http://blog.mecheye.net/2012/06/the-linux-graphics-stack/
(Read More..)Sabtu, 23 Juni 2012
Replicate from Oracle to MySQL *without* GoldenGate
pageguide.js
pageguide.js is an interactive visual guide to elements on web pages.
Instead of cluttering your interface with static help message, or explanatory text,
add a pageguide and let your users learn about new features and functions.
http://tracelytics.github.com/pageguide/
WPSCRACKGUI V-1.1.8 - Graphical tool for cracking WPS Wireless Pin
.
Label:
Networking,
Security,
Wireless
Complexify - a jQuery Plugin
.
Label:
Jquery
Websites have a responsibility to users to accurately tell them how good a password is, and this is not an easy job.
- If your password is 8 characters long and only formed of lower case characters, you need to make it better, perhaps by adding a number or more characters.
- If your password is 25 characters long but happens to not contain a number, you shouldn't be forced by a password security policy to add one, you clearly have a very secure password.
Note: I use the term 'casually' because this is only client-side validation and anyone could turn it off. I recommend implementing a minimum length check server-side as well. In the future I may code up this algorithm for use server-side.
Complexity Rating
Complexify's default settings will enforce a minimum level of complexity that would mean brute-forcing should take ~600 years on a commodity desktop machine. The 'perfect' password used to scale the complexity percentage would take 3x10^33 years. These are equivalent to a 12 character password with uppercase, lowercase and numbers included, and a 25 character password with uppercase, lowercase, numbers and a wide range of punctuation.Unicode
Complexify supports Unicode and will add appropriate complexity for the size of character set included in a password.For example, as there are 96 Hiragana characters defined in the Unicode specification, including one of these will increase the brute-force complexity by 96.
The rationale behind this is that in an attacker were wanting to include Japanese passwords in his attack, he/she may choose to include the Hiragana set in his/her attack, but not the Katakana set. Complexify divides Unicode into 94 appropriately grouped sets.
http://danpalmer.me/jquery-complexify (Read More..)
PacketFence 3.4.0 Released - Open Source network access control (NAC) solution
.
Label:
Networking,
Security
pt-online-schema-change and default values
.
Label:
MySQL
Powerful New CSS- and JavaScript Techniques
This site now runs on SPDY - APACHE_SPDY
This site now runs on SPDY
https://blog.liip.ch/archive/2012/06/21/this-site-now-runs-on-spdy.html
(Read More..)GlobalSign, DigiCert, Comodo Partner to Improve NGINX Server Security with OCSP-Stapling Method
.
Label:
nginx
A little "side-effect" of having autocommit off in MySQL
.
Label:
MySQL
Back-story: A developer came to me and wanted explanation for a weird
behavior in MySQL. They inserted a record (to InnoDB table), committed,
and after receiving a message (on another application) tried to read
that inserted record immediately, but the newly inserted record was not
found. Problem only happened in production, but not always (quite
frequently).
After comparing the MySQL parameter files between production and development environments I discovered that in production autocommit
was disabled to make MySQL behave more like Oracle. This setting was
removed from development after we rebuilt the environment (to use
multiple MySQL instances with Oracle Clusterware, instead of one large
MySQL instance), but the rebuild was not yet done in production.
The default transaction level for MySQL InnoDB is REPEATABLE READ
(unlike Oracle, that has READ COMMITTED as default), that means that the
SELECT query always returns the data at the time point when the transaction
was started. If autocommit is off, then the first issued select
statement will open the transaction and any subsequent select statement
will return the data at the time point when the first select was issued,
until transaction is ended with COMMIT/ROLLBACK. If autocommit is
enabled, SELECT statement is run in a self-contained transaction, ending
with COMMIT, so the end result is like READ COMMITTED isolation level
in Oracle.
http://ilmarkerm.blogspot.com/2012/06/little-side-effect-of-having-autocommit.html
Clarification on MySQL security vulnerability
.
Label:
MySQL
Jumat, 22 Juni 2012
COPY SSH ID
.
Jumat, 22 Juni 2012 .
Label:
SSH
ssh-copy-id -i ~/.ssh/id_rsa.pub vivek@server1 #Easiest way to add public key to remote server called server1. Works with OS X/*nix like os.
