FreakyZoidberg

Accueil | Tags | Archives

Sunday, May 23 2010

Google I/O 2010 summary

By Pierre Lacave on Sunday, May 23 2010, 14:33

Google I/O 2010 is now over, here a bried summary of what's been said during this conference.

WebM video format:

  • using VP8, a high-quality video codec we are releasing today under a BSD-style, royalty-free license
  • Vorbis, an already open source and broadly implemented audio codec
  • a container format based on a subset of the Matroska media container

Google Font API Google Feed API Google Latitude API Opening Google Wave for everyone Google Chrome webstore

Android 2.2 Codename FROYO (Frozen Yoghurt)

JIT – Just in Time compiler gives apps a 2x-5x increase in speed. In a demo of Replica Island, one of Androinica’s favorite apps, Éclair and Froyo were introduced side by side to show how each handles the game on a Nexus One. Éclair often fell below 30 frames per second, but the JIT-packed Froyo never came close to falling. No red flashes at all!

Enterprise – Google announced 20 new enterprise features: New Exchange auto-discovery, security polices, and GAL lookup. Also added Device Admin API’s for things like remote wiping. This is crucial for many IT workers and critical for Android becoming a major player in the enterprise crowd.

Application Data Backup API – Allows in-app data to be saved and restored. When you switch from one phone to the next, your stored data will in apps will transfer over if the developer takes advantage of the API. Imagine not having to lose your scores when you reinstall an app or upgrade devices.

Cloud to app communication – A new feature for intents allows users to upgrade to communicate from desktop to mobile. Search for Google Maps on your computer and send it to the phone, your device will immediately go to Navigation mode. BOOM! Reading an article on the web and need to read it on the go? BOOM! It opens up in the browser (the API may allow it to open up in your RSS reader of choice?)

Tethering & Portable Hotspot – Your Android device can become a hotspot. You rooted users have been doing this for months, but the feature will now be integrated into the device as a standard feature. Froyo includes built-in tethering to allow your mobile devices (netbook, laptop) to access the web through your cell phone.

Browser

Browser is now 2x-3x faster with V8 for Android. Javascript tweaks have been made to more than double rendering, making your phone access the web much faster. An Éclair, Froyo, and iPad were all using a swimming lap test. Even with a lead for the iPad, Froyo still lapped it…SEVERAL times. Gundotra said, “Froyo has the world’s faster browser.”

sources : http://www.watblog.com http://code.google.com/intl/fr-FR/events/io/2010/

Continue reading»

6 comments no trackback

Monday, January 18 2010

Aurora in action

By Pierre Lacave on Monday, January 18 2010, 07:07 - Security

the IE exploit used in the last week attack against google and other american companies is now on Metasploit

here a video of aurora (the code name given my McAfee for this exploit)


The "Aurora" IE Exploit in Action

Continue reading»

28 comments no trackback

Friday, January 15 2010

Firefox is 5 years old

By Pierre Lacave on Friday, January 15 2010, 05:22

Firefox is 5 years old today !

In the middle of the war for web browser supremacy, today is an important day. Firefox changed the way we used internet by easing, securing and improving our web experience.

Happy birthday Firefox

logo-wordmark.png

for a sum up of what changed in the last 5 years of Firefox http://hacks.mozilla.org/2009/11/5-years/

Continue reading»

42 comments no trackback

Wednesday, December 16 2009

Debug android project with eclipse

By Pierre Lacave on Wednesday, December 16 2009, 14:44 - Linux

Developing android application is fairly easy if you know java, but as it use a android virtual machine to run your application, debugs are somehow not clearly appearing.

The good news is Android Plugin for Eclipse also has excellent integration with the Eclipse debugger.

you can test by yourself by adding a NullPointerException into your code. If you run your application again, you'll eventually see this:

hello_world_8.png

To find out more about the error, set a breakpoint in your source code on the line Object o = null; (double-click on the marker bar next to the source code line).

Then select Run > Debug History > Hello, Android from the menu to enter debug mode.

Your app will restart in the emulator, but this time it will suspend when it reaches the breakpoint you set.

You can then step through the code in Eclipse's Debug Perspective, just as you would for any other application.

hello_world_9.png

Continue reading»

22 comments no trackback

Sunday, November 1 2009

Solve Sudoku using SQL

By Pierre Lacave on Sunday, November 1 2009, 22:01 - SGDB

Say we have a sudoku like this:

250px-sudoku-by-l2g-20050714_svg.png first you need to put all the number as if they were in a signle row :

"53 7 6 195 98 6 8 6 34 8 3 17 2 6 6 28 419 5 8 79"

then use with Oracle the following query (recursive subquery)

with x( s, ind ) as
( select sud, instr( sud, ' ' )
 from ( select '53  7    6  195    98    6 8   6   34  8 3  17   2   6 6    28    419  5    8  79' sud from dual )
  union all
  select substr( s, 1, ind - 1 ) || z || substr( s, ind + 1 )
       , instr( s, ' ', ind + 1 )
  from x
     , ( select to_char( rownum ) z
         from dual
         connect by rownum <= 9
       ) z
  where ind > 0
  and not exists ( select null
                   from ( select rownum lp
                          from dual
                          connect by rownum <= 9
                        )
                   where z = substr( s, trunc( ( ind - 1 ) / 9 ) * 9 + lp, 1 )
                   or    z = substr( s, mod( ind - 1, 9 ) - 8 + lp * 9, 1 )
                   or    z = substr( s, mod( trunc( ( ind - 1 ) / 3 ), 3 ) * 3
                                      + trunc( ( ind - 1 ) / 27 ) * 27 + lp
                                      + trunc( ( lp - 1 ) / 3 ) * 6
                                   , 1 )
                 )
)
select s
from x
where ind = 0
/

