Wednesday, April 9, 2014
Heartbleed and the importance of tracking software
The catch is, this exists on the server world. We have many many ways to audit servers and defend against these problems and to update quickly when an exploit is found. The user side however is a slightly different story. Many people forget that heart break is not just a server side exploit but is a problem with the core openssl library. That means any tools that use an affected version or even possibly web browsers if they use openssl could be vulnerable. However with the exception of Linux distress (such as Debian), there is no easy way to keep all our applications up to date.
One may point to the OS X App Store or the Windows Store introduced in Windows 8, but this is not sufficient. Both are more concerned with verifying the creator than allowing open usage. Why are many open source apps not on the app stores? Because the terms on the app stores violate the GPL license terms explicitly. Not only that but it often costs to get keys to develop on a system. This goes against the idea of open source software. It limits the ease at which developers can switch off and contribute builds, etc. Instead Apple and Windows needs to reach out to open source developers to make it easier for open source software to appear in their given stores.
So in closing, while heartbleed is being patched on servers and everyone rushes to expand auditing of OpenSSL, please think about better software tracking and updating to help prevent similar browser-side exploits from having an extended attack surface.
Tuesday, April 23, 2013
Predicting the Internet
I was right on with weave. Almost all modern browsers (Opera, Chrome, Firefox) now offers built in bookmark synchronization.
And sometimes, you are wrong, but not always entirely. This would be the case with Ubiquity. If you have not read my old post (and its probably not worth going back to read currently), you would no doubt have noticed that Ubiquity has disappeared in Firefox, a forgotten remnant of the past. Not all was lost however. Many of the features are maintained in Firefox, such as the ability to switch tabs using the navigation bar, or the built in translate function in Chrome. Although it in itself is dead, I hope many of the ideas used will crop up in future software.
Monday, July 23, 2012
Terminal Editors for Quick Coding
So first a quick rundown of advantages of using a console editor:
- Quick find/replace on large files with no mouse interaction
- Very powerful keybindings
- Powerful external execution commands
- I: Insert text at the beginning of the line
- i: Insert text at the cursor
- A: Append text to the end of the line. Although there is a key for automatically going to the end of the line, I find it easier to just use this and press A to get back to command mode.
- Control-U/Control-D: Move half a page up or down. Good if you just need to see a little more of the surrounding code, or are looking for something but do not know exactly what it is called for a search function.
- x: Delete one character at the cursor.
- dd: Delete a line (Also used for cut)
- yy: Copy a line
- p: Paste after cursor (or if its a line, past after this line)
- u: Undo
- /[expression]: Search for a string. This can be a regular expression. Pressing n will find the next match.
- ndd: Where n is a number of lines. Multiple delete. Works with yy, x and several other places.
- d/[expression]: Delete until this expression matches. Good for deleting till the end of a programatic statement. Can also be done with y and other places.
- D: Delete to the end of the line
- ~: Possibly one of the lesser used operations until you realize its useful. Changes letter case.f
- [LINENO]: Simply enter a line number and it will jump to it
- %s/expression/replacement/gc: Searches the file for expression, every time it is encountered it will prompt you to ask if it should replace it with the replacement. If you do not want it to prompt, remove the letter c at the end. Nice for renaming a variable quickly or removing a typo you made multiple times.
- g/expression/command: Where expression is a regex and command is a vi command (such as d, which would cause it to delete the line). Runs the command when it finds a matching regex.
- % ! sort: Sends the file to the sort commands and puts the response back into the file. Note that % stands for the entire file. Ranges can be used instead.
- !wc %: Runs wc with the entire file as the input. Simply gives you a response but does not alter the file.
Monday, December 14, 2009
Java For-Loop Effeciency: .size()
import java.util.ArrayList;
public class Tester {
public static void main(String []argv) {
ArrayList
test = new ArrayList ();
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
test.add("a");
test.add("b");
System.out.println("The array has " + test.size() + " objects");
long startTime = System.nanoTime();
withSize((ArrayList
)test.clone()); long timeDiff = System.nanoTime() - startTime;
System.out.println("With bad coding style :" + timeDiff + "");
long startTime2 = System.nanoTime();
withoutSize((ArrayList
)test.clone()); long timeDiff2 = System.nanoTime() - startTime2;
System.out.println("With good coding style :" + timeDiff2 + "");
}
public static void withSize( ArrayList
ar) { for(int a = 0; a<ar.size()-1; a++) {
ar.set(a,ar.get(a)+ar.get(a+1));
}
}
public static void withoutSize( ArrayList
ar) { //Notice that ar.size() is not in the loop
int b = ar.size();
for(int a = 0;a<
ar.size()-1;a++) { ar.set(a,ar.get(a)+ar.get(a+1));
}
}
}
Sunday, December 6, 2009
Midnight Maddness
Wednesday, December 2, 2009
Weave: The future of cross-computer browsing
Sunday, June 21, 2009
Linux VS Mac VS Windows
- Most common OS in the world, with millions of apps worldwide made for it
- Easy to use, yet with a decent degree of easy to get to control.
- Program for anything you need, almost anything you can find on another OS, you can find on windows
- Standardized installers and all applications have a very uniform look and feel
- Computer itself with basic OS is cheapest
- Can be virtualized
- Worst memory management of the three
- Difficult to customize
- Applications have to be updated separately using their own updaters
- Common Microsoft apps are expensive, plus licensing issues can crop up.
- Most computers put a lot of trialware and "crapware" on the new computers, making them feel slower.
- Drivers can sometimes be hard to locate, not work right, or be difficult to set up
- Although sometimes faster virtualized, it is slightly less efficient as a host and with less virtualization optimizations.
- Most ease of use
- Consistent interfaces
- Can run *some* windows apps in wine and some have Mac candidates
- Most linux apps can run on Mac OS X, but not all
- Easiest Application installation
- Consistent Hardware (No hardware incompatibilities or bad drivers, its all made by mac in a controlled environment to allow for this better compatibility.)
- Most things just work
- Better memory management
- Can run other OSs in a virtual machine with high efficiency.
- App Suites are mostly automatically updated through one updater
- Always *feels* fast due to handing off a lot of graphics to a dedicated GPU.
- Hardest for fine control and extreme customization
- Expensive Expensive Expensive
- Not *all* applications get a central updater, just some
- Some drivers just are not available for the Mac
- Cannot write to NTFS formated disks, which is the most common format for USB disks that are used on windows computers.
- Takes some getting used to if you tend to use other OSs such as Windows or Linux
- Cannot be virtualized
- Tons of options and choices
- Drivers for almost everything, possibly the most compatible OS
- Runs on almost anything, even low powered computers
- Free, office suite and all
- Most distros have a single updater which means less background update processes
- Most customizable
- Applications for everything
- Best virtualizing host and memory management.
- Most degree of control and can be optimized for ones specific machine the best
- Can read and write NTFS from windows and can dual boot them all
- Tons of options and choices
- Complex install and requires knowledge about the OS (AKA, steep learning curve)
- Highly inconsistent interfaces and many options
- High terminal text based use
- *Feels* the most foreign to new users.