(Read More..)Select2
Select2 2.1
Select2 is a jQuery based replacement for select boxes. It supports searching, remote data sets, and infinite scrolling of results. Look and feel of Select2 is based on the excellent Chosen library.https://github.com/ivaynberg/select2 (Read More..)
Harvey: A Second Face for Your JavaScript
When media queries finally reached a state of good support across a
lot of browsers, we started to make our web applications adapt to our
users’ devices by optimizing the layout to focus on the content.
But now that we’ve grown to like and incorporate this new adaptive
approach, what’s next? We set foot on fairly new grounds not too long
ago and so we are still discovering new corners of this land we call Responsive Web Design. One of the things that we will explore next is the ability to add different modes of interaction to our sites, i.e., conditionally executing different JavaScript based on the screen dimensions of the rendering device.
http://techtime.getharvest.com/blog/harvey-a-second-face-for-your-javascript
Using SSH Socks Proxies with MSF Reverse TCP Payloads
.
Label:
Hacking,
Linux,
metasploit,
SSH
Webapp-Exploit-Payloads v.1.0 Released
Webapp-Exploit-Payloads is a collection of payloads for common webapps.
For example Joomla and WordPress. From the hundreds of different Web
Application Vulnerabilities that can be found on any website, only a
smallpercentage gives the intruder a direct way for executing operating
system commands. And if we keepdigging into that group we‟ll identify
only one or two that under normal circumstances might give the
intruderelevated privileges.
The basic problem solved by any payload is pretty simple: "I have
access,what now?". In memory corruption exploits it's pretty easy to
perform arbitrary tasks because after successfulexploitation the
attacker is able to control the remote CPU and memory, which allow for
execution of arbitraryoperating system calls. With this power it‟s
possible to create a new user, run arbitrary commands or uploadfiles.
http://tools.thehackernews.com/2012/06/webapp-exploit-payloads-v10-released.html
Percona replication manager (PRM) documentation available (beta)
.
Label:
Management,
MySQL,
Networking,
Percona
Backbone Aura A decoupled, event-driven architecture on top of Backbone.js for developing widget-based applications
.
Label:
Design,
Javascript,
Programming,
Web
eCSSential
Making responsive CSS load the way it should.
- [c]2012 @scottjehl, Filament Group, Inc.
- Licenses: MIT, GPLv2
The Problem
Loading CSS in an optimized or prioritized fashion is very difficult. In order for a website to load cleanly, all CSS needed for rendering that page layout must be referenced in thehead of a
document. This is because stylesheets loaded in this way will block page
rendering until they are loaded and ready to apply. If a stylesheet is
referenced later in a document, or loaded dynamically via JS, users will
often see a FOUC while that stylesheet loads concurrently with page
rendering. Unfortunately, this limitation can make for a lot of overhead in responsive designs, particularly if a stylesheet contains a large amount of CSS for breakpoints that don't currently apply at a particular viewport size, or worse, CSS that won't ever apply on a particular device. More unfortunate, using separate
link elements with media attributes to reference stylesheets with their intended breakpoints doesn't prevent those stylesheets from downloading and blocking page rendering, even in environments where they don't currently or will never apply. Lastly, if for some reason a stylesheet takes a long time to load, most browsers will let it continue to block page rendering for 30 seconds or more!
How eCSSential Helps
https://github.com/scottjehl/eCSSential
(Read More..)jQuery Vector Maps
JQVMap is a jQuery plugin that renders Vector Maps. It uses resizable
Scalable Vector Graphics (SVG) for modern browsers like Firefox, Safari,
Chrome, Opera and Internet Explorer 9. Legacy support for older
versions of Internet Explorer 6-8 is provided via VML
http://jqvmap.com/
How To Tune MariaDB Write Performance
.
Label:
MySQL
This article describes how I tuned MariaDB to give the best write throughput with SSD based storage.
When you have a write-heavy application writing into InnoDB, you will probably experience the InnoDB Checkpoint Blues. The effect manifests as stalls
– short periods of time where the troughput falls to zero and I/O
activity goes crazy. The phenomenon is well known and described i.e. here. More background about checkpointing can be found here.
