Archive for Code

Strange Computer Code Discovered Concealed In Superstring Equations!

“Doubly-even self-dual linear binary error-correcting block code,” first invented by Claude Shannon in the 1940’s, has been discovered embedded WITHIN the equations of superstring theory!

Why does nature have this? What errors does it need to correct? What is an ‘error’ for nature? More importantly what is the explanation for this freakish discovery? Your guess is as good as mine.

References

1.) Recent NPR interview with Professor Gates: http://being.publicradio.org/programs/2012/codes-for-reality/gates-symbolsofp…

2.) Gates original paper: http://arxiv.org/abs/0806.0051

3.) A potential explanation, Bostrom’s Simulation Hypothesis: http://www.simulation-argument.com/simulation.html

via Strange Computer Code Discovered Concealed In Superstring Equations! – YouTube.

AJAX Apps Ripe Targets for JavaScript Hijacking

from eWeek : AJAX Apps Ripe Targets for JavaScript Hijacking

Fortify Software has documented what the security firm is calling a “pervasive and critical” vulnerability in Web 2.0 applications—specifically, in the ability of an attacker to use a JavaScript vulnerability to steal critical data by emulating unsuspecting users.

The vulnerability—which allows an exploit called JavaScript Hijacking—can be found in the biggest AJAX frameworks out there, including three server-integrated toolkits: Microsoft ASP.Net AJAX (aka Atlas), Google Web Toolkit and xajax—the last of which is an open-source PHP-class library implementation of AJAX.

Client-side libraries that Fortify inspected and found to be vulnerable are the Yahoo UI, Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Rico and MochiKit.

Of the AJAX frameworks and client-side libraries Fortify inspected, only DWR 2.0 (Direct Web Remoting 2.0) has mechanisms to prevent JavaScript Hijacking.

Google developing search engine for uber-telescope

Google developing search engine for uber-telescope | CNET News.com

The Large Synoptic Survey Telescope Project, slated for completion by 2013, is a 3-billion pixel camera/telescope currently being built atop the Cerro Pachon mountain peak in Chile.

When completed, the 8.4-meter Large Synoptic Survey Telescope (LSST) will generate over 30 terabytes (30,000GB) of multiple color images of visible sky each night, according to LSST Corp., which oversees the project.

Google will collaborate with LSST to develop a search engine that can process, organize and analyze the voluminous amounts of data coming from the instrument’s data streams in real time. The engine will create “movie-like windows” for scientists to view significant space events. [Read on]

Inside the Mind of a Kernel Hacker

Security Watch.eWeek – Exploits and Attacks – Interview: Inside the Mind of a Kernel Hacker

You might be surprised to learn that the mysterious hacker behind the MoKB (Month of Kernel Bugs) project actually believes in responsible disclosure. For the entire month of November, the man known simply as “LMH” is releasing a daily proof-of-concept exploit for unpatched kernel-level flaws in operating systems — including Windows, Linux, Mac OS X and FreeBSD. I caught up with LMH over IM and found him willing to explain the motivation for the project, share thoughts on disclosure ethics and argue that some OS vendors are more dangerous than hackers…

RN: Can you introduce yourself? Who is LMH? Is there a real name?

LMH: Well, I have a name as we all do. LMH is in fact a reference to my real name. The reason for ‘hiding’ behind it is that while I don’t mind appearing on public mailing lists, news media, etc., I want to be recognized by the work I do. A name is pretty much like a trademark, and I’m not into trading with my name, thus I prefer to use a rather simple nickname such as ‘LMH’. That way people focus on the work and not who has done it. It’s also good to keep a low profile sometimes. I’m based in Europe.

How did you get involved in security research?

I got involved at a young age, obviously not in the best manner. Like most people in the ‘scene’ I started as the rather annoying script kiddie, or high school prankster. Fortunately I got through that and started doing more useful work ;). I’ve been doing kernel-related development for some time now around some projects. I found Metasploit to be a serious, yet extremely fun playground where I met skillful individuals such as HD (Moore) and Matt Miller (skape). I’ve been contributing to Metasploit for some time now. I could say it’s my professional career but I try to get involved in other related activities in areas like physical security.

What prompted you to do the MoKB project? Any particular reason for focusing on kernel bugs?

One of the reasons was to have fun and find interesting issues. The original intent was to get a general overview of the current state of kernel-land code but I was also pushed by the fact that some bugs apparently were being patched silently (even if they were known for months). The ‘better-safe-than-sorry’ saying applied fairly well to the situation, so that also motivated me to release these bugs into the public domain.

What’s wrong with silent fixes? Microsoft says that anything they find themselves will be fixed silently because releasing information only serves to help attackers…

It’s wrong when developers and vendors are dishonest. It’s also contradictory to the apparent policy/motivations of a company if their business model focuses on security or open source software. Actually, silent fixing aids attackers. Someone who thinks that no one can notice a silent fix by either reverse engineering or simple mining of change-logs and development discussions is definitely someone harmful to himself, his company and the userbase of the product itself. [Full interview]

Creating Web Pages With Ajax

Slashdot | Creating Web Pages With Ajax

“Asynchronous Javascript And Xml, popularly known as Ajax, is a combination of Javascript, XML and some coding on the server side. Even though this technology existed for years, many believe it was Google which brought it to the front by implementing it on its sites and thus raising it to the cult status it enjoys now. There is something magical in seeing a website update its content without reloading the whole page, which is the visual essence of Ajax.”

An overview of using AJAX and what not, read on.

jQuery Eases JavaScript, AJAX Development

eWeek: jQuery Eases JavaScript, AJAX Development

As more developers adopt the practice of AJAX-style development to create more interactive applications, they are looking for tools to make the job easier.

One such tool is jQuery, which some users say makes AJAX (Asynchronous JavaScript and XML) development cleaner by making using JavaScript easier. JavaScript is notoriously difficult to work with, said a group of experts at Microsoft’s Lang.Net symposium in early August, in Redmond, Wash.

John Resig, the creator of jQuery, said the technology reached its 1.0 release on Aug. 26. jQuery is essentially a new type of JavaScript library that allows developers to work “unobtrusively” with JavaScript.

Resig, in Cambridge, Mass., said jQuery is “not a huge, bloated framework promising the best in AJAX—nor is just a set of needlessly complex enhancements—jQuery is designed to change the way that you write JavaScript.” [Read on]