Sponsorised links
This year
iPhone OS and Mac OS X Stack Buffer Overflow
by marco
Solution: iPhone OS: Upgrade to iPhone OS 3.1.3
2009
ry's http-parser at master - GitHub
by karlcow
This is a parser for HTTP messages written in C. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any allocations, it does not buffer data, and it can be interrupted at anytime. It only requires about 128 bytes of data per message stream (in a web server that is per connection).
Safe C String Library v1.0.3 (January 30, 2005)
by parmentierf
(via)
The goal of the SafeStr library is to provide a rich string-handling library for C that has safe semantics yet interoperates with legacy library code in a straightforward manner. Additionally, porting code that uses standard C string handling should be straightforward. The library should work on all modern Unix-like platforms, as well as any 32-bit Microsoft Windows OS.
The overt security goals of the library are as follows:
1. Buffer overflows should not be possible when using the API.
2. Format string problems should be impossible when using the API.
3. The API should be capable of tracking whether strings are "trusted", a la Perl's taint mode.
The API is meant to provide rich functionality and be easy to use, all the while improving security.
Sponsorised links
2008
Christian Fauré — XML versus Protocol Buffer
by parmentierf
C’est quoi “Protocol Buffer” ? C’est le mécanisme qu’utilise en interne Google pour sérialiser des données structurées lors d’échanges entre des systèmes ou des applicatifs.
Mais aujourd’hui on fait çà en XML non ? Exact, mais la majorité des développeurs, surtout quand il s’agit ne s’agit pas de systèmes documentaires, n’ont jamais vraiment aimé XML.
Buffer overloads: the big security hole | Tech News on ZDNet
by karlcow
Buffer Overflow 101 for dummies.
Rational AppScan Standard Ed. V7.7 Trial
by BlueVoodoo
Download a free trial of IBM Rational AppScan Standard Edition V7.7, previously known as Watchfire AppScan, a leading Web application security testing tool that automates vulnerability assessments and scans and tests for all common Web application vulnerabilities including SQL-injection, cross-site scripting and buffer overflow.
2007
Category:OWASP Guide Project - OWASP
by cascamorto
* 1 Frontispiece
* 2 About The Open Web Application Security Project
* 3 Introduction
* 4 What are web applications?
* 5 Policy Frameworks
* 6 Secure Coding Principles
* 7 Threat Risk Modeling
* 8 Handling E-Commerce Payments
* 9 Phishing
* 10 Web Services
* 11 Ajax and Other "Rich" Interface Technologies
* 12 Guide to Authentication
* 13 Guide to Authorization
* 14 Session Management
* 15 Data Validation
* 16 Interpreter Injection
* 17 Canonicalization, locale and Unicode
* 18 Error Handling, Auditing and Logging
* 19 File System
* 20 Distributed Computing
* 21 Buffer Overflows
* 22 Administrative Interface
* 23 Guide to Cryptography
* 24 Configuration
* 25 Software Quality Assurance
* 26 Deployment
* 27 Maintenance
* 28 GNU Free Documentation License
* 29 Reference
Logging in multi-threaded apps efficiently with ring buffer
by BlueVoodoo
No software is bug free, and application users can encounter unexpected results during the run time of programs. To analyze and find the cause of problems, logging is a method widely used by programmers. In this article, learn how to use a ring buffer for efficient logging with memory operations in place of file operations.
USB Human Interface Device (HID) FAQ
by sylvainulg
How can an application request a report using a control transfer?
How can an application send a report using a control transfer?
How can an application request reports using interrupt transfers?
How large is the ReadFile buffer?
Where is the Windows documentation for accessing HIDs?
Why do I receive "CRC Error" when attempting to send a report to my device?
...
Fair trade in tropical crops is possible
by wrijneveld
plea for making commodity trade fair. UNCTAD policies of buffer stocks did not collapse bc of sconomic but bc of political reasons
HD Tune website
by chunmin
Hard disk utility which has the following functions: Benchmark: measures the raw performance. Hard Disk information which includes partition information, supported features, firmware version, serial number, disk capacity, buffer size, transfer mode.
