Hi guys,

uCertify has some terrific treats for you this Thanksgiving! Turkey and mashed potatoes are not the only things up for gobbling this week.

Check out these incredible savings!

60% off any 6 PrepKits

55% off any 5 PrepKits

35% off any 2 Prepkits

Let’s celebrate this Black Friday with uCertify PrepKits.

HI Guys,

uCertify is getting the holiday celebrations going with its early bird, pre-Thanksgiving sale. Join the feasting with huge discounts on all uCertify PrepKits. If earning an IT certification was on your New Year’s resolution or goals for 2010, here’s a great opportunity. More than ever, IT certifications are added that extra edge you need to get a new job or keep your current one.
uCertify invites the first 100 customers to begin feasting early! Buy 3 or more Prepkits and get 40% OFF! uCertify offers home and work licence for all PrepKits – this means you are licensed to install your Prepkit on any 2 computers.

Lets earn some certification on the occasion of Early Bird.

uCertify is offering an amazing discount of upto 45%.! Check out the offer!

Any 4+ PrepKits for $64.99 each (TRIPLE WOW! That’s a 45% savings off the list price!)

Any 3 PrepKits for $69.99 each (DOUBLE WOW! That’s a 40% savings off the list price!)

Any 2 PrepKits for $72.99 each (WOW! That’s a 38% savings off the list price!)

HURRY! Feel the warmth of these great savings on any test preparation software from uCertify. This is the golden opportunity from uCertify. Time is running out so don’t wait, just go and buy your guide to the certification path.

You can also take the advantage of their additional 5% discount by joining their Facebook page! All you have to do is like their page to be entitled to this private discount.
http://www.facebook.com/Certifications?v=app_4949752878

Guys,uCertify is offering a 40% discount on all Prepkits. A user can select from extensive selection of over 300 PrepKits to help prepare for their IT certification exam(s). For a limited time only, uCertify is offering a humongous 40% discount! Buy any two PrepKits for $139.99 (compare to about $119.99 for each PrepKit!).

This time you can also take advantage of an additional discount by joining us on Facebook! All anyone have to do is like our page to be entitled to this private discount.

http://www.facebook.com/pages/ucertify/176752623633?v=app_4949752878

‘Researchers at Sophos discovered that Apple updated the anti-malware protection built-into Mac OS X when it released a new version earlier this week.

Mac OS X 10.6.4 has been updated to provide limited protection against OSX/Pinhead-B (called HellRTS by Apple), a backdoor Trojan which can allow remote hackers to gain control over Mac computers for the purposes of identity theft, spying and the distribution of spam.

This malware was distributed disguised as the iPhoto application by malicious hackers.

Sophos researchers discovered that Apple updated a file called XProtect.plist – the file that contains elementary signatures of a handful of Mac threats – to detect HellRTS.

‘

‘Facebook, Twitter and Skype are Internet behemoths, counting hundreds of millions users each, so it is not surprising that many malicious email campaigns masquerade as legitimate notices coming from these three sources.

The number of emails that try to trick recipients into downloading malicious files has surged in the last few days. Users are notified that their Twitter or Facebook password has been reset, that they should check details of purchases effected through Skype, that they have messages waiting for them, etc.

What these emails have in common is that they contain a .html file, which changes name from email to email, but always contains a a script that redirects the users to a website rife with malicious code that tries to exploit vulnerabilities in Adobe, IE and Java and through them download malware on the users’ computer.

A Bkis security researcher thinks we are witnessing the birth of a new trend. According to him, attackers will be switching to this kind malicious files for two reasons:

* A lot of people have learned by now that .exe and .zip files in attachments are probably bad news and they delete the email, but .html files have managed to avoid looking instantly suspicious.
* These .html attachments don’t contain any kind of malicious or exploit code, which makes them perfect for bypassing antivirus programs integrated in mail servers or antivirus solutions in general:

When you think about it, the file in question does the exact same thing a malicious link would do, but – once again – many users have learned not to click on those either.
‘

‘Symantec released its new security threat report which highlights key trends in cybercrime from Jan.1, 2009 to Dec. 31, 2009. In a year bookended by two very prominent cyber attacks – Conficker in the opening months of the year and Hydraq at the very end – the report reveals continued growth in both the volume and sophistication of cybercrime attacks.

Notable trends highlighted in this year’s report include:

An increase in the number of targeted threats focused on enterprises
Given the potential for monetary gain from compromised corporate intellectual property (IP), cybercriminals have turned their attention toward enterprises. The report found that attackers are leveraging the abundance of personal information openly available on social networking sites to synthesize socially engineered attacks on key individuals within targeted companies. Hydraq gained a great deal of notoriety at the beginning of 2010, but was only the latest in a long line of such targeted attacks including Shadow Network in 2009 and Ghostnet in 2008.

