Wednesday, October 27, 2004

DDR2 Memory

Double data rate (DDR) memory is coming. DDR2 is the name given to the latest memory technology used in IBM NetVista desktop PCs and IBM eServer xSeries servers.

The primary benefit is the potential for faster throughput. Currently DDR2 operates at data transfer rates starting at 400 MHz (the upper limit for DDR) and 533 MHz. Support for 667 MHz and 800 MHz transfer rate is expected in 2005. In addition, the DDR2 improves the power consumption of the DIMM because it works on a lower voltage. DDR operates at a range of 2.5 to 2.8 V, whereas DDR2 only requires 1.8 V.

More about this is the original article.

PopGavaMail 0.1.3 Released

 From SourceForge rmanocha let us know the following:

PopGavaMail is a POP3 proxy server for the famous Gmail webmail service. It opens up a port on your localhost which can then be connected to read your mail from your favorite mail client. It uses the g4j library to talk with Gmail. Release 0.1.3 bring major feature enhancements to PopGavaMail. Primary among them is the option to specify a port to start the server on. Other options have been added too. Read the Release notice at: https://sourceforge.net/project/shownotes.php?group_id=120786&release_id=278083 You can download the Package from: https://sourceforge.net/project/showfiles.php?group_id=120786 On a side note, I have started writing the IMAP server. Some very initial code has been written. If you are interested, you can check it out at: http://cvs.sourceforge.net/viewcvs.py/gavamail/imapGmail/ If you think you can help me, please contact me(rmanocha@users.sf.net). Best rmanocha

 

 

Gracias DJ

Te genera muchísima alegría cuando un amigo tiene un detalle contigo, sobretodo si este nace 100% de manera espontánea. Simplemente un amigo pensó en ti, pensó en alguna necesidad que tenías y que por alguna u otra razón no satisfacías, y decide él mismo satisfacerla. Así, de la nada, del puro gusto de dar y compartir, de hacer vida. Justamente por esto es hermoso dar, porque uno se siente pleno, satisfecho, vivo.

Pero también recibir -a menos que uno tenga o bien, un serio problema de soberbia o una autoestima increíblemente baja- es súper agradable. Claramente también te sientes muy contento, muy pleno? sobretodo porque te sientes muy rico. No tanto por el detalle o el regalo, sino porque sabes que cuentas con un amigo. El detalle puede ser desde una sonrisa o una amabilidad que te desagobie de alguna faena cansada y aburrida. También puede ser un regalo más concreto y físico. Cualquier cosa dada y recibida así, sin más protocolo que el gusto de compartir y ver a tu amigo contento es motivo de celebración. La amistad existe, y yo lo considero un tipo de amor. Y por ello y sin duda, es algo que hay que celebrar como lo más intenso y positivo que uno puede encontrarse por su paso por esta vida.

Ayer Javier -djleon- , así como lo describimos, me regaló un celular activado y con crédito (incluso con la batería ya cargada todo un día). Yo había dejado este asunto del celular a un lado durante mucho tiempo. Pero claro que me hacía falta, con una esposa y una hija de las que soy responsable, seguro que necesito estar 100% comunicado a toda hora. No sólo eso, sino también a nivel profesional cada vez era mucho más indispensable un instrumento de comunicación como ese.

Muchas gracias, Javier. Pero sobretodo gracias por ser un amigo y saber serlo de la mejor manera.

Monday, October 25, 2004

Mozilla/Firefox/Thunderbird Downloaded File Content Disclosure Vulnerability

There are vulnerabilities on both, the dark and the bright sides (Who are on the bright side?). It’s software. The difference resides on how long does a company or an open source group have taken security for real.

Martin has reported a vulnerability in Mozilla, Firefox, and Thunderbird, which can be exploited by malicious, local users to gain knowledge of sensitive information.


Read the original
Secunia - Latest Secunia Security Advisories
post.

Doom Movie in Production For Aug 2005 Release

 Well, I think Doom is the one and only computer game I played, and played too much. I can’t wait for the premiere.

Lord Prox writes "Doom: The motion picture is now in production from Universal Pictures for a release date of August 5, 2005. According to IMDB the cast includes The Rock, Rosamund Pike, Razaaq Adoti, Ben Daniels, and Karl Urban. The plot and setting is right from the game."


Read the original
Slashdot
post.

US Washington Post backs Kerry

US presidential candidate John Kerry has received the official backing of the influential Washington Post.

Podcasting

Today (although I’m sure it isn’t a very new concept) I discovered what is known for podcasting. Here you can find a very illustrative guide to podcast.

The simple idea behind it is to post MP3 as a RSS 2.0 enclosure. A very cool thing about postcasting is that it allows individuals to publish (podcast) radioshows, that interested listeners can subscribe to. Before podcasting you could of course record a radio show and put it on your website, but now people can automatically receive new shows, without having to go to a specific site and download it from there. Or instead of remembering a conversation you can podcast it.

RFID Passports

As almost any bad idea about security, this one also comes from the Bush Administration: Promoting RFID Passports. A RFID passport would broadcast your ID. It will be readable by any RFID reader. Read more about it on this post of the Bruce Schneier blog.

Thanks Arcadi for the typo observation.

IE 6.0 + XP SP2 Vulnerability

This has been published by The SANS Institute.

A new Critical Vulnerability has been detected over IE 6.0 + XP SP2. One of Microsoft's patches from last week already has been worked around by hackers, at least on some platforms.

 

HIGH: Internet Explorer Drag and Drop Vulnerability

Affected:

Internet Explorer 6.0 on fully patched XP SP2

 

Description: A variation of the "drag and drop" vulnerability has been reported that may be exploited to compromise a Windows client via a malicious web page or an HTML email. The exploitation proceeds as follows:

(a) A specially crafted HTML "style" sheet is used to access a local folder on a Windows client.

(b) An IMG element with its "src" set to a filename (without any extension) is dragged and dropped to the local folder opened in step (a). IE's cumulative patch MS04-038 released last week prevents an IMG element with its src set to an executable file from being dragged.

However, the patch does not prevent the "drag and drop" of an image with the src attribute set to other file formats such as pdf, xml etc.

Further, if no extension is used for the IMG element's src file, IE automatically creates a file with the file type extension after the drag and drop operation. Thus, an attacker can create a malicious file with a ".htm" extension on the client's local file system.

(c) The malicious HTML file is invoked via the HTML Help ActiveX control (hhctrl.ocx). This leads to execution of arbitrary code on the client system.

A proof-of-concept exploit has been publicly posted. The PoC exploit demonstrates how to use "ADODB.recordset" object to write arbitrary files on the client's local system. Although this exploit requires user interaction, it may be possible to rewrite the exploit such that no user interaction is required. Note that the Akak Trojan exploited the earlier variation of this vulnerability in the wild.

 

Status: Microsoft has not confirmed. An unofficial fix has been posted that sets the kill bit for the "Shell.Explorer" ActiveX control. This control is responsible for displaying the folders in IE. Setting the kill bit prevents displaying any folders, and prevents exploitation via the published attack vector. The fix can be downloaded from: http://www.pivx.com/research/freefixes/neutershellexplorer.reg

 

References:

Posting by http-equiv

http://archives.neohapsis.com/archives/ntbugtraq/2004-q4/0078.html

Posting by Thor Larholm

http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0754.html

SecurityFocus BID

http://www.securityfocus.com/bid/11466  

Sunday, October 24, 2004

Great cartoons and a worthy post from Electoral Vote

Regarding the presidential election I’ve found this collection of cartoons from Electoral Vote. I think you will enjoy them as I did. BTW, I read Electoral Vote on a daily basis (through its RSS feed), and like it a lot. On Friday, at the bottom of their daily post-article they published a very simple, but informative, sensibility analysis about the undecided voters and their impact on the election result. In the same article they talk about the Supreme Court and the age of its members and the high probability of the vacancies within the next four years. They comment about the appointments that the next president will make to the SC. Just think about the appointments Bush have make to the appellate courts…

100 facts, 1 opinion

Some of these 100 facts feed my opposition to Bush reelection. I support 100% the opinion stated at the bottom of the article.

Saturday, October 23, 2004

IE Exploit Lets Attackers Plant Programs on SP2

Well, I thought I will never blog about XP SP2. Whether it has slowed down (dramatically) my PC or not, I think is a matter of coincidence of configuration plus software installed on my PC, I need more data in order to blog something worthy to read. But, this is a fact and a guess (I don’t think it’s a very clever one, all software have bugs [both from design and implementation]) I did some moths ago: SP2 won’t alleviate all the problems MS claims to. On Wednesday, eWeek published an article letting us to know some flaws in it.

Friday, October 22, 2004

Microsoft: 106 Million SP2 Copies Distributed

There is a huge discussion about XP SP2, so I won’t enlarge it anymore. But we should know that according to Microsoft, there have been 106 million copies of Windows XP Service Pack 2 (SP2) distributed since August 6.

Thursday, October 21, 2004

Google doubles profit year-over-year

I really like this company.

In first report as public company, search giant posts third-quarter profit of $52 million, thanks to booming online-ad revenue.

Read the original article at CNET News.com

Wednesday, October 20, 2004

VeriChip Approved by FDA for Medical Use in Humans

The FDA has approved for medical use the world's first implantable radio frequency identification microchip for use on humans.

About the size of a grain of rice, VeriChip cannot be seen by the human eye and contains a unique 16-digit verification number that is captured by briefly passing a proprietary scanner over the insertion site. The number links to the database via encrypted Internet access.

Read Original Article

Tuesday, October 19, 2004

Multithreaded toolkits

Graham Hamilton blogged about this topic.  His answer is no –at least considering the multithreading techniques available today–, but we should use events.

Here at JackBe we are developing a new version of our JackBuilder, a RAD for the development of JackBe-based web applications. The GUI  is 100% browser based, built in JavaScript and DHTML. Some days ago, I was considering whether to promote more multithreading within our tool or to stay event driven. With the ridiculous threading support of this platform (there are two ways of generate more than one thread, and no way to lock them at all) of course we remain event driven. Although we have a multithread tool for the runtime, in order to send a number of requests concurrently to the server (we call it JBPacemaker), the responses are rendered by the browser inside the threading model that it has to attend them. The problem arises when a JackBe programmer uses two different JBPacemakers and happens that the response code within that document affects the same object within the original document. But this is a platform lack, it is so much event driven that we are very exposed to any race condition raised by quasi-concurrent responses.

Sunday, October 17, 2004

Saturday, October 16, 2004

Open Letter to USA President Bush

Mauricio Castro let me know about an Open Letter to President Bush on U.S. Economic Policy. It is already signed by two Nobel laureates among 113 Business and Economics emeritus professors from a number of the most important schools along USA. It’s a great letter that everybody, at least in USA, should read.

Thursday, October 07, 2004

Craig McClanahan talks about JSF and/or Struts

Craig McClanahan the creator of Struts and co-specification lead of JSF talks in his blog whether a developer should use JSF and/or Struts.

Two other worthyreadings about this topic are:

Apache Wiki entryabout StrutsMoreAboutJSF.

Struts commentspage about JSF integration

Saturday, October 02, 2004

Favorite identity

It's an old friend but, on some rainy days, I like to see this identity a lot of times. It's very cool that Google Calculator know how to calculate it.

Ya es vieja conocida, pero siempre es grato ver esta identidad reconocida por Google Calculator.

Friday, October 01, 2004

Announcing backport of JSR166 to Java 1.4

Dawid Kurzyniec has announced that he has written a backport of JSR 166 to Java 1.4.

"I am happy to announce availability of a backport of java.util.concurrent API to Java 1.4. The backport is based on sources from JSR 166 CVS repository (September 2004), and dl.util.concurrent 1.3.4. The backport is nearly complete; unsupported functionality is limited mostly to the following classes: 1) requiring explicit JVM support (e.g. nanosecond clock), 2) some non-essential functions described as "designed primarily for use in monitoring in system state, not for synchronization control", 3) functionality that would affect performance, or 4) functionality that would require development of substantial amount of new code."