrate developers using Squeak for the first time.

A much improved set of UI widgets, the new menu bar including the fast search control, integrated help, improved test coverage, more class and method comments, and integrated syntax highlighting all make the system more accessible.

Tags: , , , , , ,
Posted in Opensource, Technical News

BobbyeM71hxwJoomla 1.5.16 Released, Joomla Warns Against Upgrading

Tuesday, April 27th, 2010

The Joomla Project announced the release of version 1.5.16 of its popular open source content management system on Friday, but on Sunday Joomla posted a warning to not upgrade.

According to the Joomla Web Site warns, Version 1.5.16 contains two serious bugs that will affect your site if you use a version of PHP prior to 5.2 or if you have the Session Handler parameter set to none in Global Configuration.

The new version of Joomla fixes several security problems with the previous version, according to Joomla, “If you haven’t already upgraded to version 1.5.16, you may wish to wait for version 1.5.17 instead.”

And the next release is expected to be on April 27, 2010.

Tags: , , , , ,
Posted in Technical News

LolaTheriotWordPress Guns for Web Content Management Duties

Tuesday, March 9th, 2010

Long popular with bloggers, the open-source
WordPress blogging software is also starting to find a niche as a low-cost corporate CMS (content management system), at least for managing relatively simple Web sites.

“In the last six months or so, over half the sites being launched with WordPress are really not blogging sites per se, they are complete sites,” said Raanan Bar-Cohen, vice president of media services for Automattic, the company WordPress developer Matt Mullenweg started to offer a hosted version of the software.

Such use has caught at least some of the CMS community by surprise.

“There’s a debate raging within Twitter about whether traditional blogging platform WordPress is also a CMS,” wrote Tony Byrne in a blog post. Byrne is the founder of the CMS analyst firm The Real Story Group, formerly called CMS Watch. “Our take: many organizations are using WordPress as a CMS. That makes it a CMS.”

“A larger enterprise would almost never want [to] use one of those tools for a major web property. But they offer useful alternatives for [small and medium-size business] scenarios, as well as simpler projects,” Byrne elaborated.

WordPress, created in 2003, uses a variety of open-source programs and open standards, such as PHP, MySQL, JavaScript, HTML and CSS.

Byrne admitted he was skeptical at first of the idea of using WordPress as a CMS. Out of the box, it doesn’t have many of the capabilities, such as workflow or advanced version control, needed even for basic CMS duties.

“It’s one thing to run a blog with a few extra plug-ins and widgets. It’s another to run a corporate Web site,” Byrne said in an interview.

Nonetheless, The Real Story Group spoke with customers and examined Web sites. It found that if an organization had to maintain a relatively simple Web site, one with 50 pages or fewer, then WordPress could prove to be a low-cost, relatively easy-to-maintain option.

“It’s not a [full] development platform, but it can drive a simple Web site fairly capably,” Byrne said.

While it is less sophisticated than many CMS packages, such as the open-source Drupal, it could provide an alternative to other simple platforms, like Joomla and the .Net-driven DotNetNuke.

In this realm, WordPress offers a few distinct advantages, most notably its intuitive interface. “WordPress has an ease of use that is something other vendors could learn from,” Byrne said.

Also, thanks to third-party developers, WordPress has a wide array of plug-ins to extend its functionality, some of which can be used to tackle CMS chores. For instance, a plug-in called
Edit Flow offers workflow, or the ability to route a document to multiple parties for editing and approval.

Overall, the WordPress site itself lists more than 8,600 plug-ins.

WordPress has its downsides as well. For one, access control is quite limited, Byrne said. The software offers only sitewide roles. Anybody with administrative rights has the ability to edit any page on the entire site. Someone from human resources, for instance, wouldn’t be restricted to editing only HR pages.

Another shortcoming is the lack of advanced content modeling. While a site can host a series of Web pages, it would be difficult to make finer distinctions among the pages — for a news site to separate news articles from case studies and features, for instance.

Making such distinctions would be possible through some development work, though other CMSes can make this sort of templating much easier.