Attack toolkits make cybercrime easier than ever
Cybercrime attack toolkits have lowered the bar to entry for new cybercriminals, making it easy for unskilled attackers to compromise computers and steal information. One such toolkit called Zeus (Zbot), which can be purchased for as little as $700, automates the process of creating customized malware capable of stealing personal information. Using kits like Zeus, attackers created literally millions of new malicious code variants in an effort to evade detection by security software.

Web-based attacks continued to grow unabated
Today’s attackers leverage social engineering techniques to lure unsuspecting users to malicious websites. These websites then attack the victim’s Web browser and vulnerable plug-ins normally used to view video or document files. In particular, 2009 saw dramatic growth in the number of Web-based attacks targeted at PDF viewers; this accounted for 49 percent of observed Web-based attacks. This is a sizeable increase from the 11 percent reported in 2008.

Malicious activity takes root in emerging countries
The report saw firm signs that malicious activity is now taking root in countries with an emerging broadband infrastructure, such as Brazil, India, Poland, Vietnam and Russia. In 2009, these countries moved up the rankings as a source and target of malicious activity by cybercriminals. The findings from the report suggest that government crackdowns in developed countries have led cybercriminals to launch their attacks from the developing world, where they are less likely to be prosecuted.

Other ISTR highlights:

* Malicious code is more rampant than ever. In 2009, Symantec identified more than 240 million distinct new malicious programs, a 100 percent increase over 2008.
* Top threats. The Sality.AE virus, the Brisv Trojan and the SillyFDC worm were the threats most frequently blocked by Symantec security software in 2009.
* Downadup (Conficker) still very prevalent. It was estimated that Downadup was on more than 6.5 million PCs worldwide at the end of 2009. Thus far, machines still infected with Downadup/Conficker have not been utilized for any significant criminal activity, but the threat remains a viable one.
* Compromised identity information continues to grow. Sixty percent of all data breaches that exposed identities were the result of hacking. In a sign that this issue is not limited to a few larger enterprises, the Symantec State of Enterprise Security Report 2010 reported that 75 percent of enterprises surveyed experienced some form of cyber attack in 2009.
* Another turbulent year for spam. In 2009, spam made up 88 percent of all e-mail observed by Symantec, with a high of 90.4 percent in May and a low of 73.7 percent in February. Of the 107 billion spam messages distributed globally per day on average, 85 percent were from botnets. The 10 major bot networks, including Cutwail, Rustock and Mega-D now control at least 5 million compromised computers. Throughout 2009, Symantec saw botnet infected computers being advertised in the underground economy for as little as 3 cents per computer.
* Applying security patches continues to be a challenge for many users. The report found that maintaining a secure, patched system became more challenging than ever in 2009. Moreover, many users are failing to patch even very old vulnerabilities. For example, the Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness was published on August 23, 2003, and fixes have been available since July 2, 2004, yet it was the second-most attacked Web-based vulnerability in 2009.

“Attackers have evolved from simple scams to highly sophisticated espionage campaigns targeting some of the world’s largest corporations and government entities,” said Stephen Trilling, senior VP, Security Technology and Response, Symantec. “The scale of these attacks and the fact that they originate from across the world, makes this a truly international problem requiring the cooperation of both the private sector and world governments.”

The complete report is available here. ‘net-security.org

‘Qubes is an open source operating system based on Linux, which is designed to provide strong security for desktop computing. Its unique selling point is that all applications that are run on Qubes is sand-boxed from each other.

This is achieved by way of virtualization of all applications using Xen Hypervisor.

Computer systems usually provide OS security in three basic ways, namely -

1. Security by correctness,
2. Security by obscurity, and
3. Security by isolation.

Qubes OS developers have embraced the path of security by isolation. To do this Qubes utilizes virtualization technology to isolate various programs from each other. This makes Qubes OS a secure by default operating system.

The idea is that virtual machines will be created on demand, for each application and discarded after use. Industry pundits have coined a new name for it – Disposable Virtual Machine technology.’linuxhelp.blogspot.com

PHP 4 introduced a foreach construct, much like Perl and some other languages. This simply gives an easy way to iterate over arrays. foreach works only on arrays, and will issue an error when you try to use it on a variable with a different data type or an uninitialized variable. There are two syntaxes; the second is a minor but useful extension of the first:

foreach (array_expression as $value)
statement
foreach (array_expression as $key => $value)
statement

The first form loops over the array given by array_expression. On each loop, the value of the current element is assigned to $value and the internal array pointer is advanced by one (so on the next loop, you’ll be looking at the next element).

The second form does the same thing, except that the current element’s key will be assigned to the variable $key on each loop.

As of PHP 5, it is possible to iterate objects too.

Note: When foreach first starts executing, the internal array pointer is automatically reset to the first element of the array. This means that you do not need to call reset() before a foreach loop.

Note: Unless the array is referenced, foreach operates on a copy of the specified array and not the array itself. foreach has some side effects on the array pointer. Don’t rely on the array pointer during or after the foreach without resetting it.

As of PHP 5, you can easily modify array’s elements by preceding $value with &. This will assign reference instead of copying the value.
< ?php
$arr = array(1, 2, 3, 4);
foreach ($arr as &$value) {
$value = $value * 2;
}
// $arr is now array(2, 4, 6, unset($value); // break the reference with the last element
?>
This is possible only if iterated array can be referenced (i.e. is variable), that means the following code won’t work:
< ?php
foreach (array(1, 2, 3, 4) as &$value) {
$value = $value * 2;
}

?>
Warning

Reference of a $value and the last array element remain even after the foreach loop. It is recommended to destroy it by unset().

Note: foreach does not support the ability to suppress error messages using ‘@’.

You may have noticed that the following are functionally identical:
< ?php
$arr = array("one", "two", "three");
reset($arr);
while (list(, $value) = each($arr)) {
echo "Value: $value
\n”;
}

foreach ($arr as $value) {
echo “Value: $value
\n”;
}
?>
The following are also functionally identical:
< ?php
$arr = array("one", "two", "three");
reset($arr);
while (list($key, $value) = each($arr)) {
echo "Key: $key; Value: $value
\n”;
}

foreach ($arr as $key => $value) {
echo “Key: $key; Value: $value
\n”;
}
?>

Some more examples to demonstrate usages:
< ?php
/* foreach example 1: value only */

$a = array(1, 2, 3, 17);

foreach ($a as $v) {
echo "Current value of \$a: $v.\n";
}

/* foreach example 2: value (with its manual access notation printed for illustration) */

$a = array(1, 2, 3, 17);

$i = 0; /* for illustrative purposes only */

foreach ($a as $v) {
echo "\$a[$i] => $v.\n”;
$i++;
}

/* foreach example 3: key and value */

$a = array(
“one” => 1,
“two” => 2,
“three” => 3,
“seventeen” => 17
);

foreach ($a as $k => $v) {
echo “\$a[$k] => $v.\n”;
}

/* foreach example 4: multi-dimensional arrays */
$a = array();
$a[0][0] = “a”;
$a[0][1] = “b”;
$a[1][0] = “y”;
$a[1][1] = “z”;

foreach ($a as $v1) {
foreach ($v1 as $v2) {
echo “$v2\n”;
}
}

/* foreach example 5: dynamic arrays */

foreach (array(1, 2, 3, 4, 5) as $v) {
echo “$v\n”;
}
?>

The include_once() statement includes and evaluates the specified file during the execution of the script. This is a behavior similar to the include() statement, with the only difference being that if the code from a file has already been included, it will not be included again. As the name suggests, it will be included just once.

include_once() may be used in cases where the same file might be included and evaluated more than once during a particular execution of a script, so in this case it may help avoid problems such as function redefinitions, variable value reassignments, etc.

See the include() documentation for information about how this function works.

Note: With PHP 4, _once functionality differs with case-insensitive operating systems (like Windows) so for example:

Example #1 include_once() with a case insensitive OS in PHP 4
< ?php
include_once "a.php"; // this will include a.php
include_once "A.php"; // this will include a.php again! (PHP 4 only)
?>

This behaviour changed in PHP 5, so for example with Windows the path is normalized first so that C:\PROGRA~1\A.php is realized the same as C:\Program Files\a.php and the file is included just once.

Multiple files can be uploaded using different name for input.

It is also possible to upload multiple files simultaneously and have the information organized automatically in arrays for you. To do so, you need to use the same array submission syntax in the HTML form as you do with multiple selects and checkboxes:

Example #1 Uploading multiple files

When the above form is submitted, the arrays $_FILES['userfile'], $_FILES['userfile']['name'], and $_FILES['userfile']['size'] will be initialized (as well as in $HTTP_POST_FILES for PHP versions prior to 4.1.0). When register_globals is on, globals for uploaded files are also initialized. Each of these will be a numerically indexed array of the appropriate values for the submitted files.

