5053
[Announcements] UnQLite 1.1.6 Out!
UnQLite is a in-process software library which implements a self-contained, serverless, zero-configuration, transactional NoSQL database engine. UnQLite is a document store database similar to MongoDB, Redis, CouchDB etc. as well a standard Key/Value store similar to BerkeleyDB, LevelDB, etc.
unqlite  database  nosql  local 
12 hours ago
TERENA> Activities> Tf-Csirt> meeting39> 39th TF-CSIRT Meeting Agenda
39th TF-CSIRT Meeting Agenda Look who is Friday at 9 am talking about Internet Mapping: me!!1!
from twitter_favs
2 days ago
LIRs with five star IPv6 RIPEness in Luxembourg
The 5th star for IPv6 RIPEness in LU: . No further comment required. %
notypothistime  100  from twitter_favs
5 days ago
Plop - Boot Managers (2)
hidden boot? (follow my mind ;-)
linux  boot  boot_manager  usb 
18 days ago
Edis
Leveldb with Redis interface ;-)
database  erlang  redis  leveldb 
23 days ago
stuffz/Python's internals/wildfired_samples at master · 0vercl0k/stuffz · GitHub
Python Self-modifying bytecode: possible and funz, check: (.pyc files for Py266/273: )
from twitter_favs
25 days ago
stuffz/Python's internals/wildfire.py at master · 0vercl0k/stuffz · GitHub
Python Self-modifying bytecode: possible and funz, check: (.pyc files for Py266/273: )
from twitter_favs
25 days ago
Passwords13 Las Vegas - July 30-31
FTR, *I* am not organizing and even if I were that's a surprising justification of rejection
from twitter_favs
4 weeks ago
On the accuracy of statistical procedures in Microsoft Excel 2007
Excel 2007, like its predecessors, fails a standard set of intermediate-level accuracy
tests in three areas: statistical distributions, random number generation, and estimation.
AdditionalerrorsinspecificExcelproceduresarediscussed.Microsoft’scontinuinginability
to correctly fix errors is discussed. No statistical procedure in Excel should be used
until Microsoft documents that the procedure is correct; it is not safe to assume that
Microsoft Excel’s statistical procedures give the correct answer. Persons who wish to
conduct statistical analyses should use some other package
excel  statistics  math  microsoft  accuracy 
4 weeks ago
A Note on Distributions of True Versus Fabricated Data - viewcontent.cgi


