When you visit my website, I can automatically and silently determine if you’re logged into Facebook, Twitter, GMail and Digg. There are almost certainly thousands of other sites with this issue too, but I picked a few vulnerable well known ones to get your attention. You may not care that I can tell you’re logged into GMail, but would you care if I could tell you’re logged into one or more porn or warez sites? Perhaps http://oppressive-regime.example.org/ would like to collect a list of their users who are logged into http://controversial-website.example.com/?
Ignoring the privacy implications for a second, as a website developer, you might like to know if your visitors are logged into GMail; you could use that information to automatically fill the email fields in your forms with “@gmail.com”… Perhaps you might want to make your Facebook “like” buttons more prominent if you can tell your visitor is logged into Facebook at the moment? Here’s how I achieve this:
Itâ€™s far easier to stay out of trouble than to get out of trouble.
UMP French Political Party got hacked & personal information leaked: “UMP French Political Party got hacked & personal information leaked The personal data of several political parliamentarians, ministers, Minister of UMP French Political Party employees were released online by an unknown source. The leak contain the details of Â Bernard Accoyer, Lionel Tardy, Jean Tiberi, Georges Tron, Christian Vanneste, Jean Luc Warsmann, Laurent Wauquiez, MichÃ¨le Alliot-Marie,
(Via THN : The Hacker News.)
The American Geophysical Union blog has a link up to a very interesting table, and I feel strongly enough about this topic that I want to share it with you. Itâ€™s a list of words scientists use when writing or otherwise communicating science, what the scientists mean when they use that word, and most importantly what the public hears.
[Click to enverbumnate.]
Iâ€™ll admit, when I read it I laughed. But then my chuckle dried up when I realized just how dead accurate this is. And the smile pretty much left my face when I read that this table is from an article called "Communicating the Science of Climate Change," by Richard C. J. Somerville and Susan Joy Hassol, from the October 2011 issue of Physics Today.
Yup. I think they have a pretty good point.
My career at the moment could pretty much be called "Science Communicator". I do it here on this blog, I do it on Blastr and in Discover magazine, and when I give talks. Before that (and I guess itâ€™s an occupation that never really leaves you) I was a professional scientist for many years. My training ran deep: 4 years undergrad, 6-7 in grad school, then a decade or so of research after that. I could toss around the phrase "Donâ€™t over-iterate the Lucy-Richardson deconvolution algorithm or else youâ€™ll amplify the noise and get spurious data spikes" with the best of â€˜em.
As a science writer, though, I canâ€™t use that! I have to say, "Cleaning up a digital image means using sophisticated mathematical techniques that can sometimes mess the image up and fool you into thinking somethingâ€™s there that really isnâ€™t."
I hope you can appreciate the difference.
So when I write, I try pretty hard to make the science topic accessible without "dumbing it down". I assume my reader is intelligent, but unfamiliar with the concepts I might be discussing. I try to define words if a reader might not know them, or link to someplace they can get more info if they need it.
But as that table shows, there are plenty of words I use all the time that someone else might know, and think means something else. And this is incredibly important, especially if a science writer â€” as happens more and more often these days â€” needs to defuse some sort of political spin thrust upon a topic. A classic example in the wholly-manufactured Climategate "controversy". A lot of hot air was generated over the use of the word "trick" in the stolen emails â€” which most people interpreted as meaning the scientists did something underhanded and sneaky to hide something important. In reality, we use that word to just mean a method of doing something thatâ€™s clever. Itâ€™s like saying, "The trick in never losing your car keys is to always hang them on a hook by the door that leads outside." See the difference?
But over that, political battles are won or lost.
There are times I fret over a word in a post. It took me a while to start using the word "denier" instead of "skeptic", for example, but the difference is important. Iâ€™ve fought for years to teach people that skepticism is not cynicism or denial; itâ€™s asking for and looking at evidence logically and rationally (in a nutshell). Whatâ€™s funny is that now the media uses phrases like "climate skeptic" when talking about some people who are not skeptics, in that they are not looking at the evidence logically and rationally. They look at evidence so they can figure out how to spin it, cast doubt in the mind of the public over something that is actually a fact.
Thatâ€™s why I call it "denial". The word fits, and I intend to continue using it when it does.
I could go on and on.
But hereâ€™s the point: communication isnâ€™t simply casting out information from atop a tower. There are two parts to it: presenting an idea to someone, and them understanding it. Sometimes we have to change the way we word things to make that second half happen. Otherwise weâ€™re shouting all the facts in the Universe to an empty room.
Tip oâ€™ the thesaurus to Joanne Manaster.
Artillery 0.1 alphaÂ – New tool for Linux Protection by ReL1K
A new Tool “Artillery” – for Linux Protection has been Released by ReL1K (Founder DerbyCon, Creator of the Social-Engineer Toolkit).Â Itâ€™s written in Python and completely open-source.Â Artillery is a combination of a honeypot, file monitoring and integrity, alerting, and brute force prevention tool. Itâ€™s extremely light weight, has
IfÂ you can start the day without caffeine,
If youÂ can always be cheerful, ignoring aches and pains,
IfÂ you can resist complaining andÂ boring people with your troubles,
IfÂ you can eat the same food everyÂ dayÂ and be grateful for it,
IfÂ you can understand when your lovedÂ ones are too busy to give you any time,
If you can take criticism andÂ blame without resentmentÂ Â ,
IfÂ you can conquer tensionÂ withoutÂ medical help,
If you can relax withoutÂ liquor,Â Â
IfÂ you can sleep without the aid ofÂ drugs,Â Â
Â â€¦ThenÂ You AreÂ ProbablyÂ Â â€¦â€¦â€¦
Â Â Â Â Â Â Â Â Â Â Â Â Â Â TheÂ Family Dog!
Thanks Janet B
Weâ€™ve heard a bit of â€œnoiseâ€ about how IPv6 may impact network penetration testing and how networks may or may not be more secure because of IPv6.Â Lets be clear, anyone telling you that IPv6 makes penetration testing harder doesnâ€™t understand the first thing about real penetration testing.
Whats the point of IPv6?
IPv6 was designed by theÂ Internet Engineering Task Force (â€œIETFâ€)Â to address the issue of IPv4 address space exhaustion.Â IPv6 uses a 128-bit address space while IPv4 is only 32 bits.Â This means that there are 2128Â possible addresses with IPv6, which is far more than the 232addresses available with IPv4. Â This means that there are going to be many more potential targets for a penetration tester to focus on when IPv6 becomes the norm.
What about increased security with IPv6?
The IPv6 specification mandates support for theÂ Internet Protocol Security (â€œIPSecâ€)Â protocol suite, which is designed to secure IP communications by authenticating and encrypting each IP Packet. IPSec operates at the Internet Layer of the Internet Protocol suite and so differs from other security systems like theÂ Secure Socket Layer, which operates at the application layer. This is the only significant security enhancement that IPv6 brings to the table and even this has little to no impact on penetration testing.
What some penetration testers are saying about IPv6.
Some penetration testers argue that IPv6 will make the job of a penetration testing more difficult because of the massive increase in potential targets. They claim that the massive increase in potential targets will make the process of discovering live targets impossibly time consuming. They argue that scanning each port/host in an entire IPv6 range could take as long as 13,800,523,054,961,500,000 years. Â But why the hell would anyone waste their time testing potential targets when they could be testing actual live targets?
The very first step in anyÂ penetration testÂ is effective and efficient reconnaissance. Reconnaissance is the military term for the passive gathering of intelligence about an enemy prior to attacking an enemy. Â There are countless ways to perform reconnaissance, all of which must be adapted to the particular engagement. Â Failure to adapt will result bad intelligence as no two targets are exactly identical.
A small component of reconnaissance is target identification. Â Target identification may or may not be done with scanning depending on the nature of theÂ penetration test. Â Specifically, it is impossible to deliver a true stealth / covertÂ penetration testÂ with automated scanners. Â Likewise it is very difficult to use a scanner to accuratley identify targets in a network that is protected by reactive security systems (like a well configured IPS that supports black-listing). Â So in some/many cases doing discovery by scanning an entire block of addresses is ineffective.
A few common methods for target identification include Social Engineering, DNS enumeration, or maybe something as simple as asking the client to provide you with a list of targets. Â Not so common methods involveÂ more aggressive social reconnaissance, continued reconnaissance after initial penetration, etc. Â Either way, it will not take 13,800,523,054,961,500,000 years to identify all of the live and accessible targets in an IPv6 network if you know what you are doing.
Additionally, penetration testing against 12 targets in an IPv6 network will take the same amount of time as testing 12 targets in an IPv4 network. Â The number of real targets is what is important and not the number of potential targets. Â It would be a ridiculous waste of time to test 2128Â IPv6 Addresses when only 12 IP addresses are live.Â Â Not to mention that increase in time would likely translate to an increase in project cost.
So in reality, for those who are interested, hacking an IPv6 network wonâ€™t be any more or less difficult than hacking an IPv4 network. Â Anyone that argues otherwise either doesnâ€™t know what they are doing or they are looking to charge you more money for roughly the same amount of work.
Last week we looked at why Linux deserves some consideration when choosing an operating system for your digital recording studio. But even the worthiest operating system is useless without useable apps.
Fortunately, there is a long list of excellent music applications available for Linux. If you choose one of the Linux distributions recommended last week, many of them come preinstalled.
This article was previously published on the AudioJungle blog, which has moved on to a new format in 2010. Weâ€™ll be bringing you an article from the AudioJungle archives each week.
Weâ€™ll leave out the programs not directly about making music â€“ programs like guitar tuners, streaming systems, notation software and guitar tab apps â€“ but we will look at some of the plug-ins and effects systems that are available. And weâ€™ll leave out the applications that have better alternatives. My original list had over 50 programs.
Most of the programs are available free of charge, and in general are of higher quality than many free audio apps for Windows. So without further ado, here are 29 music making applications for Linux.
Ardour is â€œthe new digital audio workstationâ€. It aims to be a professional DAW, and offers features like â€œmultichannel recording, non-destructive editing with unlimited undo/redo, full automation support, a powerful mixer, unlimited tracks/busses/plugins, timecode synchronization, and hardware control from surfaces like the Mackie Control Universal.â€
Jokosher is a simpler multi-track recorder, designed for guitarists, not engineers. It â€œprovides a complete application for recording, editing, mixing and exporting audio, and has been specifically designed with usability in mind.â€ Itâ€™s perfect for musicians who want to record their music without spending all of their time learning how the program works.
Sweep is an audio editor and live playback tool. It aims to be easy to use, support many codecs and audio formats, and support LADSPA effects plug-ins (see below).
ReZound is a stable, graphical audio editor.
5. Traverso DAW
Traverso DAW is a multitrack recording suite that is cross-platform. Besides Linux, it also works on Windows and Mac OS X. It claims to have a unique interface, a unique approach, and cover all tasks from recording to mastering.
6. Amuc (The Amsterdam Music Composer)
Amuc is an application for composing and playing music. You enter tune fragments graphically, or import from MIDI files. The program includes 5 different built-in instruments, 6 mono synthesizers, and sampled instruments.
7. LMMS (Linux Multimedia Studio)
Similar to FL Studio, LMMS allows you to produce music with your computer. Features include â€œthe creation of melodies and beats, the synthesis and mixing of sounds, and arranging of samples. You can have fun with your MIDI-keyboard and much more; all in a user-friendly and modern interface.â€
Audacity is a well-known and much-loved cross-platform sound editor.
Rosegarden is an easy-to-learn audio and MIDI sequencer, score editor, and general-purpose music composition and editing environment.
MusE is a MIDI/Audio sequencer with recording and editing capabilities. It aims to be a complete multitrack virtual studio with support for MIDI and audio sequencing with real-time effects.
Qtractor is an Audio/MIDI multi-track sequencer application aiming evolve as a fairly-featured Linux desktop audio workstation GUI, specially dedicated to the personal home-studio.
Seq24 is a minimal loop based midi sequencer. It was created to provide a very simple interface for editing and playing midi â€˜loopsâ€™, and excludes the bloated features of the large software sequencers, and includes a small subset of features that I have found usable in performing.
Renoise has a unique bottom-up approach to music making. With its vertical timeline and streamlined interface, Renoise lets you have direct control over the composition. Features include automatic plug-in delay compensation, high resolution timing, fast interface, cross-platform (Linux, Mac OSX and Windows), plug-in support, and low-latency audio.
TiMidity++ is a software synthesizer, playing MIDI files by converting them into PCM waveform data. It can also convert MIDI files into various audio formats.
amSynth stands for Analogue Modeling SYNTHesizer. It provides virtual analogue synthesis in the style of the classic Moog Minimoog/Roland Junos. It offers an easy-to-use interface and synth engine, while still creating varied sounds.
16. Bristol Audio Synthesiser
Bristol Audio Synthesiser is an emulator for diverse keyboard instruments. Currently about 20 are implemented: various Moog, Sequencial Circuits, Oberheim, Yamaha, Roland, Hammond, Korg, ARP, and Vox algorithms. The application consists of an audio engine and an associated graphical user interface called Brighton which acts as a dedicated master keyboard for each emulation.
terminatorX is a real-time audio synthesizer that allows you to â€œscratchâ€ on digitally sampled audio data the way hip-hop DJs scratch on vinyl records. It features multiple turntables, real-time effects (built-in as well as LADSPA plugin effects), and a sequencer and MIDI interface.
Qsynth is a GUI front-end for FluidSynth. FluidSynth is a software synthesiser based on the Soundfont specification.
ZynAddSubFX is a open source software synthesizer capable of making a countless number of instruments.
20. LAoE (Layer Based Audio Editor)
LAoE stands for Layer-based Audio Editor, and it is a rich featured graphical audio sample-editor, based on multi-layers, floating-point samples, volume-masks, variable selection-intensity, and many plugins suitable to manipulate sound, such as filtering, retouching, resampling, graphical spectrogram editing by brushes and rectangles, sample-curve editing by freehand-pen and spline and other interpolation curves, effects like reverb, echo, compress, expand, pitch-shift, time-stretch, and much more.
The LinuxSampler project was founded with the goal to produce a free, streaming capable open source pure software audio sampler with professional grade features, comparable to both hardware and commercial Windows/Mac software samplers and to introduce new features not yet available by any other sampler in the world. It is very modular, and usually runs as its own process in the background of the computer.
SooperLooper is a live looping sampler capable of immediate loop recording, overdubbing, multiplying, reversing and more. It allows for multiple simultaneous multi-channel loops limited only by your computerâ€™s available memory. SooperLooper is also available for Mac OS X.
23. Cheese Tracker
CheeseTracker is a software sampler and step-based sequencer. It allows a musician to turn single-note samples into instruments capable of covering three or four octaves (by playing the samples at different speeds, resulting in different pitches). In addition, it is possible to take a collection of samples that are recorded at different octaves, and combine them into a single â€œinstrument,â€ allowing for even more octaves without sampling artifacts.
Hydrogen is an advanced drum machine for GNU/Linux. Itâ€™s main goal is to bring professional yet simple and intuitive pattern-based drum programming.
Breakage is an intelligent drum machine designed to make it easy and fun to play complex, live breakbeat performances. A step-sequencer pattern editor and previewer, database, sample browser, neural network, pattern morphs, statistics and probabilistic pattern generator give you the tools to work with breaks. Breakage is also available for Mac OS X and Windows.
JAMin is the JACK Audio Connection Kit (JACK) Audio Mastering interface. JAMin is an open source application designed to perform professional audio mastering of stereo input streams. It uses LADSPA (see below) for digital signal processing (DSP). It features linear filters, 30 band graphic EQ, 1023 band hand drawn EQ with parametric controls, spectrum analyser, 3 band peak compressor, multiband stereo processing, and a loudness maximiser.
27. LADSPA effects and plug-ins
LADSPA is the Linux Audio Developerâ€™s Simple Plugin API. It is a standard that allows software audio processors and effects to be plugged into a wide range of audio synthesis and recording packages.
Steve Harris lists quite a few LADSPA plug-ins on his website.
DSSI (pronounced â€œdizzyâ€) is an API for audio processing plugins, particularly useful for software synthesis plugins with user interfaces. DSSI is an open and well-documented specification developed for use in Linux audio applications, although portable to other platforms. It may be thought of as LADSPA-for-instruments, or something comparable to VSTi.
29. LV2 Audio Plugin Standard
LV2 is a standard for plugins and matching host applications, mainly targeted at audio processing and generation. It is a successor of LADSPA, intended to address the limitations of LADSPA which many applications have outgrown.
This article was first published over a year ago on the AudioJungle blog. Has anything changed in Linux audio since then? Let us know in the comments.
McIntosh est une variÃ©tÃ© de pomme devant son nom Ã John McIntosh qui la dÃ©couvrit en 1811 au Canada.
Le nom de cette pomme est Ã l’origine du nom de la gamme Macintosh du fabricant d’ordinateurs Apple.