|It is not a review, its pretty much a press release, but it has some good info if you want to find out about Apple's new mouse.|
"Apple Computer Inc. today unveiled a new computer mouse that offers four-button functionality, but because it's touch-sensitive, it acts like the traditional one-button mouse the company has long favored. It also offers a small scroll ball that allows a user to scroll in any direction through documents and photos." Apple unveils multibutton mouse -- without the buttons
( Permalink: Mighty Mouse Submitted by Noel Wed Aug 3, 2005 )
|Schneier talks about Michael Lynn and Cisco|
|Well worth a read. But not personally sure if it is as cut and dry as Schneier presents it. I do admire Michael Lynn's guts in doing this. It is also without any doubt a public relations disaster for Cisco.
In most cases I believe that the Black hats are the first to get this sort of information. But you will have to make up your own mind about the situation.
"The security implications of this are enormous. If companies have the power to censor information about their products they don't like, then we as consumers have less information with which to make intelligent buying decisions. If companies have the power to squelch vulnerability information about their products, then there's no incentive for them to improve security. (I've written about this in connection to physical keys and locks.) If free speech is subordinate to corporate demands, then we are all much less safe." Cisco Harasses Security Researcher
( Permalink: Schneier talks about Michael Lynn and Cisco Submitted by Noel Wed Aug 3, 2005 )
|Apache Logging Overview|
|If you want or need a nice overview of how to customize your apache server's logs. Then take a look at this article.|
"Apache can produce many types of logs. The two essential types are the access log, where all requests are noted, and the error log, which is designed to log various informational and debug messages, plus every exceptional event that occurs. Additional information can be found in module-specific logs, as is the case with mod_ssl, mod_rewrite and mod_security. The access log is created and written to by the module mod_log_config, which is not a part of the core, but this module is so important that everyone treats it as if it is." Logging and Monitoring Apache
( Permalink: Apache Logging Overview Submitted by Noel Wed Aug 3, 2005 )
|Really long distance Wi-Fi|
|Congrats to Team PAD for this impressive accomplishment. |
"... the world record holders for the longest distance for an unamplified Wi-Fi link (55.1 miles at 30mw) blasted through their own year old record today at the Defcon Wi-Fi Shootout. Team PAD shot their signal a distance of 125 miles from outside Las Vegas, Nevada to a location near St. George, Utah, winning them a new record in the "unamplified" category at the shootout. This possibly qualifies them for a new Guiness record as well." New World Record for Wi-Fi Distance: 125 Miles
( Permalink: Really long distance Wi-Fi Submitted by Noel Wed Aug 3, 2005 )
|Torvalds in renewed Aust Linux trademark push|
|A lawyer acting on behalf of Linus Torvalds has written to Australian Linux vendors asking them to relinquish any legal claim to the name Linux and purchase a licence for its use from the worldwide trademark owner.|
( Permalink: Torvalds in renewed Aust Linux trademark push Submitted by george Wed Aug 3, 2005 )
|An introduction to Service Data Objects for PHP|
|What are Service Data Objects (SDOs) and why should you use them in the PHP environment? IBM and Zend announced a strategic partnership to collaborate on the development and support of the PHP environment. One aspect of this collaboration has been the definition and implementation of SDOs for PHP. A simple contact management scenario provides a tour of SDO concepts and capabilities for PHP.|
( Permalink: An introduction to Service Data Objects for PHP Submitted by Anonymous Wed Aug 3, 2005 )
|"Soundtrack Pro is an audio postproduction triple threat. Introduced at NAB, it's a robust environment for audio editing, analysis, and effects processing that offers seamless file exchange with Final Cut Pro and Apple's other professional applications. It's a powerful platform for loop-based arranging and mixing. And, it can be used as a standalone audio program for recording multitrack audio projects." |
( Permalink: Soundtrack Pro Submitted by Noel Tue Aug 2, 2005 )
|A Pre-Release Tour of GNOME 2.12|
|More good things coming from the Gnome folks. The Hardware Abstraction Layer and the keyring manager sound like great additions.
"GNOME 2.12 will be released to the world on September 7th, 2005, culminating 6 months of very exciting work by members of the project. A number of exciting technologies come together in GNOME 2.12 that will set the standard for free software desktops to come. Here is a sample (by no means an exhaustive list) of some of the outstanding work that has gone into GNOME thanks to its many contributors."
( Permalink: A Pre-Release Tour of GNOME 2.12 Submitted by Noel Tue Aug 2, 2005 )
|Linux Security - Is it Ready For The Average User?|
|There seems to be a new important security patch out for Linux every month, lots of "do not use this program" warnings, too many articles and books with too little useful information, high-priced consultants, and plenty of talk about compromised systems. It is almost enough to send someone back to Windows. Can the average Linux user or system administrator keep his or her system secure and still have time to do other things? Bob Toxen is happy to say yes and here is how to do it.|
( Permalink: Linux Security - Is it Ready For The Average User? Submitted by LogError Tue Aug 2, 2005 )
|AMD releases budget dual-core CPU|
|I may have to build me a new machine based on this chip. Sounds like a good deal.
