Random Error

I’m talking about Socks PROXY and not my/your foot socks . Socks is a layer 5 proxy and can “route” your packets (TCP and UDP) through other host(server). Usually you need to install a Socks proxy somewhere on a server, but if you have a openSSH server somewhere then you can use ssh as Socks Proxy. SSH clients know proxy? Yes! openSSH Client (Linux) and even putty (Windows) know Socks proxy.

For Linux, connect with ssh client to the server with -D option

$ ssh root@host -D 12345

and in your localhost port 12345 you will have an socks proxy. New version of openSSH also know address binding. That means, if you have multiple interfaces in your computer, then you can specify on what interface your socks should bind.

$ ssh root@host -D 10.0.0.1:12345

Under Windows you can use putty. Configure a normal session. On Tunnel (expand SSH tree if is not already) menu just check Dynamic (normally is Local) and write the port on source port and on destination hostname:port. Press Add and it should appear under “forwarded ports”.

Now you can enjoy your SOCKS proxy.

Microsoft launched Microsoft Security Essentials (code name MORRO) which is a free real-time antivirus. It seems MSE is just another antivirus against viruses, spam, spyware, and other malicious software without any other feature. On Vincent Bellet MSDN blog I found a very interesting information:

Now, we offer a free, reliable with no performance impact product for your PC!

I’m very interested how good is an antivirus with no performance impact on a computer … I think you cannot cut from performance impact without removing from antivirus features …

Anyway, Vincent Bellet, is also talking about Avast:

… even if Avast is quite good, not free antivirus often a huge program with performance impact….

I really want to see a comparison between MSE and Avast Home edition.

You will find more about MSE here: http://www.microsoft.com/security_essentials/

Memcpy is the fastest way to copy one chunk of memory to another. But right now Microsoft is banning memcpy function from their products. memcpy over the years was responsable for a lot of security problems in Microsoft products, but the main problem of this function was the programmer. The approach of this function was to provide us a very fast way to copy a chunk of memory to another and it succeed over the years, but passing bad variables to it is the programmer fault not the function itself.

I was just curious how many times memcpy appears in linux kernel source (2.6.29.4) code and I just run following command to find out

find . -name *.[hcS] -not -regex ‘\./\.git.*’ | xargs cat | grep memcpy | wc -l

And the result was
12092

A lot of possible bugs … then why Linus doesn’t ban this function from the Linux kernel?

Beside that Microsoft also ban : RtlCopyMemory, CopyMemory.

From msdn site: http://blogs.msdn.com/sdl/archive/2009/05/14/please-join-me-in-welcoming-memcpy-to-the-sdl-rogues-gallery.aspx

Now developers who want to be SDL compliant will should replace memcpy() functions with memcpy_s, that takes an additional parameter defining the size of the destination buffer. But my Question is: what if happens if all parametres are wrong ? You can only check the consistency of 2 arguments … and memcpy_s it seems is 3 times slower.

In the article from msdn site posted by sdl we have some hints how to write our code SDL compliant.
Add

#pragma deprecated (memcpy, RtlCopyMemory, CopyMemory)

in your header files and at compile time you should see something like

warning C4995: ‘memcpy’: name was marked as #pragma deprecated

Also you can ban this on GCC compilers in this way:

#pragma GCC poison memcpy RtlCopyMemory CopyMemory

Happy Coding !

Latest updated is recommended for Mac OS X 10.5 Leopard and includes general operating system fixes that enhance the stability, compatibility and security of your Mac and also is coming with new features.

The most notable features and fixes are:
* Latest security fixes.
* Additional RAW image support for several third-party cameras.
* Improves the reliability and accuracy of Unit Converter, Stocks, Weather and Movies Dashboard widgets.
* Addresses a situation that may cause issues when logging into Gmail.
* Improves performance of video playback and cursor movements for recent Macs with NVIDIA graphics.
* Fix an issue with Dvorak keyboard layout in Mac OS X 10.5.6.
* Improves reliability when syncing contacts with Yahoo!.
* Improves stability for network home directories hosted by Mac OS X Server v10.4.
* Improves Finder search results for network volumes that may not support Spotlight searching, such as Mac OS X Server v10.4, Time Capsule, and third-party AFP servers.
* Several improvements to Directory Service and Client Management.
* Expansion Slot Utility for Mac Pro now reports the correct PCIe slot configuration.
* Improves network performance when connected to certain Ethernet switches that have Flow Control enabled.
* Fix an issue in which time limits may not work properly with full-screen games and Fast User Switching.
* Improves consistency with Parental Controls and application restrictions.
* Includes other printing reliability and stability improvements.

Adobe products are starting to look like Microsoft products, full of bugs. A new exploit of Adobe Reader hits the internet. The exploit is a remote one and it is working through JavaScript feature of Adobe Reader. Adobe indicates that fixes will be available by May 12, 2009. Acrobat Reader from 8.1.4 to 9.1 for Linux are vulnerable to this remote exploit. To avoid any problem, disable Acrobat JavaScript from Adobe Reader preferences. More informations you can find on Securityfocus site.