Raesene's Ramblings

well I've picked up a new thing to learn about...
Ruby and Ruby on Rails (RoR).. so here's some info. that I've found so far
Start here - cool article on Rails http://www.onlamp.com/pub/a/onlamp/2005/01/20/rails.html
Rails Site - http://www.rubyonrails.org/
Ruby links
http://www.ruby-lang.org/en/
http://www.rubygarden.org/ruby - Ruby Garden Wiki
Ruby Eclipse Plug-in
http://www-128.ibm.com/developerworks/opensource/library/os-rubyeclipse/?ca=dgr-lnxw07Ruby4Eclipse
http://rubyeclipse.sourceforge.net/
a handy Ruby on Rails Cheetsheat

Mark's Sysinternals Blog: Circumventing Group Policy as a Limited User
Excellent post from the sysinternals blog about how windows enforces certain restrictions using group policy and a relatively easy way to bypass them in most circumstances.

I've been looking for a good music player/jukebox for a while and, hopefully, I've found one which meets all the criteria !
* plays OGG files
* has a jukebox/library feature which reads tags (without crashing!)
* cross-platform, preferably
looks like zinf's my man.

Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far
A great example of how to track down a rootkit on a windows system. Also very interesting to see that the rootkit in question came from a Sony Audio CD!!
Important to watch out for this kind of protection on audio CD's and avoid buying them!.

Sunbelt BLOG: WarXing
It's interesting to see a legal opinion on the items relating to wireless networking..
the opinion seems to be "don't connect to someone else's wireless and if you do don't download a lot of traffic"
My (and IANAL) opinion is that this line of thinking applies if the person is aware that they're connecting to a network that they shouldn't, but there are two points which make this a lot less clear.
1) there are a number of legitmately free wireless networks and more municipal wi-fi connections appear to be being setup. So how is a non-technical user meant to know whether the network they've connected to is free or not?
2) Operating system and client software behaviour may not help. windows xp (pre-sp2) will by default connect to wireless networks that are available, so is a user responsible if that connection is made..?
And where a case where someone has deliberately and knowingly connected to a wireless network that they shouldn't have, how is the legal system meant to determine that they did know and didn't think that they'd connected to a legitimately free network...?

Web Threats Keep Users Away
this story covers the results of a survey from webwatch, which indictates that people are cutting back on spending online as a result of fears about identity theft and phishing.
I think this kind of swing is one that a lot of companies (like banks) who save a lot of money as more of their customers transact over the net, will be very worried about. If their customers start returning to using other channels like phone banking or branch banking, then that's likely to have a real impact on the bottom line for the companies involved...
One outcome I think it likely is a return of the AOL style "walled garden" Internet where only specific, vetted, sites are available to the user, with the service provider providing some assurance over the content...
Ordinary users are not and don't want to be savvy enough in the ways that the Internet works to be able to reliably detect phishing scams and to keep spyware off their PC's. As a result, if the environment on the 'net keeps getting more hostile, it will be better for the ordinary users to take the hit and lose access to a lot of sites, in exchange for a greater level of safety...

ElseNot Project ~ History of Microsoft Exploits and Security Bulletins
Link to a useful site with a list of all the publicly available exploits for a given MS bulletin.

Perl.com: Web Testing with HTTP::Recorder
Tutorial on HTTP::Recorder module for perl. To an extent this is the functionality that you can get from webscarab or burp, but looks like it could be handy all the same...

CNET News.com's Blog 100
Cool list over at CNET of 100 top blogs (ITHO). Some interesting ones to add..

Justice versus legality - the case of Daniel Cuthbert | Samizdata.net
some coverage here of the case of Daniel Cuthbert who's been convicted of breach of the Computer Misuse Act for (if the articles I've read are accurate) putting ../../../ into a URL to see if a site he'd just given his credit card to was insecure..
I'm in two minds about this case, on the one hand he shouldn't have done that really it could be construed as an attack and he should've realised that it would trip IDS (although how quiet must they've been in the BT offices that they were investigating ever IDS alarm of that type!)
On the other hand, the Internet is a public place and websites are public resources by definition (unless they have access control configured). what concerns me is that people accessing websites in unusual ways run the risk of being prosecuted.. for example if they see a parameter in a URL and think "I'll just skip ahead by changing that by 5 instead of clicking forward 5 times" ... is that a breach of the computer misuse act..?
also it's waaay to easy to abuse this kind of thing.. how long before someone sends an email with a link which has something like "../../../" in it , causing a recipient who clicks it to appear to be a "hacker"...
Not sure either of those are great reasons, but this case does make me feel uncomfortable for some reason.