• SuperTuxKart’s Online Multiplayer is Ready for Testing

    SuperTuxKart online multiplayer is ready for testing! The SuperTuxKart dev team has announced a new beta version of the karting game that features long-awaited and eagerly-anticipated feature online racing support. SuperTuxKart online multiplayer lets you: Race against other players worldwide in LAN or WAN games Multiple game modes, inc. regular race and ‘capture the flag’ Easily host a game […] This post, SuperTuxKart’s Online Multiplayer is Ready for Testing, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.

  • Bolorsoft CEO and consultant discuss Unicode standard of Mongolian script – The UB Post
    27 avr. 2018
    (note : je reprends tout le texte ici car le format de Pressreader est très pénible, le UB Post n’a plus l’air d’être en ligne en version html et l’adresse ci-dessus n’a pas l’air très spécifique)

    Mon­gol News sat down with Founder of Bolor­soft Co. S.Badral and Con­sul­tant of Bolor­soft T.Jamiyansuren to dis­cuss the in­ter­na­tional stan­dard for Mon­go­lian script. Last week, they at­tended the Uni­code tech­ni­cal com­mis­sion meet­ing in San Jose, Cal­i­for­nia, USA to im­prove the ex­ist­ing Mon­go­lian script stan­dard/pho­netic model.

    $The public has just re­cently be­come aware of the con­tro­ver­sial sit­u­a­tion con­cern­ing the im­prove­ment of in­ter­na­tional stan­dard for Mon­go­lian script, which is whether to en­code with Mon­go­lian pho­netic model or with graphetic, like that used to en­code Chi­nese char­ac­ters. Since you have par­tic­i­pated in these dis­cus­sions, would you please give our read­ers in­for­ma­tion re­gard­ing this is­sue?

    *S.Badral: Uni­code is a com­pany of in­ter­na­tional char­ac­ter en­cod­ing stan­dards. It’s an in­te­grated consortium of cor­po­ra­tions which de­velop the en­cod­ing stan­dards for all the scripts in the world. In other words, it pro­duces one com­pre­hen­sive stan­dard which identifies the com­puter codes for Latin “a”, Cyril­lic “a”, Mon­go­lian “a”, and Chi­nese char­ac­ters. If the script in ques­tion is not en­coded by Uni­code stan­dards, all the global play­ers, such as Face­book, Google, Adobe, Ap­ple, Mi­crosoft, and IBM, would not sup­port it. That means the script will not be sup­ported on any op­er­at­ing sys­tem, com­puter, or phone. Al­though Mon­go­lian script was first en­coded based on a pho­netic model in 2000, small un­solved is­sues have caused it to drag out with­out a so­lu­tion for 17 to 18 years.

    So, dur­ing the Uni­code tech­ni­cal com­mis­sion meet­ing in Ho­hhot last Septem­ber, it was al­most de­cided that the cur­rent model is com­pletely wrong and a graphetic model de­vel­oped by Chi­nese ex­perts Liang Hai and Shen Yilei was nearly adopted. At that time, we flatly op­posed, say­ing, “Mon­go­lian script has let­ters, and it’s writ­ten by its pho­net­i­cally.

    ...In this last meet­ing, we have achieved our ob­jec­tive for the past few years and de­fended our her­itage...

    There­fore, we need to im­prove the ex­ist­ing pho­netic model in­stead of adopt­ing graphetic en­cod­ing”. With sup­port from the In­ner Mon­go­lian party, the graphetic model was not ap­proved. In this meet­ing too. Our dis­cus­sion re­volved around aban­don­ing the pho­netic model and chang­ing to the graphetic model.

    T.Jamiyansuren: Had we ap­proved the Uni­code stan­dard for Mon­go­lian script as the graphetic model that the Chi­nese de­vel­oped, it would’ve then been dis­cussed and ap­proved at the ISO in­ter­na­tional stan­dard meet­ing, and ev­ery­thing would’ve been over. Be­cause these two meet­ings were sched­uled right af­ter an­other, we tried very hard to not take it to the ISO meet­ing. That Uni­code tech­ni­cal com­mis­sion meet­ing was al­most like war.

    Do any state rep­re­sen­ta­tives take part in these im­por­tant meet­ings? What is the par­tic­i­pa­tion of the Mon­go­lian state and govern­ment in this in­ter­na­tional dis­cus­sion con­cern­ing na­tional script and cul­ture?

    S.Badral: Pre­vi­ously, rep­re­sen­ta­tives from the Agency for Stan­dard­iza­tion and Metrol­ogy and the In­sti­tute of Lan­guage and Lit­er­a­ture at the Mon­go­lian Acad­emy of Sci­ences reg­u­larly at­tended these meet­ings. But we don’t know why the is­sue has got­ten to this point. Be­fore we went to Ho­hhot in Septem­ber 2017, we viewed that the fu­ture of Mon­go­lian script re­lates to the na­tional in­ter­ests and in­tel­lec­tual in­de­pen­dence of Mon­go­lians and con­tacted the pres­i­dent. Pres­i­dent Kh.Bat­tulga then met us within 10 days of our re­turn, called the rep­re­sen­ta­tives of rel­e­vant or­ga­ni­za­tions, and or­dered them to ur­gently take nec­es­sary mea­sures. We de­ter­mined that an ac­tion plan to im­prove the Mon­go­lian scripts pho­netic model will be de­vel­oped by the Com­mu­ni­ca­tions and In­for­ma­tion Tech­nol­ogy Author­ity (CITA) and ap­proved by the Agency for Stan­dard­iza­tion and Metrol­ogy, and formed a work­ing group.

    How­ever, the work­ing group did noth­ing be­cause they didn’t have a bud­get. The Na­tional Se­cu­rity Coun­cil obliged them to send a re­port ev­ery week, but we have no idea what re­port was given or what work was done. The agency tried to dis­cuss the fund­ing is­sue in a govern­ment meet­ing, but was post­poned. By then, the bud­get dis­cus­sion had al­ready been con­ducted, hence, no so­lu­tion. Ba­si­cally, they took this is­sue very idly.

    Govern­ment Memo No. 54 was passed. In there, they as­signed six agen­cies to take care of the ex­e­cu­tion and fund­ing of this is­sue, three for each. While the Mon­go­lian script en­cod­ing im­prove­ment is­sue was bounced be­tween state or­ga­ni­za­tions like a ten­nis ball, it was time for the sched­uled meet­ing.

    T.Jamiyansuren: Ap­prox­i­mately 20 days be­fore we left, an­other work­ing group was es­tab­lished by the Min­istry of Ed­u­ca­tion, Cul­ture and Sci­ence, and they held a meet­ing. Dur­ing that meet­ing, there was some kind of talk, “What do we do . Ei­ther we give S.Badral and T.Jamiyansuren a state as­sign­ment, or no­tify them that they do not rep­re­sent the state”. A let­ter was sent to the Uni­code tech­ni­cal com­mis­sion stat­ing, “These two men do not have the right to rep­re­sent the state,” and that a per­son named Enkhdalai will be com­ing. Those two men have just re­turned from par­tic­i­pat­ing in that meet­ing. But po­lit­i­cal sug­ges­tions and con­clu­sions do not af­fect the Uni­code tech­ni­cal com­mis­sion meet­ing. They sent a per­son called Enkhdalai with a po­si­tion of con­sul­tant at CITA. We were in­tro­duced at the meet­ing.

    Did the Mon­go­lian rep­re­sen­ta­tives first met each other once they were at the meet­ing?

    S.Badral: Yes. We had ar­rived two days be­fore, met our trans­la­tor, and care­fully pre­pared the is­sues of con­cern and presentations. Uni­code tech­ni­cal com­mis­sion chose Gan­ba­yar Gan­sukh (G.Gan­ba­yar), a man who lives in Ok­la­homa, as our trans­la­tor. On our end, it was un­clear who was go­ing to voice the state po­si­tion even a week be­fore the meet­ing.

    T.Jamiyansuren: Uni­code Consortium be­lieved that CITA is of im­por­tance and had them at­tend as a li­ai­son mem­ber. The re­spon­si­bil­i­ties should be even higher in re­gard to this.

    Did you in­tro­duce a Mon­go­lian pho­netic model that you de­vel­oped your­selves, dur­ing the meet­ing?

