Monthly Archives: June 2019

Cross-industry vendor alliance plugs DNS vulnerability

admin | 08/06/2019 | COMMENTS:Comments Closed

Last week, an alliance of software companies and network hardware vendors announced a series of updates designed to fix a DNS flaw first discovered by security analyst Dan Kaminsky. The flaw, which has not yet been described in detail, could have been used to poison domain name system (DNS) servers, including those of specific ISPs. For those of you who aren't aware, DNS servers translate a written, standard web address (www.worldofwarcraft.com) into its corresponding IP address (12.129.242.22). Web browsers understand IP addresses just fine—69.157.76.15 will take you over to Yahoo, if you punch it in—but memorizing a long list of IP addresses isn't the most convenient way to surf the tubes. 苏州美甲

A DNS server is "poisoned" when its normal translation functions are deliberately and maliciously interfered with. A poisoned DNS server might, for example, route users to a web site selling Viagra whenever they attempted to visit google.com, or could send anyone attempting to visit MySpace to a site filled with horrible mash-ups, crummy Flash plug-ins, browser-crashing hijinks, and background wallpapers apparently designed by schizophrenic heroin addicts going through withdrawal. This second type of malicious rerouting is actually preferable, as it presents the visitor with the equivalent experience he or she would expect upon visiting the actual MySpace.

Rerouting traffic aimed at www.google.com from a certain DNS server might push big numbers for a short time, but users (and ISP security) would notice very quickly if Google was replaced by a site touting the medical advantages of WackyWang herbal extract.

DNS poisoning has existed as a potential attack vector for decades, but the flaw Kaminsky discovered had previously gone unnoticed. What's most important, from a user's perspective, is that the various software and hardware fixes that have rolled down the pipe thus far shouldn't cause so much as a hiccup when applied. The broad response from hardware and software vendors is also encouraging—Microsoft has already released patches for Windows 2000, XP, and Server 2003, while the Internet Software Consortium (ISC) has released patches for both version eight and version nine of the Berkeley Internet Name Domain (BIND) server software. Kaminsky has released a small web app to identify whether or not your system is downstream from a vulnerable DNS server; it's available on his blog (linked below)

The United States Computer Emergency Readiness Team (US-CERT) has posted information on the vulnerability and a list of hardware/software vendors with information on whether or not products from that company are affected. An executive summary (PDF) of the flaw and its ramifications is also available, as is Kaminsky's own blog. His niece Sarah makes a guest appearance to explain this particular problem, if you're looking for either the simplified or adorably cute version.

Category: 苏州美甲

Process breakthroughs in electrically conductive polymers

admin | | COMMENTS:Comments Closed

Organic field effect transistors (OFETs) are the building blocks of organic circuitry, and research in this field is still in its infancy, but rapidly expanding. Development is taking place in several key areas, including the polymers themselves, the processing techniques that produce optimal polymer structures in bulk, OFET fabrication, and techniques for integrating multiple OFETs into complete circuits and the devices that contain those circuits. All of these steps are vital to the ultimate goal of producing stable, flexible, high-performance and—maybe most importantly—cheap organic electronic devices. Recent research into optimizing the processing techniques for electrically conductive polymers used in OFETs has produced performance gains in the OFETs themselves, and has the potential to speed up research and characterization of other potentially useful polymers. 苏州美甲

Electrical conduction in materials (excepting the sometimes odd world of superconductors) depends on highly ordered and uniform structures within the material. Similar to a game of pinball, electrons will deflect and slow down if something gets in the way. This something can include atomic-level defects in the crystal structure, like voids and interstitial atoms (atoms that wedge themselves between the normal atom locations of the crystal), as well as microscopic features like grain boundaries. The solution for optimal electrical properties is simple: eliminate defects.

Carrying this out in practice, however, presents a challenge. Traditional single crystal growth, which includes the process used to grow the defect-free silicon used in normal semiconductors, is well understood. It's done routinely by delicately balancing temperatures of liquid and gaseous components (depending on the material in question) and letting them slowly deposit, growing a crystal on a specific substrate. Although not intuitive, polymers can form crystals as well, but they are much more difficult to control due to the weak interactions between polymer chains.

Growth of large, electrically conductive, single crystal polymers isn't yet an option. But researchers have recently investigated an approach to growing single crystals of a usable size (micrometer scale) while avoiding the challenges of growing large crystals—these micrometer crystals can then be used to fabricate OFETs. A two-zone furnace (high temperature to vaporize the polymer, lower temperature to control the deposition) produced high purity, small, single-crystal polymers, but it is limited to use with low molecular weight polymers. Another option tested was a carefully controlled precipitation, where the polymer is dissolved and a different solvent, which the polymer is less soluble in, is added, producing single crystals that fall out of solution.

Without delving into the mechanisms at work, the newly-formed polymers preferentially stack in a single direction, growing single-crystal polymer wires and ribbons. This directionality also provides strong inter-chain conductivity, further improving performance. These wires and ribbons have geometries that lend themselves to transistor fabrication and the single crystal structure enables high performance electrical applications.

The OFETs themselves were fabricated with innovative (although decidedly laboratory-scale) techniques and showed excellent performance, superior to that of a standard polycrystalline or amorphous polymer. Aside from the implications for improvement of OFET performance, this work may provide a clearer picture of the relative performance of different source materials. Since these methods should work with other polymers, they'd allow a direct comparison of how each performs when in a single crystal state.

Although news-worthy in and of itself, developments such as this will need similar advances in the industrialization of OFET fabrication processes before single crystal organic transistors make their way into any actual devices.

Advanced Materials, 2008. DOI: 10.1002/adma.200800669

Category: 苏州美甲

GNOME 3.0 officially announced… and explained

admin | | COMMENTS:Comments Closed

At the recent GNOME User and Developer European Conference (GUADEC), the GNOME release team announced a proposal for developing the next major iteration of the open source desktop environment. The plan offers a long-term strategy for moving GNOME development forward and defining future goals for the desktop. 苏州美甲

The long road towards the first step

The path the GNOME community took to this proposal is somewhat complex. When the prospect of GNOME 3 was first discussed by developers in 2005, the concept took on a life of its own among the users who imagined that it would be an audacious reinvention of the desktop with completely new interaction paradigms and a new kind of user interface. This pie-in-the-sky vision was referred to as ToPaZ, word play on the phrase three-point-zero.

Although the ToPaZ meme was not widely embraced by the developer community, it gained an enormous amount of traction with Linux enthusiasts who wanted to see more innovation on the desktop. For instance, it spawned extensive discussion in the GNOME wiki and a whole new section at the GNOME-Look theming web site, devoted to mockups and brainstorming.

The basic idea behind ToPaZ, however, was fundamentally out of step with the underlying philosophy of the GNOME development community. Incrementalism is among GNOME's defining values and is one of the major factors that has contributed to GNOME's popularity with commercial Linux distributors. GNOME's developers concluded that a radical departure from conventional desktop idioms was ultimately not in the best interest of end users. The consensus was that their goals for the future could be reached one step at a time through minor releases on a consistent schedule—there would be no GNOME 3.0.

Major changes are incubated in parallel to GNOME development and are usually not integrated into the environment itself until they are proven. Most new GNOME technologies have already been adopted by at least one or two major distributors before becoming an official part of the desktop stack. Distributor uptake is, in fact, one of the factors that is evaluated when new modules are proposed for inclusion into GNOME. The process is always undertaken with utmost care in order to minimize disruptions to the end user experience and inconveniences to third-party software developers.

The success of this strategy has been demonstrated by the large number of impressive infrastructure elements that have been streamlined into GNOME through incremental development. A good example is the transition from the anachronistic Bonobo component framework to the new D-Bus interprocess communication system. This major transition was achieved over the course of several releases without a major desktop-wide rewrite.

Going from three-point-no to three-point-oh

Although the GNOME development community is still strongly committed to maintaining its incremental development strategy for the desktop, the rules are different for GTK+, the underlying toolkit used to build the platform. Developers have grown increasingly frustrated with the limitations of GTK+ and have started to evaluate proposals for remedying its weaknesses and adding more modern capabilities.

We looked at some of those plans in depth back in April. Imendio, a software company that builds applications with GTK+, has called for clean API/ABI breaks at predetermined intervals and an overhaul with the aim of improving portability, simplifying theming and widget creation, and creating architecture that will make language bindings easier to maintain.

GNOME developer Havoc Pennington also published a proposal that called for an integrated scene graph system that would bring richer graphical capabilities to the toolkit. The first steps towards achieving Pennington's goals have already been fulfilled by Clutter, a powerful GObject-based graphics framework built by OpenedHand. The call for a toolkit overhaul was the first major acknowledgment in the GNOME community of the need for change.

In the months leading up to the GUADEC event this year, some GNOME developers began to express a bit of discontent with the general state of the desktop. This movement started in developer blog entries and gained momentum as other developers picked up on it by reading the Planet GNOME aggregator. It was given a name by Andy Wingo, who wrote that GNOME had fallen into a state of decadence.

"The problem, as I see it, is that GNOME is in a state of decadence—we largely achieved what we set out to achieve, insofar as it was possible. Now our hands are full with dealing with entropic decay," Wingo wrote in a blog entry. "It does not seem to me that GNOME is on a healthy evolutionary track. By that I mean to say that there is no way there from here, if 'there' is universal use of free software, and 'here' is our existing GNOME software stack."

The sentiment was echoed by others and eventually spilled over onto the GNOME desktop developer mailing list, where it became a discussion thread about the need for leadership and direction.

The new plan

All of the ennui and frustration eventually took a positive turn and culminated in the plan that was proposed by the GNOME release team at GUADEC. The GNOME development community will reach 3.0 but will do so without disturbing the users and without discarding the long-standing philosophy of incrementalism. There will be a GNOME 3.0, but it will not be what so many envisioned for ToPaZ.

"There are still lots of details to discuss but the important thing is that our proposed mindset for 3.0 is in place for discussion now. It involves a relatively smooth transition from 2.x to 3.x, a more focused and inclusive development process, long-term development cycles, and more," wrote GNOME contributor Lucas Rocha in a blog entry.

The GNOME 2.30 release, which will be about a year and a half from now based on GNOME's standard six-month release cycle, is what the developers have decided to call GNOME 3.0. During that time, the GTK+ toolkit will undergo its transformation and much of the desktop infrastructure that has been under heavy development will be more mature—this includes Clutter, Vala, PolicyKit, PackageKit, GVFS, D-Conf, and the GTK+ WebKit port.

Some have speculated that the GNOME 3.0 transition will be like the somewhat controversial development KDE 4, but such speculation isn't consistent with the details available about the release plan. Unlike KDE 4.0, which produced impressive innovation and accelerated development at the cost of user trust and overall desktop stability, the GNOME 3.0 plan is less ambitious, largely builds on the GNOME desktop environment's current strategy, and avoids significant user-visible changes or disruption to basic desktop usability.

Category: 苏州美甲

iPhone App market: a look into one niche

admin | | COMMENTS:Comments Closed

苏州美甲

There are lots of ideas for potential iPhone apps floating around the Internet, but the iPhone Application market isn't as wide open as it might seem. With the exception of some proprietary in-house applications and games, there aren't really that many markets that make sense on a device like the iPhone. We will see hordes of social networking, drawing, organization, and notes applications, and maybe a truly original idea, here and there. There is one application, however, that I am looking forward to: an eBook reader. Unfortunately, creating one may be a lot harder than it seems.

The problem isn't the hardware. While the iPhone's screen is a little on the small side, the text is sharp enough to provide an enjoyable reading experience. In fact, I prefer doing my nightly news feed reading via my iPod touch; it provides a more intimate relationship that I have come to favor.

We can see some of the problems in ZappTek's announcement of its eBook software. The application itself seems great; it allows the user to read in landscape and portrait modes, annotate passages, bookmark pages, and invert screen colors. With a small library of "cutting-edge fiction," it may or may not have the features and library necessary to be a success, though.

Content will be a serious obstacle for smaller developers. While there are free eBooks out there, and channels for procuring commercial eBooks illegally, to create a legitimate eBook reader, a company has to have a legitimate source of material that is desirable. This, of course, involves the potentially long and drawn out task of licensing material from a plethora of different publishing houses, something better suited for a larger company like Amazon. There also needs to be a way to track downloads and pay out royalties. Not necessarily something a small software house has the means to do. This leave us with the potential of large companies such as Amazon or ebooks.com commissioning someone, or writing an application in house, to take care of the task.

You would also need to code a means for getting the books onto the phone. While in theory this could be done using OS X or even Windows, according to our sources there are no syncing APIs for the iPhone. A developer would have to write their own from scratch if they wanted to allow for backups of their content for cases where a phone is lost or damaged.

The second issue lies within the iPhone SDK. According to a developer who wishes to remain anonymous, the APIs for laying out blocks of styled text are terrible (their language was a bit more colorful;) that means writing your own text layout from scratch if you wish to have more than basic control over these elements. While this isn't an impossible obstacle, it may be more work than some companies are willing to engage in, or willing to commission. According to the same developer, the other option is to create a Web-Kit based reader, but this has its own intrinsic problems; said developer mentioned Memory management and less control over the page as being among them. For anyone that has had Mobile Safari crash on them at least once a day, these complaints aren't hard to believe.

There will probably be quite a few eBook readers available eventually, but it seems that most of them will have a hard time succeeding without a large library of material, a significant amount of code in the application, and a reasonable means of downloading and backing up content. While Amazon is one company that comes to mind, they have their eggs in a different basket, and I can't really see them supporting the iPhone at this time.

Apple would obviously be the other contender for such a product and service. They obviously have access to all the private APIs they want, a means of syncing, and a profitable store system already in place. While it might make sense, I don't see the iTunes store branching off into literature anytime soon but, if anyone could placate the publishing industries' concerns, it might be Steve Jobs.

While I hope ZappTeks service and client is the one, I have a feeling it's going to take a while before the correct eBook reader paired with the right service comes to market. In the mean time, I suppose we are stuck with the old fashioned way of reading.

Category: 苏州美甲

Minireview: MLB @ Bat for iPhone\/iPod touch

admin | | COMMENTS:Comments Closed

苏州美甲

The never-ending dilemma among many in the US is how to keep up to date with sports scores when away from the TV or radio. There are many solutions for many different platforms from many companies, but the most recent entry is Major League Baseball, which has produced MLB @ Bat for the iPhone OS. Let's take a look, shall we?

The UI is very well done. It is obvious that a lot of time went into the layout and look, and that the coders didn't design the user interface (thankfully.) It is attractive and functional and, for the most part, self explanatory. We will break the application into five main UI areas for our examination purposes: the Menu Bar, the Navigation Bar, the Primary Info Display, Secondary Info Display, and Footer.

Menu Bar: It may seem like a no-brainer, but it hasn't proven to be one for all iPhone developers thus far: the menu bar is an essential part of the UI. The reasons are twofold. Many people use their mobile device as a timepiece; if you are in an application and the clock isn't there, you run the risk of missing an engagement. The other reason that no menu bar is a bad thing is the importance of the battery indicator. It isn't good to find upon quitting an application that your iPhone has 1/8 of its charge left, and you still have 5 hours before you will next come in contact with a power supply. Luckily for users of MLB @ Bat, the UI doesn't suffer from this design faux pas.

Navigation: With MLB @ Bat, you are privy to information regarding three days of games: the last day with games before the present, today, and the next day with games. You can navigate through these days using two methods. The first involves clicking the forward or back arrow in the navigation section of the UI. The second way to navigate through the days is with a simple horizontal swipe of the fingers. While it is nice to have more than just the current day's scores, it would be nicer to have a week either way, or better yet, the entire season.

Primary Info Window: For anyone who thinks a pleasant scrolling experience is impossible on the iPhone's hardware, this application is a shining example of how wrong you are. Scrolling through a long list of games, done by a vertical swipe of the finger, is like butter. I can't emphasize this enough—there are no stalls or hiccups. I don't know the reason for this, but the issues other applications have just aren't there. Major League Baseball, or the company they contracted with, should be commended for this.

In the primary info section of the UI, you have a list of games with each team’s logo, their name (no city/state/district/province), the score, the inning, and a video camera icon that brings you to in-game highlights. The active game is highlighted with a blue gradient. Everything looks great, and the whole section is very well executed. Unfortunately, you can't sort the list or filter out the National League games.

When the aforementioned video icon is activated, the user is brought to a list of video highlights, all labeled "Top Plays" and averaging under one minute. These are the potentially game-changing plays thus far in the game. Clips are added throughout the game, so you don't need to wait until the end of the contest to view highlights. On a WiFi connection, the clips load almost instantaneously—I was very impressed and very pleased. Watching the video will be old hat for most users, as the movie player's UI is identical to the YouTube app. Once you view a video, it is marked as viewed by the absence of a blue dot next to the name, much like in Mail.app. My only qualm with the video section is that the application doesn't remember whether you prefer to watch the videos stretched into wide screen or not.

That fuzzy blur is JD Drew.

Secondary Info Window: This section is where you access specific information relevant to your selected game. Here, you will find the box score along with pitcher (win/loss record and season ERA) and batter (hits/plate appearances and season batting average) information. You will also find the current ball strike count, number of outs, and a visual representation of the bases, with base runners indicated by a red cube. This information is updated automatically approximately once a minute. While it won't be in sync with the game on TV or radio, it does a decent job of keeping you updated. While some users might wish to update more often than once a minute, the app doesn't allow them to, presumably for the sake of battery life.

At a glance, this looks likely to be all the information the app makes available for any given game. The lack of additional details has produced many complaints on the iTunes Application Store; however, if you click on the icon that looks like a globe, you will find a plethora of additional information. While more information is good, having the application launch Safari to get it is not, and that's exactly what happens; MLB's wireless page for that particular game is opened.

It would have been nice if this information could have just been formatted for the app and displayed on the back side of the Primary Info Window in a Webkit view, but that probably would have added memory and performance issues associated with mobile Safari. The page that's loaded, depending on current state of the game (final vs. ongoing), shows a large amount of information, including pitch location to the current batter, play-by-play and more. An added bonus, which makes us wish this information was available in the app, is the ability to turn off auto-updating or set updating to 15- or 30-second intervals. The biggest flaw to this system is that, once you exit the application for Safari, it quits—you have to launch the application again because of the lack of background processes.

Footer: The footer is inarguably the least important aspect of the application. Here, we have the MLB.com logo, which, when touched, brings you to the legal statements you have come to expect from professional sports leagues. The footer also provides the page indicator that shows which day of games you are on, and the important part of the footer, the last updated time.

The bottom line is that this application is very well done. It performs well, the stability is about as good as you can ask for on this platform at this time, and the UI is a pleasure to use. While it does have some minor issues, that doesn't stop me from recommending it for any baseball fan, especially since it's only $4.99. If you are cheap and are looking for an alternative, I recommend SportsTap, which is free, but ad-supported and lacks the polished UI.

Application: MLB.com at Bat (App Store Link)
Publisher: Major League Baseball
Price: $4.99 for remainder of the regular season, playoffs, and World Series

Category: 苏州美甲