"AMD's recent dual-core Athlon releases have been noteworthy as much for their high price as they have been for their performance. While the Athlon 64 X2 4800+ took Intel's best out behind the cafeteria, beat it up, and took its lunch money, it was also expensive, coming in at US$1,001 per CPU in quantities of 1,000 at its release. By way of contrast, the new budget Athlon 64 X2 3800+ is a comparative bargain at US$354."
Read about the Athlon 64 X2 4800+
( Permalink: AMD releases budget dual-core CPU Submitted by Noel Tue Aug 2, 2005 )
|Assess System Security Using a Linux LiveCD|
|Want to assess security vulnerabilities on your Linux system without lengthy installation and configuration efforts? We introduce four packages -- Auditor, Whoppix, Knoppix-STD, and PHLAK -- that bring you that ability through the magic of LiveCD.|
( Permalink: Assess System Security Using a Linux LiveCD Submitted by Anonymous Tue Aug 2, 2005 )
|Book Review of Pro MySQL|
|If you're new to MySQL, I would definitely not pick this book up. If you're just using MySQL to run your blog or maybe your webmail app needed it for a backend, this book will be of no use to you, either. However, if you're using MySQL to store, you know, production stuff and data that ultimately brings in the paycheck, then you might want to read this book. It gives great coverage on MySQL 5 as well as jumping into it's inner workings. Read the full review here.|
( Permalink: Book Review of Pro MySQL Submitted by joetopjian Tue Aug 2, 2005 )
|Weakness and Security - Having protection doesn't mean high equipment leasing rates|
|Security is hard. Security is very hard. It's hard because you have to do everything right all of the time and the enemy only has to do one thing right.
Security is harder than the companies that are selling security tools lead you to believe. Over the years I have heard incredible promises from vendors on all sorts of things, from great equipment leasing rates to no late fees. Very few if any of these promises have been easy and pain free in the end as they were described in the marketing literature.
A case in point is biometrics. The promise of biometrics is that security access can be controlled by checking something about the user such as a finger print, voice print, iris pattern, etc. On the surface using something about the user that is unique to verify their identity would seem to be the holy grail of computer security.
But any security system is only as secure as its weakest part. Even when the method of identifying the user is absolute there still may be ways to bypass or fool the system. The Inquirer has a report up from Defcon 2005 that describes a talk titled "Attacking Biometric Access Control Systems". The article reports on many generic types of attack against a biometric system including this one:
"You can also tap the data coming off the sensor to the extractor, in many cases this is sent in the clear over a TCP/IP link to a remote machine. You capture this data, and replay it when you want to get in. The sad part is most devices do not add a timestamp, sequence number, or have any authentication, much less encryption, it just trusts the sensor. Stupid, stupid, stupid, stupid."
Another case in point is Sudo. Sudo is a great program, but Sudo does a very hard task and as a result every once in a while people find a weakness that they can exploit to do bad things. Three times in the last thirteen months the Sudo maintainers have issued a security alert on Sudo.
My point is not that either biometrics or Sudo are bad, or that they are any more insecure than other tools or methods. My point is that nothing in security is as easy as it sounds on the surface and every point of failure must be executed perfectly and securely.
After all it's not the strongest point in the system that has to hold, its the weakest.
( Permalink: Weakness and Security - Having protection doesn't mean high equipment leasing rates Submitted by Noel Mon Aug 1, 2005 )
|Birth of the Lisa|
|"The Lisa was first envisioned as a brand new business computer to succeed the very popular Apple II, and it was to be designed by Steve Wozniak. The project was quickly turned over to a former HP, Ken Rothmuller, director as Wozniak drifted away from Apple. A marketting specification was completed and aproved in 1979, and the planned Lisa bore little semblance to the computer that was actually released. To be sold for no more than $2,000, the Lisa was to hae a green phosphorous CRT, 16 bit processor and a high capacity floppy drive. The project was to be ready for release in 1981." |
( Permalink: Birth of the Lisa Submitted by Noel Mon Aug 1, 2005 )
|Problems in Oracle Reports|
|In this weeks Security Alerts, we look at problems in Oracle Reports, Skype for Linux, MediaWiki, Kate, Kwrite, Shorewall, ekg, libgadu, PHPNews, phpSurveyor, Affix, Heartbeat, and phpPgAdmin.|
( Permalink: Problems in Oracle Reports Submitted by Noel Mon Aug 1, 2005 )