A
NOTE
ON
DISTRIBUTIONS
OF
TRUE
VERSUS
FABRICATED
DATA
1
THEODORE
P.
HILL
Georgia
Institute
of
Technology
Summary
.—New
empirical
evidence
and
statistical
deriva­
tions
of
Benford’s
Law
have
led
to
successful
goodness-of­
fit
tests
to
detect
fraud
in
accounting
data.
Several
recent
case
studies
support
the
hypothesis
that
fabricated
data
does
not
conform
to
expected
true
digital
frequencies.
statistics  math  benford  fraud_detection  randomness  random 
5 weeks ago
ING Luxembourg enrichit son app’ mobile - ITnation
enrichit son app’ mobile - VIA < v2 encore avec login/pwd et sans LuxTrust :(
from twitter_favs
5 weeks ago
Au fil des jours, Périphéries explore quelques pistes - chroniques, critiques, citations, liens pointus...
Au fil des jours,
Périphéries explore quelques pistes -
chroniques, critiques, citations, liens pointus...
society  internet  photography  life 
7 weeks ago
Keywords in Common Vulnerabilities and Exposures
This is a view of the top 2000 keywords used in the Common Vulnerabilities and Exposures description/summary (from 1999 until Today) automatically generated from the full-text indexing functionality from cve-search. Move over your mouse to get the value.
cve  infosec  cve-search  security  infovis  information_visualization 
7 weeks ago
mimikatz (Password dump and anti GPO)
mimikatz (Password dump and anti GPO)
gpo  security  ntlm  lm  infosec  win32 
7 weeks ago
Titan db - getting started
"The Gremlin terminal is a Groovy shell. Groovy is a superset of Java that has various shorthand notations that make interactive programming easier. Likewise Gremlin is a superset of Groovy with various shorthand notations that make graph traversals easy. The basic examples below demonstrate handling numbers, strings, and maps. The remainder of the tutorial will discuss graph-specific constructs."
database  db  graph  graphs  graph_database  titan 
7 weeks ago
js-sequence-diagrams
Turns text into UML sequence diagrams
design  diagram  javascript  uml 
8 weeks ago
Ten Open Data Guidelines - Transparency International Georgia
"This document is designed as a guide to help agency heads, IT managers, and web developers create open data websites. However, it is not meant to cover all situations—“data” is a broad term, and some data may require disclosure methods not discussed here in order to be fully open. In addition, there are other issues, such as accessibility for the disabled, which are not discussed here but which are key components of any good website."
opendata  data  via:doegox 
8 weeks ago
Securing ZeroMQ: CurveZMQ protocol and implementation - Hintjens.com
Do they make it right? a session token for a set of UDP messages?
0mq  curve  crypto 
8 weeks ago
La BnF, Guy Debord et le spectacle schizophrène du droit d’auteur
"Si donc la BnF se passe allègrement de la présomption de titularité et s’arroge le droit de numériser et de mettre en vente des œuvres dont elle ne détient pas les droits d’auteur, pourquoi moi je ne pourrais pas partager mes photos pouilleuses ? Et bien – mais celle-ci n’est qu’une supposition éclairée – justement parce qu’elle veut faire valoir (comme le fait désormais ReLIRE) « l’inversion de la charge de la preuve » du droit d’auteur et par conséquent ne souhaite pas aller déranger les titulaires de droits. Certainement pas les alerter à cause de mes velléités de photographe. Elle peut ainsi continuer à faire ce qu’elle veut avec les contenus numériques qu’elle crée à partir d’œuvres d’autrui – « tant que les ayants droit ne s’y opposent pas »…"
photography  authorrights  authors  bnf  copyright  copyright_delirium 
8 weeks ago
Why I Moved To Medium Format :: Phase One IQ140 Review • Photography By Zack Arias • ATL • 404-939-2263 • studio@zackarias.com
"I’ve recently moved to a digital medium format system and I thought I’d blog about the process of choosing a system and why making this jump was worth every hard earned penny to do so. But first, let’s enter the way back machine. If you are fairly new to photography and DSLRs have been your entrance into this industry then this an important part of the blog post. Bear with me. All of it after the jump. (If you don’t see the video above just hit refresh. Not sure what’s going on with the embed code)"
photography  photo  photo:medium-format 
9 weeks ago
pycscope 1.2.1 : Python Package Index
Generates a cscope index of Python source trees
python  cscope 
9 weeks ago
alecthomas/pawk · GitHub
"PAWK aims to bring the full power of Python to AWK-like line-processing."
api  awk  cli  code  python  cs_lang:python 
9 weeks ago
walking as knowing as making
"...sense of place can be seen as a commonplace occurrence, as an ordinary way of engaging one's surroundings and finding them significant. Albert Camus may have said it best. "Sense of place," he wrote, "is not just something that people know and feel, it is something people do". And that realization brings the whole idea rather firmly down to earth, which is plainly, I think, where a sense of place belongs."
academic  culture  space 
10 weeks ago
The Ruckus Society : Security Culture for Activists
A resource by The Ruckus Society, written by Jess Bell and Dan Spalding.

While opponents (like governments and corporations) use technology to snoop, spy and test our effectiveness, this guide walks activists through security measures we can take to safeguard ourselves against those dirty deeds.

Click below to download a free copy of the guide!

Consider making a donation to Ruckus to support our ongoing work providing training and resources like this one:
activism 
11 weeks ago
snappy - A fast compressor/decompressor - Google Project Hosting
Snappy is a compression/decompression library. It does not aim for maximum compression, or compatibility with any other compression library; instead, it aims for very high speeds and reasonable compression. For instance, compared to the fastest mode of zlib, Snappy is an order of magnitude faster for most inputs, but the resulting compressed files are anywhere from 20% to 100% bigger. On a single core of a Core i7 processor in 64-bit mode, Snappy compresses at about 250 MB/sec or more and decompresses at about 500 MB/sec or more.

