Google’s slogan is “Organizing the world’s information and making it universally accessible and useful” and after conquering earth and the moon, literature and media, Google moves on to yet another madness.

The new Google project is called Android and mobile phone operating system providers such as Microsoft, Apple, Blackberry and Symbian just got huge competition. Project Android is a software stack with a rigid security sandbox, including an application framework with support for such as OpenGL, Bluetooth, EDGE, 3G, and Wi-Fi, Camera, GPS, compass, accelerometer etc. Go play with it!

Neuroscientist Ian Robertson polled 3000 people and found that the younger ones were less able than their elders to recall standard personal info. When Robertson asked his subjects to tell them a relative’s birth date, 87 percent of respondents over age 50 could recite it, while less than 40 percent of those under 30 could do so. And when asked them their own phone number, fully one-third of the youngsters drew blank. They had to whip out their handsets to look it up.

I tried my own variant of this experiment by myself where I throughout the week thought of what I could remember by myself and what I needed digital access for and I found that the most basic things in my life has been outsourced to de.licio.us, Flickr, Facebook, Gmail, online phonebooks, online desktops, etc. I could not remember the most basic things about the very people that are closest to me. Most ideas I have (Even this post for that matter) holds a lot of copy/paste thinking, the very ideas I hold are seldom complete without access to Google or Wikipedia.

I wasn’t surprised, I had this presumption all along and I have had the privilege to watch the outsourcing up n close starting in the 90s and throughout 00s since I worked inside the industry that create the tools that we outsource ourself too. The connection between when this phenomenon emerged and the way global economy morphed during these years where obvious. Isn’t this a human reaction to a copy/paste economy where our efficiency is measured in our ability connect inventions, reuse, reform. No more reinventing the wheel or anything else for that matter, copy and paste and hope that the shareholders and venture capitalists will smile at you for another year.

I’m not saying that this is the deathblow to human evolution, that we don’t invent stuff anymore or even that its bad for the human intellect. It’s just that what we create on our “spare time” is the only “new” in the modern enterprise. So, during the 8 hours of work each day we teach our minds what we later that weekend practice in real life, we practice how to find information not to create and store the actual information itself.

Even if we never really where in control of our personal information (Which is basically copied by your state, your bank, the small camera in the supermarket, the car register and every other type of register out there) at least we had control over our own copy of it, this is no longer the situation and I wonder if it really would be that crazy to say that this is the best modern example of das Kapital forming the working class.

“I have seen fields…
endless fields
in which we are not born anymore.
We are grown” -Matrix

/ itcommie

Technology moves forward ever so hasty. New techniques are invented to simplify and enhance user experience. Developers strive to make application as intuitive as possible. So I guess its right about time to reinvent the command line.
(Using Ajax ofcourse)

http://thrind.xamai.ca/

The title was borrowed from NealStephenson.
http://www.cryptonomicon.com/beginning.html

/fuzzy

In 2003 processor manufacturers hit the wall, it was clear that you simply cannot produce a processor much faster at reasonable costs. Intel first delayed its planned introduction of a 4GHz chip until 2005, and then in fall 2004 it officially abandoned its 4GHz plans entirely. The solution was the multicore processor and today most servers and even workstations are already running multicore processors but allmost no applications take advantage of the technique.

The free lunch is over, Dr. Dobb’s Journal stated in 2005, continuing:

Chip designers are under so much pressure to deliver ever-faster CPUs that they’ll risk changing the meaning of your program, and possibly break it, in order to make it run faster 

The key to performance improvement and the survival in a multicore enviroment is simply to write programs that naturally scale up to multiple processors. Unfortunately, it is still very hard to write parallel algorithms that actually take advantage of such architectures, and it’s very hard to write concurrent code that scales dynamically (without recompilation) as more parallelism becomes available in the hardware. Parallel programming has been around for quite some time, just not the in modern meaning of the word. In the old days, parallel programming where simply math based operations parallelized over a number of computers, not cores.