In general, the deeper into development that a Web site administrator must go, the more the organization should consider another platform, Byrne said.

Tags: , , , , , , , ,
Posted in Opensource, Technical News

LolaTheriotNetApp Debuts New Cloud Computing Management Tools

Monday, March 8th, 2010

NetApp has unveiled a series of new design guides and management tools to help service providers build private and public clouds for their virtualization and storage customers.

The new offerings will fulfill the dual role of delivering cloud-management applications and services to their enterprise clients while also increasing functionality, security and efficiency for IT service providers building cloud environments for their own customers.

According to NetApp’s (NASDAQ: NTAP) vice president of solutions and alliances, Patrick Rogers, “NetApp has a proven track record of successfully teaming with leading service providers to power the cloud service offerings”.

NetApp’s new Service-Oriented Infrastructure (SOI) will give service providers a standardized and unified infrastructure that allows them to use and deploy storage, bandwidth and compute resources in a repeatable manner to give IT administrators greater flexibility throughout the cloud deployment process.

Data Protection-as-a-Service (DPaas) serves as a roadmap or design guide for organizing archiving and display recovery applications and processes, which includes NetApp’s FlexClone app for disaster recovery testing as well its SnapLock and Multistore applications for compliance and secure multi-tenancy, respectively.

NetApp also has teamed with on-demand backup and recovery software vendor Asigra on a Backup/Recovery-as-a-Service (BRaaS) offering that runs on the NetApp SOI platform to secure and storage huge data reservoirs in the cloud.

Its NetApp Open Management tool will enable service providers to link their IT service management and orchestration portals to NetApp’s storage automation engine for simplified storage provisioning and protection services.

NetApp announced a comprehensive cloud-computing partnership with Microsoft in December that’s designed to improve the technical integration between the two companies’ cloud computing, virtualization and data storage and management applications.

Tags: , , , , , , , , ,
Posted in Product Launch, Technical News

BobbyeM71hxwProgramming Language: Seed7 05.20100307

Monday, March 8th, 2010

Seed7 is a general purpose programming language, which is designed by Thomas Mertes. The Seed7 interpreter and the example programs are open-source software. There is also an open-source Seed7 compiler. The compiler compiles Seed7 programs to C programs which are subsequently compiled to machine code. Functions with type results and type parameters are more elegant than a template or generics concept.

And object orientation is used where it brings advantages and not in places where other solutions are more obvious.

Key Features of Seed7:-

• User defined statements and operators.
• Types are first class objects (Templates and generics can be defined easily without special syntax).
• Predefined constructs like arrays or for-loops are declared in the language itself.
• Object orientation with interfaces and multiple dispatch.
• Static type checking and no automatic casts.
• Support for bigInteger and big Rational numbers which have unlimited size.
• exception handling
• overloading of procedures/functions/operators/statements
• Various predefined types like resizable arrays, hashes, bitsets, structs, color, time, duration, etc.
• Runs under linux, various unix versions and windows.
• The interpreter and the example programs use the GPL license, while the runtime library uses the LGPL license.

Newly included features in this release:

• The functions in the gethttp.s7i library were improved to allow the specification of a port number as part of the location (e.g.: localhost:1080/index.html).
• The tarx.sd7 (tar archiving utility) example program was
renamed to tar7.sd7 .
• The codepage 8859_11 was added to the charsets.s7i library.
• The bas7.sd7 (basic interpreter) example program was improved.
• The toutf8.sd7 example program was improved to write an explanation and to support several IANA/MIME charset names.
• An explanation what to do, when the path of the bcc32 C compiler contains a space, was added to ‘src/read_me.txt’.
• Documentation comments were added to the charsets.s7i library.

Tags: , , , , , , , ,
Posted in Opensource, Technical News

BobbyeM71hxwNew Release: PHP 5.3.2 Released

Monday, March 8th, 2010

PHP 5.3.2 has been released, as the site has posted the release announcement for the latest PHP version in the PHP 5.3.x series – 5.3.2.