    S.Badral: How could we have the Mon­go­lian script en­coded graphet­i­cally, like that of Chi­nese char­ac­ters on our watch? So, I and T.Jamiyansuren dis­cussed and co­op­er­ated with Mon­go­lian script ex­pert Lkhag­va­suren, and pre­pared a pre­sen­ta­tion on ways to im­prove the pho­netic model. We dis­cussed the dis­ad­van­tages of the ex­ist­ing model and ways to fix it, and proved it with a re­al­is­tic ex­am­ple. Af­ter three days of the meet­ing, the Uni­code tech­ni­cal com­mis­sion had a pos­i­tive at­ti­tude and said, “If we re­ally fix it like this, the model will be eas­ier and bet­ter”. That’s be­cause the graphetic model con­tains only char­ac­ters and not let­ters, which makes it com­pli­cated to sort, cat­e­go­rize, and de­velop etc. There would be many prob­lems such as iden­ti­fy­ing the text and spellcheck­ing it. The pro­posed graphetic model was not even for the clear Mon­go­lian script drawn, so it was hard for the user to write with the word in mind or even the root of the word . For in­stance, the “a” and “e” at the be­gin­ning, mid­dle, and end of a word, and “n”, were to be writ­ten by press­ing one “teeth” or aleph, and the “crown”, “tooth”, and “tail” (el­e­ments of Mon­go­lian script writ­ing) were to be au­to­mat­i­cally man­aged. This might break the Mon­go­lian think­ing and one but­ton will eas­ily break from too much pres­sure. I think the Uni­code tech­ni­cal com­mis­sion peo­ple started to un­der­stand it. The In­ner Mon­go­lians on the other hand, sug­gested to de­velop both the graphetic and pho­netic mod­els, maybe be­cause they were in a rush to de­cide on some so­lu­tion to pre­vent fur­ther drag out, or they lost faith in the pho­netic model.

    Any­how, main­tain­ing the pho­netic model which was to be aban­doned, fix­ing its bugs, and hav­ing a de­ci­sion made for it to be de­vel­oped with pref­er­ence is a big achieve­ment.

    So the rep­re­sen­ta­tives lis­tened to you and ac­knowl­edged your pre­sen­ta­tion. Isn’t the mes­sage “They don’t rep­re­sent the state” a way of sav­ing their skin in case some­thing went wrong?

    S.Badral: It just looks like that. Since last Septem­ber, that’s the stance our govern­ment held. In the first work­ing group meet­ing of the Min­istry of Ed­u­ca­tion, Cul­ture and Sci­ence, CITA rep­re­sen­ta­tives kept say­ing, “It’s not suit­able for pri­vate com­pany rep­re­sen­ta­tives be in­cluded in a state work­ing group, that’s pri­vate party in­ter­est,” so I even re­moved my­self from the work­ing group (laughs).

    T.Jamiyansuren: Be­cause the is­sue couldn’t have been qui­eted down, they had to send some­body as a rep­re­sen­ta­tive, which hap­pened to be Enkhdalai, as a con­sul­tant at CITA. I had the im­pres­sion that that per­son read and re­searched quite a lot too. But it’s not ef­fec­tive to have some­one who’s in­ter­ested in the Uni­code stan­dard of Mon­go­lian script read ready pre­pared ma­te­ri­als and retell them. You have to be metic­u­lous with your words, and be able to prove your point. His few un­sure words dur­ing his pre­sen­ta­tion had Chi­nese ex­perts stand up and say, “This is ex­actly why there should be a graphetic model”. Of course, it was not easy to give this much work in tight sched­ule to a per­son who lacked ex­pe­ri­ence.

    Peo­ple are say­ing that the Mon­go­lian govern­ment will pay at­ten­tion to our na­tional script be­fore the next Au­gust meet­ing to pre­vent the graphetic model from be­ing en­coded. Is there re­ally such dan­ger, or is ev­ery­thing be­hind us now?

    S.Badral: If we hadn’t given a pre­sen­ta­tion at this last meet­ing and changed the com­mis­sion’s un­der­stand­ing, our Mon­go­lian script re­ally would have been en­coded graphet­i­cally. But now, the Uni­code tech­ni­cal com­mis­sion has de­cided to de­velop both mod­els to ra­tio­nally solve the is­sue. That means we have to fix and im­prove our pho­netic model and in­tro­duce it to use. Even a sin­gle sym­bol can­not be changed once it’s reg­is­tered in the Uni­code stan­dard. There­fore, there’s a strict rule that we have to fix with­out chang­ing the pre­vi­ous one. In the meet­ing, we in­tro­duced a pos­si­ble so­lu­tion that we can im­prove it like that. So our govern­ment has to take care of this is­sue for this to con­tinue on a big­ger scale. We wouldn’t beg them if it was only tech­ni­cal work, but it’s re­lated to so­ci­ety, cul­ture, and pol­i­tics.