250px-sudoku-by-l2g-20050714_solution_svg.png

Continue reading»

32 comments no trackback

Saturday, October 31 2009

Firefox 3.6 Beta 1

By Pierre Lacave on Saturday, October 31 2009, 21:50

Today the Mozilla foundation released the first version of the Beta of Firefox 3.6

the new features are :

  • Users can now change their browser’s appearance with a single click, with built in support for Personas.
  • Firefox 3.6 will alert users about out of date plugins to keep them safe.
  • Open, native video can now be displayed full screen, and supports poster frames.
  • Support for the WOFF font format.
  • Improved JavaScript performance, overall browser responsiveness and startup time.
  • Support for new CSS, DOM and HTML5 web technologies.

You can download it here

Continue reading»

no comment no trackback

Monday, October 26 2009

Web Application Security Consortium (WASC) 2008 report

By Pierre Lacave on Monday, October 26 2009, 13:34 - Security

The Web Application Security Consotium has announced the statistics for 2008.

The statistics includes data about 12186 web applications with 97554 detected vulnerabilities of different risk levels. The analysis shows that more than 13%* of all reviewed sites can be compromised completely automatically. About 49% of web applications contain vulnerabilities of high risk level (Urgent and Critical) detected during automatic scanning However, detailed manual and automated assessment by white box method allows to detect these high risk level vulnerabilities with probability up to 80-96%. The probability to detect vulnerabilities with risk level more than medium (PCI DSS compliance level) is more than 86% by any method. At the same time, detailed analysis shows that 99% of web applications are not compliant with PCI DSS standard.

The most widespread vulnerabilities are Cross-Site Scripting, Information Leakage, SQL Injection, Insufficient Transport Layer Protection, Fingerprinting и HTTP Response Splitting. As a rule, Cross-Site Scripting, SQL Injection and HTTP Response Splitting vulnerabilities are caused by design errors, while Information Leakage, Insufficient Transport Layer Protection and Fingerprinting are often caused by insufficient administration (e.g., access control).

The probability to detect vulnerabilities of different risk levels t1

The most widespread vulnerabilities in web applications (% Vulns ALL) image2.png

The probability to detect the most widespread vulnerabilities in web applications (% Sites ALL) image3.png

Percent of vulnerabilities out of total number of vulnerabilities (% Vulns ALL) image4.png

The probability to detect vulnerabilities depending on their origin image5.png

The probability to detect the most risky vulnerabilities in Web applications (% Sites BlackBox & WhiteBox) image9.png

Source : projects.webappsec.org

Continue reading»

8 comments no trackback

Saturday, October 24 2009

Fedora 12 Released

By Pierre Lacave on Saturday, October 24 2009, 14:38 - Linux

Adam Will writes :

The Fedora project has announced the release of Fedora 12 Beta, which is available here. This will be the final pre-release before the final release in November. New features of Fedora 12 highlighted in the announcement include substantial improvements and fixes to the major graphics drivers, including experimental 3D acceleration support for AMD Radeon r600+-based adapters; improved mobile broadband support and new Bluetooth PAN tethering support in NetworkManager; improved performance in the 32-bit releases; significant fixes and improvements to audio support, including easy Bluetooth audio support; initial implementation of completely open source Broadcom wireless networking via the openfwwf project; significant improvements to the Fedora virtualization stack; and easy access to the Moblin desktop environment and a preview of the new GNOME Shell interface for GNOME. Further details on the major new features of Fedora 12 can be found in the release announcement and feature list. Known issues are documented in the common bugs page.

Continue reading»

5 comments no trackback

Saturday, October 10 2009

Command Line copy & paste

By Pierre Lacave on Saturday, October 10 2009, 13:16 - Linux

xclip is a command line interface for X11, based on the system of pipes. i nice and easy, works like a charm

to copy the full output of a directory in a the clipboard

$>ls -la | xclip

to copy the full content of a file

$>xclip /etc/shadow

to output the content

$>xclip -o

to output the content in a file

$xclip -o > ~/myfile

Continue reading»

5 comments no trackback

Saturday, September 12 2009

Linux Kernel Update 2.6.31

By Pierre Lacave on Saturday, September 12 2009, 11:37 - Linux

Linux 2.6.31 kernel released on 9 September, 2009

Among all the changes, a few changes deserve to be noticed here :

USB 3 support

Thanks to Intel, Linux now support USB 3 and xHCI.
No xHCI hardware hit the mass market yet.
Linux is still a step ahead !

CUSE

The awaited extension of the famous FUSE.
With this new "virtual device" File system,
we will be able to link application in different layers,
a good example case i read on the net would be
to "proxying" OSS audio from OSS apps through the ALSA userspace layer.

ATI kernel mode

For those having problem with your old ATI GPU,
this new release should fix quite a lot of freeze in X.

Better memomy management under pressure.

Benchmark showed a drop of 50% of memory major Fault
when using a graphical desktop !

http://kernel.org/

Continue reading»

2 comments no trackback

All your base are belong to us

By Pierre Lacave on Saturday, September 12 2009, 11:09 

  1. echo "hello world";

Continue reading»

4 comments no trackback