TEST COMPARISON FROM TO DETAILS
=============================================================================
** TOTAL **: 1.13x as fast 963.0ms +/- 1.5% 852.0ms +/- 4.3% significant
=============================================================================
3d: 1.50x as fast 189.0ms +/- 4.0% 126.4ms +/- 8.5% significant
cube: 1.56x as fast 71.4ms +/- 4.5% 45.8ms +/- 4.0% significant
morph: 1.69x as fast 73.6ms +/- 7.8% 43.6ms +/- 19.8% significant
raytrace: 1.19x as fast 44.0ms +/- 0.0% 37.0ms +/- 8.6% significant
access: 1.47x as fast 112.0ms +/- 6.6% 76.0ms +/- 5.5% significant
binary-trees: 1.56x as fast 10.0ms +/- 12.4% 6.4ms +/- 22.1% significant
fannkuch: 1.24x as fast 32.8ms +/- 18.3% 26.4ms +/- 4.2% significant
nbody: 1.58x as fast 52.4ms +/- 7.0% 33.2ms +/- 11.0% significant
nsieve: 1.68x as fast 16.8ms +/- 9.6% 10.0ms +/- 0.0% significant
bitops: *1.15x as slow* 59.8ms +/- 8.4% 69.0ms +/- 3.6% significant
3bit-bits-in-byte: - 6.4ms +/- 10.6% 5.8ms +/- 17.9%
bits-in-byte: - 13.2ms +/- 7.9% 13.0ms +/- 22.4%
bitwise-and: *2.44x as slow* 8.2ms +/- 6.8% 20.0ms +/- 4.4% significant
nsieve-bits: - 32.0ms +/- 12.9% 30.2ms +/- 5.4%
controlflow: 1.38x as fast 7.2ms +/- 7.7% 5.2ms +/- 26.2% significant
recursive: 1.38x as fast 7.2ms +/- 7.7% 5.2ms +/- 26.2% significant
crypto: 1.32x as fast 70.0ms +/- 3.1% 53.0ms +/- 2.9% significant
aes: - 21.6ms +/- 10.5% 19.8ms +/- 19.0%
md5: 1.49x as fast 23.6ms +/- 2.9% 15.8ms +/- 6.6% significant
sha1: 1.43x as fast 24.8ms +/- 5.5% 17.4ms +/- 16.4% significant
date: ?? 93.6ms +/- 7.0% 98.0ms +/- 4.3% not conclusive: might be *1.05x as slow*
format-tofte: *1.16x as slow* 43.6ms +/- 13.6% 50.6ms +/- 2.2% significant
format-xparb: 1.05x as fast 50.0ms +/- 2.5% 47.4ms +/- 6.8% significant
math: 1.58x as fast 128.6ms +/- 4.8% 81.2ms +/- 8.2% significant
cordic: 1.57x as fast 50.0ms +/- 11.3% 31.8ms +/- 8.5% significant
partial-sums: 1.61x as fast 52.8ms +/- 4.5% 32.8ms +/- 9.8% significant
spectral-norm: 1.55x as fast 25.8ms +/- 12.5% 16.6ms +/- 15.5% significant
regexp: 1.32x as fast 35.4ms +/- 7.3% 26.8ms +/- 3.9% significant
dna: 1.32x as fast 35.4ms +/- 7.3% 26.8ms +/- 3.9% significant
string: *1.18x as slow* 267.4ms +/- 3.2% 316.4ms +/- 4.2% significant
base64: *1.34x as slow* 31.6ms +/- 10.3% 42.2ms +/- 2.5% significant
fasta: - 51.2ms +/- 4.3% 50.8ms +/- 9.4%
tagcloud: *1.30x as slow* 54.4ms +/- 5.5% 70.6ms +/- 4.8% significant
unpack-code: *1.23x as slow* 76.8ms +/- 3.5% 94.2ms +/- 8.7% significant
validate-input: *1.10x as slow* 53.4ms +/- 3.5% 58.6ms +/- 10.0% significant
Friday, July 31, 2009
Google Chrome 3.0.196.0 is still faster than Safari 4.0.2
On July 9, 2009, I've blogged about SunSpider benchmarking javascript performance of 2 browsers--Google Chrome 3.0.192.0 and Safari 4.0.2 (5530.19), the result Chrome was the winner in most areas, click here for more details. This time, Chrome has minor upgrade version 3.0.196.0, the result still pretty much the same.
Thursday, July 30, 2009
Bokodes : New Barcode system is coming
3mm-in size, readable by normal mobile phone cam, readable in many angles and up to 60 feet.
Full article : http://news.bbc.co.uk/2/hi/technology/8170027.stm
If You're Happy, Then We Know It: New Research Measures Mood
University of Vermont scientists have developed a system for measuring the collective happiness in the blogging and online writing community. Vermont professors Peter Dodds and Chris Danforth have developed a remote-sensing mechanism capable of recording how millions of people around the world were feeling on any particular day. The researchers' system mines through about 2.3 million blogs, looking for sentences that start with phrases such as "I feel" or "I am feeling." Then, using a standardized psychological valence of words established by the Affective Norms for English Words, each sentence is given a happiness score on a scale from one to nine. Even words not directly related to feelings, such as pancakes, vanity, and lazy, receive scores. "It's like measuring the temperature. You don't care where the atoms are," Dodds says. "You want to know the temperature of this room or this town. It's a coarser scale. We're interested in the collective story." The researchers say that although blog writers are generally younger and more educated than average, they offer a broad representative of the U.S. population, with bloggers distributed throughout the country and evenly split between genders and race. Many blogs also are connected to demographic data, enabling the researchers to measure the happiness of different groups, such as people under a certain age in a certain state. The method also can be applied to other forms of written text, including song lyrics, presidential speeches, and Twitter messages.
