Jun 28

Twitter open sources its Iago load generator

Twitter has announced that its Iagoload generator is now available as open source. Chris Aniszczyk, Open Source Manager at Twitter, says that the micro-blogging company created Iago because existing open source and commercial load generators couldn’t provide all of the capabilities it required.

Written in Scala, Iago is used by Twitter for testing its services to make sure that they can handle production-level traffic. The load generator itself has three main properties that make it well suited to Twitter’s requirements: high performance, multi-protocol support and extensibility.

The developers say that, to reach high levels of performance, the load generator needed to be able to perform and generate traffic “in a very precise and predictable way”. Support for multiple protocols such as HTTP, Thrift and UDP was also important, as was being able to extend Iago so that it can generate new traffic types, use new protocols and customise individual traffic sources.

“Iago is the load generator we always wished we had. Now that we’ve built it, we want to share it with others who might need it to solve similar problems,” said Aniszczyk, adding that, “we are happy to accept any feedback (or pull requests) the open source community might have.”

More details about Iago, including download links and documentation, can be found on the project’s GitHub page. Like many of Twitter’s other open source projects, Iago is made available under the Apache Licence 2.0. The load generator has its own Twitter account, @iagoloadgen, and a Google Group, where information about the project will be posted and questions can be asked.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/06/twitter-open-sources-its-iago-load-generator/

Jun 28

Chrome 20 closes 23 security holes

Google has closed a total of 23 vulnerabilities with the release of Chrome 20. Of those vulnerabilities, 14 are rated critical, enabling attackers to execute code in the browser’s sandbox, among other things. Integer overflow vulnerabilities in the code for processing PDF files and Matroska containers (.mkv) have also been fixed. Chrome 20 also includes the latest version of Adobe’s Flash Player on Linux, using the new cross-platform Pepper API. In testing at The H, it was confirmed that the Flash Player support also works on 64-bit Linux systems.

Google has also embedded the “Chrome to Mobile” feature that was previously available as an extension; if the Google account that is registered with Chrome is also linked with an Android phone, the current web page can be forwarded to the smartphone by clicking on the mobile phone symbol in the address bar. This feature only works with a phone running the beta of Chrome for Android, which requires Android 4.0 or higher.

Chrome usually updates automatically in the background. Users can find out whether the current version has already been installed by clicking on the wrench icon and selecting “About Google Chrome”. If required, a manual update can be triggered this way.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/06/chrome-20-closes-23-security-holes/

Jun 27

Second LibreOffice 3.6.0 beta arrives


LibreOffice logoThe LibreOffice project has quietly released a second beta of version 3.6.0 of its open source productivity suite. As usual at this stage, the developers have focused on improving overall stability of the application by fixing nearly 40 bugs found in the previous beta.

These include problems that caused it to crash when accessing some settings, opening some files and applying an AutoFormat to a table, as well as issues with transitions when hardware acceleration is enabled and incorrect word counts. According to the 3.6.0 Release Plan, the UI freeze will go into effect in early July alongside the release of a third and final beta, after which three release candidates are planned. The final version is expected to arrive in late July or early August.

A full list of fixes and changes for the second beta can be found in the release notes; an overview of the major new features planned for 3.6.0 is provided on the project’s wiki. LibreOffice 3.6.0 Beta 2 is available from the project’s Pre-Releases download page; users testing the release are encouraged to provide feedback and report any bugs that they find.

Sponsored by The Document Foundation, LibreOffice is licensed under the LGPLv3. The current stable release is version 3.5.4 from late May.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/06/second-libreoffice-3-6-0-beta-arrives/

Jun 26

Firefox for Android 14.0 arrives with new UI, improved performance

After teasing “Something BIG” late last week, Mozilla has now launchedversion 14.0 of Firefox for Android, a major update to the open source mobile web browser. Described as “a snappy and dynamic upgrade” by its developers, the new release improves the browser’s overall performance while also updating its user interface (UI) and adding features.

One of the first things existing users will notice in 14.0 is a completely redesigned UI with a new “Awesome Screen“. Unlike previous versions of Firefox for Android, the browser now uses Android’s native UI elements to provide “a fresh, streamlined look”; past releases have used XUL, an XML-based language that is interpreted by the Gecko rendering engine.

The Awesome Screen replicates the functionality of the “Awesome Bar” from the desktop version and supports Firefox Sync, allowing users to synchronise their browsing history, bookmarks, passwords and form data from other Firefox instances to their Android device. The personalised start page includes a user’s most visited sites and the open tabs from the last time they used the browser. When searching using Google, all queries are now sent in encrypted form by default using the HTTPS protocol; this means that all traffic between the web site and the browser is secured using SSL encryption.

In Mozilla’s tests, Firefox for Android 14.0 ran more than twice as fast as the stock Android browser and Chrome for Android Source: Mozilla Under the hood improvements result in reduced start-up times and faster page loads. According to Mozilla’s benchmarks, Firefox for Android 14.0 performs more than twice as fast as the default Android browser and Chrome for Android in canvas rendering performance. To improve touch responsiveness, a new panning/zooming architecture has been implemented. Other changes include support for Adobe Flash content, better text readability through font size inflation, and enabling tap-to-play by default for plugins.

Changes aimed at developers include the addition of a new API to prevent the display from sleeping and the implementation of the Pointer Lock API, as well as fixes for the text-transform and font-variant CSS properties to better handle Turkic languages and Greek characters.

More details about the major release, including a full list of changes, can be found in the announcement blog post and in the release notes. Firefox 14.0 is available to download from the Google Play store for devices running Android 2.2 or later. Existing Firefox for Android users will have to manually update as the new version requests additional permissions to prevent the phone from sleeping and to “Modify global system settings, write sync settings”.

The current stable release of the desktop version of Firefox is 13.0.1 from earlier this month; according to the Releases wiki, Firefox 14 for desktops isn’t expected to graduate from beta until 17 July. Like its desktop counterpart, Firefox for Android sources and binaries are released under the MPL 2.0.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/06/firefox-for-android-14-0-arrives-with-new-ui-improved-performance/

Jun 26

Lost+Found: Revelations about scammers and malware


Lost+Found iconToo short for news, too good to lose; Lost+Found is a round up of useful security news. Today: Microsoft answers the question why Nigerian scammers are still from Nigeria, talkative malware authors, and cross-site scripting Google’s bug bounty page. 

  • Microsoft has published a reportPDF that aims to explain why Nigerian scammers still claim to be from Nigeria. As it turns out, their rationale is that someone undiscerning enough to react to such an obvious ploy as a 419 scam, is also likely to actually send them the money they are after.

  • Security researchers working for AVG and researching what they presumed was a Diablo III keylogging trojan suddenly found themselves chatting with the creator of the malware. The hacker wanted to know who was looking into his code: “What are you doing? Why are you researching my Trojan? What do you want from it?” The virus specialists discovered that the malware wasn’t looking for video game account information at all but was looking to steal dial-up credentials. To this end, the trojan not only included messaging functionality but could also capture the victim’s screen and webcam feed.

  • Another security researcher details how he used cross-site scripting (XSS) to exploit Google’s security bug bounty program to pay him the $3,133.70 bounty without doing any legitimate work. Even though the trick only worked “temporarily”, it still makes for interesting reading.

Permanent link to this article: http://pccorzo.com/myblog/index.php/2012/06/lostfound-revelations-about-scammers-and-malware/

Page 52 of 53« First...102030...47484950515253