    T.Jamiyansuren: Some who un­der­stands the sig­nif­i­cance of this meet­ing are right when they say, “This was like the mod­ern Khi­agt agree­ment”. This is a mat­ter of whether Mon­go­lian script will ex­ist for the next five years, 500, or 5,000. When the rep­re­sen­ta­tives were asked for their opin­ion on the lo­ca­tion and time of the next meet­ing, In­ner Mon­go­lians sug­gested to ur­gently hold it in Ho­hhot, af­ter two months. But the Uni­code tech­ni­cal com­mis­sion head said, “The next meet­ing will be held at least six months later. There’s a sug­ges­tion to or­ga­nize it in Ulaan­baatar,” while our state rep­re­sen­ta­tive stayed quiet. We couldn’t, so we voiced our opin­ion. In other words, there will be a Uni­code meet­ing re­gard­ing this is­sue in Ulaan­baatar, at the end of Septem­ber. If it’s or­ga­nized well, it’s not ours but Mon­go­lia’s name that will bear the good name.

    It seems like we are greedy, hear­ing that the Chi­nese have de­vel­oped the graphetic model and en­code the Mon­go­lian script, when we don’t even use the Mon­go­lian script our­selves. There are some who say to stop co­op­er­a­tion with the Chi­nese and de­velop the script alone. What do you say about this?

    S.Badral: Lan­guages ex­ist through the use of its script. In the mod­ern times, peo­ple’s writ­ing has trans­ferred from hand­writ­ten notes to typ­ing on a com­puter or a phone. As for Mon­go­lian writ­ing, it has slipped into the list of en­dan­gered lan­guages be­cause there is no dig­i­tal us­age and no op­por­tu­nity to cre­ate con­tent. How can dig­i­tal con­tent be cre­ated when the Uni­code stan­dard of 18 years has a big prob­lem. There­fore, this is­sue will be im­me­di­ately fixed and in­tro­duced into use like Cyril­lic and Latin al­pha­bets. In terms of pos­ses­sion, it shall be­long to those who use it. In other words, Mon­go­lian script is not the prop­erty of Outer or In­ner Mon­go­lians. There could be Amer­i­cans, Ger­mans, British, Bel­gians, Ira­ni­ans, or peo­ple of any other coun­try who have stud­ied and uses Mon­go­lian script. They have the right to learn and use what­ever lan­guage and script they please. It’s im­por­tant we pro­vide that op­por­tu­nity. That’s why these in­ter­na­tional rep­re­sen­ta­tives are putting this much ef­fort into in­tro­duc­ing the Mon­go­lian script in dig­i­tal use. This script is a very im­por­tant world cul­tural her­itage.

    Why are you putting this much ef­fort and heart for the Mon­go­lian script?

    S.Badral: As for me, I’m a mem­ber of the Uni­code tech­ni­cal com­mis­sion Work­ing Group (WG)-2 and vol­un­teer of the WG3. I re­ceive in­for­ma­tion about this be­fore oth­ers. I’ve seen this as my civic du­ties and re­ported it to the state and govern­ment. Sec­ondly, Bolor­soft is a dig­i­tal lin­guis­tics com­pany. Mon­go­lians know that we have re­leased many prod­ucts re­lated to Mon­go­lian lan­guage and script. Al­though Cyril­lic writ­ing pro­grams are in the mar­ket, most users don’t know that it is based on Mon­go­lian script. That’s why we can’t aban­don it.

    Bolor­soft Co. is con­sid­ered a ma­jor provider in the de­vel­op­ment of Mon­go­lian script at Uni­code Consortium. That’s be­cause we were the first to cre­ate the Uni­code font for Mon­go­lian script and have it li­censed. This field was stag­nant since 2013, un­til we solved the Uni­code stan­dard for Mon­go­lian script is­sue. But those fonts be­came the be­gin­ning of big cor­po­ra­tions such as Google and Mi­crosoft. So, Uni­code Consortium al­ways invites us to their in­ter­na­tional meet­ings. We try to at­tend these meet­ings con­stantly to voice the in­ter­ests of Mon­go­lia, but we can’t al­ways due to the ex­pen­di­ture. But I see that there are peo­ple who are jeal­ous and spread ru­mors that we are try­ing to make money us­ing Mon­go­lian script. That’s the only thing they talked about in the last six months, politi­ciz­ing it. On the other hand, we are work­ing for Mon­go­lia’s in­ter­ests.

    If we were seek­ing profit from this, we wouldn’t be us­ing ar­ti­fi­cial in­tel­li­gence to de­velop Mon­go­lian lan­guage and writ­ing, but fi­nan­cial de­vel­op­ment. We are one of the first Mon­go­lian com­pa­nies de­vel­op­ing and us­ing ar­ti­fi­cial in­tel­li­gence. In this last meet­ing, we have achieved our ob­jec­tive for the past few years and de­fended our her­itage.

    • Débats et choix « techniques » (!) sur l’adaptation de l’écriture mongole ancienne en Unicode. Qui, de fait, ne fonctionne pas du tout.

      Une partie du problème vient du fait que l’écriture ancienne transcrit un état… ancien (voire très ancien) de la langue un peu comme ce qu’est le français médiéval au français moderne.

      La transcription en cyrillique, seule forme officielle de 1941 à 1990 a pratiquement éradiqué l’écriture traditionnelle qui n’était plus connue que de quelques érudits. Du moins, en Mongolie, car de son côté la Chine a conservé l’écriture ancienne pour la Mongolie Intérieure. Pendant la période « soviétique », les seuls documents en écriture ancienne provenaient donc de Hohhot (parfois Hu Hu Hot, à la mongole-chinoise, Khukh Khot, à la mongole).


  • Merging Pacific Storms Could Produce 17-Meter Wave Heights – gCaptain

    Post-Tropical Hurricane Force Storm Lan will move rapidly northeast and transfer its energy to a developing storm low that will move towards the southwestern Bering Sea and western Aleutian islands.

    This developing storm will deepen very rapidly to a dangerous 939 millibars hurricane force storm creating winds of 55 to 75 knots and seas building 36-56 feet (11-17 meters) within 360 NM SE and 420 NM SW of the center within 24-36 hours. This will create a dangerous situation for ship traffic steaming along northern Pacific routes.

    Check out the 17-meter wave heights! Remember, significant waves heights is based on the average height of the tallest one third of the waves, so individual waves can be much taller!

  • USS John S. McCain Rerouted to Philippines After Developing Hull Crack During Heavy Lift to Japan -USNI News – gCaptain

    The USS John S. McCain seen loaded aboard the heavy lift transport vessel MV Treasure.
    U.S. Navy Photo

    The heavy lift vessel carrying the damaged USS John S. McCain to Japan has been rerouted to the Philippines after the destroyer developed a small crack in its hull during transit, the U.S. 7th Fleet has confirmed to USNI News.

    The change of plans comes after crews noticed that the destroyer had developed a crack “about four inches long on the starboard side, amidships” with an accompanying small dent, 7th Fleet spokesperson, Cmdr. Clay Doss, told USNI News.

    The guided-missile destroyer USS John S. McCain (DDG 56) is loaded aboard the heavy lift transport MV Treasure.

    John S. McCain is being transported from Singapore to Fleet Activities Yokosuka, where the destroyer will be repaired following its collision with a tanker off Singapore on August 21. The loading took place October 6 in the waters off Singapore. 

    AIS showed the MV Treasure anchored in Subic Bay as of Monday.

    Once pier side, experts will inspect the crack and determine if any additional repairs are needed before continuing to Yokosuka,” Doss said.

    The crack developed as the vessels ran into heavy weather from Typhoon Lan.
    It’s unclear if the crack will impact the Navy’s plans for repairing the destroyer.

    An investigation is underway to determine the facts and circumstances of the collision.

  • Lynx Users Guide v2.7

    Le plus ancien web browser encore en service est toujours d’actualité. A l’époque du #paywall il permet de contourner pas mal d’obstacles parce qu’il est considéré comme inoffensif par pas mal de scriptes qui bloquent l’accès à des pages pour le reste des visiteurs non connectés au sites payants.

    Bonus gratuit : Avec Lynx on est à totalement l’abri des scripts nocifs sur les pages web, enfin prèsque.

    Lynx a un seul inconvénient : les pages qui ne marchent qu’àvec #javascript restent inaccessibles - mais ne faites pas confiance au message d’erreur qui s’affiche quand vous éteignez JS dans votre brouteur habituel ; assez souvent Lynx affiche joliment des pages web qui exigent du JS dans Chrome, Firefox et d’autres systèmes plus « modernes ».

    Lynx is a fully-featured World Wide Web (WWW) client for users running cursor-addressable, character-cell display devices (e.g., vt100 terminals, vt100 emulators running on PCs or Macs, or any other character-cell display). It will display Hypertext Markup Language (HTML) documents containing links to files on the local system, as well as files on remote systems running http, gopher, ftp, wais, nntp, finger, or cso/ph/qi servers, and services accessible via logins to telnet, tn3270 or rlogin accounts (see URL Schemes Supported by Lynx). Current versions of Lynx run on Unix and VMS.

    Lynx can be used to access information on the WWW, or to build information systems intended primarily for local access. For example, Lynx has been used to build several Campus Wide Information Systems (CWIS). In addition, Lynx can be used to build systems isolated within a single LAN.

    Pour le #mail c’est pareil, je redécouvre #Mutt qui est très puissant aussi.

    The Mutt E-Mail Client

    “All mail clients suck. This one just sucks less.” -me, circa 1995

    web browser - Using Lynx on potentially malicious websites - Information Security Stack Exchange

    in theory, you are still vulnerable. Even in Lynx there are still components that parse HTML, interact with the network, keep track of cookies, etc (tip: use curl or wget to just download the page without even parsing it to be even more careful). That is still quite a big attack surface, though I would consider it safe enough at this point. Maybe not safe enough against a targeted attack from a powerful attacker, but definitely safe enough for random Android websites.

    Deluge of Browser Security Issues Drives Mass Migration | Netcraft

    April Erste, Public Relations Manager at the First National Bank of Oki Koki, told Netcraft that users are migrating to Lynx because of its speed and advanced security features. She added: “Lynx has not once suffered a buffer overflow in its image processing, and indeed has suffered no security vulnerabilities at all in the last 2 years.” By comparison, the most recent Firefox security update was only 4 days ago.

    The bank also notes that Telnet remains popular with a small group of its customers. Although it lacks the sophisticated user interface of Lynx, many security experts argue that Telnet is significantly more secure and has the largest installed base of any browser.

    Erste said that while the bank is dedicated to providing an accessible online banking experience, some customers still report difficulties when trying to make HTTPS requests through Telnet without the aid of an extended keyboard layout.


    Lynx Information

    Many user questions are answered in the online help provided with Lynx. Press the ’?’ key to find this help.

    LYNX – The Text Web-Browser

    This is the toplevel page for the Lynx software distribution site.

    The current development sources have the latest version of Lynx available (development towards 2.8.9).
    The main help page for lynx-current is online; the current User Guide is part of the online documentation.
    The most recent stable release is lynx2.8.8.

    P.S. Lynx marche très bien sous Windows ;-)

    #WWW #censure #privatisation

  • #stuxnet files

    W32.Stuxnet Dossier
    v1.4, February 2011, Symantec
    (Nicolas Falliere, Liam O Murchu, and Eric Chien)

    In order to achieve this goal the creators amassed a vast array of components to increase their chances of success. This includes 4 zero-day exploits, a Windows rootkit, the first ever PLC [Programmable Logic Controller] rootkit, [compromise 2 digital certificates] antivirus evasion techniques, complex process injection and hooking code, network infection routines, peer-to-peer updates, and a command and control interface. We take a look at each of the different components of Stuxnet to understand how the threat works in detail while keeping in mind that the ultimate goal of the threat is the most interesting and relevant part of the threat.


    Stuxnet contains many features such as:
    • Self-replicates through removable drives exploiting a vulnerability allowing auto-execution. "Microsoft Windows Shortcut ‘LNK/PIF’ Files Automatic File Execution Vulnerability (BID 41732) CVE-2010-2568"
    • Spreads in a LAN through a vulnerability in the Windows Print Spooler. "Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (BID 43073) CVE-2010-2729"
    • Spreads through SMB by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874), CVE-2008-4250
    • Copies and executes itself on remote computers through network shares.
    • Copies and executes itself on remote computers running a WinCC database server.
    • Copies itself into Step 7 projects [ Siemens SIMATIC Step 7 industrial control software] in such a way that it automatically executes when the Step 7 project is loaded.
    • Updates itself through a peer-to-peer mechanism within a LAN.
    • Exploits a total of four unpatched Microsoft vulnerabilities, two of which are previously mentioned vulnerabilities for self-replication and the other two are escalation of privilege vulnerabilities that have yet to be disclosed.
    • Contacts a command and control server that allows the hacker to download and execute code, including updated versions.
    • Contains a Windows rootkit that hide its binaries.
    • Attempts to bypass security products.
    • Fingerprints a specific industrial control system (ICS) and modifies code on the Siemens PLCs to potentially sabotage the system.
    • Hides modified code on PLCs, essentially a rootkit for PLCs.

    Stuxnet Malware and Natanz: Update of ISIS December 22, 2010 Report - update Feb 15, 2011
    (David Albright, Paul Brannan, and Christina Walrond)

    In the December 22, 2010 ISIS [Institute for Science and International Security] report on Stuxnet, ISIS found that this malware contained important evidence indicating that its target was the IR-1 centrifuges at the Fuel Enrichment Plant (FEP) at Natanz. ISIS focused on the attack sequences generated by a Siemens S7-315 programmable logic controller (PLC) connected to frequency converters of a particular type. The ISIS analysis centered on the rotational frequencies listed in these detailed attack sequences. These frequencies matched, in two cases identically, key frequencies characteristic of the IR-1 centrifuge at the FEP.

    A further analysis of another attack sequence has revealed that this code contains a description of what appears to be an exact copy of the IR-1 cascade at the FEP. The attack is titled “Sequence C” by Symantec, the computer security company that has conducted the most thorough and reliable open analysis of the malware’s code, or “417 code” after the advanced Siemens S7-417 programmable logic controller that Stuxnet targets. However, the 417 code is not activated and thus unable to launch an attack. Moreover, key data is missing from the code available to Symantec that would define exactly what is affected or sabotaged. Symantec has assessed that the 417 code is likely unfinished, perhaps a work in progress.

    Additional analysis also lends more support to the conclusion that the Stuxnet malware is aimed principally at centrifuges, not manipulating parameters of the centrifuge cascades so as to lower the production low enriched uranium (LEU) on a sustained basis. To date, Stuxnet is known to have had at least one attack. It is increasingly accepted that, in late 2009 or early 2010, Stuxnet destroyed about 1,000 IR-1 centrifuges out of about 9,000 deployed at the site. The effect of this attack was significant. It rattled the Iranians, who were unlikely to know what caused the breakage, delayed the expected expansion of the plant, and further consumed a limited supply of centrifuges to replace those destroyed. Nonetheless, Iran took steps in the aftermath of the attack that likely reduced further damage by Stuxnet, principally shutting down many centrifuge cascades for months. The shutdown lasted long enough for the malware to be discovered publicly, which time Iran could have found Stuxnet on the Natanz control systems.


    New Finding: Evidence of Targeting Natanz in Sequence C or 417 Code
    Soon after the publication of the ISIS December 22 report, Ralph Langner, a German security expert, contacted ISIS after noticing that each of the Natanz centrifuge cascades contained 164 centrifuges. He said that the 417 code, or sequence C, is grouped in six arrays of 164 units each, perhaps representing six cascades, each with 164 centrifuges.
    Based on Symantec’s analysis of this array, ISIS discovered that this array is identical to an IR-1 centrifuge cascade at the FEP. This evidence is perhaps the strongest evidence that Stuxnet is aimed at Natanz.

    But with key data missing, one can only speculate about what the 417 code aims to sabotage. According to Symantec, the data sent to the cascades appear more aimed at flipping a series of on/off values rather than sending a packet of commands like the 315 code sends to frequency converters.

  • New DoS attack vector : Blacknurse

    BlackNurse is the name of a recently discovered network attack that can crash firewalls and routers via ICMP type 3 code 3 packets (destination unreachable, port unreachable). It is not the same as a conventional ICMP (type 8 code 0 (echo)) flood attack. Blacknurse has a relative low pps rate, but still manages cause problems to firewalls of some vendors.

    It’s unclear why the ICMP Type 3 Code 3 requests overload firewall’s CPU. However, researchers at SANS Internet Storm Center believe it’s tied to firewall logging.

    #Blacknurse #DoS #DDoS

  • 100 Chinese translations of foreign publications which had strong influence in China, Thomas Kampen

    Between 1840 and 1949, millions of Chinese students, academics and
    politicians were influenced by Chinese translations of Western books. But for a long time it was difficult to find details about the publication of these translations and biographical data of the translators.

    In 1996, the Chinese scholar 鄒振環 Zou Zhenhuan (Fudan University, Shanghai) published a book introducing one hundred Chinese translations of foreign publications that had strong influence in modern China (影響中國近代社會的一百種譯作 Yingxiang Zhongguo jindai shehui de yibai zhong yizuo, Beijing: Zhongguo duiwai fan yi chuban gongsi, 1996). This book provides important information for studying Western influences in China as well as literary, philosophical and political trends in modern China.