Improving Ajax applications for JAWS users
by phumblot
Popular screen readers use a virtual buffer to allow users to interact with web content. This article uncovers undocumented behaviour in JAWS 7.1 and later, which allows web developers to build Ajax applications that update the virtual buffer without any interaction from the user
Log Buffer #7: a Carnival of the Vanities for DBAs
by ionobelisk
Lots of bits & pieces for database folx
Ddrescue - GNU Project - Free Software Foundation (FSF)
by pvergain
& 2 others
GNU ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors.
Ddrescue does not truncate the output file if not asked to. So, every time you run it on the same output file, it tries to fill in the gaps.
The basic operation of ddrescue is fully automatic. That is, you don't have to wait for an error, stop the program, read the log, run it in reverse mode, etc.
If you use the logfile feature of ddrescue, the data is rescued very efficiently (only the needed blocks are read). Also you can interrupt the rescue at any time and resume it later at the same point.
Automatic merging of backups: If you have two or more damaged copies of a file, cdrom, etc, and run ddrescue on all of them, one at a time, with the same output file, you will probably obtain a complete and error-free file. This is so because the probability of having damaged areas at the same places on different input files is very low. Using the logfile, only the needed blocks are read from the second and successive copies.
The logfile is periodically saved to disc. So in case of a crash you can resume the rescue with little recopying.
Also, the same logfile can be used for multiple commands that copy different areas of the file, and for multiple recovery attempts over different subsets.
Ddrescue aligns its I/O buffer to the sector size so that it can be used to read from raw devices. For efficiency reasons, also aligns it to the memory page size if page size is a multiple of sector size.
2006
SourceForge.net: kses - PHP HTML/XHTML filter
by chachapoya
& 3 others
(via)
kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, and it also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks.
Ddrescue - GNU Project - Free Software Foundation (FSF)
by ogrisel
& 2 others
(via)
GNU ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors.
Ddrescue does not truncate the output file if not asked to. So, every time you run it on the same output file, it tries to fill in the gaps.
The basic operation of ddrescue is fully automatic. That is, you don't have to wait for an error, stop the program, read the log, run it in reverse mode, etc.
If you use the logfile feature of ddrescue, the data is rescued very efficiently (only the needed blocks are read). Also you can interrupt the rescue at any time and resume it later at the same point.
Automatic merging of backups: If you have two or more damaged copies of a file, cdrom, etc, and run ddrescue on all of them, one at a time, with the same output file, you will probably obtain a complete and error-free file. This is so because the probability of having damaged areas at the same places on different input files is very low. Using the logfile, only the needed blocks are read from the second and successive copies.
The logfile is periodically saved to disc. So in case of a crash you can resume the rescue with little recopying.
Also, the same logfile can be used for multiple commands that copy different areas of the file, and for multiple recovery attempts over different subsets.
Ddrescue aligns its I/O buffer to the sector size so that it can be used to read from raw devices. For efficiency reasons, also aligns it to the memory page size if page size is a multiple of sector size.
matplotli.mathtext
by YukuanMark
mathtext is a module for parsing TeX expressions and drawing them into a matplotlib.ft2font image buffer. You can draw from this buffer into your backend.
mapguide: MapGuide Open Source
by ms_michel
& 1 other
MapGuide Open Source is a web-based platform that enables users to quickly develop and deploy web mapping applications and geospatial web services. MapGuide features an interactive viewer that includes support for feature selection, property inspection, map tips, and operations such as buffer, select within, and measure. MapGuide includes an XML database for managing content, and supports most popular geospatial file formats, databases, and standards. MapGuide can be deployed on Linux or Windows, supports Apache and IIS web servers, and offers extensive PHP, .NET, Java, and JavaScript APIs for application development. MapGuide Open Source is licensed under the LGPL.
mapguide: MapGuide Open Source
by stan
& 1 other
MapGuide Open Source is a web-based platform that enables users to quickly develop and deploy web mapping applications and geospatial web services. MapGuide features an interactive viewer that includes support for feature selection, property inspection, map tips, and operations such as buffer, select within, and measure. MapGuide includes an XML database for managing content, and supports most popular geospatial file formats, databases, and standards. MapGuide can be deployed on Linux or Windows, supports Apache and IIS web servers, and offers extensive PHP, .NET, Java, and JavaScript APIs for application development. MapGuide Open Source is licensed under the LGPL.