Some rendering, encoding and math operations has already adopted the parallel programming technique over multiple cores, this is because scaling these operations over multiple cores is fairly easy in relation to some other types - such as modern applications reading data from external source.
For example; when an application call a database the operation becomes really hard to scale. For these types of operations we should start looking at async and threading instead of the usual sequential database calls - this way we can apply parallel operations to threads instead, which is much easier. Here is an example of this in the C# language trough the .NET Framework.
By parallelizing threads we can also, for example, make loops which normally are sequential operations very effective. These operations would in any language be similar to math calculations in gain of speed where each core reduces the load by 2 (In a perfect scenario that is).

So, evaluate your need for multicore processing applications, find out how your active and/or new solutions can implement it using its current language and/or framework, do this today and you can sleep well assured you’ll still be having your free lunch every day of the week.

More on this topic later, bye for now.

Libraries:
Microsoft Research has developed a .NET library to help exploit multi-cores chip, it called the Parallel FX Library.
OpenMP is a parallel programming library intended for the C language even if its parallelization is intended for multiprocessor environments it has the potential for multicore processing.

Learn more:
http://en.wikipedia.org/wiki/Parallel_computing
http://en.wikipedia.org/wiki/Parallel_programming_model

/ itcommie

Cross-site Request Forgery is a big problem in many of today’s web pages and applications and even tough its quite simple to exploit it can be very powerful. Lets start of with wikipedias definition of CSRF:

Cross-site request forgery, also known as one click attack or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a type of malicious exploit of websites. Although this type of attack has similarities to cross-site scripting (XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts.

While XSS relies on the victim to trust the web pages contents CSRF-attacks relies on the site to thrust the HTTP-request of a victim. Just by using social engineering to make a victim (that’s logged into a service, lets call it “safemail”) visit a malicious web page we can send requests to “safemail” via the visiting users session.

One of the most simple attacks is to embedd a GET-request in the src-attribute of an img-element, for example “http://www.safemail.com?a=logout”. You can also set the width and height to 0 pixels which will make it invisible so that the victim will be non the wiser. When the victim visits this site he will get logged out from safemail if it has no protection against these kind of attacks.

POST-requests are a little trickier than GET-requests. I find that the most effective and discrete way to do this is by using javascript to submit a form placed inside an, thanks to CSS, invisible iframe using this one-line code:

document.getElementById("csrf-form").submit();


There are a number of techniques to prevent these kind of attacks, some are more effective than others. I wrote a couple of functions in PHP to generate a unique token that is stored in the users session and placed in the GET or POST request and then compare the two values:


session_start();


function CheckToken(){
if($_REQUEST['check'] === $_SESSION['check'])
return 1;
else
return 0;
}


function GenPostToken(){
$token = md5(uniqid(rand(), true));
$_SESSION['check'] = $token;
return “<input type=’hidden’ name=’check’ value=’”.$token.”‘>”;
}


function GenGetToken(){
$token = md5(uniqid(rand(), true));
$_SESSION['check'] = $token;
return $token;
}

Thats all for me. You can read more about CSRF, XSS and web related security on:
http://ha.ckers.org/
http://www.milw0rm.com/papers/173
http://www.milw0rm.com/papers/182
http://www.businessinfo.co.uk/
http://www.mightyseek.com/

/ swampy

Do you remember the dark ages? When every executable file was like opening pandoras box. We where in desperate need of digital signatures for executable files, or so we thought.

Virus signatures has gone from 100k to 500k in just a short period of time and the number of threats trough XSS, injections, broken auth etc has exploded in the last couple of years. So why did file infectors stopped being a serious problem a few years ago? Did the A/V industry found a miracle cure for viruses? Was it the modern OS running in protected mode?

It’s a simple matter of user habits, a change in logistics trough modern file sharing. People simply do not exchange executables that often as 10 years ago. Today, people rather download an executable from the web rather than copy it from a friend’s computer. The way collective and modern file sharing is setup it’s simply impossible to spread a binary virus in the wild.

There were no new A/V technology or mass signing of files and the protected mode of any OS is still not really a binary virus killer. The binary virus simply became outdated in the process of human interaction along with the BBS and other ancients. Collective sharing truly killed the binary virus.

/ itcommie

IT-news, code, security, working conditions but more so; the importance of new technology for the working class resistance.

/ Hello World Collective