For instance, assume that the filenames /home/test/review.html and /home/test/xwp.out are submitted. In this case, $_FILES['userfile']['name'][0] would contain the value review.html, and $_FILES['userfile']['name'][1] would contain the value xwp.out. Similarly, $_FILES['userfile']['size'][0] would contain review.html’s file size, and so forth.

$_FILES['userfile']['name'][0], $_FILES['userfile']['tmp_name'][0], $_FILES['userfile']['size'][0], and $_FILES['userfile']['type'][0] are also set.

This feature lets people upload both text and binary files. With PHP’s authentication and file manipulation functions, you have full control over who is allowed to upload and what is to be done with the file once it has been uploaded.

PHP is capable of receiving file uploads from any RFC-1867 compliant browser.

Note: Related Configurations Note
See also the file_uploads, upload_max_filesize, upload_tmp_dir, post_max_size and max_input_time directives in php.ini

PHP also supports PUT-method file uploads as used by Netscape Composer and W3C’s Amaya clients. See the PUT Method Support for more details.

Example #1 File Upload Form

A file upload screen can be built by creating a special form which looks something like this:

The __URL__ in the above example should be replaced, and point to a PHP file.

The MAX_FILE_SIZE hidden field (measured in bytes) must precede the file input field, and its value is the maximum filesize accepted by PHP. This form element should always be used as it saves users the trouble of waiting for a big file being transferred only to find that it was too large and the transfer failed. Keep in mind: fooling this setting on the browser side is quite easy, so never rely on files with a greater size being blocked by this feature. It is merely a convenience feature for users on the client side of the application. The PHP settings (on the server side) for maximum-size, however, cannot be fooled.

Note: Be sure your file upload form has attribute enctype=”multipart/form-data” otherwise the file upload will not work.

The global $_FILES exists as of PHP 4.1.0 (Use $HTTP_POST_FILES instead if using an earlier version). These arrays will contain all the uploaded file information.

The contents of $_FILES from the example form is as follows. Note that this assumes the use of the file upload name userfile, as used in the example script above. This can be any name.

$_FILES['userfile']['name']

The original name of the file on the client machine.
$_FILES['userfile']['type']

The mime type of the file, if the browser provided this information. An example would be “image/gif”. This mime type is however not checked on the PHP side and therefore don’t take its value for granted.
$_FILES['userfile']['size']

The size, in bytes, of the uploaded file.
$_FILES['userfile']['tmp_name']

The temporary filename of the file in which the uploaded file was stored on the server.
$_FILES['userfile']['error']

The error code associated with this file upload. This element was added in PHP 4.2.0

Files will, by default be stored in the server’s default temporary directory, unless another location has been given with the upload_tmp_dir directive in php.ini. The server’s default directory can be changed by setting the environment variable TMPDIR in the environment in which PHP runs. Setting it using putenv() from within a PHP script will not work. This environment variable can also be used to make sure that other operations are working on uploaded files, as well.

Example #2 Validating file uploads

See also the function entries for is_uploaded_file() and move_uploaded_file() for further information. The following example will process the file upload that came from a form.
< ?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '

‘;

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {

    echo “File is valid, and was successfully uploaded.\n”;

} else {

    echo “Possible file upload attack!\n”;

}

echo ‘Here is some more debugging info:’;

print_r($_FILES);
print “”;
?>
The PHP script which receives the uploaded file should implement whatever logic is necessary for determining what should be done with the uploaded file. You can, for example, use the $_FILES['userfile']['size'] variable to throw away any files that are either too small or too big. You could use the $_FILES['userfile']['type'] variable to throw away any files that didn’t match a certain type criteria, but use this only as first of a series of checks, because this value is completely under the control of the client and not checked on the PHP side. As of PHP 4.2.0, you could use $_FILES['userfile']['error'] and plan your logic according to the error codes. Whatever the logic, you should either delete the file from the temporary directory or move it elsewhere.
If no file is selected for upload in your form, PHP will return $_FILES['userfile']['size'] as 0, and $_FILES['userfile']['tmp_name'] as none.
The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed.
Example #3 Uploading array of files
PHP supports HTML array feature even with files.

Pictures:





< ?php

foreach ($_FILES["pictures"]["error"] as $key => $error) {

    if ($error == UPLOAD_ERR_OK) {

        $tmp_name = $_FILES["pictures"]["tmp_name"][$key];

        $name = $_FILES["pictures"]["name"][$key];

        move_uploaded_file($tmp_name, “data/$name”);

    }

}

?>
File upload progress bar can be implemented by apc.rfc1867.  
 
]]>
			http://lpilinux.com/handeling-file-uploads-in-php.html/feed
		0
		
		
		
		http://lpilinux.com/how-to-install-linux-on-iphone.html
		http://lpilinux.com/how-to-install-linux-on-iphone.html#comments
		Mon, 24 May 2010 02:47:07 +0000
		lpilinuxblog
				

		http://lpilinux.com/?p=509
		Continue reading →]]>
			
			

				

			
		
I’m pleased to announce that the Linux 2.6 kernel has been ported to Apple’s iPhone platform, with support for the first and second generation iPhones as well as the first generation iPod touch. This is a rough first draft of the port, and many drivers are still missing, but it’s enough that a real alternative operating system is running on the iPhone.
What we have:
- Framebuffer driver

- Serial driver

- Serial over USB driver

- Interrupts, MMU, clock, etc.
What we have in openiboot (but hasn’t been ported yet):
- Read-only support for the NAND
What we don’t have (yet!):
- Write support for the NAND

- Wireless networking

- Touchscreen

- Sound

- Accelerometer

- Baseband support
The current userland we’re using, in the interest of expedience, is a Busybox installation created with buildroot, but glibc works fine as well, and we’re going to build a more permanent userland solution.
A demonstration video can be seen here: http://www.vimeo.com/2373142
Instructions here: http://www.iphone-dev.org/planetbeing/LINUX-README.txt
Download here: http://91.186.26.18/iphone/files/iphonelinux-demo.tar.gz (look for mirrors in the comments)
EDIT: The instructions are missing the step that you have to select openiboot console from the menu before performing the “sudo ./oibc” step. Just be aware you have to do that if it seems like you’re not getting a response from the oibc client.
Project lead: planetbeing
Contributors: CPICH, cmw, poorlad, ius, saurik
If you’re experienced with hacking/porting Linux and especially if you’re experienced with porting Android, I’d definitely like to hear from you. Come chill in the #iphonelinux channel on irc.osx86.hu. Thanks.   
 
]]>
			http://lpilinux.com/how-to-install-linux-on-iphone.html/feed
		0
		
		
		
		http://lpilinux.com/some-linux-programming-questions.html
		http://lpilinux.com/some-linux-programming-questions.html#comments
		Mon, 24 May 2010 02:46:01 +0000
		lpilinuxblog
				

		http://lpilinux.com/?p=508
		Continue reading →]]>
			
			

				

			
		
If you don’t do any Linux programming then you may want to skip this posting!
I’m trying to do some basic game stuff under Linux and don’t really know what a reasonable way is to do them, and the cost of experimentation is very high. So I am hoping someone out there can just answer these basic questions…
    * What is a reasonable way to read mouse input? Reading X11 mouse events is not sufficient since (a) it’s had GUI acceleration applied to it, and (b) it clamps at the edges of the screen. libGII seems to be one way to do this — is it reliable and useful? Can I “ship” a game with it (to the extent that anything is shippable at all under Linux)? Are there alternatives?

    * Under X11, is there a way to constrain the mouse pointer to a window without other undesirable effects (such as stealing the focus and locking the GUI)? Last time I tried this (a couple of years ago) I couldn’t figure out a way to do it.

    * For audio output, should I be using ALSA or something else? In a past project I used SDL but the SDL audio API seemed quite lacking for serious game programming. 
 
]]>
			http://lpilinux.com/some-linux-programming-questions.html/feed
		0
		
		
		
		http://lpilinux.com/how-to-pass-rh253-exam.html
		http://lpilinux.com/how-to-pass-rh253-exam.html#comments
		Tue, 27 Apr 2010 10:57:04 +0000
		lpilinuxblog
				

		http://lpilinux.com/?p=470
		Continue reading →]]>
			
			

				

			
		
The Red Hat Network services and security Administration test measures an individual’s actual ability to install, configure, and attach a new Red Hat Linux system to an existing production network. Before taking the RH253 certification exam, you should practice the following:

Identify how concepts and well formed policy map to configuration and accountability in networking and security administration.
Implement secure access to system and network services using host-based access, SELinux, and system services management.
Secure data using fundamental encryption protocols, Public Key Infrastructure, and Digital Certificates.
Configure and utilize encrypted remote system administration tools.
 By the use of NetFilter kernel-level firewall secure access to systems and services.
 By the use of the DNS and DHCP services implement organized networked systems.
 Configure, control and secure access to FTP servers.
 Configure, control and secure access to NFS.
 Configure, control and secure access to samba server.
 Configure, implement and secure access to the Apache Web Server and Squid Proxy Cache.
 Configure, implement and secure access to the Sendmail and Postfix SMTP servers.
Account management by the use of Name Switch Service and Pluggable Authentication module.

 
]]>
			http://lpilinux.com/how-to-pass-rh253-exam.html/feed
		0