Full article : http://www.uvm.edu/outreach/?Page=News&storyID=14590
Clarkson project will protect cyberspace
The National Science Foundation has awarded a $1.2 million grant to five research institutions to develop a computer program for detecting weak areas in cryptographic protocols that protect the Internet.
Wednesday, July 29, 2009
Engineering Researchers: Supercomputer Fastest of its Type in World
The University of Florida's Nova-G supercomputer, a reconfigurable computer capable of rearranging its internal circuitry for each individual task, is the most powerful computer of its kind in the world, according to the computer's designer. University of Florida's National Science Foundation (NSF) Center for High-Performance Reconfigurable Computing director Alan George says Novo-G will be used for applications in which size, energy, and high speed are important.
Full article : http://news.ufl.edu/2009/07/23/fast-computer/
iPhone app predicts IPv4 doomsday
The tool counts down the days until all IPv4 addresses have been assigned
Several companies and researchers have offered predictions for when the supply of IPv4 addresses will be exhausted. Hurricane Electric, for example, recently introduced an iPhone application that lists the number of domains using IPv6, the number of remaining IPv4 addresses, and the number of days until the IPv4 addresses are gone. As of July 22, the application indicated that there were 699 days until the supply of IPv4 addresses is depleted, which means that the IPv4 address space will be exhausted sometime in mid 2011.
Saturday, July 18, 2009
Researchers Aim at Post-DRAM Era
EE Times (07/15/09) Hammerschmidt, Christoph
Technologies based on permanent resistance changes in oxide or organic materials could be used to store energy, according to a German consortium of research institutes and companies studying a potential replacement for DRAM technology. The research into the properties of several materials and semiconducting mechanisms also is focusing on magnetization changes in ferromagnetic materials. For magnetic memories, the magnetizing effect would be achieved directly through current and not through magnetic fields, which would enable technologists to shrink semiconductors far beyond current MRAM approaches, according to a representative of Forschungszentrum Rossendorf in Dresden. Semiconductors are expected to shrink to 22nm geometries around 2016. Both approaches for the memory technologies would not rely on electric energy to maintain their information. The researchers also want to use the technologies in CMOS-compatible industrial processes, with the idea of shrinking the memory cells beyond the expected limit. The German government is providing about $11.9 million during the next three years for the project.
Technologies based on permanent resistance changes in oxide or organic materials could be used to store energy, according to a German consortium of research institutes and companies studying a potential replacement for DRAM technology. The research into the properties of several materials and semiconducting mechanisms also is focusing on magnetization changes in ferromagnetic materials. For magnetic memories, the magnetizing effect would be achieved directly through current and not through magnetic fields, which would enable technologists to shrink semiconductors far beyond current MRAM approaches, according to a representative of Forschungszentrum Rossendorf in Dresden. Semiconductors are expected to shrink to 22nm geometries around 2016. Both approaches for the memory technologies would not rely on electric energy to maintain their information. The researchers also want to use the technologies in CMOS-compatible industrial processes, with the idea of shrinking the memory cells beyond the expected limit. The German government is providing about $11.9 million during the next three years for the project.
Algorithms to stop net threats (new crypto protected for quantum computers)
Australian IT (07/15/09) Foreshew, Jennifer
University of Wollongong professor Willy Susilo has received a grant to develop cryptographic algorithms that will stay secure against quantum computer attacks. Researchers believe that quantum computers will be able to crack all available encryption systems currently in use, and that the enormous power promised by quantum computing is expected to create a serious cybersecurity threat that can only be resolved with new cryptographic algorithms. Susilo says creating new algorithms will protect electronic commerce, and warns that quantum computers could be used to conduct cyberterrorism. A general-purpose quantum computer could be built within 20 years, and a special-purpose quantum computer could be available in seven to 10 years. Susilo's project is expected to improve the abilities of counter-terrorism agencies by delivering protection against attackers and terrorists equipped with quantum computers. "We need to produce something that can be used to replace the current system, which is based on the public infrastructure," Susilo says. "We have to tweak the system so that the size of the key will be larger than the capability of the quantum computer that can be built by that time." Susilo has developed an algorithm that can be used securely and will develop a prototype that can be adopted by industries, which he says should be ready in two years.
University of Wollongong professor Willy Susilo has received a grant to develop cryptographic algorithms that will stay secure against quantum computer attacks. Researchers believe that quantum computers will be able to crack all available encryption systems currently in use, and that the enormous power promised by quantum computing is expected to create a serious cybersecurity threat that can only be resolved with new cryptographic algorithms. Susilo says creating new algorithms will protect electronic commerce, and warns that quantum computers could be used to conduct cyberterrorism. A general-purpose quantum computer could be built within 20 years, and a special-purpose quantum computer could be available in seven to 10 years. Susilo's project is expected to improve the abilities of counter-terrorism agencies by delivering protection against attackers and terrorists equipped with quantum computers. "We need to produce something that can be used to replace the current system, which is based on the public infrastructure," Susilo says. "We have to tweak the system so that the size of the key will be larger than the capability of the quantum computer that can be built by that time." Susilo has developed an algorithm that can be used securely and will develop a prototype that can be adopted by industries, which he says should be ready in two years.
Rethinking Code Optimization for Mobile and Multicore
InfoWorld (07/16/09) McAllister, Neil
The key to the creation of more efficient software for mobile platforms and multicore chips could lie in artificial intelligence (AI), and the MilePost project seeks to make this vision a reality. The project has devised an experimental version of the GNU Compiler Collection that employs AI to enhance the quality of its own output so that compiler developers can spend less time modifying compilers for particular platforms by allowing the compilers to do that by themselves. MilePost utilizes machine-learning methods to collect data on software performance and make appropriate adjustments to its outputted machine code. The compiler examines the source code input to find specific "features" that might be suitable candidates for optimization. Once a catalog of all the features present in a given program is organized, MilePost can use statistical methods to decide which optimizations will generate the best results and tweak its own modular design as appropriate. Early tests by IBM demonstrate that MilePost can upgrade performance by up to 18 percent compared to traditional compilers' code output. Code optimization becomes vital when focusing on mobile devices and other gadgets with low-powered processors and limited resources. Besides benefiting mobile devices, self-modifying compilers could help optimize software for multicore processors.
The key to the creation of more efficient software for mobile platforms and multicore chips could lie in artificial intelligence (AI), and the MilePost project seeks to make this vision a reality. The project has devised an experimental version of the GNU Compiler Collection that employs AI to enhance the quality of its own output so that compiler developers can spend less time modifying compilers for particular platforms by allowing the compilers to do that by themselves. MilePost utilizes machine-learning methods to collect data on software performance and make appropriate adjustments to its outputted machine code. The compiler examines the source code input to find specific "features" that might be suitable candidates for optimization. Once a catalog of all the features present in a given program is organized, MilePost can use statistical methods to decide which optimizations will generate the best results and tweak its own modular design as appropriate. Early tests by IBM demonstrate that MilePost can upgrade performance by up to 18 percent compared to traditional compilers' code output. Code optimization becomes vital when focusing on mobile devices and other gadgets with low-powered processors and limited resources. Besides benefiting mobile devices, self-modifying compilers could help optimize software for multicore processors.
Friday, July 17, 2009
ZFS Resource Guides
Here 's the compilation of Solaris/Opensolaris ZFS :
The "ZFS Confguration Guide" provides examples of configuring ZFS on specific systems or storage components. The ZFS configuration examples in this guide include systems with 2, 4, 8, and 48 disks and eventually, ZFS configurations for systems with storage arrays.
Contents include:
- Setting Up ZFS on Different hardware and Storage Components
- How to Set Up ZFS on an x4500 System
- Setting Up ZFS on Various Systems
- How to Set Up ZFS on Systems with Storage Arrays
The "ZFS Best Practices Guide" covers such topics as the following:
- ZFS Storage Pools Recommendations
- Storage Pool Performance Considerations
- ZFS Migration Strategies
- General ZFS Administration Information
- Using ZFS for Application Servers Considerations
- Virtualization Considerations
- ZFS Performance Considerations
The "ZFS Evil Tuning Guide", which recommends avoiding tuning when you can, covers the following:
- Overview
- The Tunables
The "ZFS Troubleshooting Guide" includes the following contents:
- Resolving Hardware Problems
- Resolving Software Problems
- ZFS Installation Issues
- ZFS Root Pool Recommendations and Requirements
- Solaris Live Upgrade Migration Scenarios
- ZFS Boot Issues
(5) ZFS for Database
The "ZFS for Databases" guide discusses what is known about ZFS performance with databases, and outlines its limitations. Contents include:
- OLTP Tests with ZFS
- Limitations
- Solaris Version and patching Notes for ZFS Performance
Catching Spammers in the Act
How spammers got our email.
Technology Review (07/15/09) Lemos, Robert
Indiana University researchers have exposed some of the methods spammers use to collect email addresses and send junk mail through multiple computers. In a paper scheduled to be presented at the Conference on E-mail and Anti-Spam, the researchers explain how they studied spammers' methods to obtain email addresses. The researchers used various techniques to match the programs that collect email addresses from Web pages, including exposing 22,230 unique email addresses on the Web for more than five months and watching for spam sent to those emails. The study found that an email address included in a comment posted to a Web site had a significantly higher probability of receiving spam. Only four of the email addresses submitted to 70 Web sites during a registration received spam, while half of the email addresses posted on popular sites received spam. The researchers also created a Web site on their own domain and waited for their pages to be crawled. Each visitor to the Web site saw a different email, which the researchers hoped would determine how often programs that crawl sites are actually operated by spammers. The researchers were able to identify characteristics that were unique to spamming crawlers, which could make it easier to detect and fight these programs. People can protect themselves from email harvesting by using simple obfuscation techniques, such as replacing the @ symbol with the word "at" when posting an email address.
Indiana University researchers have exposed some of the methods spammers use to collect email addresses and send junk mail through multiple computers. In a paper scheduled to be presented at the Conference on E-mail and Anti-Spam, the researchers explain how they studied spammers' methods to obtain email addresses. The researchers used various techniques to match the programs that collect email addresses from Web pages, including exposing 22,230 unique email addresses on the Web for more than five months and watching for spam sent to those emails. The study found that an email address included in a comment posted to a Web site had a significantly higher probability of receiving spam. Only four of the email addresses submitted to 70 Web sites during a registration received spam, while half of the email addresses posted on popular sites received spam. The researchers also created a Web site on their own domain and waited for their pages to be crawled. Each visitor to the Web site saw a different email, which the researchers hoped would determine how often programs that crawl sites are actually operated by spammers. The researchers were able to identify characteristics that were unique to spamming crawlers, which could make it easier to detect and fight these programs. People can protect themselves from email harvesting by using simple obfuscation techniques, such as replacing the @ symbol with the word "at" when posting an email address.
Full article : http://www.technologyreview.com/communications/23003/
Computer Learns Sign Language by Watching TV
New Scientist (07/08/09) Barras, Colin
Software developed by researchers at the University of Oxford and the University of Leeds has autonomously determined the basics of sign language by watching TV programs that are subtitled and signed. The researchers first designed an algorithm to recognize gestures, without assigning a definition to those gestures, made by a signer on TV. The software focuses on the arms to determine the rough location of the hands, and identifies flesh-colored pixels in those areas to identify precise hand shapes. The researchers exposed the system to about 10 hours of TV footage that contained both sign language and subtitles, and tasked the software to learn the signs for a mix of 210 nouns and adjectives that would appear several times throughout the footage. The program analyzes the signs that accompany each of the words whenever they appear in the subtitles. When it was not obvious which part of a signing sequence corresponded to the given word, the system compared multiple occurrences of the word to isolate and identify the correct sign. The software correctly learned 136 of the 210 words. University of Leeds researcher Mark Everingham says some of words have different signs, so a 65 percent success rate is quite high given the complexity of the task. Researchers at the University of Surrey have developed a similar system that scans all of the signs in a video sequence to identify signs that appear frequently and likely represent common words. Both approaches could be used to create a way to automatically animate digital avatars capable of signing fluently for deaf TV program viewers.
Software developed by researchers at the University of Oxford and the University of Leeds has autonomously determined the basics of sign language by watching TV programs that are subtitled and signed. The researchers first designed an algorithm to recognize gestures, without assigning a definition to those gestures, made by a signer on TV. The software focuses on the arms to determine the rough location of the hands, and identifies flesh-colored pixels in those areas to identify precise hand shapes. The researchers exposed the system to about 10 hours of TV footage that contained both sign language and subtitles, and tasked the software to learn the signs for a mix of 210 nouns and adjectives that would appear several times throughout the footage. The program analyzes the signs that accompany each of the words whenever they appear in the subtitles. When it was not obvious which part of a signing sequence corresponded to the given word, the system compared multiple occurrences of the word to isolate and identify the correct sign. The software correctly learned 136 of the 210 words. University of Leeds researcher Mark Everingham says some of words have different signs, so a 65 percent success rate is quite high given the complexity of the task. Researchers at the University of Surrey have developed a similar system that scans all of the signs in a video sequence to identify signs that appear frequently and likely represent common words. Both approaches could be used to create a way to automatically animate digital avatars capable of signing fluently for deaf TV program viewers.
Futuristic Fibers Could Replace Camera Lenses
ScienceNOW (07/10/09) Berardelli, Phil
Researchers at the Massachusetts Institute of Technology (MIT) have developed a new type of fiber that is capable of producing images without the need for a lens. Multimaterial fibers are flexible and translucent, consist of metal electrodes connected to a semiconductor, and are covered by an insulating polymer sheath. Light is detected by the semiconductor layer in the fiber, which also relays signals via the electrodes to a microprocessor. The signals from the fibers are combined by the microprocessor to determine the light's intensity, direction, and color. The researchers used visualization software to process the data, recreate the source image, and then display it on a monitor screen. The approach could be used for stealth wallpaper or to enable a soldier's uniform to provide a full view of the battlefield. It also solves the problem of having a damaged lens. The development "should inspire others to find ways to integrate nanoscale components," says materials scientist Rod Ruoff of the University of Texas at Austin. "I found myself wondering, for example, whether such components might conceivably be embedded in glass fibers, as well as in polymer fibers."
Researchers at the Massachusetts Institute of Technology (MIT) have developed a new type of fiber that is capable of producing images without the need for a lens. Multimaterial fibers are flexible and translucent, consist of metal electrodes connected to a semiconductor, and are covered by an insulating polymer sheath. Light is detected by the semiconductor layer in the fiber, which also relays signals via the electrodes to a microprocessor. The signals from the fibers are combined by the microprocessor to determine the light's intensity, direction, and color. The researchers used visualization software to process the data, recreate the source image, and then display it on a monitor screen. The approach could be used for stealth wallpaper or to enable a soldier's uniform to provide a full view of the battlefield. It also solves the problem of having a damaged lens. The development "should inspire others to find ways to integrate nanoscale components," says materials scientist Rod Ruoff of the University of Texas at Austin. "I found myself wondering, for example, whether such components might conceivably be embedded in glass fibers, as well as in polymer fibers."
Thursday, July 16, 2009
Logical Domains 1.2 Released with Nine New Features
Logical Domains (LDoms) provides built-in virtualization capabilities for Sun's CoolThreads Servers. As Sun's server hardware virtualization and partitioning technology for CoolThreads servers, LDoms software leverages the hypervisor to subdivide supported platforms' resources (CPUs, memory, I/O, and storage) by creating partitions called logical domains. Each logical domain can run an independent operating system. Specialized service and control domains allow the management of these resources using the Logical Domains Manager.
Recently released Version 2.1 provides features such as support for:
CPU Power Management
The Logical Domains Manager now supports two power policies - a setting that governs system power usage at any point in time - assuming that the underlying platform has implemented Power Management features:
- Performance: The system is allowed to use all the power that is available.
- Elastic: The system power usage is adapted to the current utilization level. For example, power up or down just enough system components to keep utilization within thresholds at all times, even if the workload fluctuates.
Jumbo Frames
LDoms virtual switch (vsw) and virtual network (vnet) devices can now support Ethernet frames with payload sizes larger than 1500 bytes. This change results in these drivers being able to increase network throughput.
