Archive for the School Category

Real Simple Sindication (RSS) What’s it all about?

Posted in School with tags , , on March 31, 2010 by Lance Strzok

The story I usually tell when it comes to explaining Real Simple Syndication (RSS) is about me as a younger man in my early days as a sailor. I had a PO box for an address, and seems like it rains every afternoon when I got out of school in Orlando Florida. So off I went in the hopes of finding a letter in the mail from family or friends when low and behold, when I got there, all I saw was the back of the box. (Shaking it did not yield any better results). So off to my room in my now wet clothes I went.

What does it have to do with RSS you ask? Well, what if my PO box sent me an email that told me first of all that I had some mail in my box, and secondly, it game me a link to that letter? Nice eh, now I would not have to go to the PO box anymore, it would tell me when I had something, and give me a link to the content that is in the letter. Now I don’t even need to go there anymore.

So RSS is really just a signal that you get when you get new information that breaks some threshold that you define.

How do you use this great idea? Well you just go to the sites you normally go too, and if they syndicate (share or post information via RSS) then you can look for the familiar orange looking symbol or anything that says RSS or feeds and sign up for notification of their content. Some allow you to refine the search, or just receive all new posts. Take for example this blog. You can subscribe to my new posts, or new comments to this post. From now on you will know when I write something new, or when someone comments on something I have written.

As for RSS readers, some email clients have RSS capabilities, and some browsers do as well, but I like Feedreader 3 myself. It is a great tool for collecting your subscriptions and getting to the new content. If you want a web based one, I have not found one that even compares too Googlereader. It is my preferred way to ingest all the feeds I have as well as alerts I can set up with Google Alerts. This keeps me aware of all content that the Google indexer finds as it crawls the net that meets thresholds (or keywords) I set.

If you have comments or questions, please let me know. I would be happy to answer them for you or help you out.

52 sites and 52 different logins and passwords – Yuck!

Posted in School on January 22, 2009 by Lance Strzok

Testing out the following password managers below. Open to comments and suggestions please.

Roboform

LastPass (free)

KeePass

SuperGenPass

I am about to start testing, but if you have any other suggestions, please let me know.

My favorite software

Posted in School on January 21, 2009 by Lance Strzok

Some of my friends have asked what I would install if I purchased a computer tomorrow, and I thought I would put together a list of the software I would install. Please feel free to comment back with some of your suggestions.

My favorites are listed below.

7-zip

Glary Utilities

Fire Fox 3

Google Reader, gmail, desktop,  and most of their web based apps, just one account

Feed Reader 3

Open Office 3

Google Notebook and Microsoft One note

ManicTime

The Gimp or Paint.net

Twitterdeck

Pidgeon

Avira Antivirus

Picasa 3

Aduna Autofocus

Crap Cleaner

Jedit

Adobe reader 8

Let me know if you think I should have more here. Thanks.

Challenges to securing wireless LANs

Posted in School with tags , , , on December 1, 2008 by Lance Strzok

There are a great many security issues surrounding the use of wireless networks (WLANs). Although the use of wireless networks at home may be reasonably safe, WLANs in a business environment may be a more difficult decision considering the risks involved and the likelihood of people trying to exploit it. Some of the risks related to wireless security are: rogue access points, the use of unauthorized devices and denial of service attacks. These threats can undermine trust and security of the network and impact business. Many wireless networks use the IEEE 802.11 standard, and this standard has been shown to be weak and in need of improvement. A comprehensive and thurough approach will need to be used if the security of your business network is a great concern to you.

Planning of the wireless network will need to be addressed in the requirements for the network. What kind of information and users will be on the network, and what resources will be linked to that network. These requirements will help in determining the required amount of security. If you want to offer wifi as a service to clients, that is a totally different security setup from if you are conducting business and sales on your network.

Some good practices to consider will also include the position and strength of transmitting access points. Where you place these devices will have an impact on “parking lot hackers”. You will want to research current wireless suppliers for updated technologies, and keep track of firmware and software updates to your equipment. You should also configure your network settings with great care and understand each setting as well as the impact it has on your network. Upon setting up your configuration, always change the default configurations to other names immediately.  The default system names are usually a dead give away to the equipment in use and is a starting point for attackers. Additionally, you may want to have a list of MAC addresses for all the equipment that is going to be allowed to access the network, this is MAC address filtering and it only allows access by machines that have proper MAC addresses. A note of caution on this is that there are programs that can detect and copy MAC addresses and this feature makes it less convenient to attack. Enabeling encryption will also be something that needs to be considered if you are going to use the wireless network for business or banking. Business and homeowners with wifi networks should consider moving to WPA2 compatible devices as soon as possible if they want to have secure networks. The original WEP encryption standards have identifiable weaknesses that have been written about and are routinely exploited with easily accessable tools. For those businesses that wish to have empoyees access their work from home, consider using virtual private networks (VPNs).

There is a great deal more on this issue, and your network security specialists will need to stay aware of and on top of changes in these areas to ensure network security and the vitality of your business or personal home network needs.


