11:08 AM | 1
comments | Read More
Students create e-learning site on forensics
Jena2i project offers a bilingual online platform to help judiciary understand technical aspects of cyber crimes
Abu Dhabi: Three students at the College of Information Technology of Zayed University (ZU) last week launched a project that aims to act as digital forensics e-learning platform.
The project is called ‘Jenaei', an Arabic word that translates into English as ‘forensics', but written as ‘Jena2i'. The project is an online e-learning site targeting judges, lawyers, prosecutors, and bankers to learn about the cyber crimes' investigation process.
"Jena2i is the first project of its kind in the region. It explores the idea of educating lawyers, judges and prosecutors in the UAE using an e-learning platform in both Arabic and English," Sarah Al Thahli, member of the three-member student team told Gulf News.
As high-tech crimes continue to grow in the UAE and the Mena region, she said, Jena2i can support judges, lawyers, and stakeholders involved in both law and criminal investigation.
She said the development of the new site was the graduation project of the three students who stressed that they would go ahead with their plan to continue it after the graduation from the university.
"We at first launched a survey addressing a large number of judges, lawyers and prosecutors to make sure our project will be beneficial. We got a response from 16 persons, mainly lawyers, who expressed a great interest," Sarah said.
As many as 12 out of the 16 respondents confirmed the importance of learning about computer forensics, while six said that lawyers and judges are already knowledgeable about the subject.
"Dr Ebrahim Baggili [the supervisor of the project] inspired us with the idea and was a great support all the way in executing the project," Sarah said.
Baggili said the new site provides information aimed at helping legal specialists to understand the intricate process of digital forensics, "The new bilingual website aims to offer them a better understanding of the technical aspect that cyber crimes investigation involves," he said.
Details of steps
"Our project details the steps taken to solve a cyber crime. How to find and analyse electronic data to provide it to court," said Sumaia Al Mansouri, another member of the team executing the project.
"The Ministry of Justice supported the project and provided the group with Dh15,000 to implement it," she added. The team has currently implemented the online e-learning platform.
The site includes a basic course on the basics of computer forensics in both Arabic and English that assist non-expert computer users in learning concepts related to computer forensics. "We took the course material from three universities — Purdue University in USA, University College Dublin and Zayed University (the course is taught at a master's degree level). We uploaded tests and quizzes, power point presentations and videos," Sumaia added.
The project was a team work where Sumaia and Sarah did the lab work while Sara Al Marzouqi did the documentation aspect.
Growing trend of online crimes, minister says
Dr Hadef Bin Jua'an Al Daheri, Minister of Justice, who attended the launch of the website said although the number of cyber crimes was still low in the UAE, the figures presented by the students showed a growing trend in this kind of crimes.
"Thes type of crimes presents a challenge in identifying and apprehending the criminals as they are often located outside the country," Al Daheri said.
"I am confident this project will go a long way in achieving its objectives for benefiting individuals and organisations involved in digital forensics such as the Ministry of Justice, judges, lawyers, banks and other sectors," Al Daheri added.
Abu Dhabi: Three students at the College of Information Technology of Zayed University (ZU) last week launched a project that aims to act as digital forensics e-learning platform.
The project is called ‘Jenaei', an Arabic word that translates into English as ‘forensics', but written as ‘Jena2i'. The project is an online e-learning site targeting judges, lawyers, prosecutors, and bankers to learn about the cyber crimes' investigation process.
"Jena2i is the first project of its kind in the region. It explores the idea of educating lawyers, judges and prosecutors in the UAE using an e-learning platform in both Arabic and English," Sarah Al Thahli, member of the three-member student team told Gulf News.
As high-tech crimes continue to grow in the UAE and the Mena region, she said, Jena2i can support judges, lawyers, and stakeholders involved in both law and criminal investigation.
She said the development of the new site was the graduation project of the three students who stressed that they would go ahead with their plan to continue it after the graduation from the university.
"We at first launched a survey addressing a large number of judges, lawyers and prosecutors to make sure our project will be beneficial. We got a response from 16 persons, mainly lawyers, who expressed a great interest," Sarah said.
As many as 12 out of the 16 respondents confirmed the importance of learning about computer forensics, while six said that lawyers and judges are already knowledgeable about the subject.
"Dr Ebrahim Baggili [the supervisor of the project] inspired us with the idea and was a great support all the way in executing the project," Sarah said.
Baggili said the new site provides information aimed at helping legal specialists to understand the intricate process of digital forensics, "The new bilingual website aims to offer them a better understanding of the technical aspect that cyber crimes investigation involves," he said.
Details of steps
"Our project details the steps taken to solve a cyber crime. How to find and analyse electronic data to provide it to court," said Sumaia Al Mansouri, another member of the team executing the project.
"The Ministry of Justice supported the project and provided the group with Dh15,000 to implement it," she added. The team has currently implemented the online e-learning platform.
The site includes a basic course on the basics of computer forensics in both Arabic and English that assist non-expert computer users in learning concepts related to computer forensics. "We took the course material from three universities — Purdue University in USA, University College Dublin and Zayed University (the course is taught at a master's degree level). We uploaded tests and quizzes, power point presentations and videos," Sumaia added.
The project was a team work where Sumaia and Sarah did the lab work while Sara Al Marzouqi did the documentation aspect.
Growing trend of online crimes, minister says
Dr Hadef Bin Jua'an Al Daheri, Minister of Justice, who attended the launch of the website said although the number of cyber crimes was still low in the UAE, the figures presented by the students showed a growing trend in this kind of crimes.
"Thes type of crimes presents a challenge in identifying and apprehending the criminals as they are often located outside the country," Al Daheri said.
"I am confident this project will go a long way in achieving its objectives for benefiting individuals and organisations involved in digital forensics such as the Ministry of Justice, judges, lawyers, banks and other sectors," Al Daheri added.
11:02 AM | 0
comments | Read More
Web Security: Why You Should Always Use HTTPS
Mike Shema is the engineering lead for the Qualys web application scanning service. He has authored several books, including Hack Notes: Web Application Security, and he blogs on web security topics at the companion site for his latest book, Seven Deadliest Web Attacks.
The next time you visit a cafe to sip coffee and surf on some free Wi-Fi, try an experiment: Log in to some of your usual sites. Then, with a smile, hand the keyboard over to a stranger. Now walk away for 20 minutes. Remember to pick up your laptop before you leave.
While the scenario may seem silly, it essentially happens each time you visit a website that doesn’t bother to encrypt the traffic to your browser — in other words, sites using HTTP instead of HTTPS.
The encryption within HTTPS is intended to provide benefits like confidentiality, integrity and identity. Your information remains confidential from prying eyes because only your browser and the server can decrypt the traffic. Integrity protects the data from being modified without your knowledge. We’ll address identity in a bit.
There’s an important distinction between tweeting to the world or sharing thoughts on Facebook and having your browsing activity going over unencrypted HTTP. You intentionally share tweets, likes, pics and thoughts. The lack of encryption means you’re unintentionally exposing the controls necessary to share such things. It’s the difference between someone viewing your profile and taking control of your keyboard.
The Spy Who Sniffed Me
We most often hear about hackers attacking websites, but it’s just as easy and lucrative to attack your browser. One method is to deliver malware or lull someone into visiting a spoofed site (phishing). Those techniques don’t require targeting a specific victim. They can be launched scattershot from anywhere on the web, regardless of the attacker’s geographic or network relationship to the victim. Another kind of attack, sniffing, requires proximity to the victim but is no less potent or worrisome.
Sniffing attacks watch the traffic to and from the victim’s web browser. (In fact, all of the computer’s traffic is visible, but we’re only worried about websites for now.) The only catch is that the attacker needs to be able to see the communication channel. The easiest way for an attacker to do this is to sit next to one of the end points, either the web server or the web browser. Unencrypted wireless networks — think of cafes, libraries, and airports — make it easy to find the browser’s end point because the traffic is visible to anyone who can obtain that network’s signal.
Encryption defeats sniffing attacks by concealing the traffic’s meaning from all except those who know the secret to decrypting it. The traffic remains visible to the sniffer, but it appears as streams of random bytes rather than HTML, links, cookies and passwords. The trick is understanding where to apply encryption in order to protect your data. For example, wireless networks can be encrypted, but the history of wireless security is laden with egregious mistakes. And it’s not necessarily the correct solution.
The first wireless encryption scheme was called WEP. It was the security equivalent of pig latin. It seems secret at first. Then the novelty wears off once you realize everyone knows what ixnay on the ottenray means, even if they don’t know the movie reference. WEP required a password to join the network, but the protocol’s poor encryption exposed enough hints about the password that someone with a wireless sniffer could reverse engineer. This was a fatal flaw, because the time required to crack the password was a fraction of that needed to blindly guess the password with a brute force attack: a matter of hours (or less) instead of weeks.
Security improvements were attempted for Wi-Fi, but many turned out to be failures since they just metaphorically replaced pig latin with an obfuscation more along the lines of Klingon (or Quenya, depending on your fandom leanings). The problem was finding an encryption scheme that protected the password well enough that attackers would be forced to fall back to the inefficient brute force attack. The security goal is a Tower of Babel, with languages that only your computer and the wireless access point could understand — and which don’t drop hints for attackers. Protocols like WPA2 accomplish this far better than WEP ever did.
Whereas you’ll find it easy to set up WPA2 on your home network, you’ll find it sadly missing on the ubiquitous public Wi-Fi services of cafes and airplanes. They usually avoid encryption altogether. Even still, encrypted networks that use a single password for access merely reduce the pool of attackers from everyone to everyone who knows the password (which may be a larger number than you expect).
We’ve been paying attention to public spaces, but the problem spans all kinds of networks. In fact, sniffing attacks are just as feasible in corporate environments. They only differ in terms of the type of threat, and who might be carrying out the sniffing attack. Fundamentally, HTTPS is required to protect your data.
S For Secure
Sites that don’t use HTTPS judiciously are crippling the privacy controls you thought were protecting your data. Websites’ adoption of opt-in sharing and straightforward privacy settings are laudable. Those measures restrict the amount of information about you that leaks from websites (at least they’re supposed to). Yet they have no bearing on sniffing attacks if the site doesn’t encrypt traffic. This is why sites like Facebook and Twitter recently made HTTPS always available to users who care to turn it on — it’s off by default.
If my linguistic metaphors have left you with no understanding of the technical steps to execute sniffing attacks, you can quite easily execute these attacks with readily-available tools. A recent one is a plugin you can add to your Firefox browser. The plugin, called Firesheep, enables mouse-click hacking for sites like Amazon, Facebook, Twitter and others. The creation of the plugin demonstrates that technical attacks can be put into the hands of anyone who wishes to be mischievous, unethical, or malicious.
To be clear, sniffing attacks don’t need to grab your password in order to impersonate you. Web apps that use HTTPS for authentication protect your password. If they use regular HTTP after you log in, they’re not protecting your privacy or your temporary identity.
We need to take an existential diversion here to distinguish between “you” as the person visiting a website and the “you” that the website knows. Websites speak to browsers. They don’t (yet?) reach beyond the screen to know that you are in fact who you say you are. The username and password you supply for the login page are supposed to prove your identity because you are ostensibly the only one who knows them. So that you only need authenticate once, the website assigns a cookie to your browser. From then on, that cookie is your identity: a handful of bits.
These identifying cookies need to be a shared secret — a value known to no one but your browser and the website. Otherwise, someone else could use your cookie value to impersonate you.
Mobile apps are ignoring the improvements that web browsers have made in protecting our privacy and security. Some of the fault lies with the HTML and HTTP that underlies the web. HTTP becomes creaky once you try to implement strong authentication mechanisms on top of it, mostly because of our friend the cookie. Some fault lies with app developers. For example, Twitter provides a setting to ensure you always access the web site with HTTPS. However, third-party apps that use Twitter’s APIs might not be so diligent. While your password might still be protected with HTTPS, the app might fall back to HTTP for all other traffic — including the cookie that identifies you.
Google suffered embarrassment recently when 99% of its Android-based phones were shown to be vulnerable to impersonation attacks. The problem is compounded by the sheer number of phones and the difficulty of patching them. Furthermore, the identifying cookies (authTokens) were used for syncing, which means they’d traverse the network automatically regardless of the user’s activity. This is exactly the problem that comes with lack of encryption, cookies, and users who want to be connected anywhere they go.
Notice that there’s been no mention of money or credit cards being sniffed. Who cares about those when you can compromise someone’s email account? Email is almost universally used as a password reset mechanism. If you can read someone’s email, then you can obtain the password for just about any website they use, from gaming to banking to corporate environments. Most of this information has value.
S For Sometimes
Sadly, it seems that money and corporate embarrassment motivates protective measures far more often than privacy concerns. Some websites have started to implement a more rigorous enforcement of HTTPS connections called HTTP Strict Transport Security (HSTS). Paypal, whose users have long been victims of money-draining phishing attacks, was one of the first sites to use HSTS to prevent malicious sites from fooling browsers into switching to HTTP or spoofing pages. Like any good security measure, HSTS is transparent to the user. All you need is a browser that supports it (most do) and a website to require it (most don’t).
Improvements like HSTS should be encouraged. HTTPS is inarguably an important protection. However, the protocol has its share of weaknesses and determined attackers. Plus, HTTPS only protects against certain types of attacks; it has no bearing on cross-site scripting, SQL injection, or a myriad of other vulnerabilities. The security community is neither ignorant of these problems nor lacking in solutions. Yet the roll out of better protocols like DNSSEC has been glacial. Never the less, HTTPS helps as much today as it will tomorrow. The lock icon on your browser that indicates a site uses HTTPS may be minuscule, but the protection it affords is significant.
The next time you visit a cafe to sip coffee and surf on some free Wi-Fi, try an experiment: Log in to some of your usual sites. Then, with a smile, hand the keyboard over to a stranger. Now walk away for 20 minutes. Remember to pick up your laptop before you leave.
While the scenario may seem silly, it essentially happens each time you visit a website that doesn’t bother to encrypt the traffic to your browser — in other words, sites using HTTP instead of HTTPS.
The encryption within HTTPS is intended to provide benefits like confidentiality, integrity and identity. Your information remains confidential from prying eyes because only your browser and the server can decrypt the traffic. Integrity protects the data from being modified without your knowledge. We’ll address identity in a bit.
There’s an important distinction between tweeting to the world or sharing thoughts on Facebook and having your browsing activity going over unencrypted HTTP. You intentionally share tweets, likes, pics and thoughts. The lack of encryption means you’re unintentionally exposing the controls necessary to share such things. It’s the difference between someone viewing your profile and taking control of your keyboard.
The Spy Who Sniffed Me
We most often hear about hackers attacking websites, but it’s just as easy and lucrative to attack your browser. One method is to deliver malware or lull someone into visiting a spoofed site (phishing). Those techniques don’t require targeting a specific victim. They can be launched scattershot from anywhere on the web, regardless of the attacker’s geographic or network relationship to the victim. Another kind of attack, sniffing, requires proximity to the victim but is no less potent or worrisome.
Sniffing attacks watch the traffic to and from the victim’s web browser. (In fact, all of the computer’s traffic is visible, but we’re only worried about websites for now.) The only catch is that the attacker needs to be able to see the communication channel. The easiest way for an attacker to do this is to sit next to one of the end points, either the web server or the web browser. Unencrypted wireless networks — think of cafes, libraries, and airports — make it easy to find the browser’s end point because the traffic is visible to anyone who can obtain that network’s signal.
Encryption defeats sniffing attacks by concealing the traffic’s meaning from all except those who know the secret to decrypting it. The traffic remains visible to the sniffer, but it appears as streams of random bytes rather than HTML, links, cookies and passwords. The trick is understanding where to apply encryption in order to protect your data. For example, wireless networks can be encrypted, but the history of wireless security is laden with egregious mistakes. And it’s not necessarily the correct solution.
The first wireless encryption scheme was called WEP. It was the security equivalent of pig latin. It seems secret at first. Then the novelty wears off once you realize everyone knows what ixnay on the ottenray means, even if they don’t know the movie reference. WEP required a password to join the network, but the protocol’s poor encryption exposed enough hints about the password that someone with a wireless sniffer could reverse engineer. This was a fatal flaw, because the time required to crack the password was a fraction of that needed to blindly guess the password with a brute force attack: a matter of hours (or less) instead of weeks.
Security improvements were attempted for Wi-Fi, but many turned out to be failures since they just metaphorically replaced pig latin with an obfuscation more along the lines of Klingon (or Quenya, depending on your fandom leanings). The problem was finding an encryption scheme that protected the password well enough that attackers would be forced to fall back to the inefficient brute force attack. The security goal is a Tower of Babel, with languages that only your computer and the wireless access point could understand — and which don’t drop hints for attackers. Protocols like WPA2 accomplish this far better than WEP ever did.
Whereas you’ll find it easy to set up WPA2 on your home network, you’ll find it sadly missing on the ubiquitous public Wi-Fi services of cafes and airplanes. They usually avoid encryption altogether. Even still, encrypted networks that use a single password for access merely reduce the pool of attackers from everyone to everyone who knows the password (which may be a larger number than you expect).
We’ve been paying attention to public spaces, but the problem spans all kinds of networks. In fact, sniffing attacks are just as feasible in corporate environments. They only differ in terms of the type of threat, and who might be carrying out the sniffing attack. Fundamentally, HTTPS is required to protect your data.
S For Secure
Sites that don’t use HTTPS judiciously are crippling the privacy controls you thought were protecting your data. Websites’ adoption of opt-in sharing and straightforward privacy settings are laudable. Those measures restrict the amount of information about you that leaks from websites (at least they’re supposed to). Yet they have no bearing on sniffing attacks if the site doesn’t encrypt traffic. This is why sites like Facebook and Twitter recently made HTTPS always available to users who care to turn it on — it’s off by default.
If my linguistic metaphors have left you with no understanding of the technical steps to execute sniffing attacks, you can quite easily execute these attacks with readily-available tools. A recent one is a plugin you can add to your Firefox browser. The plugin, called Firesheep, enables mouse-click hacking for sites like Amazon, Facebook, Twitter and others. The creation of the plugin demonstrates that technical attacks can be put into the hands of anyone who wishes to be mischievous, unethical, or malicious.
To be clear, sniffing attacks don’t need to grab your password in order to impersonate you. Web apps that use HTTPS for authentication protect your password. If they use regular HTTP after you log in, they’re not protecting your privacy or your temporary identity.
We need to take an existential diversion here to distinguish between “you” as the person visiting a website and the “you” that the website knows. Websites speak to browsers. They don’t (yet?) reach beyond the screen to know that you are in fact who you say you are. The username and password you supply for the login page are supposed to prove your identity because you are ostensibly the only one who knows them. So that you only need authenticate once, the website assigns a cookie to your browser. From then on, that cookie is your identity: a handful of bits.
These identifying cookies need to be a shared secret — a value known to no one but your browser and the website. Otherwise, someone else could use your cookie value to impersonate you.
Mobile apps are ignoring the improvements that web browsers have made in protecting our privacy and security. Some of the fault lies with the HTML and HTTP that underlies the web. HTTP becomes creaky once you try to implement strong authentication mechanisms on top of it, mostly because of our friend the cookie. Some fault lies with app developers. For example, Twitter provides a setting to ensure you always access the web site with HTTPS. However, third-party apps that use Twitter’s APIs might not be so diligent. While your password might still be protected with HTTPS, the app might fall back to HTTP for all other traffic — including the cookie that identifies you.
Google suffered embarrassment recently when 99% of its Android-based phones were shown to be vulnerable to impersonation attacks. The problem is compounded by the sheer number of phones and the difficulty of patching them. Furthermore, the identifying cookies (authTokens) were used for syncing, which means they’d traverse the network automatically regardless of the user’s activity. This is exactly the problem that comes with lack of encryption, cookies, and users who want to be connected anywhere they go.
Notice that there’s been no mention of money or credit cards being sniffed. Who cares about those when you can compromise someone’s email account? Email is almost universally used as a password reset mechanism. If you can read someone’s email, then you can obtain the password for just about any website they use, from gaming to banking to corporate environments. Most of this information has value.
S For Sometimes
Sadly, it seems that money and corporate embarrassment motivates protective measures far more often than privacy concerns. Some websites have started to implement a more rigorous enforcement of HTTPS connections called HTTP Strict Transport Security (HSTS). Paypal, whose users have long been victims of money-draining phishing attacks, was one of the first sites to use HSTS to prevent malicious sites from fooling browsers into switching to HTTP or spoofing pages. Like any good security measure, HSTS is transparent to the user. All you need is a browser that supports it (most do) and a website to require it (most don’t).
Improvements like HSTS should be encouraged. HTTPS is inarguably an important protection. However, the protocol has its share of weaknesses and determined attackers. Plus, HTTPS only protects against certain types of attacks; it has no bearing on cross-site scripting, SQL injection, or a myriad of other vulnerabilities. The security community is neither ignorant of these problems nor lacking in solutions. Yet the roll out of better protocols like DNSSEC has been glacial. Never the less, HTTPS helps as much today as it will tomorrow. The lock icon on your browser that indicates a site uses HTTPS may be minuscule, but the protection it affords is significant.
8:51 AM | 15
comments | Read More
Raspberry Pi: Tiny Computer That Runs Linux
700MHz processor, 256MB of RAM. It doesn't seem that long ago since I was running a desktop PC like that. However, these are the specs of a new keyring-sized computer to be released by a UK not for profit company. They hope to be able to sell it for $25 dollars a pop, and best of all, it runs Linux.
The idea is that this small unit can output 1080p video to a digital television. Permanent storage is provided via a memory card slot, and IO (keyboard and mouse) requires a USB hub. In other words, it's a small but functionally complete computer.
On the website and elsewhere, the designers are discussing deploying it as an Internet access terminal or some sort of set-up to encourage young people to take an interest in computer programming. One of the big names backing the project, David Braben, got started by experimenting with with the home computers of the early 80s, which typically came with a built-in programming language.
For the moment the specs are tentative, but the device will use a ARM based system-on-a-chip. ARM itself doesn't actually fabricate CPUs, it develops technology and then licenses it, and the chip is a Broadcom BCM2763. The company website indicates that this chip was designed with mobile phones in mind.
As for simple MIPS/FLOPS performance, I doubt that this processor is competitive with say, a Pentium III running at 700MHz, as modern ARM processors in desktop applications tend to be power-saving rather than powerhouses. However, bear in mind that this thing was intended to be the heart of a modern phone with camcorder and mobile gaming features, and as such, it has some impressive video processing specs. The graphics facilities include OpenGL ES, a standard for rendering 3D graphics on mobile devices, and it can also decode H.264 video on the fly. So, the relatively low processing power need not hinder the usefulness of this device in its intended role. My guess is that KDE 4 wont be the go-to choice as a front end.
We've all seen low cost, low power projects like this come and go in the past. To achieve the price that the project is aiming for, it will have to achieve manufacturing volume. In its favor, although there will be a buy-one-give-one scheme of some sort, early indications are that it won't be the only way of getting one. I can think of one high profile project with similar aspirations that torpedoed itself by making it very difficult to buy a machine, despite the considerable demand. That project has subsequently never been able to hit its target unit cost due to to insufficient manufacturing volume.
It's clear that if a device like this could be brought to market for anything like the intended price, it could do a lot to attack the global digital divide. At the same time, I'm sure that lots of hobbyists who already have a computer, could find dozens of uses for a device like this. When they become available, I know I'll be getting one.
The Raspberry Pi website.
David Braben talks about the project.
The idea is that this small unit can output 1080p video to a digital television. Permanent storage is provided via a memory card slot, and IO (keyboard and mouse) requires a USB hub. In other words, it's a small but functionally complete computer.
On the website and elsewhere, the designers are discussing deploying it as an Internet access terminal or some sort of set-up to encourage young people to take an interest in computer programming. One of the big names backing the project, David Braben, got started by experimenting with with the home computers of the early 80s, which typically came with a built-in programming language.
For the moment the specs are tentative, but the device will use a ARM based system-on-a-chip. ARM itself doesn't actually fabricate CPUs, it develops technology and then licenses it, and the chip is a Broadcom BCM2763. The company website indicates that this chip was designed with mobile phones in mind.
As for simple MIPS/FLOPS performance, I doubt that this processor is competitive with say, a Pentium III running at 700MHz, as modern ARM processors in desktop applications tend to be power-saving rather than powerhouses. However, bear in mind that this thing was intended to be the heart of a modern phone with camcorder and mobile gaming features, and as such, it has some impressive video processing specs. The graphics facilities include OpenGL ES, a standard for rendering 3D graphics on mobile devices, and it can also decode H.264 video on the fly. So, the relatively low processing power need not hinder the usefulness of this device in its intended role. My guess is that KDE 4 wont be the go-to choice as a front end.
We've all seen low cost, low power projects like this come and go in the past. To achieve the price that the project is aiming for, it will have to achieve manufacturing volume. In its favor, although there will be a buy-one-give-one scheme of some sort, early indications are that it won't be the only way of getting one. I can think of one high profile project with similar aspirations that torpedoed itself by making it very difficult to buy a machine, despite the considerable demand. That project has subsequently never been able to hit its target unit cost due to to insufficient manufacturing volume.
It's clear that if a device like this could be brought to market for anything like the intended price, it could do a lot to attack the global digital divide. At the same time, I'm sure that lots of hobbyists who already have a computer, could find dozens of uses for a device like this. When they become available, I know I'll be getting one.
The Raspberry Pi website.
David Braben talks about the project.
8:08 AM | 0
comments | Read More
Google Tool Tracks Spread of Dengue Fever
Google is now offering a tracking mechanism, similar to the tool it released in 2008 for flu trends, for Dengue Fever.
Google Dengue Trends, announced Monday evening, is intended to act as an early warning system for outbreaks of the disease.
Dengue affects about 100 million people a year, primarily in Bolivia, Brazil, Indonesia and Singapore. The disease is spread by mosquito bites. There is no vaccine or treatment, so public health workers focus on educating people in those countries about avoiding infection.
Though Dengue Trends is similar to Flu Trends, the new tool adds another layer of research, Google Correlate. Google Correlate, introduced last week, shows related search terms and provides a snapshot of search activity over a period of time. The idea behind it is to expose previously unknown connections among search terms.
Google Dengue Trends, announced Monday evening, is intended to act as an early warning system for outbreaks of the disease.
Dengue affects about 100 million people a year, primarily in Bolivia, Brazil, Indonesia and Singapore. The disease is spread by mosquito bites. There is no vaccine or treatment, so public health workers focus on educating people in those countries about avoiding infection.
Though Dengue Trends is similar to Flu Trends, the new tool adds another layer of research, Google Correlate. Google Correlate, introduced last week, shows related search terms and provides a snapshot of search activity over a period of time. The idea behind it is to expose previously unknown connections among search terms.
8:02 AM | 0
comments | Read More
Martin Jetpack hits the 5,000 feet milestone, could come to market within 18 months
Written By pcbolong on Sunday, May 29, 2011 | 9:29 PM
OK, so the Martin Jetpack may not have gone into commercial production quite as soon as we'd anticipated, but there's still hope on the horizon. Over the weekend, Glenn Martin's flying machine successfully climbed some 5,000 feet above sea level, marking a new milestone in the 30-year, $12 million project. Remotely controlled by a tailing helicopter, the 250-pound craft used its two "superfans" to power itself skyward at about 800 feet per second minute, before safely parachuting back to Earth from a height of about 3,000 feet. As with its last test run, however, the Martin Jetpack was equipped not with a human being, but with a crash dummy. It may have been for the best, though, considering that the machine sustained some damage upon concluding the ten-minute flight. Nevertheless, Martin seems confident that yesterday's test "brings the future another step closer," and is hoping to deliver his brainchild to customers within the next 18 months -- plenty of time for us to hawk enough family heirlooms to afford that $86,000 price tag. Soar past the break for a video of the jetpack's big launch, or check out the source link for a more extensive interview with Martin and some background footage of his invention.
9:29 PM | 0
comments | Read More
Shocker! Microsoft commands 79 percent of worldwide OS revenue (update)
Everyone knows that Windows is installed on the vast majority of computers, but it's always interesting to be reminded of what a cash cow the OS has been for Redmond. According to Gartner, Microsoft owned 78.6 percent of the global market revenue share for desktop operating systems at the end of 2010 -- revenue up almost 9 percent from 2009. That means, of the $30.4 billion in revenue that various companies generated, $23.8 billion lined Microsoft's coffers. But while Windows remains the kingpin, Mac OS X and -- wait for it -- Red Hat, posted more substantial gains. Apple's market revenue shot up almost 16 percent to 1.7 percent, Red Hat surged 18 percent, while dark horse Oracle leaped from ninth place to fourth, with a 7,683 percent growth in income -- no small thanks to its 2009 acquisition of Sun Microsystems. Only one question remains, then -- who's the loser here?
Update: Looks like we got this one wrong, folks, as it's not market share that's being measured here, but rather revenue share -- how much money each company made from its operating systems relative to one another. That means companies that price their operating systems cheaper will be at a disadvantage in the rankings, not to mention those organizations that charge nothing at all -- Ubuntu, anyone? Oh, and as some of you have pointed out in comments, there are both desktop and server operating systems in the chart above.
9:24 PM | 1
comments | Read More
This is the ASUS PadFone
Wow, so our theory and mockup turned out to be pretty much spot on: indeed, the oddly named ASUS PadFone does tuck itself into a shielded docking bay on the back of its companion tablet, and the latter's hinged cover appears to pop up upon releasing the latch. You can also just about make out the two ports inside which are likely to be HDMI and micro-USB -- one for driving the larger display, and the other for taking care of touch input while possibly sipping juice from an extra battery somewhere. Now, what we really like to know is which version of Android will be shipped (if ever) with this split-personality phone -- our money's on Ice Cream Sandwich, given that this flavor will happily cater both phone and tablet form factors later this year. That said, given the uniqueness of this product, ASUS could probably still get away with taking a step back and launch this as a Gingerbread tablet. Well, we shall dig up more answers for y'all tomorrow, and stay tuned for some sweet hands-on time.
9:16 PM | 0
comments | Read More
Aplikasi portable pembuat virus batch
Aplikasi portable ini bernama delme's batch virus generator. Ada banyak sekali fasilitas nya, dan kebanyakan untuk mempermudah kita membuat command batch.
Antara lain kita bisa mengganti password dan username, menghapus semua file di mydocument, dll. Langsung coba sendiri aja deh :D Aplikasi ini berjalan di windows, jadi saya menjalankannya pakai wine karena saya memakai windows. :D
ini link nya : silahkan sedot
http://www.mediafire.com/file/rq94m724rka1nxe/DELmE%27s%20Batch%20Virus%20Generator.exe
Antara lain kita bisa mengganti password dan username, menghapus semua file di mydocument, dll. Langsung coba sendiri aja deh :D Aplikasi ini berjalan di windows, jadi saya menjalankannya pakai wine karena saya memakai windows. :D
ini link nya : silahkan sedot
http://www.mediafire.com/file/rq94m724rka1nxe/DELmE%27s%20Batch%20Virus%20Generator.exe
8:17 PM | 0
comments | Read More
Install wine di centos
Written By pcbolong on Tuesday, May 24, 2011 | 9:30 PM
Bikin link repo di /etc/yum.repos.d/epel.repo
kalau saya, tak masukkan link repo ini
[epel]
name=Epel From Fedora
baseurl=http://download.fedora.redhat.com/pub/epel/5/i386/
gpgcheck=0
wes, trus simpan dan ketik aja
tunggu sampai matang, dan wine siap di hidangkan :D
kalau saya, tak masukkan link repo ini
[epel]
name=Epel From Fedora
baseurl=http://download.fedora.redhat.com/pub/epel/5/i386/
gpgcheck=0
wes, trus simpan dan ketik aja
yum install wine
tunggu sampai matang, dan wine siap di hidangkan :D
9:30 PM | 0
comments | Read More
Get Faster booting time slackware
Written By pcbolong on Sunday, May 22, 2011 | 8:32 PM
Salah satu cara yang saya lakukan untuk mempercepat booting adalah mengedit file "rc.M" yang terletak pada direktori
Saya akan menghapus script mengenai pengaturan icon cache files dan mime database. Script tersebut dihapus untuk mengurangi proses yang tidak perlu saat proses booting. Dilihat dari script nya, proses kedua nya adalah jika ada perubahan terhadapa icon dan mime pipe pada procesor akan disimpan dalam database. Proses penyimpanan database tersebut membutuhkan waktu yang tidak sedikit. Berikut script dari kedua proses tersebut.
Dan
Sudah selesai, dan sekarang, cobalah untuk reboot slackware. Dan rasakan bedanya. Akan berkurang beberapa juta detik. Hahaha lebayy...
C U
/etc/rc.d/rc.M
Saya akan menghapus script mengenai pengaturan icon cache files dan mime database. Script tersebut dihapus untuk mengurangi proses yang tidak perlu saat proses booting. Dilihat dari script nya, proses kedua nya adalah jika ada perubahan terhadapa icon dan mime pipe pada procesor akan disimpan dalam database. Proses penyimpanan database tersebut membutuhkan waktu yang tidak sedikit. Berikut script dari kedua proses tersebut.
# Update any existing icon cache files:
if find /usr/share/icons 2> /dev/null | grep -q icon-theme.cache ; then
for theme_dir in /usr/share/icons/* ; do
if [ -r ${theme_dir}/icon-theme.cache ]; then
echo "Updating icon-theme.cache in ${theme_dir}..."
/usr/bin/gtk-update-icon-cache -t -f ${theme_dir} 1> /dev/null 2> /dev/null &
fi
done
# This would be a large file and probably shouldn't be there.
if [ -r /usr/share/icons/icon-theme.cache ]; then
echo "Deleting icon-theme.cache in /usr/share/icons..."
#/usr/bin/gtk-update-icon-cache -t -f /usr/share/icons 1> /dev/null 2> /dev/null &
rm -f /usr/share/icons/icon-theme.cache
fi
fi
Dan
# Update mime database:
if [ -x /usr/bin/update-mime-database -a -d /usr/share/mime ]; then
echo "Updating MIME database: /usr/bin/update-mime-database /usr/share/mime &"
/usr/bin/update-mime-database /usr/share/mime 1> /dev/null 2> /dev/null &
fi
Sudah selesai, dan sekarang, cobalah untuk reboot slackware. Dan rasakan bedanya. Akan berkurang beberapa juta detik. Hahaha lebayy...
C U
8:32 PM | 0
comments | Read More
Kenapa?Masihkah Anda bisa Makan?
Written By pcbolong on Tuesday, May 17, 2011 | 11:19 AM
Kenapa ada miskin?siapa yang salah?mereka atau kita?kita atau orang orang yang ada diatas kita?atau keadaan itu sendiri?
Kenapa ada pengangguran?jika ada 1000 lebih perusahaan yang ada di indonesia??
Kenapa ada pencurian dan tindak kriminal lainnya?jika polri, tni, dan penegak serta pelindung masyarakat lainnya diberi fasilitas bejibun??
Kenapa harus ada indonesia?jika indonesia yang ada adalah negara yang paling terpuruk dan tenggelam di dunia?
Kenapa negara ini harus ada?
Kenapa negara ini masih ada?
Banyak sekali caci maki warga negara indonesia yang sebagian besar adalah masyarakat akar rumput. Adakah petinggi-petinggi kita mendengarkan?walaupun sedikitpun?
Mungkinkah mereka masih memiliki otak?
