Saturday, March 24, 2007
We celebrated today (this is the third time in the last 2-3 weeks: first time was at my parents' home, second time in the kindergarden and this is the third) Aviv's 6th birthday, by inviting over to our house family members.
Here's a birthday cake with a soccer theme.
Friday, March 23, 2007
I spent this morning with my mother and my youngest son, Nir, at the national park in Ramat-Gan. We went there due to a gathering of participants of Tapuz's gardening forum.
Here's my post with many pictures, at the forum: http://www.tapuz.co.il/tapuzforum/main/Viewmsg.asp?forum=465&msgid=95914106
Thursday, March 22, 2007
Let's see when the patent committee discusses the idea.
This was confirmed and the relevant standard text was quoted by repliers.
See: [link to post is not yet available in the online archives]
Wednesday, March 21, 2007
I gradually find more bloggers that I enjoy reading and I like it!
I started to do daily reads on XML technology, math, science, open source software, linguistics, data mining and other interesting things.
Tuesday, March 20, 2007
Monday, March 19, 2007
Sunday, March 18, 2007
There are new pictures on the kids available on the gallery at http://yeda.cs.technion.ac.il/~yona/aviv/index.html
Here are some previews:
Nir with his great grandmother (Michal's grandmother), Sabina.
Sivan devouring some olives.
Aviv just before his celebration of his 6th birthday party at his kindergarden with his teacher, Sara.
Saturday, March 17, 2007
Too many metaphors for my taste. Also, too many repetitions on information that was already mentioned in previous pages.
The book gave me a nice overview of the last two centuries viewed through the linking thread "The Riemann Hypothesis", introduces some interesting problems, some of which I learned in my undergraduate studies, and some were new to me. I liked the list of references for "extra reading" given by the author.
Nice book, too much of a "novel" for my taste. I like my math formal and my history with more facts than metaphors, but I'm not sure that my taste is the kind that makes books like this sell... :-)
Bottom line: nice read. I read it in a weekend and the Hebrew version (with a very good, in my opinion, translation by Uriel Givon, who added some extra information in the footnotes).
Saturday, March 10, 2007
The implementation uses a (patent pending) technology to achieve high-speed encoding form conversion several times faster than typical industry standard iconv implementations.
Friday, March 9, 2007
DRY means: Don't Repeat Yourself. The idea is to keep a single authoritative and unambiguous representation of an information item in your system. This way, even if you end up having several copies of the same data, possibly in different representations, you should be able to generate them all from that single authoritative and unambiguous representation. Code reuse is a good example of this principle. The principle doesn't only apply to code, but also to documentation, build process, schemas, etc.
Shy means: de-coupling. The authors describe four types of coupling:
- static -- one thing requires another thing in order to compile. This is not a bad thing as long as you use what you need and avoid things you don't need. Don't carry excess baggage.
- dynamic -- when one piece of code requires another one at runtime in order to perform a task. This becomes a problem when you find yourself using a daisy-chain of calls to different pieces of code instead of direct communication between the parties involved.
- domain -- when your domain expertise becomes part of the code. This is not bad as long as the domain information doesn't change much, but becomes a serious problem when it does. Representing the domain information as meta-data and processing it using a rule engine will usually save the day.
- temporal -- when the coupling has time dependency. Think about avoiding time dependencies where they are not necessary.
I really recommend reading that short paper. It is offering quite good advice.
For example, the code to add to my website at http://yeda.cs.technion.ac.il/~yona/ is as follows:
<iframe src='http://cw.gabbly.com/gabbly/cw.jsp?e=1&t=http://yeda.cs.technion.ac.il/~yona/' scrolling='no' style='width:300px; height:250px' frameborder='0'></iframe>
Of course, you'll need to register with them, i.e., give them a username a password and an email address, which they validate using a link they email you and expect you to click in order to invoke the account.
You can also initiate a chatter on any website from their site simply by entering a URL into a form and clicking submit.
Another nice thing I saw was an ability to get an RSS feed from a chatter box. I couldn't think of a use for this -- but it does look like a "cool" feature.
Thursday, March 8, 2007
The conclusions and future work is listed below:
Web applications present a very high risk, and an attractive target to attackers for the following reasons: Firstly, the quality of the code is often rather poor and many vulnerabilities of commonly used code are published. Second, attacks can often be performed using PHP and shell scripts, which are much easier to develop and use than buffer-overflow exploits. Thirdly, tools such as search engines provide a very easy way for attackers to locate vulnerable web applications. We believe that web servers present relatively high-value targets for attackers since they are more likely to have higher bandwidth connections than the average desktop computer. They will also typically need to access the organisation's databases and so may provide a stepping stone for an attacker who wishes to recover such data.
Although significant effort is being made to improve code quality in many web applications, the volume of existing code, and the amount of new code being written are causing the number of vulnerabilities being reported to remain quite high. (For example, the number one cross-platform vulnerability listed in the SANS Top 20 Survey is web applications.) Since the other factors - public availability, easy exploitation and web applications being easy to locate via search engines - are not likely to change significantly, we can expect to see these trends carrying on into the future.
In order to acquire a greater amount of information the deployment process will be stream-lined. Therefore we plan to develop a live CD or an easy-to-install VMware image of our honeypots. Further, the level of detail of the emulation performed by our honeypots will be increased to improve the realism of the simulation and more accurately mimic a genuinely vulnerable web application. These improvements will enable us to observe a wider range of attack patterns and threats that are launched against today's web applications. Finally it would be very interesting to monitor bogus web spiders. This could be done by setting up a new honeypot that denotes its web pages as not-to-be indexed and logs any access to them.
Wednesday, March 7, 2007
Sunday, March 4, 2007
I am thinking about dedicating this meeting to fuzz testing and fuzzers
Hopefully, I can solicit Ran Eilam and Yuval Yaari to talk about them...
Let's see how things work out.
Here's the post on israel.pm: http://perl.org.il/pipermail/perl/2007-March/008492.html
Saturday, March 3, 2007
We took the kids today to Ra'anana's park where we met some friends.
A new batch of photos is available at http://yeda.cs.technion.ac.il/~yona/aviv/index.html
which adds a new section at http://yeda.cs.technion.ac.il/~yona/aviv/2007/3.2007/index.html
We saw a swan, the kids played soccer, we sailed in the "lake's ship" and had some ice cream.
It might be that people think that they are more knowledgeable than they actually are.
I don't know.
I met people who claim to be proficient in algorithms, but cannot describe a sorting algorithm. I met people who claim to be proficient in some programming language, but as soon as you present a simple task to be performed in that programming language it turns out that they actually were only participating in a course where that language was used and don't have any real understanding or proficient of it.
What do these people think? Do they really think that their lies will not be exposed? Even if they fool me and others in the interview, don't they think what will happen when they actually start working and be expected to perform?!
Sivan dressed up as Snow White.
Aviv dressed up as a Pirate. He was really happy that it included a sword.
The kids were excited from the chance of dressing up in colorful costumes and looked forward to meeting their friends at the kindergarden. Just before we took them to the kindergarden, we took some pictures of them together.
You can see the kids with their Purim outfits.
See: http://yeda.cs.technion.ac.il/~yona/aviv/index.html and the March section: http://yeda.cs.technion.ac.il/~yona/aviv/2007/3.2007/index.html