The XtraDB fork of the InnoDB engine (and heart of Percona Server)
contains some patches with the goal to overcome this odd behavior.
MariaDB uses XtraDB as default InnoDB implementation, so we can
configure some extra variables and hopefully avoid the checkpoint blues.
The first and most important setting is innodb_io_capacity.
This is the approximate number of write operations that your hardware
can do. If you don’t know that number, then you can easily find it out.
Wait until you experience a stall and run iostat -x. You should see fairly high numbers for wrqm/s and w/s on the device holding your InnoDB table spaces. W/s is the number of write requests that hit the device, wrqm/s is the number of requests that could be merged. The sum of both is what InnoDB was effectively using.
http://blog.montyprogram.com/how-to-tune-mariadb-write-performance/
Crypting Your INI (Configuration) Files
grunt
.
Label:
Javascript,
Testing
Grunt is a task-based command line build tool for JavaScript projects.
https://github.com/cowboy/grunt
The BIRD Internet Routing Daemon
.
Label:
Linux,
Networking
The BIRD project aims to develop a fully functional dynamic IP routing daemon
primarily targeted on (but not limited to) Linux, FreeBSD and other UNIX-like systems and distributed
under the GNU General
Public License.
http://bird.network.cz/
Bunyip: client-side unit testing made easy (CSS)
Bunyip: client-side unit testing made easy
Jun
5
Let’s face it doing thorough client-side unit testing fills
me with rage, throw mobile browsers into the mix and I want to start
flipping tables. There are tools out there to somewhat tackle this issue
but they either require painful setups or want you to rewrite your unit
tests using their framework. What if I told you there’s a tool that is
easy to get up and running, doesn’t require you to rewrite your tests
and allows you do it all from the command line in desktop and mobile
browsers. Watch a video showing it working.http://www.thecssninja.com/javascript/bunyip (Read More..)
laravel.com
.
Label:
PHP
A Framework For Web Artisans
Laravel is a clean and classy framework for PHP web development. Freeing you from spaghetti code, Laravel helps youcreate wonderful applications using simple, expressive syntax. Development should be a creative experience
that you enjoy, not something that is painful. Enjoy the fresh air.
http://laravel.com/
Jetpants: a toolkit for huge MySQL topologies
.
Label:
Management,
MySQL,
Networking
Tumblr is one of the largest users of MySQL on the web. At present, our
data set consists of over 60 billion relational rows, adding up to 21
terabytes of unique relational data. Managing over 200 dedicated
database servers can be a bit of a handful, so naturally we engineered
some creative solutions to help automate our common processes.
http://engineering.tumblr.com/post/24612921290/jetpants-a-toolkit-for-huge-mysql-topologies
Encoding Web Shells in PNG IDAT chunks
f you carefully encode a web shell in an image you can bypass
server-side filters and seemingly make shells materialize out of
nowhere (and I’m not talking about encoding data in comments or
metadata) – this post will show you how it’s possible to write PHP
shells into PNG IDAT chunks using only GD.
http://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/
Out of Character: Use of Punycode and Homoglyph Attacks to Obfuscate URLs for Phishing Adrian Crenshaw
.
Label:
Hacking
Linux: Recovering Deleted /etc/shadow Password File
.
Label:
Linux
Linux: Recovering Deleted /etc/shadow Password File
http://www.cyberciti.biz/tips/recovering-deleted-etcshadow-password-file.html
(Read More..)
How To Safely Store A Password
Why Not {MD5, SHA1, SHA256, SHA512, SHA-3, etc}?
These are all general purpose hash functions, designed to calculate a digest
of huge amounts of data in as short a time as possible. This means that they are
fantastic for ensuring the integrity of data and utterly rubbish for storing
passwords.http://codahale.com/how-to-safely-store-a-password/ (Read More..)
Ghost Phisher
Ghost Phisher is a computer security application that comes
inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and
also has an integrated area for automatic capture and logging of HTTP
form method credentials to a database.
http://tools.thehackernews.com/2012/06/ghost-phisher-gui-suite-for-phishing.html
read_buffer_size can break your replication
.
Label:
mysq,
Replication
There are some variables that can affect the replication behavior and
sometimes cause some big troubles. In this post I’m going to talk about
read_buffer_size and how this variable together with max_allowed_packet
can break your replication.