Snappy is widely used inside Google, in everything from BigTable and MapReduce to our internal RPC systems. (Snappy has previously been referred to as “Zippy” in some presentations and the likes.)
compression  google  library  programming  tools 
11 weeks ago
coolwanglu/flasm · GitHub
My modified version of Flasm the Flash disassembler
flash  infosec  information_security  reversing  disassembler 
12 weeks ago
hyperdbg - A kernel debugger that leverages hardware-assisted virtualization - Google Project Hosting
"HyperDbg is a kernel debugger that leverages hardware-assisted virtualization. More precisely, HyperDbg is based on a minimalistic hypervisor that is installed while the system runs. Compared to traditional kernel debuggers (e.g., WinDbg, SoftIce, Rasta R0 Debugger) HyperDbg is completely transparent to the kernel and can be used to debug kernel code without the need of serial (or USB) cables. For example, HyperDbg allows to single step the execution of the kernel, even when the kernel is executing exception and interrupt handlers. Compared to traditional virtual machine based debuggers (e.g., the VMware builtin debugger), HyperDbg does not require the kernel to be run as a guest of a virtual machine, although it is as powerful."
hyperdbg  debugger  debugging  reversing  reverse_engineering 
12 weeks ago
Mininet: An Instant Virtual Network on your Laptop (or other PC) - Mininet
"Mininet creates a realistic virtual network, running real kernel, switch and application code, on a single machine (VM, cloud or native), in seconds, with a single command"
network  networking  openflow  network_forensic 
12 weeks ago
The following is full text of the Unabomber's Manifesto.
"
1. The Industrial Revolution and its consequences have been a disaster
for the human race. They have greatly increased the life-expectancy of
those of us who live in "advanced" countries, but they have
destabilized society, have made life unfulfilling, have subjected
human beings to indignities, have led to widespread psychological
suffering (in the Third World to physical suffering as well) and have
inflicted severe damage on the natural world. The continued
development of technology will worsen the situation. It will certainly
subject human beings to greater indignities and inflict greater damage
on the natural world, it will probably lead to greater social
disruption and psychological suffering, and it may lead to increased
physical suffering even in "advanced" countries."
activism  manifesto  technology  unabomber 
12 weeks ago
Storage certificate expired?
Why it is important to manage your SSL certificates properly:
from twitter_favs
12 weeks ago
A Tale of Two Queues
"We’ll take a look at some pub-sub use cases, using Redis and ZeroMQ, from both Python and Google’s Go language."
golang  mq  pubsub  python  redis 
12 weeks ago
adulau/dcfldd · GitHub
"dcfldd - enhanced version of dd for forensics and security" (patched)
dd  forensic  forensics  forensic_acquisition  dcfldd  cs_lang:c  infosec  security 
12 weeks ago
shutterstock/rickshaw · GitHub
"JavaScript toolkit for creating interactive real-time graphs"
charts  graph  graphing  javascript  visualization  cs_lang:js 
february 2013
Using Silk Road
"The website Silk Road (SR), a drug marketplace operating in public, needs little introduction at this point, after Gawker’s 2011 article went viral, drawing fire from the likes of US federal Senators Schumer & Manchin. It is probably the single most famous commercial enterprise2 using Bitcoins; some speculated that demand from SR patrons single-handedly pushed the exchange rate up by $5 the weekend of the Gawker article. It has since flourished3."
bitcoin  crypto  drugs 
february 2013
SSLShader - GPU-accelerated SSL Proxy
"n this work, we carefully design and implement RSA, AES, and HMAC-SHA1 algorithms in GPU, and show that GPUs can perform cryptographic operations much faster than CPUs and incur small latency enough to be used in the interactive network applications. Below we show throughput and latency of our implementation using NVIDIA GTX580. We also show the performance of a core of the Intel X5650 CPU as a reference. "
gpu  proxy  ssl  tls 
february 2013
cut2col : 2-column pdf documents cutter and merger
cut2col is a utility for converting 2-column to 1-column pdf documents. This is done by cutting each page into 4 pieces and merging them together so that they can be viewed on a tiny e-book reader.
kindle  pdf  tools  cut2col 
february 2013
signature - Is it possible to sign a file using an ssh key? - Super User
"There may not be a way to do this with the OpenSSH tools alone.