PHP 5.3.2 is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security/bug fixes included in this release take care of things like:

  • Safe_mode validation inside tempnam
  • A possible open_basedir/safe_mode bypass in sessions
  • Added support for SHA-256 and SHA-512 to php’s crypt.
  • Fixed a bug in the garbage collector that could cause a crash
  • Crashing when using ldap_next_reference

Key Bug Fixes in PHP 5.3.2 include:

  • Added protection for $_SESSION from interrupt corruption and improved “session.save_path” check.
  • Fixed bug #51059 (crypt crashes when invalid salt are given).
  • Fixed bug #50940 Custom content-length set incorrectly in Apache sapis.
  • Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long).
  • Fixed bug #50723 (Bug in garbage collector causes crash).
  • Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16).
  • Fixed bug #50632 (filter_input() does not return default value if the variable does not exist).
  • Fixed bug #50540 (Crash while running ldap_next_reference test cases).
  • Fixed bug #49851 (http wrapper breaks on 1024 char long headers).

Tags: , , , , ,
Posted in Technical News

BobbyeM71hxwWordPress Plugin-Tweelow Plugin 1.1

Tuesday, March 2nd, 2010

Tweelow Plugin1.1, the plugin will show the number of Twitter followers anywhere on the WP blog. It will connect to the Twitter API and retrieve all the necessary data.

Installation: Unpack and upload it to the /wp-content/plugins/ directory. Activate the plugin through the ‘Plugins’ menu in WordPress.

Requirements: • WordPress 2.7 or higher

New in this release:-

• Plugin works with database now
• Plugin will get the latest data if you used API limit
• Now you can manage what to write After and Before status and counter
• Bugged versions are not downloadable anymore

Language: php

Tags: , , , ,
Posted in New Product Release, Technical News

BobbyeM71hxwPTS Desktop Live 2010.1: Phoronix Test Suite 2.4.1 in a Live CD

Saturday, February 27th, 2010

PTS Desktop Live 2010.1, codenamed “Anzhofen,” a live DVD distribution designed solely to run the Phoronix Testing Suite, has now been released, bringing the comprehensive benchmarking and testing software suite to those that want the most accurate results.

Like previous releases, it’s based on the popular Ubuntu Linux distribution and PTS Desktop Live 2010.1 comes with the latest Phoronix Test Suite 2.4.1. The idea is to give users a standard software stack to run the testing suite ensuring that the underlying operating system doesn’t interfere with the validity of the results.

Highlights of PTS Desktop Live 2010.1:

  • Custom Linux Kernel 2.6.33 Release Candidate 6;
  • Based on the latest Ubuntu 10.04 LTS Lucid Lynx packages;
  • 43 tests from the Phoronix Test Suite 2.4.1;
  • Stripped-down version of GNOME 2.29;
  • Designed for relatively modern hardware.

It requires:

  • Modern 64-bit AMD or Intel processor;
  • 2GB of RAM;
  • An ATI, NVIDIA or Intel graphics card;
  • Internet connection.

Phoronix has gone to great lengths to ensure that PTS Desktop Live 2010.1 squeezes every last ounce of performance out of the PC and that all unnecessary components are removed. As such, the developers have put the Linux Kernel 2.6.33 on a diet, taking out support for older hardware and platforms and the Anzhofen 2.6.33-rc6-phx10 kernel weighs in at just 16 MB, being some 40 percent smaller than the vanilla Linux Kernel in Ubuntu, Phoronix says.

The developers warn that this means that you’ll likely need a machine not older than two or three years to ensure that everything works. Continuing with the minimal design, PTS Desktop Live 2010.1 comes with just a customized GNOME 2.29, a web browser and a text editor and, obviously, the newly released Phoronix Test Suite 2.4.1.

The next release, PTS Desktop Live 2010.2 (codenamed “Rottbach”), is expected to land at about the same time as the upcoming Phoronix Test Suite 2.6, in May 2010. A version of the live OS designed with netbooks in mind, PTS Netbook Live 2010.1, should be coming soon.

Tags: , , , , , , , ,
Posted in Linux Technology, Technical News