The setup is a master-master replication with the following values:
max_allowed_packet = 32M
read_buffer_size = 100M
http://www.mysqlperformanceblog.com/2012/06/06/read_buffer_size-can-break-your-replication (Read More..)
Rabu, 20 Juni 2012
HowTo use MySQL JDBC loadbalancer with Galera multi-master clusters
.
Rabu, 20 Juni 2012 .
Label:
MySQL
8 Linux Commands: To Find Out Wireless Network Speed, Signal Strength And Other Information
.
Label:
Linux,
Networking,
Wireless
gmaps.js
gmaps.js allows you to use the potential of Google Maps in a simple way.
No more extensive documentation or large amount of code
http://hpneo.github.com/gmaps/
LOCK_open finally removed as a bottleneck in MySQL 5.6
.
Label:
MySQL
Foreign Keys in MySQL Cluster
.
Label:
MySQL
Foreign Keys in MySQL Cluster
http://www.clusterdb.com/mysql-cluster/foreign-keys-in-mysql-cluster/
(Read More..)HTTP, JSON, JavaScript, Map and Reduce built-in to MySQL
.
Label:
Javascript,
MySQL
Minggu, 17 Juni 2012
Andrubis: A Tool for Analyzing Unknown Android Applications
.
Label:
Android
HowTo: Monitor Linux / BSD System Over Time Without Scrolling Output
.
Label:
Linux
ou can use the watch command to execute a program or shell script periodically, display its output on screen repeatedly. This allows you to watch the program output change over time. By default, the program is run every 2 seconds. This is useful to monitor memory utilization or disk space usage over time without having to look at scrolling output.
Say hello to watch command
The watch command execute a program periodically, showing output in fullscreen mode. It runs command repeatedly, displaying its output. You can install gnuwatch under OpenBSD or cmdwatch under FreeBSD (see the comments for more information) to get the same result.
http://www.cyberciti.biz/tips/how-do-i-monitor-linuxbsd-system-over-time-without-scrolling-output.html
Sabtu, 16 Juni 2012
Jumat, 15 Juni 2012
SynMiniMap or Sublime Text minimap ripoff
SynMiniMap or Sublime Text minimap ripoff
I've started thinking, wouldn't it be cool if there was something like that for SynEdit? googled-googled-googled, nada... okay, that kinda' sux... synedit is around for many years... oh well, started coding and here's the result(this is a screenshot of the included demo)
http://www.delphigeist.com/2012/05/synminimap-or-sublime-text-minimap.html
http://code.google.com/p/delphigeist-delphi-stuff/source/browse/trunk/SynMiniMap/ (Read More..)
Senin, 04 Juni 2012
CentOS / RHEL CacheFS: Speed Up Network File System (NFS) File Access
.
Senin, 04 Juni 2012 .
Label:
Linux,
Networking
Minggu, 03 Juni 2012
How to find MySQL binary logs, error logs, temporary files?
.
Label:
MySQL
Create a Customized HTML5 Audio Player
Detector
.
Label:
Browser,
Javascript,
PHP
Detector is a
simple, PHP- and JavaScript-based browser- and feature-detection library
that can adapt to new devices & browsers on its own without the
need to pull from a central database of browser information.
Detector dynamically creates profiles using a browser's (mainly) unique user-agent string as a key. Using Modernizr it records the HTML5 & CSS3 features a requesting browser may or may not support. ua-parser-php is used to collect and record any useful information (like OS or device name) the user-agent string may contain.
With
Detector a developer can serve the appropriate markup, stylesheets, and
JavaScript to a requesting browser without being completely dependent
on a front-end-only resource loader nor a browser-detection library
being up-to-date.
Check out the README for more information as well as the full list of features.
http://detector.dmolsen.com/
Implementing efficient Geo IP location system in MySQL
.
Label:
MySQL
Fedora 17 Boot Optimization (from 15 to 2.5 seconds)
.
Label:
Linux
nginx and friend
.
Label:
HighAviability,
nginx
Sabtu, 02 Juni 2012
Windows 7 Exploit Allows Any Program To Run On Login Screen
Jumat, 01 Juni 2012
Langganan:
Postingan (Atom)