Last Friday, Richard Weait of the Ontario Linux Fest gave an Introduction to OpenStreetMap at the Cherry Hill Linux Users Group. I was quite impressed with both the presentation and OSM..
OpenStreetMap (http://www.openstreetmap.org/ ) is sometimes called the "the wiki-style map of everything". While it appears to just an open source equivalent of Google Maps and various other mapping sites, there is a crucial difference: Having the data versus having only a picture of the data. With OSM, you can get the data, not just a picture. If you want to, you can set up your own OSM server. This can be useful for some applications.
Fitting the open source ethos, OSM is being built up by the contributions of many users around the world. You don't have to be a programmer or a developer to participate. Among things people can do is to collect GPS data of roads and other features of an area, verify the information, and update the OSM data. In fact, last weekend had an OSM mapping event in Philadelphia. I could not attend but it sounded quote interesting. Maybe another time.
Meanwhile, you can see OSM events and meetings around the world, as well as learn more about OSM, at the OpenStreetMap Wiki.
OpenStreetMap (http://www.openstreetmap.org/ ) is sometimes called the "the wiki-style map of everything". While it appears to just an open source equivalent of Google Maps and various other mapping sites, there is a crucial difference: Having the data versus having only a picture of the data. With OSM, you can get the data, not just a picture. If you want to, you can set up your own OSM server. This can be useful for some applications.
Fitting the open source ethos, OSM is being built up by the contributions of many users around the world. You don't have to be a programmer or a developer to participate. Among things people can do is to collect GPS data of roads and other features of an area, verify the information, and update the OSM data. In fact, last weekend had an OSM mapping event in Philadelphia. I could not attend but it sounded quote interesting. Maybe another time.
Meanwhile, you can see OSM events and meetings around the world, as well as learn more about OSM, at the OpenStreetMap Wiki.
J.D. Abolins
- Mood:
tired
Slashdot had a thread yesterday about this device & software. I've not seen the package myself.
http://mobile.slashdot.org/
Neopwn: <http://www.neopwn.com/> says:
http://mobile.slashdot.org/
Neopwn: <http://www.neopwn.com/> says:
Pocket Pentesting(The mobile phone will only work with GSM networks that require SIMs.)
Running on a well balanced mix of open source hardware and network security testing software, NeoPwn has been a long awaited pocket penetration testing platform. This is the first ever network auditing distribution for a mobile phone.
The NeoPwn uses the base platform of the Openmoko Neo Freerunner, which offers USB WLAN support, a GPS Modem, a GPRS Modem for cellular connectivity, and an CSR based Bluetooth module. The USB hostmode will also allow for a range of other devices and peripherials.
Neopwn runs on an optimized FULL custom Debian operating system that boots off of a microSD card with a custom Linux kernel, with a vast support range for module drivers, allowing the network security tester the ability to perform various network penetration auditing tasks that are normally carried out on a notebook or desktop workstation.
The complete mobile phone & software packages run from about 700 USD to 1,000 USD. They have less expensive packages minus the phone.
Even if you don't buy a Neopwn mobile, their software listing can be useful for building a collection of free/open source software pen-test tools.
J.D. Abolins
- Mood:
awake - Music:Zot Nit Keynmol (Song of the Warsaw Ghetto) - Paul Robeson
Harlan Carvey is a very knowledgeable fellow about computer forensics, especially WIndows forensics. I've seen several of presentation at the RCFG GMU conferences. His books -- Windows Forensic Analysis and Perl Scripting for IT Security Professionals -- are worth checking out. if you are interested in computer forensics.
Also worth checking out is his Windows Incident Response blog. Even if you don't work with Windows, this blog has many good postings insights applicable beyond Windows alone. Here are couple of particular useful ones for people seeking to get into computer forensics:
1. Getting started, or forensic analysis on the cheap gives an excellent list of free (cost-free) tools. At the end, Carvey adds this important point about computer forensics: "Also, all of the technical tools and techniques are for naught if you (a) cannot follow a process, and (b) cannot document what you do." I am by no means a computer/network forensics expert but I have seen enough things to say he is quite correct.
2. Getting start, pt II isuggests using the free cheap tools as a resource for the interview process when hiring people for computer forensics work. I particularly like this:
Also worth checking out is his Windows Incident Response blog. Even if you don't work with Windows, this blog has many good postings insights applicable beyond Windows alone. Here are couple of particular useful ones for people seeking to get into computer forensics:
1. Getting started, or forensic analysis on the cheap gives an excellent list of free (cost-free) tools. At the end, Carvey adds this important point about computer forensics: "Also, all of the technical tools and techniques are for naught if you (a) cannot follow a process, and (b) cannot document what you do." I am by no means a computer/network forensics expert but I have seen enough things to say he is quite correct.
2. Getting start, pt II isuggests using the free cheap tools as a resource for the interview process when hiring people for computer forensics work. I particularly like this:
The whole point of the use of these tools and techniques as training and evaluation resources would be to get analysts thinking and processing information beyond the point of "Nintendo forensics", going beyond pushing a button to get information...because how do you know if the information you receive is valid or not? Does it make sense? Is there a way to dig deeper or perhaps validate that information, or is there a technique that will provide validation of your data?Amen!
Jonathan "J.D." Abolins
- Mood:
determined - Music:Fire of Freedom - Black 47
Jeff Atwood on Coding Horror blog reports a serious problem with G-Archiver, a Windows program for archiving GMail mailboxes. Dustin Brooks had emailed Atwood his discovery that the software was sending users' GMail login credentials to a GMail account hard coded in the software.
Atwood states, " I generally try to give people the benefit of the doubt, but it's difficult to imagine any scenario where this isn't a completely malicious violation of people's trust." Various other bloggers seem to agree.
Looking at G-Archiver's Web site, I see a warning for people not to use the version 1.0 release. They will be soon releasing a version "that corrects the flaw". (Flaw is rather mild term for the bad code.) G-Archiver is also apologising for the bad code:
We place much trust in software providers. Even more if their software is closed source.
But, we free/open source software supporters shouldn't get cocky. Most of us don't examine the source code of all our tools. (Yes, I am speaking for myself when I say this.) Still, the odds, are better that somebody will look at the open source code than the closed source. Sometimes, the source code examination occurs because a person wants to learn how the program works so he can build upon it. This seems to be what motivated Dustin Brooks, a programmer, to analyse G-Archiver with Reflector. Open source makes analysis easier and more likely to spot problems.
Finally, this incident is a horror story hinting that we can use testing methods and sample data that are less likely to cause problems if they slip into the final release. I recollect the unverified story of the "Dear Rich Bastard" test string that slipped into a real mass mailing to a bank's customers. Humour is great but some forms in testing might not have people laughing if they slip out.
Atwood states, " I generally try to give people the benefit of the doubt, but it's difficult to imagine any scenario where this isn't a completely malicious violation of people's trust." Various other bloggers seem to agree.
Looking at G-Archiver's Web site, I see a warning for people not to use the version 1.0 release. They will be soon releasing a version "that corrects the flaw". (Flaw is rather mild term for the bad code.) G-Archiver is also apologising for the bad code:
<< What happened was that a member of our development team had inserted coding used for testing G-Archiver in the debug version and forgot to delete it in the final release version.Although it is good G-Archiver is trying to resolve the problem, this incident raise various issues of trust. For example, what happened with quality control code checks before releasing the final version?
We sincerely apologize and assure you that this coding mishap was in no way intentional. >>
We place much trust in software providers. Even more if their software is closed source.
But, we free/open source software supporters shouldn't get cocky. Most of us don't examine the source code of all our tools. (Yes, I am speaking for myself when I say this.) Still, the odds, are better that somebody will look at the open source code than the closed source. Sometimes, the source code examination occurs because a person wants to learn how the program works so he can build upon it. This seems to be what motivated Dustin Brooks, a programmer, to analyse G-Archiver with Reflector. Open source makes analysis easier and more likely to spot problems.
Finally, this incident is a horror story hinting that we can use testing methods and sample data that are less likely to cause problems if they slip into the final release. I recollect the unverified story of the "Dear Rich Bastard" test string that slipped into a real mass mailing to a bank's customers. Humour is great but some forms in testing might not have people laughing if they slip out.
J.D. Abolins
- Mood:
calm
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