But it can be done quite easily with the OpenSSL tools. In fact, there are at least two ways to do it. In the examples below, ~/.ssh/id_rsa is your private key.

One way is using dgst:

openssl dgst -sign ~/.ssh/id_rsa some-file

The other is using pkeyutl:

openssl pkeyutl -sign -inkey ~/.ssh/id_rsa -in some-file

Both of these write a binary signature to standard output. dgst takes a -hex option will print a textual representation, with some details about the form of the signature. pkeyutl takes a -hexdump option which is a bit less useful. Both will accept both RSA and DSA keys. I have no idea what the format of the output is. The two commands produce different formats. I get the impression that pkeyutl is considered more modern than dgst.

To verify those signatures:

openssl dgst -verify $PUBLIC_KEY_FILE -signature signature-file some-file

and:

openssl pkeyutl -verify -inkey $PUBLIC_KEY_FILE -sigfile signature-file -in some-file

The problem here is $PUBLIC_KEY_FILE. OpenSSL can't read OpenSSH's public key format, so you can't just use id_rsa.pub. You have a few options, none ideal.

If you have a version of OpenSSH of 5.6 or later, you can apparently do this:

ssh-keygen -e -f ~/.ssh/id_rsa.pub -m pem

Which will write the public key to standard output in PEM format, which OpenSSL can read.

If you have the private key, and it's an RSA key, then you can extract the public key from it (i assume the PEM-encoded private key file includes a copy of the public key, since it is not possible to derive the public key from the private key itself), and use that:

openssl rsa -in ~/.ssh/id_rsa -pubout

I don't know if there's a DSA equivalent. Note that this approach requires some cooperation from the owner of the private key, who will have to extract the public key and send it to the would-be verifier.