Ref:

http://www.wardrive.net

Processors of the future

Posted in School with tags , , , , on November 11, 2008 by Lance Strzok

Processors of the Future

Considering the speed of light and the path length that data has to move as the limiting factors on moving bits around within any component between various components our goal will have to be to minimize the path lengths on each of them in relation to how often data is required to be used from these devices. Anticipating the need for data and moving data that is needed more often closer to a cpu or registers. No matter what the medium; fiber, metal, laser, or magnetic.

Next consider the clocking speed limitations. If they are dependent on the rise and decay time of capacitors, then we will have to remove capacitor technology and find a faster way of changing states of bits. This will have to be considered along with the path length issue to make sure that one is able to keep pace with the other. Clocking before the data gets to the processor or ALU would obviously cause problems, and would be the limiting factor in this case.

Software will have to change in order to fully utilize some features of future processors. Maybe there will be a way to do this on the fly (convert current software execution with one CPU to a parallel system that would allow other CPUs to process the instructions in parallel – faster). Be able to reconfigure the CPU for optimal execution of the software being used at the time.

Another gain to be had would be in the word sizes increasing in length, and with them, the busses and ALUs as well as memory address lengths that work with the data. But this could have software issues as well. Software not able to utilize these features would have to use another processor to convert the instructions to parallel then have the other CPUs execute the parallel instructions.

We will likely see hard drives continue to move to solid state hard drives which will improve access speeds greatly, and for all of the devices, lower power consumption (going green). Using technology that allows reliable state changes with less then 1 volt.

Maximize L1 and L2 caching by physically locating the fastest type of memory equidistant from the CPU (likely a circle or block around the CPU.

Each of the fundamental components (ram, rom, path medium, transistors, etc…) will continue to be explored in terms of materials that may increase speed, reduce power, not harm the environment when disposed of, be cheaper to manufacture, last longer, and be more reliable.

Implement some kind of executive function over the CPUs that would monitor and reconfigure the CPUs on the fly to maximize execution of the task at hand.

With all these considerations in mind, we will have incredibly fast, low power, environmentally friendly, reconfigurable CPUs that can work wonderfully as stand alone computers or be networked with other idle machines in the house or business to work on other problems when not fully utilized by the user.

Related article: http://computer.howstuffworks.com/microprocessor.htm

Social Engineering

Posted in School with tags , , on November 2, 2008 by Lance Strzok

Social Engineering

1. What are the different kinds of social engineering schemes? Describe at least three different types.

A) IVR- The use of Interactive Voice Response systems or systems that sound like them to get customers to give up their information to the IVR or get forwarded to a customer service person (bad guy) who will try to resolve your problems for you when the IVR appears to fail.

B) Baiting- Leaving a disk or thumbdrive with juicy title on it inside or near the targeted company that when inserted into a machine on the network likely enables the hacker access to the network or causes damage to the network security.

C) Quid Pro Quo- An attacker calls random numbers in a company posing as an IT support person and offers to help solve a problem for a user and requires information from the user to help them. May be started by causing problems with the network to begin with, followed up with the calls to the users.

2. How prevalent are social engineering schemes such as phishing? Are the rates of such attacks growing or diminishing?

It appears that the frequency of phishing is increasing and that there are some efforts for finding and dealing with phishing problems. An example of one of these efforts is discussed at the URL below.

http://www.cio.com/article/143952/Microsoft_Plays_Detective_to_Determine_Phishing_Frequency

3. List the necessary steps you should take to ensure you do not become a victim.

Use a firewall, use phishing filters, don’t use media you don’t know anything about, scan media before use, be aware of schemes and don’t give out information.

4. List several key organizations that can help if you are a victim of this type.

http://www.usdoj.gov/criminal/fraud/websites/idtheft.html

http://www.fbi.gov/

http://www.fdic.gov/consumers/consumer/news/cnfall97/wallet.html

http://www.treas.gov/usss/

Open – Source Pros and Cons

Posted in School with tags , on October 13, 2008 by Lance Strzok

Open-Source Pros and Cons

Other advantages of Open-source code are low costs, potential engagement of many great minds on one topic to make it as good as it can be, efficient, or standardizing the interface. Responsive to changes was already mentioned, as well as a great way for new programmers to learn good practices in code development.

Disadvantages to open-source code may be primarily in support. If you imagine for a moment that a piece of source code was developed by me at home in my freetime, then you could imagine that if I were busy, or not able to spare the time, the support for bug fix’s may be low, and since there is no money driving my time on that project, then I may have to put it off, or not even get to it. Then the only hope is that someone else looks at the code and picks it up where I left off. Also, since I wrote it, then it is limited to my experience as a coder, not a team of well paid, experienced, and dedicated effort group that continually use good programming techniques. Standardization may be an issue as well. Could be difficult to maintain a standard if different people are writing to the same code.

I think that Microsoft and others that maintain proprietary restrictions on their code do so because they need to be able to get a return on their programming efforts to support new efforts as well as control the code so that they can provide robust and timely support to known software instances.

The disadvantages to maintaining proprietary code would be that it is costly, potentially slow depending on demand, and may not benefit from the great minds that are out there that may otherwise bring some improvements to their software if they were allowed to view and improve it.

See http://en.wikipedia.org/wiki/Comparison_of_open_source_and_closed_source for more on this topic.