Was on the internet today and saw a long time software, Freemind. How I miss working with Mind Map.
Mind mapping was traditionally used on sheets of paper or mahjong paper to present ideas and later it was also used for teams to work together to build an idea together. The mind mapping technique I learnt was something made popular by Tony Buzan, UK. Looks like branches from a tree, but from what I have also learnt, mind mapping was around long before Buzan and appears in many forms to pictorially describe an idea. Officially, I learnt a great deal of mind mapping during the courses at SMR.
Many of the mind mapping software subscribes to Buzan way of doing things. There are 2 software that is open source software; (1) Freemind is a Java Technology based mind mapping tool that allowed users to use data interchangeably on Linux and MS Windows. (2) XMind is considered one of the more popular tool in the Internet, but it didn't really stick with me. Note taking tools such as Evernote provided even more flexibility for mind mappers as it is integrated with XMind.
Saw good reviews on Mindomo, why not try it, as its advantage is that it is available on MS Windows, Mac and Android. That is if you don't mind installing Adobe Air.
Today, there is even a mind mapping tool built into Chrome web browser.
See https://chrome.google.com/webstore/detail/mindmap/gdaeohpmcenmffofpikllphdhlkkocfa?utm_source=gmail
It saves the mindmap in Google Drive and I can access it pretty much any where.
Monday, September 29, 2014
Serious exploits in August and Sept 2014
These recent months have shown how the open source software model could handle (or is still handling) bugs that could be turned into an exploit of Linux servers. These are;
Shellshock (Sept 2014) - remotely take over a server.
BBC http://www.bbc.com/news/technology-29361794
Heartbleed (April 2014) - OpenSSL data could be intercepted.
BBC http://www.bbc.com/news/technology-28867113
The sheer number of Linux servers affected means that it is a serious threat and is wide spread. In Heartbleed, its patched but Shellshock is yet to have a patch to fully resolve the bug.
Interesting technical discussion on Shellshock is found at stackexchange.
https://unix.stackexchange.com/questions/157329/what-does-env-x-command-bash-do-and-why-is-it-insecure
How do you know if your shell is vulnerable? Hackernews recommends to run the following command in all the shell being used;
env X="() { :;} ; echo shellshock" /bin/sh -c "echo completed"
env X="() { :;} ; echo shellshock" `which bash` -c "echo completed"
If you see the text output "shellshock", please find a patch.
Chris, a contributor at Buzzfeed News, provided a good material on how 2 persons maintained the OpenSSL package, Steve Marquess and Stephen Henson. The commercial entity for this is known as OpenSSL Software Foundation.
Now doesn't it make you wonder who is responsible of bash shell and is it the same package for every Linux distro?
Shellshock (Sept 2014) - remotely take over a server.
BBC http://www.bbc.com/news/technology-29361794
Heartbleed (April 2014) - OpenSSL data could be intercepted.
BBC http://www.bbc.com/news/technology-28867113
The sheer number of Linux servers affected means that it is a serious threat and is wide spread. In Heartbleed, its patched but Shellshock is yet to have a patch to fully resolve the bug.
Interesting technical discussion on Shellshock is found at stackexchange.
https://unix.stackexchange.com/questions/157329/what-does-env-x-command-bash-do-and-why-is-it-insecure
How do you know if your shell is vulnerable? Hackernews recommends to run the following command in all the shell being used;
env X="() { :;} ; echo shellshock" /bin/sh -c "echo completed"
env X="() { :;} ; echo shellshock" `which bash` -c "echo completed"
If you see the text output "shellshock", please find a patch.
Chris, a contributor at Buzzfeed News, provided a good material on how 2 persons maintained the OpenSSL package, Steve Marquess and Stephen Henson. The commercial entity for this is known as OpenSSL Software Foundation.
Now doesn't it make you wonder who is responsible of bash shell and is it the same package for every Linux distro?
Tuesday, September 9, 2014
What is FTP?
FTP or File Transfer Protocol
"... is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server."
One reason why this is being replaced by other network protocol is in its exposure of the user password in plain text for a traditional FTP server. SSH and encrypted FTP sessions have replaced almost all new implementations these days.
Which ports are used by this service?
Standard ports used are port 20 (data) and 21 (command) but this may change depending on the server's settings. On the client FTP site, free standard ports higher than number 1023 is used.
This service by the FTP Server can provide active or passive connection and sometimes both. A simplified explanation in Slacksite.org entitled "Active FTP vs. Passive FTP, a Definitive Explanation" is a good read.
Typically, on the FTP server in Passive mode will require connection to several higher standard ports and this allows larger number of connections. In Active mode, limitation on the server is to how many connections can be done over that one port 20.
How to determine if its in Passive more?
After login to FTP server, type
quote PASV
How to establish connection to an FTP server?
Use an FTP client and enter the FTP server's URL. E.g. on Linux, to connect to the FTP server ftp.myserver.com
ftp ftp.myserver.com
-end-
"... is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server."
wikipedia.org
One reason why this is being replaced by other network protocol is in its exposure of the user password in plain text for a traditional FTP server. SSH and encrypted FTP sessions have replaced almost all new implementations these days.
Which ports are used by this service?
Standard ports used are port 20 (data) and 21 (command) but this may change depending on the server's settings. On the client FTP site, free standard ports higher than number 1023 is used.
This service by the FTP Server can provide active or passive connection and sometimes both. A simplified explanation in Slacksite.org entitled "Active FTP vs. Passive FTP, a Definitive Explanation" is a good read.
Typically, on the FTP server in Passive mode will require connection to several higher standard ports and this allows larger number of connections. In Active mode, limitation on the server is to how many connections can be done over that one port 20.
How to determine if its in Passive more?
After login to FTP server, type
quote PASV
How to establish connection to an FTP server?
Use an FTP client and enter the FTP server's URL. E.g. on Linux, to connect to the FTP server ftp.myserver.com
ftp ftp.myserver.com
-end-
Friday, September 5, 2014
Microsoft's Windows Defender
It was time to uninstall the McAfee antivirus that came pre-installed with the Windows 8 laptop. Just by doing that I noticed that the bubble appear to say that I am no longer protected and to click it. This is when Windows Defender application started, which makes me wonder if its good enough to replace the previous antivirus.
Doing an update to virus and spyware definition version 1.183.1668.0 on 5th Sept 2014. Will continue to run this with Basic membership setting where this means almost anything could be sent to Microsoft.
Doing an update to virus and spyware definition version 1.183.1668.0 on 5th Sept 2014. Will continue to run this with Basic membership setting where this means almost anything could be sent to Microsoft.
Subscribe to:
Posts (Atom)