Older blog entries for sness (starting at number 4866)

Zero-Day Java Exploit Debuts in Crimeware — Krebs on Security

Zero-Day Java Exploit Debuts in Crimeware — Krebs on Security: "The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java."

'via Blog this'

Syndicated 2013-01-11 18:51:00 from sness

Critical Java zero-day bug is being “massively exploited in the wild” (Updated) | Ars Technica

Critical Java zero-day bug is being “massively exploited in the wild” (Updated) | Ars Technica: "Attack code that exploits vulnerability in Java's browser plugin has been added to the Blackhole, Cool, Nuclear Pack, and Redkit exploit kits, according to the Malware Don't Need Coffee blog, prompting its author to say that the bug is being "massively exploited in the wild." Miscreants use these products to turn compromised websites into platforms for silently installing keyloggers and other types of malicious software on the computers of unsuspecting visitors. KrebsOnSecurity reporter Brian Krebs said the curators of both Blackhole and Nuclear Pack have taken to the underweb to boast of the addition to their wares. It's not yet clear how many websites have been outfitted with the exploits."

'via Blog this'

Syndicated 2013-01-11 18:50:00 from sness

It's A Heisenbug! | Dr Dobb's

It's A Heisenbug! | Dr Dobb's: "Bugs of this kind are often called Heisenbugs, after Werner Heisenberg. Heisenberg is best known for the uncertainty principle, which says (for example) that it is possible to determine the position or momentum of a particle accurately, but not both at the same time. As a result, the term has come to denote a bug that stems from uncertainty about the order in which two parts of a program are executed. Such bugs can be the most difficult of all to find."

'via Blog this'

Syndicated 2013-01-11 18:49:00 from sness

The Joy of Tech comic... because somebody has to make fun of our new computer overlords.

The Joy of Tech comic... because somebody has to make fun of our new computer overlords.:

Syndicated 2013-01-11 18:44:00 from sness

Developing Backbone.js Applications -

Developing Backbone.js Applications -: "Welcome to my (in-progress) book about the Backbone.js library for structuring JavaScript applications. It’s released under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported license meaning you can both grab a copy of the book for free or help to further improve it.

"

'via Blog this'

Syndicated 2013-01-11 18:42:00 from sness

How our users exploited concurrency and how we fixed it - Evil Trout's Blog

How our users exploited concurrency and how we fixed it - Evil Trout's Blog: "Fortunately, I soon found an easy solution: let the database handle the concurrency. Much smarter developers than me have put in thousands of hours of work into databases to make sure they hold up under concurrent situations such as these. All I’d have to do is leverage their hard work.

Here’s the solution I came up with:

Player.transaction do

# Update completed attribute to true, but only when it's currently false
row_count = Goal.update_all "completed = true", ["player_id = ? AND completed = false", player.id]

# update the player score only if completed changed in the database
if row_count == 1
player.increment!(:score, goal.score)
end

end
The key to the above solution is that your RDBMS will return a count of how many rows it changes when you execute an UPDATE. Only one request will receive a row count of 1 back. All others will receive 0 and will execute nothing. It just works!

"

'via Blog this'

Syndicated 2013-01-11 18:21:00 from sness

Damien Katz: The Unreasonable Effectiveness of C

Damien Katz: The Unreasonable Effectiveness of C: "C is the total package. It is the only language that's highly productive, extremely fast, has great tooling everywhere, a large community, a highly professional culture, and is truly honest about its tradeoffs."

'via Blog this'

Syndicated 2013-01-11 18:21:00 from sness

How our users exploited concurrency and how we fixed it - Evil Trout's Blog

How our users exploited concurrency and how we fixed it - Evil Trout's Blog: "# Keep everything in a database transaction
Player.transaction do

# Find the player's current goal
goal = player.goal

# Make sure we don't reward goals that have been already been completed
unless goal.completed?
goal.update_column :completed, true
player.increment!(:score, goal.score)
end

end
After much headdesking, I eventually discovered that the above code is not safe under concurrency."

'via Blog this'

Syndicated 2013-01-11 18:20:00 from sness

Safari is released to the world

Safari is released to the world: "It was KHTML. Specifically KHTML and KJS — the code inside KDE’s Konqueror Web browser on Linux. After the keynote was over, I sent this email to the KDE team to thank them and introduce ourselves. I did it right from where I was sitting too, once they turned the WiFi back on."

'via Blog this'

Syndicated 2013-01-11 18:16:00 from sness

4857 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!