Masihkah darah segar mengalir dari jantung menuju otak mereka?
Atau mereka menerti tetapi membuang muka?
siapa yang tau?entahlah
Aku pun tak tau. Dan mungkin tak mau tau,,seperti mereka.
Yah..seperti mereka
Aku cuma ingin berguna saja.
Bagi semua teman dan saudaraku.
Hati ini memanggil semua teman-teman yang ingin maju, yang ingin memperbaiki kehidupannya.
Masihkan perlu dipertanyakan?
Ini hanya postingan tidak penting. Yah...
Tapi menurutku ini sarat akan makna
MASIHKAH ANDA BISA MAKAN DENGAN NYAMAN??
11:19 AM | 0
comments | Read More
Sepeda
Seperti ditulis Ensiklopedia Columbia, nenek moyang sepeda diperkirakan berasal dari Perancis. Menurut kabar sejarah, negeri itu sudah sejak awal abad ke-18 mengenal alat transportasi roda dua yang dinamai velocipede. Bertahun-tahun, velocipede menjadi satu-satunya istilah yang merujuk hasil rancang bangun kendaraan dua roda.
Yang pasti, konstruksinya belum mengenal besi. Modelnya pun masih sangat "primitif". Ada yang bilang tanpa engkol, pedal tongkat kemudi (setang). Ada juga yang bilang sudah mengenal engkol dan setang, tapi konstruksinya dari kayu. Adalah seorang Jerman bernama Baron Karls Drais von Sauerbronn yang pantas dicatat sebagai salah seorang penyempurna velocipede. Tahun 1818, von Sauerbronn membuat alat transportasi roda dua untuk menunjang efisiensi kerjanya. Sebagai kepala pengawas hutan Baden, ia memang butuh sarana transportasi bermobilitas tinggi. Tapi, model yang dikembangkan tampaknya masih mendua, antara sepeda dan kereta kuda. Sehingga masyarakat menjuluki ciptaan sang Baron sebagai dandy horse.
Di bawah ini adalah gambar sepeda pertama kali yang diciptakan yang dijuluki dengan nama "dandy horse". Lucu...masih menggunakan kaki sebagai tenaga penggerak.
Baru pada 1839, Kirkpatrick MacMillan, pandai besi kelahiran Skotlandia, membuatkan "mesin" khusus untuk sepeda. Tentu bukan mesin seperti yang dimiliki sepeda motor, tapi lebih mirip pendorong yang diaktifkan engkol, lewat gerakan turun-naik kaki mengayuh pedal. MacMillan pun sudah "berani" menghubungkan engkol tadi dengan tongkat kemudi (setang sederhana).
Sedangkan ensiklopedia Britannica.com mencatat upaya penyempurnaan penemu Perancis, Ernest Michaux pada 1855, dengan membuat pemberat engkol, hingga laju sepeda lebih stabil. Makin sempurna setelah orang Perancis lainnya, Pierre Lallement (1865) memperkuat roda dengan menambahkan lingkaran besi di sekelilingnya (sekarang dikenal sebagai pelek atau velg). Lallement juga yang memperkenalkan sepeda dengan roda depan lebih besar daripada roda belakang.
Namun kemajuan paling signifikan terjadi saat teknologi pembuatan baja berlubang ditemukan, menyusul kian bagusnya teknik penyambungan besi, serta penemuan karet sebagai bahan baku ban. Namun, faktor safety dan kenyamanan tetap belum terpecahkan. Karena teknologi suspensi (per dan sebagainya) belum ditemukan, goyangan dan guncangan sering membuat penunggangnya sakit pinggang. Setengah bercanda, masyarakat menjuluki sepeda Lallement sebagai boneshaker (penggoyang tulang).
Sehingga tidak heran jika di era 1880-an, sepeda tiga roda yang dianggap lebih aman buat wanita dan laki-laki yang kakinya terlalu pendek untuk mengayuh sepeda konvensional menjadi begitu populer. Trend sepeda roda dua kembali mendunia setelah berdirinya pabrik sepeda pertama di Coventry, Inggris pada 1885. Pabrik yang didirikan James Starley ini makin menemukan momentum setelah tahun 1888 John Dunlop menemukan teknologi ban angin. Laju sepeda pun tak lagi berguncang.
Penemuan lainnya, seperti rem, perbandingan gigi yang bisa diganti-ganti, rantai, setang yang bisa digerakkan, dan masih banyak lagi makin menambah daya tarik sepeda. Sejak itu, berjuta-juta orang mulai menjadikan sepeda sebagai alat transportasi, dengan Amerika dan Eropa sebagai pionirnya. Meski lambat laun, perannya mulai disingkirkan mobil dan sepeda motor, sepeda tetap punya pemerhati. Bahkan penggemarnya dikenal sangat fanatik.
Diambil dari Wikipedia
Yang pasti, konstruksinya belum mengenal besi. Modelnya pun masih sangat "primitif". Ada yang bilang tanpa engkol, pedal tongkat kemudi (setang). Ada juga yang bilang sudah mengenal engkol dan setang, tapi konstruksinya dari kayu. Adalah seorang Jerman bernama Baron Karls Drais von Sauerbronn yang pantas dicatat sebagai salah seorang penyempurna velocipede. Tahun 1818, von Sauerbronn membuat alat transportasi roda dua untuk menunjang efisiensi kerjanya. Sebagai kepala pengawas hutan Baden, ia memang butuh sarana transportasi bermobilitas tinggi. Tapi, model yang dikembangkan tampaknya masih mendua, antara sepeda dan kereta kuda. Sehingga masyarakat menjuluki ciptaan sang Baron sebagai dandy horse.
Di bawah ini adalah gambar sepeda pertama kali yang diciptakan yang dijuluki dengan nama "dandy horse". Lucu...masih menggunakan kaki sebagai tenaga penggerak.
Baru pada 1839, Kirkpatrick MacMillan, pandai besi kelahiran Skotlandia, membuatkan "mesin" khusus untuk sepeda. Tentu bukan mesin seperti yang dimiliki sepeda motor, tapi lebih mirip pendorong yang diaktifkan engkol, lewat gerakan turun-naik kaki mengayuh pedal. MacMillan pun sudah "berani" menghubungkan engkol tadi dengan tongkat kemudi (setang sederhana).
Sedangkan ensiklopedia Britannica.com mencatat upaya penyempurnaan penemu Perancis, Ernest Michaux pada 1855, dengan membuat pemberat engkol, hingga laju sepeda lebih stabil. Makin sempurna setelah orang Perancis lainnya, Pierre Lallement (1865) memperkuat roda dengan menambahkan lingkaran besi di sekelilingnya (sekarang dikenal sebagai pelek atau velg). Lallement juga yang memperkenalkan sepeda dengan roda depan lebih besar daripada roda belakang.
Namun kemajuan paling signifikan terjadi saat teknologi pembuatan baja berlubang ditemukan, menyusul kian bagusnya teknik penyambungan besi, serta penemuan karet sebagai bahan baku ban. Namun, faktor safety dan kenyamanan tetap belum terpecahkan. Karena teknologi suspensi (per dan sebagainya) belum ditemukan, goyangan dan guncangan sering membuat penunggangnya sakit pinggang. Setengah bercanda, masyarakat menjuluki sepeda Lallement sebagai boneshaker (penggoyang tulang).
Sehingga tidak heran jika di era 1880-an, sepeda tiga roda yang dianggap lebih aman buat wanita dan laki-laki yang kakinya terlalu pendek untuk mengayuh sepeda konvensional menjadi begitu populer. Trend sepeda roda dua kembali mendunia setelah berdirinya pabrik sepeda pertama di Coventry, Inggris pada 1885. Pabrik yang didirikan James Starley ini makin menemukan momentum setelah tahun 1888 John Dunlop menemukan teknologi ban angin. Laju sepeda pun tak lagi berguncang.
Penemuan lainnya, seperti rem, perbandingan gigi yang bisa diganti-ganti, rantai, setang yang bisa digerakkan, dan masih banyak lagi makin menambah daya tarik sepeda. Sejak itu, berjuta-juta orang mulai menjadikan sepeda sebagai alat transportasi, dengan Amerika dan Eropa sebagai pionirnya. Meski lambat laun, perannya mulai disingkirkan mobil dan sepeda motor, sepeda tetap punya pemerhati. Bahkan penggemarnya dikenal sangat fanatik.
Diambil dari Wikipedia
9:21 AM | 2
comments | Read More
Flowchart WEb crawler
Written By pcbolong on Monday, May 16, 2011 | 7:07 PM
7:07 PM | 2
comments | Read More
Install dari SlackBuild
Written By pcbolong on Sunday, May 15, 2011 | 4:46 AM
Posting kali ini adalah catatan saya mengenai cara meng-install aplikasi di sistem operasi Linux Slackware menggunakan fasilitas Slackbuild. Menurut saya, install menggunakan slackbuild betul-betul mengasyikkan, karena dapat merasakan bagaimana meng-costumize aplikasi sesuai dengan kebutuhan dan keinginan kita. Langkah-langkah dalam postingan ini saya ambil dari HOWTO milik situs penyedia file slackbuild, slackbuild.org.
Kita harus memiliki archive slackbuild dari aplikasi yang akan kita install. File dapat diunduh langsung di Slackbuild.org. Pada bagian ini, yang membuat saya penasaran adalah bagaimana situs tersebut dapat langsung mengetahui seri slackware yang kita gunakan. Lihat saja, ketika kita membuka halaman index miliki slackbuild.org, langsung muncul seri slackware nya. Jadi semua aplikasi yang kita cari khusus untuk seri slackware tersebut. :D Karena saya bukan seorang programmer web, jadi cukup penasaran saja. Lanjut...
Contoh misal kita akan meng-install aplikasi xxx. File arsip yang harus kita unduh adalah file source dari aplikasi tersebut misal xxx.tar.gz atau xxx.tar.bz2 atau berformat lain seperti rpm. Selain itu kita harus meng-unduh file slackbuildnya, yang bernama xxx.slackbuild.tar.gz.
Tunggu sambil selesai. Dan ini hal yang paling membosankan,,sembari menunggu kita dapat mendeface beberapa site. ahaha LOL kidding!! Setelah semua file sudah selesai diunduh, dan usahakan file berada pada folder yang memiliki akses untuk execute atau bisa dijalankan. Ekstrak file xxx.slackbuild.tar.gz. Hasil ekstrak akan bernama xxx. Folder xxx berisi file-file source yang akan digunakan untuk membuat package installer dari xxx.tar.gz. Isi folder hasil ekstrak biasanya adalah file README, xxx.info, xxx.slackbuild, xxx.desktop, xxx.png, dan slack-desc.
Kemudian pindahkah file source aplikasi (xxx.tar.gz) ke dalam folder xxx tadi. Kemudian execute file xxx.slackbuild dengan perintah
./xxx.slackbuild
ingat!!semua file dalam folder xxx harus memiliki hak akses untuk diexecute!
Dan, kita menunggu lagi sampai proses selesai. Proes yang dilakukan adalah proses untuk meng-configure, make, make install dan membuat package instalasi dari aplikasi tersebut.
JIka proses slackbuild sudah selesai, otomatis file instalasi akan ditaruh di folder /tmp. File instalasi berformat .tgz. Setelah itu kita tinggal jalankan saja insstallpkg untuk instalasi aplikasi, dan selesai. Perintah instal adalah
installpkg xxx.tgz
Satu hal lagi yang perlu diperhatikan adalah, kita harus mengetahui dan pastikan library atau aplikasi dependenci yang dibutuhkan oleh aplikasi yang akan kita install sudah terinstall pada slackware kita. File dependenci apa saja yang dibutuhkan, sudah dijelaskan pada halaman slackbuild dari aplikasi yang kita search tadi di awal. Hal ini untuk mencegah berhenti di tengah-tengah proses build karena meminta aplikas dependenci.
Selamat ngoprek :D
4:46 AM | 0
comments | Read More
Subscribe to:
Posts (Atom)