Lastly, you can use a Python program written by a chap called Lars to convert the public key from OpenSSH to OpenSSL format."
ssh  dgst  signing  signature  openssl  rsa 
february 2013
Valliance, nichoirs, Schwegler, documentations, vente nichoirs, boutique valliance, nichoirs schwegler, nichoirs oiseaux, nichoirs chauve-souris, nichoirs insectes, nichoirs herissons, répulsif anti-fouines
"Spécialiste des nichoirs depuis plus de vingt ans, amoureux de la nature, passionnés des oiseaux, nous nous adressons à tous ceux qui comme nous, particuliers ou professionnels, sont convaincus que la faune sauvage de nos régions a un rôle essentiel dans la qualité de notre vie et de notre environnement, de son équilibre et de sa richesse et qu'elle vaut d'être protégée."
nature  biodiversity  biology 
february 2013
ML: Macaulay Library
"The Macaulay Library is the world's largest and oldest scientific archive of biodiversity audio and video recordings."
audio  library  nature  reference  sound  biology  lang:en 
february 2013
Thredis
Thredis is Redis + SQL + Threads. Or perhaps it's pure lunacy resulting from some mad winter hacking mixed with eggnog. Or perhaps it's the first hybrid SQL/NoSQL server. You be the judge. Thredis embeds an in-memory SQLite database within Redis to enable a sophisticated level of SQL (joins, sub-selects, etc, all supported), as well as introduces multi-threaded processing to take advantage of SMP systems. Thredis is Work In Progress - currently available at github.com/grisha/thredis This is ALPHA quality code, tests and docs have not been written (yet). Now the FUN part, best shown by
redis  sqlite  sql  datastore 
january 2013
PLOS ONE: Relationship between Humidity and Influenza A Viability in Droplets and Implications for Influenza’s Seasonality
Humidity has been associated with influenza’s seasonality, but the mechanisms underlying the relationship remain unclear. There is no consistent explanation for influenza’s transmission patterns that applies to both temperate and tropical regions. This study aimed to determine the relationship between ambient humidity and viability of the influenza A virus (IAV) during transmission between hosts and to explain the mechanisms underlying it. We measured the viability of IAV in droplets consisting of various model media, chosen to isolate effects of salts and proteins found in respiratory fluid, and in human mucus, at relative humidities (RH) ranging from 17% to 100%. In all media and mucus, viability was highest when RH was either close to 100% or below ~50%. When RH decreased from 84% to 50%, the relationship between viability and RH depended on droplet composition: viability decreased in saline solutions, did not change significantly in solutions supplemented with proteins, and increased dramatically in mucus. Additionally, viral decay increased linearly with salt concentration in saline solutions but not when they were supplemented with proteins. There appear to be three regimes of IAV viability in droplets, defined by humidity: physiological conditions (~100% RH) with high viability, concentrated conditions (50% to near 100% RH) with lower viability depending on the composition of media, and dry conditions (<50% RH) with high viability. This paradigm could help resolve conflicting findings in the literature on the relationship between IAV viability in aerosols and humidity, and results in human mucus could help explain influenza’s seasonality in different regions.
plos  virus  influenza  biology 
january 2013
Welcome - Fritzing
"We are creating a software tool, a community website and services in the spirit of Processing and Arduino, fostering an ecosystem that allows users to document their prototypes, share them with others, teach electronics in a classroom, and layout and manufacture professional pcbs."
arduino  electronics  design  opensource  prototyping 
january 2013
Hardware-based Full Disk Encryption (In)Security | IT-Sicherheitsinfrastrukturen (Informatik 1)
Self-encrypting drives (SEDs), such as Intel's SSD 320 and 520 series, are widely believed to be a fast and secure alternative to software-based solutions like TrueCrypt and BitLocker. We systematically evaluate the security of SEDs and compare it with common solutions based on software. We take the natural threat model of disk encryption as a basis, i.e., we focus on attacks in which an attacker has physical access to his target. We show that, depending on the specific hardware configuration of the system, (1) for most settings in which a known attack on software-based FDE exists, there exists a successful attack against SEDs. These scenarios include DMA-based attacks, cold boot attacks, and evil maid attacks. In this sense, hardware-based full disk encryption (FDE) is as insecure as software-based FDE. We also show that (2) there exists a new class of attacks that is specific to hardware-based FDE. Roughly speaking, the idea of these attacks is to move an SED from one machine to another without cutting power, i.e., by replugging the data cable only. Consequently, we call these attacks warm replug attacks. Overall, only a few SED-based systems withstood more attacks than equivalent software-based FDE systems. The majority of machines is equally vulnerable in both scenarios, and some machines are arguably more vulnerable when using SEDs.
vulnerability  hardware_security  encryption  disk_encryption  infosec 
january 2013
« earlier      
#infosec academic activism algorithm algorithms analysis api archive archiving art article audio belgium biology bittorrent blog book books browser business c classification code collaboration community company computer_science conference copyright copyright_delirium copyrights crypto cryptography cs_lang:c cs_lang:cpp cs_lang:javascript cs_lang:perl cs_lang:python cs_lang:ruby culture data database datamining dataset datastore debugging del.icio.us design development distributed distributed_computing diy dns documentation ebook ebooks editor education electro electronic_music embedded europe fa:archive flickr folksonomy forensic forensic_analysis free free_information free_society free_software freedom freesoftware fun funny geo git goodiff google graph graphics hack hacking hacklu hardware hash hashing history honeypot html http ietf indexing information_representation information_retrieval information_security infosec infovis innovation internet ipv4 ipv6 java javascript kernel lang:fr language latex law legal libraries library license:bsd-like license:gpl license:gpl3 license:mit linux malware mapreduce math media mediawiki metadata mobile monitoring music network network_analysis network_security networking networks opensource p2p paper papers patent patent_delirium pcap pdf pentest performance perl photo photography politics presentation privacy productivity programming protocol publishing python radio rdf redis reference research reverse_engineering reversing rss ruby scalability science scm search searchengine security security_assessment semantic semanticweb shell social society software ssh startup statistics streaming tag tagging tags tcp tcp/ip technology testing tex text tools typography unix via:chl via:doegox video visualization vty web web2.0 web_services webdev wiki wikipedia win32 windows work writing xml xmpp

Copy this bookmark:



description:


tags: