20/07/13 - Dotpad DT-730 (China Telecom Infotmic M-7206)

Iré posteando información del sistema y tal vez instrucciones para el rooteo. Esta tablet llegó a través de El Macatero a fines del 2012:

$ uname -a
Linux localhost 2.6.35.7-infoTM #27 Fri Mar 30 17:43:44 CST 2012 armv6l GNU/Linux


19/07/13 - Explotando algunos formularios de "recomendación" en periódicos locales

Navegando por ahí, encontré este típico formulario de recomendación de noticias por e-mail:

Si lo completamos con algunos datos de prueba e interceptamos el POST que se realiza obtenemos una idea de los parámetros que se envían. Uno de los puntos interesantes aquí es que no hallamos método alguno para combatir la automatización (CAPTCHA por ej.).

Tal vez bastaría con tener el ID de la noticia y el correo de destino para poder recomendarla, entonces el sistema la buscaría a través de su ID y obtendría los campos necesarios -título, copete, etc.- para formatear el correo y mandarlo. Pero en este caso estos otros campos también se utilizan.

Es posible enviar un POST con la siguiente información (en este caso utilizando el RestClient de Ruby, aunque serviría cualquier herramienta: curl, etc.):

Y obtener lo siguiente. Como riesgo principal: correo lo suficientemente auténtico, enviado desde el mismísimo servidor del medio, y hasta con logo incluido. Phishing, etc.:

Otro periódico con problemas similares (y un correo enviado explotando dicha vulnerabilidad). Jonathan Funes inauguró una serie de posts sobre esta idea y explora con mayor detalle el caso de 5días:

06/07/13 - Utilizando un componente del validador de W3 para WHOIS

Eugene Dokukin detalla un listado de URLs que permiten realizar acciones similares (varias relacionadas a los servicios de validación de W3), podrían utilizarse para CSRF y también para ataques de denegación de servicio. En este caso me sirve como un host más para realizar WHOIS sobre un listado extenso de IPs.
LACNIC recibe solicitudes para permitir WHOIS masivos (y mi motivo es válido), pero por el momento me parece suficiente con la cantidad de hosts que estoy manejando, estos van rotando y el bloqueo que se produce luego de cierta cantidad de consultas no se da.

http://services.w3.org/tidy/tidy?docAddr=http://lacnic.net/cgi-bin/lacnic/whois?query=x.x.x.x

03/07/13

“The Cloud” as a concept has somewhat… fluffy security properties (please pardon the pun). We can encrypt data in the cloud, but encryption in and of itself isn’t particularly helpful. It’s particularly problematic if we trust the same people to store our personal data encrypted and also trust them to hold the encryption keys to that data. If they’re doing both, they can decrypt our personal ciphertexts on a whim...

Tony Arcieri

01/07/13

"One dramatic case involved a Canadian man named Walter Nowakowski, who was apparently the first person to be charged in Canada with theft of communications (Canadian Criminal Code Section S.342.1) for accessing the Internet through someone's unsecured Wi-Fi network. Thousands of Canadian “war drivers” do this every day, so why was he singled out? Because of ancillary actions and intent. He was allegedly caught driving the wrong way on a one-way street, naked from the waist down, with laptop in hand, while downloading child pornography through the aforementioned unsecured wireless access point. The police apparently considered his activity egregious enough that they brainstormed for relevant charges and tacked on theft of communications to the many child pornography-related charges.

Similarly, charges involving port scanning are usually reserved for the most egregious cases. Even when paranoid administrators notify the police that they have been scanned, prosecution (or any further action) is exceedingly rare. The fact that a 911 emergency service was involved is likely what motivated prosecutors in the Moulton case. Your author scanned millions of Internet hosts while writing this book and received fewer than ten complaints."

"Nmap Network Scanning" (Gordon “Fyodor” Lyon)

23/06/13

"A government could order a Certificate Authority to produce a malicious certificate for any domain. There is circumstantial evidence that this may happen. And because CAs are located in 52+ countries, there are lots of governments that can do this, including some deeply authoritarian ones. Also, governments could easily perform any of the above network attacks against CAs in other countries."

How secure is HTTPS today? How often is it attacked? (EFF)

04/06/13 - trac: disabling wiki and enabling timeline view as default

This will setup Timeline as default page (other options are: RoadmapModule, BrowserModule, QueryModule, ReportModule, TicketModule):

sed -i 's/WikiModule/TimelineModule/' main.py

And this will disable the wiki (trac.ini):

[components]
trac.wiki.* = disabled

23/05/13

Software isn't about methodologies, languages, or even operating systems. It is about working applications. At Adobe I would have learned the art of building massive applications that generate millions of dollars in revenue. Sure, PostScript wasn't the sexiest application, and it was written in old school C, but it performed a significant and useful task that thousands (if not millions) of people relied on to do their job. There could hardly be a better place to learn the skills of building commercial applications, no matter the tools that were employed at the time. I did learn an important lesson at ObjectSpace. A UML diagram can't push 500 pages per minute through a RIP.
There are two types of people in this industry. Talkers and Doers. ObjectSpace was a company of talkers. Adobe is a company of doers. Adobe took in $430 million in revenue last quarter. ObjectSpace is long bankrupt.
http://www.codinghorror.com/blog/2004/12/it-came-from-planet-architecture.html

21/05/13

14/05/13

05/05/13

 

The algorithms were implemented from scratch and trained on the Reuters articles. For the frequency-rank approach, we additionally used a readily trained implementation of the original algorithm, which we included in the evaluation process as LC4J3. We used each of the algorithms to detect the languages of the previously unused Reuters headlines and the words obtained from dictionaries.
Table 2 shows the accuracies for detecting the language of the Reuters headlines and the dictionary entries across all algorithms and all settings for n. But, the values of LC4J need to be treated carefully: in many cases the algorithm could not detect any language at all. This might be, because the language models provided with the implementation are too sparse for short texts. The values given here are solely based on those cases where language detection was successful. When taking into account the unclassified documents, the accuracy drops drastically to 39.24% for the headlines and to 30.33% for the dictionary words.

(A Comparison of Language Identification Approaches on Short, Query-Style Texts)

28/04/13

“Is Go an object-oriented language? Yes and no.”

Frequently asked questions - GO AUTHORS

20/04/13

The biggest problem with computer security is not communication. It's end points.
(frase de Assange en reunión con Schmidt)

19/04/13

The trick to avoiding complete burnout is easy.

First - don't care at all about your job. Remember that all corporations are by definition psychopaths and they will treat you accordingly.

Second - never do more then 35% of the work you are capable of doing in a day.

Third - if you find yourself getting stressed out tell yourself repeatedly "It's only a stupid job. There is no point in stressing about it."

("I knew a programmer who went completely insane")

09/04/13

The use of statistics in the study of language is linked to the phenomenon of repetition in language. In general, authors who have shown interest in the phenomenon of repetition and the importance of its cognitive function represent a marginal trend inside linguistics. Statistical methods are often aimed at solving practical problems, but not to bolster cognitive or linguistic theories.

Nazar, Rogelio. A quantitative approach to concept analysis. 2010

05/04/13 - tf-idf

• https://github.com/reddavis/TF-IDF
• https://github.com/opennorth/tf-idf-similarity
• https://github.com/louismullie/treat
• https://github.com/mathieuripert/ruby-tf-idf

26/02/13

20/02/13

12/02/13

"ollowing on our visualizations of our census data of the Internet address space, we plotted the whole Internet at scale in October 2007. By ``at scale'' we mean one pixel is one address and every single address is shown. At 600 dots-per-inch (typical printer resolution), the plot turns out to be about 83 square feet (7.7 m², about 9 feet or 2.8m on a side!)."

02/02/13

01/02/13

Félix Romeo escribió en 2003:
George Orwell estaba fascinado por el futuro. Creía que en el futuro, si el hombre se hacía consciente de su fuerza, y parabién de sus limitaciones, la tierra podría convertirse en un paraíso. George Orwell odiaba la uniformidad, creía que cada hombre tenía que ser diferente y pensar por sí mismo. A George Orwell le obsesionaba tanto el futuro que cuando adoptó a su hijo hizo que una amiga le realizara una carta astral. George Orwell creía que la pieza imprescindible del paraíso por venir era la libertad individual. George Orwell creía en la democracia. Winston, el protagonista de 1984, se preguntaba para quién estaba escribiendo su diario: ‘Para el futuro, para los que aún no habían nacido’. No es difícil descubrir a George Orwell debajo de Winston. George Orwell sabía que el recuerdo del pasado es frágil y que es muy fácil falsearlo. Escribió de lo fácil que es falsear el pasado en Rebelión en la granja. Y también escribió de lo fácil que es mentir sobre lo que sucede en Homenaje a Cataluña. George Orwell creía que mirando atentamente a la cara de alguien se podía saber qué pensaba: en 1984, es un delito llevar en el rostro una expresión impropia. George Orwell creía que a los 50 años un hombre tiene la cara que se merece. George Orwell no llegó a cumplir los 50 años. George Orwell estaba obsesionado por la figura del chivo expiatorio: cómo algunos inocentes son convertidos en culpables por una mentira. George Orwell escribió sobre una distopía porque creía que en el futuro no habría gobiernos terribles. Winston, el protagonista de 1984, se defiende en un interrogatorio: “Es imposible fundar una civilización sobre el miedo, el odio y la crueldad. No perduraría”. George Orwell creía que era necesario escribir sobre la verdad, y creía que era fundamental atreverse a estar solo.

http://danielgascon.blogia.com/2013/012201-orwell.php

27/01/13 - computer vision

- http://opencv.org/
- http://www.vlfeat.org/
- http://libccv.org/
- http://simplecv.org/ (opencv...)

23/01/13 - CV de Sergey Brin