Configuring Domain Dependencies
LDoms Manager can be used to establish dependency relationships between domains. A domain that has one or more domains that depend on it is called a master domain. A domain that depends on another domain is called a slave domain. Each master domain can specify what happens to its slave domains in the event that the master domain fails. For instance, if a master domain fails, it might require its slave domains to panic. If a slave domain has more than one master domain, the first master domain to fail triggers its defined failure policy on all of its slave domains.
Autorecovery of Configurations
Starting with the Logical Domains 1.2 release, a copy of the current configuration is automatically saved on the control domain whenever the Logical Domains configuration is changed. This autosave operation enables you to recover a configuration when the configurations that are saved on the SP are lost. This operation also enables you to recover a configuration when the current configuration was not explicitly saved to the SP when the system powercycled.
Export of Same Backend Multiple Times
A virtual disk backend can be exported multiple times either through the same or different virtual disk servers. Each exported instance of the virtual disk backend can then be assigned to either the same or different guest domains.
Physical-to-Virtual (P2V) Migration Tool
Automatically converts an existing physical system to a virtual system that runs in a logical domain on a chip multithreading (CMT) system. The source system can be any of the following:
- Any sun4u SPARC system that runs at least the Solaris 8 Operating System
- Any sun4v system that runs the Solaris 10 OS, but does not run in a logical domain
Configuration Assistant Tools
Leads you through the configuration of a logical domain by setting basic properties.
Restriction of Delayed Reconfiguration Operations to the Control Domain
The LDoms Manager 1.2 software restricts delayed reconfiguration operations to the control domain. For all other domains, you must stop the domain to modify the configuration unless the resource can be dynamically reconfigured.
API to Support LDMD Discovery
Discovery LDoms Managers on a subnet by using multicast messages. The ldmd daemon is able to listen on a network for a specific multicast packet. If that multicast message is of a certain type, ldmd replies to the caller. This enables ldmd to be discovered on systems that are running Logical Domains.
Bug Fixes
Multiple bug fixes also have been implemented.
System Support
LDoms 1.2 requires Solaris 10 05/09 (earlier patched versions are supported as well) or OpenSolaris 2009.06 as the control domain and is supported on the following systems:
- Sun SPARC Enterprise T5440 Servers
- Sun SPARC Enterprise T5140 and T5240 Servers
- Sun SPARC Enterprise T5120 and T5220 Servers
- Sun Blade T6300, T6320 and T6340 Server Modules
- Netra CP3060 and CP3260 Blades
- Netra T2000,T5220 and T5440 Servers
- Sun Fire or SPARC Enterprise T1000 and T2000 Servers
Reference : Release notes
Google Native Client
Native Client
Native Client is an open-source research technology for running x86 native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps. We've released this project at an early, research stage to get feedback from the security and broader open-source communities. We believe that Native Client technology will someday help web developers to create richer and more dynamic browser-based applications.
Reference : http://code.google.com/events/io/sessions/NativeClientUsingNativeCode.html
Top Five Favorite Cybercrime Blogs
Top Five Favorite Cybercrime Blogs
Monday, June 22nd, 2009
I’ve been reviewing some of the other blogs covering cybercrime and want to share with you five that I’ve found most interesting.
Kenyantykoon’s Blog on African Cybercrime: A very good country-by-country summary of one of the hot beds of cybercrime.
Cybercrime and Doing Time: One of the older blogs on cybercrime written by Gary Warner, Director of Research in Computer Forensics at the University of Alabama. He tends to focus on spam and phishing scams. He writes very cogently about cybercrime. This is a typical poston the current Bank of America phishing scam.
Schneier on Security: Not specifically focused on cybercrime, but deals with it frequently enough to make my list. Besides if you don’t enjoy Bruce’s writing, you’re not paying attention.
The Cybersleuth: Written by a criminal defense attorney in Miami. His piece on the security issues associated with cloud computing entitled A Chastity Belt for the Cloud, is quite insightful.
IdentityTheftInfo.org Blogs: Multiple authors and obviously focused on ID theft. Certainly not visually appealing, but provides comprehensive perspective on the myriad ways you can lose control of your identity.
I’ll update this list periodically as I find more blogs that are both useful and readable.
Reference : http://blog.pgp.com/index.php/2009/06/favorite-cybercrime-blogs/
Wednesday, July 15, 2009
Firefox 3.5 Vulnerability Rated 'Highly Critical'
Exploit code for a vulnerability in Firefox was posted online on Monday. Mozilla says it is working on a fix.
By Thomas ClaburnInformationWeek
US-CERT on Tuesday warned about vulnerability in the new Firefox 3.5 browser that could allow a remote attacker to execute malicious code.
Proof-of-concept exploit code was posted Monday on Milw0rm.com, an exploit code aggregation site, so it's likely that the vulnerability is being actively exploited.
The vulnerability, discovered by Simon Berry-Byrne, is related to the way Firefox 3.5 processes JavaScript code.
Mozilla has acknowledged the vulnerability and has a fix that's being tested. "The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code," the company said on its security blog. "The vulnerability can be mitigated by disabling the JIT in the JavaScript engine.
To do this:
1) Enter about:config in the browser's location bar.
2) Type jit in the Filter box at the top of the config editor.
3) Double-click the line containing javascript.options.jit.content setting the value to false.
As an alternative, the NoScript plug-in, which disables all JavaScript in the browser, should also offer protection.
Secunia, a computer security company based in Denmark, rates the vulnerability "highly critical"and notes that older versions of Firefox may be affected as well.
F-Secure, a computer security company based in Finland, said in a blog post that its Exploit Shield security software blocks the exploit.
In an interview on Monday about a bug in Google's Chrome browser, Robert "RSnake" Hansen, CEO of SecTheory, a computer security consulting firm, criticized Firefox's security process as being less rigorous than Microsoft's. "For the most part, it's just a bunch of random dudes who are contributing to it," he said.
Nevertheless, Hansen said that Firefox, rather than Internet Explorer, was his browser of choice because it was better for hacking.
Johnathan Nightingale, whose business card says "human shield" -- he manages the front-end team for Firefox and security issues -- says he's proud of the work Mozilla does and that he can't compare Mozilla's efforts to Microsoft's because Microsoft's security process isn't open.
He notes that Mozilla devotes significant resources to security and that the company's security team has been growing. He welcomes those who want to contribute to Mozilla to make it more secure.
Sun Virtualbox 3.0.2 released
VirtualBox 3.0.2 (released 2009-07-10)
This is a maintenance release. The following items were fixed and/or added:
- VMM: fixed network regressions (guest hangs during network IO) (bug Fixed in SVN (reopened)" style="text-decoration: none; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#4343)
- VMM: guest SMP performance improvements
- VMM: fixed hangs and poor performance with Kaspersky Internet Security (VT-x/AMD-V only; bug fixed in SVN (reopened)" style="text-decoration: none; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#1778)
- VMM: fixed crashes when executing certain Linux guests (software virtualization only; bugs fixed in SVN/3.0.2 (closed)" style="text-decoration: line-through; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#2696 & VBox crash -> fixed in SVN/3.0.2 (closed)" style="text-decoration: line-through; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#3868)
- ACPI: fixed Windows 2000 kernel hangs with IO-APIC enabled (bug fixed in ... (closed)" style="text-decoration: line-through; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#4348)
- APIC: fixed high idle load for certain Linux guests (3.0 regression)
- BIOS: properly handle Ctrl-Alt-Del in real mode
- iSCSI: fixed configuration parsing (bug #4236)
- OVF: fix potential confusion when exporting networks
- OVF: compatibility fix (bug #4452)
- NAT: fixed crashes under certain circumstances (bug fixed in SVN (closed)" style="text-decoration: line-through; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#4330)
- 3D support: fixed dynamic linking on Solaris/OpenSolaris guests (bug Fixed in SVN. (closed)" style="text-decoration: line-through; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#4399)
- 3D support: fixed incorrect context/window tracking for multithreaded apps
- Shared Folders: fixed loading from saved state (bug #1595)
- Shared Folders: host file permissions set to 0400 with Windows guest (bug ... (closed)" style="text-decoration: line-through; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#4381)
- X11 host and guest clipboard: fixed a number of issues, including bug fixed in SVN (closed)" style="text-decoration: line-through; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#4380 and ... (closed)" style="text-decoration: line-through; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#4344
- X11 Additions: fixed some issues with seamless windows in X11 guests (bug fixed in SVN (closed)" style="text-decoration: line-through; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#3727)
- Windows Additions: added VBoxServiceNT for NT4 guests (for time synchronization and guest properties)
- Windows Additions: fixed version lookup
- Linux hosts: workaround for buggy graphics drivers showing a black VM window on recent distributions (bug #4335)
- Linux hosts: fixed typo in kernel module startup script (bug Fixed in SVN (closed)" style="text-decoration: line-through; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#4388)
- Installer: support Pardus Linux
- Solaris hosts: several installer fixes
- Solaris host: fixed a preemption issue causing VMs to never start on Solaris 10 (bug #4328).
- Solaris guest: fixed mouse integration for OpenSolaris 2009.06 (bug fixed in SVN (closed)" style="text-decoration: line-through; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#4365)
- Windows hosts: fixed high CPU usage after resuming the host (bug fixed in SVN/3.0.2 (closed)" style="text-decoration: line-through; color: rgb(0, 0, 192); border-bottom-width: initial; border-bottom-style: none; border-bottom-color: initial; ">#2978)
- OVF: accept ovf:/disk/ specifiers with a single slash in addition to ovf://disk/ (bug #4452)
- Fixed a settings file conversion bug which sometimes caused hardware acceleration to be enabled for virtual machines that had no explicit configuration in the XML.
See change log for full details : http://www.virtualbox.org/wiki/Changelog
Download : http://www.virtualbox.org/wiki/Downloads
New Bluetooth Application Will Let Sports Fans Share Experiences in Real Time
Engineering & Physical Sciences Research Council (07/09/09)
Researchers at the University of Glasgow are using ad hoc networking to make direct phone-to-phone communication possible in real-world settings without sending messages. The team has developed computer programs that will allow a sports fan in a stadium to reach up to seven other users at the same time, without using mobile phone masts. In harnessing Bluetooth, the approach enables mobile phones to share banter, photos, and video clips instantly and free of charge, without using a network. Using mobile phones in a stadium is often difficult because there is a lot of interference, and messages can take a long time to be delivered. "If a disputed goal is scored or a yellow card awarded, you want to hear what others have to say about it straight away, from their vantage point in the stadium," says project director Matthew Chalmers. "It's really about extending a social networking philosophy to sports stadia and giving spectators a richer experience by making them feel better connected with each other." The new technology could be ready for the market within two years, and also could be used in emergency healthcare situations.
