Hume did not have any quarrel with anything Thomas wrote. At least, he never mentioned any. His quarrel was with her questions -- her habit of asking argumentative questions.

That used to be what journalists did every day, but in the last 25 years, journalists have so gotten out of the habit of doing that, that people like Helen Thomas stand out. All journalists used to be like her. Now, she is an oddity. Bush always avoided calling on her because he knew she would ask tough questions. If all the journalists asked tough questions, however, Bush would not have been any better off in ignoring her. But modern celebrity journalists have been less willing to make waves than the likes of Thomas.

If Helen Thomas has an agenda, it's to hold our leaders accountable for us. Too bad more journalists don't have the same agenda.

More people should ask tough questions. How they are framed is another thing entirely, but its a comfort to see a President's statements being questioned so pubicly

Where oh where did the hard questions go?

Ever read something you liked on the Internet? A random op-ed piece, blog post, comment.

How do you search for other things that author wrote?

...

If you half way through saying "well, type their name in quotes in to Google..." just stop and think about that. Why do I have to sift through the noise of things that mention someone to find what they actually write. Maybe someone writes on numerous sites (Memestreams, the supernicety, MySpace). Maybe they use different names (Billy Hoffman or Acidus, Mike Lynn or Abaddon).

Why can't I tell Google "Find me everything that Billy Hoffman wrote?"

Why hasn't anybody fixed this? Dubin Core, RSS schemas, HTML <META> are all there. Why wasn't anyone compiled this?

Check with me in a few more weeks...

Are you working on a project where you need to pluralize a word? While I've done the research for you

Easy site - Just covers nouns, lots of examples, easy to read

Academic paper - covers verbs too, but a tougher read. Luckily, they wrote a Perl module in CPAN

First detected late last year, the new attacks direct such massive amounts of spurious data against victim computers that even flagship technology companies could not cope. In one of the early cases examined, the unknown assailant apparently seized control of an Internet name server in South Africa and deliberately corrupted its contents.

Name servers are specialized computers that help direct Internet traffic to its destinations.

The attacker then sent falsified requests to the compromised directory computer, which unleashed overwhelming floods of amplified data aimed wherever the attacker wanted.

Saw this on Slashdot which makes 2 "serious security issues" reported there in the last 2 days that aren't a big deal. In case you didn't get the memo, you can use DNS poisoning to launch DDoS attacks. The silly part is if you can do DNS poisoning you have man-in-the-middled everyone (cert sigs excluded). You already won so whats the point?

Scary DNS attack really quite stupid.

In their research paper Mr Tanenbaum and his colleagues Melanie Rieback and Bruno Crispo detail how to use RFID tags to spread viruses and subvert corporate databases.

"Everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify back-end software and certainly not in a malicious way. Unfortunately, they are wrong," wrote the trio in their research paper.

The researchers showed how to get round the limited computational abilities of the smart tags to use them as an attack vector and corrupt databases holding information about what a company has in storage. To test out the theory the group created a virus for a smart tag that used only 127 characters, uploaded it and watched it in action.

This is not as cool as it sounds. In English, Tanenbaum is saying this:

-RFID tags simply contain a serial number
-This serial number, when read, normally ends up in some kind of SQL statement. For nontechs, this just means the number is looked up in a big database
-I can create an RFID tag that has a malformed number and some SQL code.
-When this value gets to the database, the SQL in the RFID tag will be executed. This is known as SQL Injection

SQL Injection is certainly dangerous, but this vector limits what you can do. You really have a single direction communications tunnel. You tell the database to do something. The database has no easy way to get information back to you. Yes, there are rather complex ways to get a database to execute external commands which might be able to connect out to the Internet and return information to you. This would be extremely vendor specific, require a lot of code on the RFID to hold the attack, and isn't a very worm-friendly attack vector.

Because of this one way communication limit, this vector cannot easily be used steal information out of a database. It also means you can't use traditional SQL Injection methods to determine database structure. You would already need to know the application you are attacking. Basically you are reduced to either editing or deleting information from the database.

Nasty forms of SQL Injection exist and there are much better vectors than RFID tags to do it with.

RFID + SQL Injection = Media Hype

Not 1, but 2 people told me about the Thin Mint Straw this weekend. I had never heard of before this weekend so I gave it a try.

-Take 1 Girl Scouts Thin Mint cookie
-Take 2 a small bites on opposite sides of the cookie. Just enough to get through the chocolate coating to the crunchy cookie
-Insert cookie into milk; use as a straw.

It sounds silly but you'll wonder why you never did it before.

Interview With Cryptographer Elonka Dunin

from the old-school-geeks dept.

An anonymous reader writes "Whitedust is running a very interesting article with the DEF CON speaker and cryptographer Elonka Dunin. The article covers her career and specifically her involvement with the CIA and other US Military agencies."

Awsome! Elonka looks like Meryl Streep in that photo.

Slashdot | Interview With Cryptographer Elonka Dunin

ASP.NET 2.0

Work has started in some of the features of 2.x in Mono. To run these applications you must use xsp2 (which loads the 2.x assemblies instead of the 1.x assemblies).

Current features:

* Client callbacks.
* New Configuration engine (partial)
* New controls:
o ButtonField
o CheckBoxField
o DetailsView
o FormView
o GridView (client and server side sorting)
o HyperlinkField
o ImageField
o Menus
o MultiView
o TemplateField
o Trees
o View
* Masterpages
* Two-way bindings
* ObjectDataSource

I was very pleased to see Mono supported from of the 2.0 framework. Has anyone here do any work using Apache and mod_mono? How well does it scale? Any major projects using this setup?

Mono supports some of ASP.NET 2.0

Real human bodies, preserved through an innovative process and then respectfully presented. Experience the human body like never before at The Boisfeuillet Jones Atlanta Civic Center.

Screw the fish tank, the ATL Memestreamers totally need to go see this!

BODIES...The Exhibition - Opening March 4th, A Limited Engagement

This is incredible!

Crawling issues Scalable crawling of unlimited sized Internet, algorithm for "freshness" and determining duplicates in dynamic pages

PageRank a nice supplement to my other meme for the academic paper about Google.

The best part: it's my job to read this stuff!

Stanford's CS345 - The Web Crawling/organizing/Searching bible