Base64 Encoded Images Embedded in HTML I’ve been playing around with embedding images directly in HTML documents. The main driver for this is the huge load and bandwidth suck that BritBlog experiences as a result of most our members linking directly to our little icons. (Don’t get me wrong; it’s great that so many of our members help to promote us, I just wish a few more folk could host their own icons!) You may have noticed that that Internet Explorer can save web pages (images and all) as one file. This seems to be MIME-encoded (like HTML email) with boundaries, which is fine for standalone documents, but no good for me if I want to embed an image directly in an ordinary HTML file. So after hunting around a bit I came across an alternative technique, that still uses base64 encoding. Anyhow, it’s an interesting technique, so I thought I’d share it here. This is roughly what it produces: Depending on your web browser, you will either see a broken image, or a nice little BritBlog icon!
Practical Firewall Security Abstract This document summarizes important facts about modern firewall features with a strong focus on the Cisco Adaptive Security Appliance (ASA). This is not a tutorial. The reader should already be familiar with security fundamentals. Besides theory, practial issues are exemplified on the basis of Cisco firewall products. 8.1 Avoid Identity NAT Also known as NAT zero or NAT exeption. If combined with an ACL (as usual) such as: nat (inside) 0 access-list 101 then any host on a lower security level interface can establish a connection to an inside host matched by this ACL. Note that when using nat (inside) 0 0.0.0.0 0.0.0.0 an outside host can only reach an inside host when an outbound connection exists. 8.2 Track your ISP next hops Especially when you have redundant ISP connections use the track option with the route command to enable periodic reachability tests via ICMP echo requests. Here is the general configuration: (config)# sla monitor 7 !!! Also a DHCP learned route can be tracked:
LEARNING TO EXPECT THE UNEXPECTED The 9/11 commission has drawn more attention for the testimony it has gathered than for the purpose it has set for itself. Today the commission will hear from Condoleezza Rice, national security adviser to President Bush, and her account of the administration's policies before Sept. 11 is likely to differ from that of Richard Clarke, the president's former counterterrorism chief, in most particulars except one: it will be disputed. There is more than politics at work here, although politics explains a lot. It sounds uncontroversial, reasonable, even admirable, yet it contains at least three flaws that are common to most such inquiries into past events. A black swan is an outlier, an event that lies beyond the realm of normal expectations. Black swans can have extreme effects: just a few explain almost everything, from the success of some ideas and religions to events in our personal lives. All of which brings us to the 9/11 commission. Yet infinite vigilance is not possible.
Introduction à NuFW » UNIX Garden Retrouvez cet article dans : Misc 18 Faisant suite aux évolutions récentes des systèmes pare-feu, le logiciel NuFW est une solution de filtrage IP authentifiée pour GNU/Linux, élaborée au-dessus de Netfilter et disponible sous licence GPL. Cet article présente tout d'abord les principes de fonctionnement de NuFW, ainsi que ses apports : meilleure implémentation des politiques de sécurité, solution multiprotocole d'authentification unique, qualité de service par utilisateur. Une deuxième partie est consacrée à l'implémentation proprement dite ainsi qu'à sa configuration. Les techniques de filtrage IP ont grandement évolué au cours de la dernière décennie. Un bench de performances a été réalisé, dont voici un bref résumé. Nous constatons donc que dans un schéma proche de l'attaque de type denial of service, NuFW se comporte très bien. Au-delà d'une extension sécurisée des règles de filtrage à la notion d'utilisateur, NuFW apporte un certain nombre de fonctionnalités intéressantes. $ .
