Latest security report from McAfee

0 comments

I was reading the latest security report from McAfee and I was struck by the following statistic:

"McAfee Labs is now at the point where we detect more than 110,000 new unique rootkits per quarter."

McAfee Labs

This latest report essentially echoes my concerns back in 2009. Namely, the bad guys are increasingly (almost unanimously) using readily available malware kits that include kernel, chipset, and BIOS rootkits to mask their payloads. In addition, the report warns of the latest trend towards cross-platform attack vectors such as vulnerabilities in Adobe Flash, Adobe Reader, and Java as well as targeting platforms growing in popularity such as iPad, iPhone, Android, Apple OS X, Thunderbird, and Firefox add-ons. Any of those sound familiar to you or residing on your personal machine/device? Point made.

The Microsoft Windows defense against kernel rootkits, called PatchGuard, was recently defeated by hackers and Mac OS X succumbed to rootkit penetration back in 2009. So, I've started dusting off my interest in further securing my Ubuntu Linux machine (which, by the way, is just as vulnerable to rootkits as the rest).

I'll probably start here for my desktop and here for my server (as well as peruse this guide for ideas), but if anyone knows of a better guide feel free to post a comment below.

P.S. I'm also keeping my eye on Fortress Linux. Their approach aligns with my sentiments (except for "Full support for Windows software") and the latest Xfce 4.8 desktop interface looks nice (assuming that's the version included in the initial release slated soon). Too bad only the Gnome Desktop Edition will be free, but I understand their reasoning. Check out the screenshots. More information regarding the three editions can be found here.

Proper open source licensing

0 comments

With the abundance of open source license options out there, it can be difficult for a new developer to choose between them. Fortunately, the OSI License Proliferation Committee has narrowed down the list to a recommendation of nine options:


  • Apache License, 2.0

  • Common Development and Distribution License (CDDL)

  • Common Public License (CPL)

  • Eclipse Public License (EPL)

  • GNU General Public License (GPL version 2, 3, or later)

  • GNU Library or "Lesser" General Public License (LGPL version 2, 3, or later)

  • MIT license (X11)

  • Mozilla Public License 1.1 (MPL)

  • New BSD license (3-clause)

As a general rule of thumb, if you have software that you've created that you want to freely share with the world and you don't care how it's used as long as someone doesn't later sue you or expect anything from you, use the "MIT (X11)" license. If you have software that you've created that you don't mind being used exclusively in open source projects (or private networks) but don't want it used in public commercial or proprietary projects, use the "GPLv3 or later" license. If you have software that you've created and you want to keep it all to yourself, indicate "All rights reserved." in the source code and don't publish your code anywhere public.

Pure Ajax / Javascript uploaders

0 comments

There are a ton of ajax / javascript file uploaders out there. Here are my top picks:

noSWFUpload: The upside is that it supports practically every browser under the sun. The downside is that it looks a little dated. Note: The demo page doesn't show a progress bar but this version does.

CSS Ninja HTML5 Drag-and-Drop uploader: Very cool and modern with progress bar status overlay. Check out the demo page if you're using Firefox. Note: Other browser support is buggy so you may have better luck with html5uploader.

Richard York uploader: This one gets bonus points for supporting Mac Safari 5.0.5 drag-and-drop upload. The downside...Windows Safari does not support it. Firefox, Chrome, and Safari users can check out the demo.

Valums Ajax Upload: This one is my personal favorite. It supports all the fancy bells and whistles of modern browsers and degrades nicely for older browsers. Plus, the recently added LGPL v2+ license is a bit more commercial friendly.

P.S. As an interesting aside, even the GPL license has a loophole when it comes to server-side web pages:

"The GNU General Public License permits making a modified version and letting the public access it on a server without ever releasing its source code to the public."

GNU Free Software Foundation

What's the big deal with HTML5 ?

0 comments

When a significant technological milestone occurs there is always someone in the crowd who raises their hand and asks "So what? Big deal."

HTML5 (the next version of HTML....the very fabric of the Internet), is a big deal but it can be somewhat difficult to explain why. Here's one explanation that I came across the other day that does a good job in simply describing one piece of the awesomeness: Scribd.

Father's Day gifts for a geek

0 comments

Anyone who's looked at more than one post on my blog knows I'm a tech geek. Most fathers look forward to a barbecue, pool party, and football on Father's Day. Me? Books.

Sad, I know.

That point aside, I was pleased to get a couple noteworthy additions for my collection:


SVG Essentials by J. David Eisenberg. This is the best reference manual (aside from the standard itself) that I've read on SVG (scalable vector graphics). Although published in 2002, nothing earth-shattering has changed in the SVG standard so it's still a good buy. Note: if you're just a casual fan of SVG or curious in the book but don't want to fork over hard-earned cash, O'Reilly has graciously released the book online for free. Yes, I liked the book (and especially the appendices) that much that I paid good money for a free book.

P.S. For the cash-strapped avid SVG fan, another free resource is a 2003 downloadable ebook called Learn SVG by Jon Frost, Stefan Goessner, and Michel Hirtzler:

Scribd

__________________________________________________________



High Performance Web Sites by Steve Souders. It's pretty rare to find a best-seller tech book. Most books in that genre are very specific to a technology or small group of devoted followers. Either way, it's usually outdated by the time it's published so gaining enough sales to earn the respected title of "best-seller" is an impressive feat indeed. So, it is with no small understatement when I say this book is one of the best books for any web developer, network admin, or IT professional. The advice and techniques are just as practical now as they were in 2007 when the book was published. Steve followed that success with an equally awesome second volume follow-up called Even Faster Web Sites in 2009:

Color Contrast

0 comments

A lot of websites these days are moving towards an Apple-esque everything-white-is-cool or Photoshop-esque everything-charcoal-is-cool color scheme. While that may be esthetically pleasing for casual perusal, it can actually damage your eyesight if the color contrast between font and background color is too similar. One site I use regularly to verify my contrast compliance against the Web Accessibility Initiative (WAI) standards can be found here.

Web developers, for the sake of all our eyes, please implement proper contrast.

Yet another tweak for the "bullet-proof" web font syntax

0 comments

Google web font syntax aside, using web fonts today requires a very cumbersome and ugly syntax. To make matters worse, IE9 continues the venerable Microsoft tradition of messing up established protocols and processes. So, for all you web developers and admins that have painstakingly set up your CSS and HTML pages correctly, looks like you'll need to touch them all again with this update.

Keeping my eye on WebP ("weppy")

0 comments

It's no secret that I'm a big fan of Google and the projects they host. My blog is hosted by Blogger and I've used their search engine, GMail, Web Fonts, Chrome browser, Page Speed extension, Google Maps, Google URL Shortener, and YouTube service.

Google has received a lot of praise for their open source WebM video format, mod_pagespeed Apache module, contributions to WebPageTest.org, and disruptive technologies like Android, Chromium OS, Google Wave, svgweb, Google Chrome Frame, and Google Earth.

Lately, I've been looking into Google's new image format called WebP (which is based on technology from their WebM video project). If you have the Chrome or Opera browsers, check out the WebP gallery to get a quick taste for the compression and quality comparisons. You can also check out their latest research comparing WebP to JPEG and also an amusing third-party review comparing WebP to JPEG and JPEG XR (Microsoft's competing image format). The data looks promising, but the current support is minimal (i.e. Chrome and Opera browsers). The feedback has been mainly negative or lukewarm although promised future enhancements (such as support for lossless, transparency, and metadata) are tempting enough to keep most of the big players (and me) keeping a watchful eye on developments.

Browser market share

0 comments

Ever wonder which percentage of Internet users are using which web browser? I found this site today that provides a good overview.