SamuraiNet Blog

While working on my web-spider class for an application I was developing, I did some searching for efficiency of spidering algorithms. I came across this comparison of the depth-first versus breadth-first search algorithms. http://www.leekillough.com/trapopt.html

Using a combination of Javascript and CSS, it is possible to enumerate parts of a user’s history. This site demonstrates this with a “finding your gender” based on which sites you have viewed. http://www.mikeonads.com/2008/…-history-estimate-gender/

The following two links provide a breakdown of file systems based on capabilities (the wikipedia post) and performance (the linuxgazette post.) I’ve been using these lately while re-installing a few machines and have found them to be more than helpful.

http://linuxgazette.net/122/piszcz.html

http://en.wikipedia.org/wiki/Comparison_of_file_systems

Typo-squatting is a well known method of gathering data or presenting spam-sites. This article from TechRepublic gives a few methods for protecting against such a threat. http://blogs.techrepublic.com.com/security/?p=543&tag=nl.e036

This is a handy little web application that will generate your .htaccess file to restrict access based on what country the IP address is from. http://blockacountry.com/htaccess.php

If you are a programmer anything I like I am, you are constantly trying to find ways to better yourself or keep skills sharp. A friend of mine showed me this set of exercises designed to help keep things fresh. http://codekata.pragprog.com/2007/01/code_kata_backg.html

In the wake of so many ISP’s getting away with murder and the government looking the other direction it’s good to see that Florida is stepping in and fining Version for poor response time. http://news.cnet.com/Florida-…00-1036_3-6239655.html?tag=html.alert.hed

This is a great video for both optimizing and securing your Windows XP system. It shows exactly how to disable five services you probably don’t need to be running. http://blogs.techrepublic.com.com/itdojo/?p=120&tag=nl.e101

If you have ever had the “Warning: Using insecure memory” message display when using a tool such as GnuPG this article is for you. Not only does it explain exactly what that means it also goes into how to prevent the problem. http://blogs.techrepublic.com.com/security/?p=457&tag=nl.e036

Panda security has now launched thier Security as a Service for businesses. Among other services they will be offering: outsourcing of infrastructure, automated updates and patching, compliance checks, risk management, and remote management tools. http://sev.prnewswire.com/computer-software/20080519/LAM04119052008-1.html

I read this post on a friend of mine’s blog and thought it was rather useful. I’ve had PHP scripts running on cron before that had exactly this problem. They would lock up after a while and before I knew it, I had about 15 “undead” PHP processes just eating up my CPU. What was worse was that my shared host only allowed each user 15 processes at the same time, so slowly but surely the rest of my sites would go down. http://www.toosweettobesour.com/2008/05/21/amp-and-runaway-scripts/

I played with both of these plugins. The view formated source one didn’t do a whole lot for me, but the view source chart was a great improvement. It makes checking out HTML much easier, and with the added ability to collapse various blocks of code it makes it easier to sort through just what I want. http://blogs.techrepublic.com.com/programming-and-development/?p=670&tag=nl.e055

A friend asked me a few months ago to help him uninstall Internet Explorer 7 and it was more than a pain. Here is a great explanation of how to do it painlessly.http://blogs.techrepublic.com.com/window-on-windows/?p=680&tag=nl.e101

As security becomes more mainstream, solutions grow beyond the capabilities of do-it-yourself solutions. Here is discussed various ways to keep current and secure, without sacrificing stability and redundancy. http://blogs.techrepublic.com.com/security/?p=456&tag=nl.e036

As hacking becomes “more popular,” or perhaps simply easier with the availability of tools, proper attacks are not the elegant assaults of yesteryear. Now, brute force attacks are run simply because the tool is easily downloadable and anyone with an internet connection and a target can attempt to crack user accounts. Discusses her further is an example of just this situation. http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=207603339&subSection=Cybercrime

I saw this site on a forum and it’s really wonderful. Has texts on all sorts of programming languages, networking, the works. http://stommel.tamu.edu/~baum/programming.html

For work I built an HTTP Optimizer: Vanishing Point. It’s a framework that accepts plugins, so that custom optimization engines can be built for different file types. Currently I have released a CSS and Javascript optimizer plugin. Both implement packers/miniifiers designed by other people, however; I added in my own code to further optimize them. They also will combine files so as to save time by reducing HTTP requests. In our benchmarks they have shown that they do infact reduce page load time.

Here is the google code SVN repo:

http://vanishingpoint.googlecode.com/svn/trunk/

I have finished up the first version of pwlib.java. It was created in Java 1.4, because I haven’t bothered to update Java in ages. I should be revising it for 1.6 soon enough, but this is something to get you going. I haven’t done a whole lot of testing on it just yet, so feel free to post any bugs you may find.

Currently it only supports hashing for md5 and SHA1, but that will change later on. Right now I’m just trying to get the code base out in all four languages. Next up will be python. Enjoy.

pwlib.java (Java 1.4)

A friend of mine showed me the following site after a discussion over what language was best for a problem. They have “benchmark problems” to test efficiency, memory size, etc. http://shootout.alioth.debian.org/gp4/

For those of you following the Hans Reiser case, he was convicted of killing his wife. This article goes into some detail over the case. The case was circumstantial at best. http://blog.wired.com/27bstroke6/2008/04/reiser-guilty-o.html

Chad Perrin explains a few different ways to close of unwanted ports on your linux system. Explaining both inetd and xinetd and how to manage them as well as ways to track down things that aren’t managed by either or for systems that run neither. http://blogs.techrepublic.com.com/security/?p=447&tag=nl.e036

Slackware 12.1 has been released. Now using the 2.6.24.5 kernel (SMP and non-SMP) and with added features. http://www.slackware.org/announce/12.1.php

This is my first build of the php version of pwlib. Nothing is quit set in stone yet and for all I know I might scrap the whole thing. This should be enough to see how it will interface. If you have and suggestions or would like to see a feature put in, post a comment and I’ll look into it.

PHP 4 Version: http://www.samurainet.org/pwlib/php/pwlib-php4.src

PHP 5 Version:http://www.samurainet.org/pwlib/php/pwlib-php5.src

Wordlist (its just for testing): http://www.samurainet.org/pwlib/php/test.txt

I still need to finish optimizing the code as well as making some of the features more robust. Enjoy the code.

After creating customized password cracking apps for some time, I have finally grown tired of using different alogirthms with no real flexability in them so I have decided to create a library to do this for me. Since I work in a few languages, I will be building these in: Java, C++, Python, and PHP.

The library itself will be a collection of functions used to generate passwords and hashes to be used in cracking or brute forcing. For passwords the library will provide functionality for using dictionary files and generating brute force lists of minimum length n to maximum length m for ASCII x through y. The hashes will include md5 and sha1 built in and I plan to allow custom algorithms to be built for it as a plugin or passed in function, however; that is still in the planing stages.

As soon as I set it up, I will make daily builds available and post that link under this sub-category along with updates. Comments and suggestions are appreciated.