Researchers at the University of Glasgow are using ad hoc networking to make direct phone-to-phone communication possible in real-world settings without sending messages. The team has developed computer programs that will allow a sports fan in a stadium to reach up to seven other users at the same time, without using mobile phone masts. In harnessing Bluetooth, the approach enables mobile phones to share banter, photos, and video clips instantly and free of charge, without using a network. Using mobile phones in a stadium is often difficult because there is a lot of interference, and messages can take a long time to be delivered. "If a disputed goal is scored or a yellow card awarded, you want to hear what others have to say about it straight away, from their vantage point in the stadium," says project director Matthew Chalmers. "It's really about extending a social networking philosophy to sports stadia and giving spectators a richer experience by making them feel better connected with each other." The new technology could be ready for the market within two years, and also could be used in emergency healthcare situations.
Full article : http://www.epsrc.ac.uk/PressReleases/bluetooth.htm
IBM security software masks confidential info
IBM researchers have developed Masking Gateway for Enterprises (MAGEN), software that uses optical character recognition and screen scraping technology to identify and conceal confidential information. IBM says MAGEN can prevent data leakage and allow for data sharing while protecting sensitive business data. MAGEN works at the screen level by "catching" the information before it reaches the screen, analyzing the content, and masking sensitive details that should be hidden from the potential viewer. The system treats the information as a picture, uses optical character recognition to identify confidential sections, and places a data "mask" over those details, without copying, changing, or processing the data. IBM says customers can set masking rules that can be defined per screen structure or per application. MAGEN does not change the software program or data, but rather filters information before it reaches the screen. The software also does not force companies to create modified copies of electronic records to mask, scramble, or eliminate data. IBM says MAGEN could be used for healthcare firms that outsource customer service and claims processing functions to a third party, enabling customer service representatives to access patient records while protecting private medical information.
Software to unlock the power of grids
A huge amount of computing power sits idle most of the time, and new technologies enabling the sharing of resources aim to capitalise on that. Now European researchers have developed software to simultaneously run applications on very different IT infrastructures.
Unlocking the power of grid computing has become one of the top priorities in the IT world. Optimising the use of existing resources rather than deploying new infrastructure is becoming increasingly important in the current economic climate.
At the same time, applications are taking longer to execute using traditional computing methods, with the amount of data being processed increasing at a rapid pace. This presents a problem because processing power is not keeping up with demand.
Moore’s Law predicted that the processing power of integrated circuits, or chips, would roughly double every 18 months. This has held true from the late 1950s until recently – the exponential growth has finally slowed down as the miniaturisation of components is nearing its limit.
An EU-funded project, GridCOMP, has been working around this conundrum by developing some clever software and middleware which allows applications to run on several, or even many, computers at the same time regardless of different infrastructures and architectures.
Full article : http://cordis.europa.eu/ictresults/index.cfm?section=news&tpl=article&BrowsingType=Features&ID=90738
Tuesday, July 14, 2009
DSL Line Attenuation/Noise Margin Explained.
Noise Margin (AKA Signal to Noise Margin or Signal to Noise Ratio)
Relative strength of the DSL signal to Noise ratio. The higher the number the better for this measurement. In some instances interleaving can help raise the noise margin to an acceptable level.
6dB or below is bad and will experience no synch or intermittent synch problems
7dB-10dB is fair but does not leave much room for variances in conditions
11dB-20dB is good with little or no synch problems* (but see note below)
20dB-28dB is excellent
29dB or above is outstanding
* Note that there may be short term bursts of noise that may drop the margin, but due to the sampling time of the management utility in your modem, will not show up in the figures.
Line Attenuation
Measure of how much the signal has degraded between the DSLAM and the modem. This is largely a function of the distance from the exchange. The lower the dB the better for this measurement.
20dB and below is outstanding
20dB-30dB is excellent
30dB-40dB is very good
40dB-50dB is good
50dB-60dB is poor and may experience connectivity issues
60dB or above is bad and will experience connectivity issues
DSL Rate ***/tx/rx/Rate
The actual service data rate that your ISP has provisioned.
Attainable Line Rate
This is the maximum rate at which your modem can connect to the DSLAM if there was no service provisioning limiting the bandwidth. The higher the number the better.
Occupancy
Occupancy is the percentage of line capacity used. Each DSL line is capable of a certain maximum speed or "capacity" dependant on line distance and other varying factors. The occupancy is an expression of your current sync rate setting over your maximum capacity. There are occupancy rates for both upload and download. The lower the figure, the better. Because of error correction and other factors in the DSL protocols, a margin is required so that a connection can be maintained under varying line conditions. If the occupancy approaches 100%, any interference can cause the ADSL sync to be lost. A useful measurement to monitor when sync problems occur. [AFAIK the billion SNMP utility does not give a direct measurement of occupancy :-( ]
(with due acknowledgment of the other sources/forums that this info was gleaned from)
Relative strength of the DSL signal to Noise ratio. The higher the number the better for this measurement. In some instances interleaving can help raise the noise margin to an acceptable level.
6dB or below is bad and will experience no synch or intermittent synch problems
7dB-10dB is fair but does not leave much room for variances in conditions
11dB-20dB is good with little or no synch problems* (but see note below)
20dB-28dB is excellent
29dB or above is outstanding
* Note that there may be short term bursts of noise that may drop the margin, but due to the sampling time of the management utility in your modem, will not show up in the figures.
Line Attenuation
Measure of how much the signal has degraded between the DSLAM and the modem. This is largely a function of the distance from the exchange. The lower the dB the better for this measurement.
20dB and below is outstanding
20dB-30dB is excellent
30dB-40dB is very good
40dB-50dB is good
50dB-60dB is poor and may experience connectivity issues
60dB or above is bad and will experience connectivity issues
DSL Rate ***/tx/rx/Rate
The actual service data rate that your ISP has provisioned.
