This article, titled "Knowing the User's Every Move...", is worrying. From the abstract: "In this paper, we investigate how detailed tracking of user interaction can be monitored using standard web technologies." In short, they have developed some JavaScript code (which runs in Netscape, Konqueror/Safari, IE and Opera) as well as proxy which transparently injects that code into page HTML before it is delivered to the client. This code enables detailed tracking of users actions including mouse movements, clicks and key presses.
This is particularly worrysome, as this mechanism can very easily be abused. Moreover, the current controls in, for example, Opera 9 are very inadequate. If I disable Javascript, then I can't use advanced AJAX applications, such as Gmail. On the other hand, there is no possibility to have Javascript enabled only for "trusted sites" stored in some list, and administered by the user.
Tags: privacy javascript security browsers
2006-06-29
2006-06-25
The (not always so) powerful valgrind
I don't think there's a respectable C programmer that hasn't heard about the valgrind tool for checking (among other things) memory access violations in a program. In a program that I'm writing, I was hitting an assertion failure where I shouldn't have had. Something lead my program to incosistent state, and I couldn't figure out what. It appeared seemingly random - usually a manifestation of some memory management problems. So I've run the program through valgrind, and - no errors (apart from those reported for the
At certain points in the code, the
I'm coding a user-level thread scheduler and using the
Lesson: use assertions abundantly. Whenever you get an assertion failure, it's an indication that you have a wrong idea about your program's behaviour. Better to find that out sooner than later. And don't think that your program is error-free just because valgrind says so.
Tags: valgrind c programming debugging
gethostbyname() function). With the help of hardware breakpoints in GDB, I've tracked down the problem to the following piece of code (roughly):
struct smth {
int state;
...
char buf[MAXBUF];
};
static struct smth a[16384];
...
struct smth *p;
...
p->buf[i] = 0;
At certain points in the code, the
i variable was equal to MAXBUF, so it overwrote the state member of the next structure in the array. This is still within the bounds of the array, so valgrind didn't complain although it is a serious programming error.I'm coding a user-level thread scheduler and using the
makecontext() family of functions. This doesn't help either - the debugger gets very confused when trying to trace through such program. Apparently, it can't single-step over swapcontext() boundaries. So I had to put the hardware breakpoint on data change (for the state member) with additional condition that state is set to 0. I fixed the code by changing it to(in this case, this is correct, although not strictly equivalent to what was previously there).
p->buf[MAXBUF] = 0;
Lesson: use assertions abundantly. Whenever you get an assertion failure, it's an indication that you have a wrong idea about your program's behaviour. Better to find that out sooner than later. And don't think that your program is error-free just because valgrind says so.
Tags: valgrind c programming debugging
2006-06-22
Intel's (foul) marketing
This page tries to show the superiority of Intel's latest processors over Opteron. Of course, the largest bar (= the best result) represents Intel's processor. The important fine-print about configuration details is well-hidden below. Namely the configuration with Xeon 5160 (best result) has:
More fair comparison is the Xeon 5080 vs. Opteron. Namely, the difference in results is too small given the huge difference in processor frequencies - Xeon 5080 runs at 1.1GHz higher frequency than Opteron (Xeon@3.7GHz vs. Opteron@2.6GHz). Maybe the flashy graph is enough to convince managers in "superiority" of Intel's technology, but it didn't convince me.
Tags: AMD Intel Opteron Pentium
- 64GB memory vs. Opteron's 32GB,
- runs at 400MHz higher frequency
More fair comparison is the Xeon 5080 vs. Opteron. Namely, the difference in results is too small given the huge difference in processor frequencies - Xeon 5080 runs at 1.1GHz higher frequency than Opteron (Xeon@3.7GHz vs. Opteron@2.6GHz). Maybe the flashy graph is enough to convince managers in "superiority" of Intel's technology, but it didn't convince me.
Tags: AMD Intel Opteron Pentium
2006-06-08
Vesta: yet another source management tool
Has anyone experience with the Vesta Configuration Management System? Summary from the homepage: "Vesta is a portable SCM system targeted at supporting development of software systems of almost any size, from fairly small (under 10,000 source lines) to very large (10,000,000 source lines)."
Now, what really drew me to it is that it also automatically handles the build process (dependencies and other stuff that is simply tedious to do with plain make). Currently I'm using Subversion for source control, QMake to generate Makefiles, and GNU make to build my projects. QMake saves a lot of work, but an automated solution would be even better. Comments?
Tags: version control vesta vestasys make makefile qmake subversion
Now, what really drew me to it is that it also automatically handles the build process (dependencies and other stuff that is simply tedious to do with plain make). Currently I'm using Subversion for source control, QMake to generate Makefiles, and GNU make to build my projects. QMake saves a lot of work, but an automated solution would be even better. Comments?
Tags: version control vesta vestasys make makefile qmake subversion
2006-06-03
Hosting - found!
Thanks to a friend, I now have the Subversion+Trac hosting for my project. I have caught some time to write basic information on Trac and to import the currently existing source. To repeat shortly: the project is to write a BSD-licensed replacement (p11scd) for the "standard" GnuPG smart-card daemon. p11scd shall work with PKCS#11 smart-cards. The project homepage is here.
If you are a competent C programmer and interested in the project, you are welcomed to join!
Tags: gnupg gpg cryptography pkcs
If you are a competent C programmer and interested in the project, you are welcomed to join!
Tags: gnupg gpg cryptography pkcs
Subscribe to:
Posts (Atom)
