From Andy Helsby's Bookmarks: How do I Reset a Dell BIOS Password? – apparently for laptops there is a free (if you live in the USA) number you can call, and after giving the serial number for your laptop, they give a master unlock code. This is cool, but also a reminder that BIOS passwords don’t provide real security.
From the same source: Free PDF to Word converter. I didn’t try it myself, but it is the kind of utility several people have asked me about.
Via terminal23.net: CIO's agree that application security is more important, but network security is more "visible". An important point to keep in mind if you need to justify where you’ve spent the money.
An other example that companies can't secure their sites – and even worse, the security companies which are supposed to help them, have some glaring omissions.
Again from terminal23.net: wisdom from a hacker looking at 50 (warning! the link points to a ~226 MB M4V vide file). Interesting and inspiring. One minor caveat: you might have heard the this talk from other sources.
- Using Btrfs with Multiple Devices – very cool. It seems that Btrfs aims to be a contender to ZFS. I would still like to have ZFS in the Linux kernel, but given the licensing discrepancies, I think that it won’t happen (at least in the short term)
- ClamAV now supports Google’s Safe Browsing blocklist
- Top acts - “top” like utilities for Linux. htop (use it almost daily), iftop (have heeard about it) and iotop (haven’t heard about it). A bonus from the the taint.org comments: atop. Some version of each is available in the Ubuntu repos (not necessarily the most bleeding edge version).
- A very in-depth article from AnandTech about SSD performance – worth the read if you are interested in this technology, because there are a few surprises in it
On the DVLabs blog we have a good explanation of what the recently released !exploitable add-in for WinDbg does: “The rule may ask "Is the faulting instruction a read violation of EIP?". If the answer is yes, it calls it a day and labels it exploitable”. Get the slides for more details (they are in PPTX format, but OpenOffice 3.0 can render them acceptably).
From The Dark Visitor blog: The 2009 Annual Report to Congress on the Military Power of the People’s Republic of China [PDF] has been released by the USA DoD. And they do use the word cyber a couple of time :-)
From the xkcd blog: there seems to be some controversy regarding the effectiveness of the Dvorak layout. The second link seems to more balanced (even though it is from a “make the switch” side :-)). On a related note: the support in Windows seems to be awful, the layout switching almost randomly :-(. And I didn’t manage to find a typing tutor currently, which shows the layout of the keyboard on the screen.
Via Security4All: Insecure 20 is out – my usual complaints still apply (the articles are somewhat superficial and there are many advertisement), but after all – it is free. One interesting tool it gets mentioned is XProbe2, an application-level fingerprinting tool. There is also a discussion about ISP level filtering, but sadly it is confused with child pornography and other such issues (I would like a discussion – or a sub-discussion – based entirely on the security aspect).
Again from the Security4All blog: a presentation about social engineering from practitioners. Interesting, unfortunately the sound quality is not very good.
A few links from the Lookup blog (which has the subtitle “Unicode conformance and security testing”):
- Uniview – an online utility to browse the properties of unicode characters
- Unicode security attacks and test cases: character mappings and normalization for testing - Point: Normalizing strings after validation is dangerous
- Also, the slides from CanSecWest – very interesting and a great summary of possible security implications of using Unicode
From episode 99 of Windows Weekly comes the following video:
Yes, that is Jim Allchin, a former member of the Microsoft Senior Leadership Team.
From the braindump blog:
- An other person rediscovering the problem with classifying intent
- Why not let stuff lying around on your website – it also references cute little tool: md5.rednoize.com – a search engine for MD5 and SHA1 hashes.
Via the Scale-Out Blog: Eventually consistent – it seems that with distributed systems we need to reconsider quite a lot of our assumptions about the data we can store. It references an interesting paper: Brewer’s conjecture and the feasibility of consistent, available, partition-tolerant web services
From Monty: Web of Trust – a collaborative way to replicate the functionality of SiteAdvisor. In some way it is more powerful (because it can spot things which are hard to spot automatically – like money mule scams), but in other ways (like adware / spyware / malware) it is questionable if enough people have the know-how to correctly determine if a site is or is not infected (I would fall on the “no” side).
The following link is probably only interesting to my Romanian speaking readers: Salariile reale din industria IT din Romania 2008 – a quick translation of the title: “The real salaries in the IT industry in Romania, 2008”.
The Freshman – seems to be a good movie, especially because of Marlon Brando. Speaking of good movies, Das Leben der Anderen is an exceptional movie (worthy of the “German tradition” of Das Experiment and Good-bye Lenin).
From chimeric.de: some interesting 8-bit-like music. If you like the genre, you might want to take a look at 8bitcollective.com and the streaming radio station I mentioned some time ago.
From Coding Horror: The Ugly American Programmer – basically the same ideas I outlined earlier: if you want to be a (good) programmer, you have to know English. It is interesting to compare the reactions in the comments (which mostly agree with the premise) with the comments on Scott Hanselman’s post – the later had more disagreeing posts. Different demographic I guess.
From Otaku, Cedric's weblog: Do you want to play a game? (and here is the solution). A related article: The Coin Flip: A Fundamentally Unfair Proposition?.
From the Random things in IT blog: A couple of free data restore utilities: PhotoRec and TestDisk – and they are open source too! Anyway, if you’ve deleted something you didn’t mean, stop writing to the given partition as soon as possible (and I mean as soon as possible), because otherwise the chances of recovering anything are extremely slim.