The Michel Thomas Method - The Natural Way to Learn a New Language Basic Iptables - Debian/RedHat Summary You can find an easier to read version here: 5dollarwhitebox.org Alot of people are freaked out by IPTables and find it hard to understand. However, once you get the grasp of it the basics are easy. The System Debian Sarge 3.1 Vanilla 2.6.12.4 kernel from mirrors.kernel.org iptables administration utility version 1.2.11-10 Preparation This How-To is performed on a Debian Sarge 3.1 box, though the commands and syntax should work for any linux distro. You should have a config file from when the kernel was compiled. # cat /boot/config-2.4.30 | grep -i "CONFIG_IP_NF" This isn't all that necessary, since you'll find out real quick whether iptables works or not once we try to add some rules. You can check whether you have the iptables administration utility installed by executing: # dpkg -l iptablesiptables 1.2.11-10 Linux kernel 2.4+ iptables administration to ...or for rpm based distro: # rpm -qa | grep iptablesiptables-xxxxx ...or you can just see if the binary is there! The Main Files Debian
Bram Cohen citations - CiteSeerX Incentives Build Robustness in BitTorrent by Bram Cohen , 2003 "... is to make Bram Cohenbram@(email omitted); May 22, 2003 1 each peer’s download rate be proportional ..." Abstract - Cited by 770 (1 self) - Add to MetaCart The BitTorrent file distribution system uses tit-for-tat as a method of seeking pareto efficiency. Noise strategies for improving local search by Bart Selman, Henry A. "... for Improving Local Search Bart Selman, Henry A. Abstract - Cited by 360 (8 self) - Add to MetaCart It has recently been shown that local search issurprisingly good at nding satisfying assignments for certain computationally hard classes of CNF formulas. Local Search Strategies for Satisfiability Testing by Bart Selman, Henry Kautz, Bram Cohen - DIMACS SERIES IN DISCRETE MATHEMATICS AND THEORETICAL COMPUTER SCIENCE , 1995 "... Abstract - Cited by 270 (25 self) - Add to MetaCart Rarest first and choke algorithms are enough by Arnaud Legout, G. "... Abstract - Cited by 100 (16 self) - Add to MetaCart "... .
Ch14 : Linux Firewalls Using iptables Network security is a primary consideration in any decision to host a website as the threats are becoming more widespread and persistent every day. One means of providing additional protection is to invest in a firewall. Though prices are always falling, in some cases you may be able to create a comparable unit using the Linux iptables package on an existing server for little or no additional expenditure. This chapter shows how to convert a Linux server into: A firewall while simultaneously being your home website's mail, web and DNS server. Creating an iptables firewall script requires many steps, but with the aid of the sample tutorials, you should be able to complete a configuration relatively quickly. Originally, the most popular firewall/NAT package running on Linux was ipchains, but it had a number of shortcomings. Better integration with the Linux kernel with the capability of loading iptables-specific kernel modules designed for improved speed and reliability. In this example:
Console productivity hack: Discover the frequent More resources The best book I know of for console hacks is Linux Server Hacks: 100 Industrial-Strength Tips and Tools. It's loaded with fiendishly creative scripts and shortcuts. (Almost all of the hacks apply to any Unix-derived OS, including Mac OS X.) It turns out that my colleague Eric Eide did a masters thesis on an adaptive interface to a Unix shell, Valet. Valet uses a mixture of system knowledge and heuristics to "detect and correct the kinds of mistakes that experienced users make most frequently: typographical errors, file location errors, and minor syntactic errors." Logging and mining console activity Before you can exploit the principle of frequency, you need an unbiased record of what it is that you do most frequently. Fortunately, shells like bash already have some of that data in the form of the history command. You should periodically examine your frequently used commands, and find ways to execute them quickly. For example: Logging directories to MySQL The cdto script
tc/solrsan - GitHub On API Design Guidelines Posted by F 19/11/2006 at 22h31 Update: Good news! Jaroslav Toulash emailed me that he published a book on Practical API Design !!! Looks like Brian McAllister may be preparing a talk on Designing Elegant APIs. I've been very interested in good API design for a long time. But I could never find a single book on the subject. I reviewed "Interface Oriented Programming" a few months back with disappointment. Over time, I collected some links on the subject and shared some with Brian: Best Practices in Javascript Library Design (via John Resig on JavaScript API Design) - A good presentation given by the author of JQuery.API: Design Matters - Article by Michi Henning, ZeroC, for ACM Queue magazine.How to Design a Good API and Why it Matters - Excellent deck from Joshua Bloch. So, let's hope Brian gives his talk at a big conference, signs a contract with a big publisher and fills the void. Use the following link to trackback from your own site: