Practical Technology

for practical people.

April 25, 2008
by sjvn01
0 comments

CAPTCHA Meltdown

It seems like it was the just the other day that I was writing about how CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) was quickly becoming completely useless for Web security. Actually, it was just the other day-two days ago-but I was wrong. CAPTCHA is already completely useless.

I found the proof of this in the Web security company WebSense’s Sumeet Prasad, a threat analyst, latest blog. There, he declared that there’s now a botnet-based program that can beat Google’s Blogger CAPTCHA.

The program’s not terribly good at breaking Blogger’s CAPTCHA. WebSense estimates it has an 8% to 13% success rate and it takes about 35-seconds per attempt. But, with hundreds to thousands of zombied home PCs doing nothing but trying to create fake blogs, the program doesn’t have to be very good at it.

More >

April 24, 2008
by sjvn01
0 comments

Sorry, I’m not feeling social today

Please. I don’t want to Link In with you today. I don’t want to see your Face, or read your Book. It’s not that I don’t like you. I do. I’d Twitter with you anytime. It’s just that if I get asked to join one more social network, I’m going to scream.

You wouldn’t like that. I wouldn’t like that.

I get social networking. I really do. I’ve been a member of online communities since the 80s. I’ve managed mailing lists using LISTSERV and Mailman; supervised online discussion groups on CompuServe; and I use LinkedIn and Facebook on a regular basis. I’m also on, but almost never use, Plaxo; Twitter and half-a-dozen others that I don’t even recall joining.

These networks have been invaluable to me over the years for maintaining friendships over thousands of miles and years of time; finding both freelance and fulltime work; and sharing good times and bad times with those who are near and dear to me. So, please understand me when I say, in the nicest possible way, “Enough is enough! Do not; do not ask me to join another social network!”

More >

April 23, 2008
by sjvn01
1 Comment

OLPC: It’s about the Kids, not Open Source

People have been in a tizzy over recent executive changes at the OLPC (One Laptop per Child) project, but its founder, Nicholas Negroponte, in an e-mail to the group’s members on April 23rd wrote, “As we reach out to engage a wider community, some purism has to morph into pragmatism.”

Things started heating up at OLPC when Walter Bender, the former president of software and content, was first moved to the job of director of deployment. This was seen by some, such as OLPC Director of Security Ivan Krsti, as a demotion. Because of this, and what Krsti saw, as he described in his blog as “a drastic internal restructuring coupled with what, despite official claims to the contrary, is a radical change in its goals and vision,” Krsti resigned from OLPC in mid-March.

Continue Reading →

April 23, 2008
by sjvn01
0 comments

Can CAPTCHA be saved?

You may not know the term, “CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart),” but you’ve used it.

You may not, however, be using it for much longer. Every time you’ve had to puzzle out the letters and numbers from a distorted, scrambled jumble before you can sign up for a new Web services account, such as Live Hotmail, Yahoo Mail, and Gmail or post a story on an online discussion systems like Digg, you’ve used CAPTHCHA.

It’s meant to make sure that you’re a real person and not a bot seeking to spread malware and spam. For a while CAPTHCHA worked. If you’re like me, you found it annoying, because there were times when you couldn’t tell the difference between ‘s’ and ‘S’ either. Still, even though it was, and is, a pain, I was willing to put up with it since it actually did help block spammers.

The key word above is ‘did.’ In late 2007, hackers started getting some success against CAPTHCA schemes. By January 2008, Yahoo Mail was cracked; Hotmail was crunched in early April; and Gmail was cut open in April.

More >

April 22, 2008
by sjvn01
0 comments

KDE and GNOME Buddy Up

Who would have believed it in 2004? KDE and GNOME, the two major Linux desktop interfaces, buddying up and having their annual meetings together? It would have been easier to believe in cats and dogs signing a permanent peace treaty. Believe it.

The two once bitter rivals for the Linux desktop have agreed to co-host Akademy and GUADEC, KDE and GNOME’s main conferences in the summer of 2009.

Continue Reading →

April 22, 2008
by sjvn01
0 comments

Can we please stop Cross-Site Scripting Attacks?

You’d think the Web designers and masters of a major presidential campaign site would get it right wouldn’t you? I mean, they’re running these sites to convince voters to get their person into the White House right? Isn’t that worth a little time and trouble to make sure that the site isn’t easily crackable?

Well, as anyone who tried to visit Sen. Barack Obama’s campaign site’s community area over the weekend only to find themselves visiting Sen. Clinton’s site knows the answer is “no.”

It’s not just Obama’s techies though. It seems that’s Hillary’s site is also ripe for the picking, but so far, to the best of my knowledge, no one’s done it. Yet.

More >