Attainable Line Rate
This is the maximum rate at which your modem can connect to the DSLAM if there was no service provisioning limiting the bandwidth. The higher the number the better.
Occupancy
Occupancy is the percentage of line capacity used. Each DSL line is capable of a certain maximum speed or "capacity" dependant on line distance and other varying factors. The occupancy is an expression of your current sync rate setting over your maximum capacity. There are occupancy rates for both upload and download. The lower the figure, the better. Because of error correction and other factors in the DSL protocols, a margin is required so that a connection can be maintained under varying line conditions. If the occupancy approaches 100%, any interference can cause the ADSL sync to be lost. A useful measurement to monitor when sync problems occur. [AFAIK the billion SNMP utility does not give a direct measurement of occupancy :-( ]
(with due acknowledgment of the other sources/forums that this info was gleaned from)
Source : http://forums.whirlpool.net.au/forum-replies-archive.cfm/388705.html
Thursday, July 9, 2009
Browser : Google Chrome 3.0.192.0 is faster than Safari 4.0.2 (5530.19)
I'm using SunSpider Java Benchmark (http://www2.webkit.org/perf/sunspider-0.9/sunspider.html) for this testing. The result shows that Google Chrome (total run time : 903.0 ms) is faster than Safari (total run time : 1151.0ms) in most area of testing, but in some areas Chrome is also much slower. Chrome is slower in bitops, date and string maniplation.
For example :
1.60x as fast means Chrome is faster than Safari about 60% in 3d testing--3d cude (79% faster)
and 3d morph (90% faster).
TEST COMPARISON FROM TO DETAILS
=============================================================================
** TOTAL **: - 1151.0ms +/- 36.3% 903.0ms +/- 6.4%
=============================================================================
3d: 1.60x as fast 220.0ms +/- 18.8% 137.6ms +/- 13.1% significant
cube: 1.79x as fast 89.0ms +/- 25.8% 49.6ms +/- 4.2% significant
morph: 1.90x as fast 81.2ms +/- 25.6% 42.8ms +/- 31.4% significant
raytrace: - 49.8ms +/- 13.5% 45.2ms +/- 14.5%
access: 1.50x as fast 110.8ms +/- 4.4% 74.0ms +/- 8.3% significant
binary-trees: 2.00x as fast 10.0ms +/- 12.4% 5.0ms +/- 0.0% significant
fannkuch: ?? 28.4ms +/- 11.8% 29.0ms +/- 15.8% not conclusive: might be *1.02x as slow*
nbody: 1.71x as fast 55.2ms +/- 4.9% 32.2ms +/- 11.7% significant
nsieve: 2.21x as fast 17.2ms +/- 18.7% 7.8ms +/- 13.3% significant
bitops: *1.21x as slow* 58.0ms +/- 5.3% 70.4ms +/- 12.1% significant
3bit-bits-in-byte: 1.23x as fast 7.4ms +/- 9.2% 6.0ms +/- 29.3% significant
bits-in-byte: ?? 12.6ms +/- 11.3% 13.2ms +/- 25.3% not conclusive: might be *1.05x as slow*
bitwise-and: *2.82x as slow* 7.8ms +/- 17.5% 22.0ms +/- 9.8% significant
nsieve-bits: - 30.2ms +/- 7.4% 29.2ms +/- 18.9%
controlflow: 1.27x as fast 6.6ms +/- 10.3% 5.2ms +/- 20.0% significant
recursive: 1.27x as fast 6.6ms +/- 10.3% 5.2ms +/- 20.0% significant
crypto: 1.29x as fast 78.6ms +/- 8.1% 61.0ms +/- 12.8% significant
aes: ?? 23.8ms +/- 6.8% 25.8ms +/- 23.2% not conclusive: might be *1.08x as slow*
md5: 1.43x as fast 28.0ms +/- 9.9% 19.6ms +/- 16.5% significant
sha1: 1.72x as fast 26.8ms +/- 12.0% 15.6ms +/- 15.5% significant
date: *1.19x as slow* 96.2ms +/- 2.3% 114.2ms +/- 10.5% significant
format-tofte: *1.39x as slow* 45.0ms +/- 2.0% 62.4ms +/- 4.1% significant
format-xparb: ?? 51.2ms +/- 3.2% 51.8ms +/- 19.4% not conclusive: might be *1.01x as slow*
math: 1.57x as fast 129.0ms +/- 5.1% 82.0ms +/- 10.7% significant
cordic: 1.59x as fast 51.6ms +/- 8.1% 32.4ms +/- 15.7% significant
partial-sums: 1.51x as fast 52.4ms +/- 7.6% 34.8ms +/- 18.5% significant
spectral-norm: 1.69x as fast 25.0ms +/- 6.1% 14.8ms +/- 9.2% significant
regexp: 1.34x as fast 36.4ms +/- 5.2% 27.2ms +/- 3.8% significant
dna: 1.34x as fast 36.4ms +/- 5.2% 27.2ms +/- 3.8% significant
string: - 415.4ms +/- 92.0% 331.4ms +/- 3.8%
base64: - 171.2ms +/- 224.8% 42.8ms +/- 11.7%
fasta: 1.05x as fast 52.0ms +/- 2.4% 49.4ms +/- 10.5% significant
tagcloud: *1.26x as slow* 56.0ms +/- 6.3% 70.8ms +/- 6.5% significant
unpack-code: *1.20x as slow* 80.6ms +/- 6.2% 96.4ms +/- 3.7% significant
validate-input: *1.29x as slow* 55.6ms +/- 8.6% 72.0ms +/- 10.0% significant
Subscribe to:
Posts (Atom)
Posts