    The book includes an impressive selection of novels (Defoe, Dumas, Scott), detective stories (A.C. Doyle), plays (Schiller, Shakespeare), poems (Byron), as well as historical, religious, sociological, philosophical and political studies (Einstein, Huxley, Kropotkin, Marx, Nietzsche, Rousseau). Most of the original worksare from Europe and about Europe; there are about a dozen Japanese books, but most of these are also based on western publications; there is also a small number of Western books about China, including Pearl S. Buck’s Good Earth and Edgar Snow’s Red Star over China.

    Zou Zhenhuan provides information about
    – the original works and authors,
    – the Chinese translations and translators
    – the impact of the translations in China.

    Getting “The Good Earth”’s Author Right: On Pearl S. Buck, By Charles W. Hayford

    ... the seven pirated translations of The Good Earth into Chinese sold more copies than any other foreign book had up to that point.

    Once denounced, now honored—discovering Pearl S. Buck, BookPage Behind the Book by Anchee Min

    I was ordered to denounce Pearl Buck in China, where I lived for 27 years. The year was 1971. I was a teenager attending middle school in Shanghai.

    I was raised on the teachings of Mao and the operas of Madam Mao. I became a leader of the Little Red Guards in elementary school. My mother had been a teacher—she taught whatever the Party asked, one semester in Chinese and the next in Russian. My father was an instructor of industrial technique drawing at Shanghai Textile Institute, although his true love was astronomy. My parents both believed in Mao and the Communist Party, just like everybody else in the neighborhood. I became a Mao activist and won contests because I was able to recite the Little Red Book. In school Mao’s books were our texts.

    Trying to gain international support to deny Pearl Buck an entry visa (to accompany President Nixon to China), Madam Mao organized a national campaign to criticize Buck as an “American cultural imperialist.”

    I followed the order to denounce Pearl Buck and never doubted whether or not Madam Mao was being truthful. I was brainwashed at that time and had learned never to question anything. And yet I do remember having difficulty composing the criticisms. I wished that I had been given a chance to read The Good Earth. We were told that the book was so “toxic” that it was dangerous to even translate. I was told to copy lines from the newspapers: “Pearl Buck insulted Chinese peasants therefore China.” “She hates us therefore is our enemy.” I was proud to be able to defend my country and people.

    Pearl Buck’s name didn’t cross my path again until I immigrated to America. It was 1996 and I was giving a reading at a Chicago bookstore for my memoir, Red Azalea. Afterward, a lady came to me and asked if I knew Pearl Buck. Before I could reply, she said—very emotionally and to my surprise—that Pearl Buck had taught her to love the Chinese people. She placed a paperback in my hands and said that it was a gift. It was The Good Earth.

    I finished reading The Good Earth on the airplane from Chicago to Los Angeles. I broke down and sobbed. I couldn’t stop myself because I remembered how I had denounced the author. I remembered how Madam Mao had convinced the entire nation to hate Pearl Buck. How wrong we were! I had never encountered any author, including the most respected Chinese authors, who wrote about our peasants with such admiration, affection and humanity.

    A Guide to Pearl S. Buck’s The Good Earth | Asia for Educators | Columbia University, A Summary of The Good Earth

    The story begins on the day of Wang Lung’s wedding. Wang Lung is a poor young peasant who lives in an earthen brick house with his father, who has arranged for him to marry a slave girl named O-lan from the great family of the House of Hwang. After Wang Lung brings his quiet but diligent new wife home, she works side by side with him in the fields until their first child is born. They are delighted with their son, and at the New Year O-lan dresses him up and proudly takes him to the House of Hwang to show him off. She discovers that due to ostentatious waste and decadence, the Hwang household has squandered their fortune and is now poor enough to be willing to sell off their land. Since Wang Lung, with the help of O-lan who continues to join him in the fields, has had a relatively good year, he determines to extend his prosperity and better his position by buying some land from the House of Hwang. Although they must work harder with more land, Wang Lung and O-lan continue to produce good harvests; they also produce a second son and a daughter.

    But soon Wang Lung encounters difficulties. His selfish and unprincipled uncle is jealous, and demands a portion of Wang Lung’s new wealth, while Wang Lung, obsessed with his desire to acquire more land, spends all the family savings; a drought causes a poor harvest and the family suffers from lack of food and from their envious, starving neighbors’ looting of the little dried beans and corn they have left. O-lan has to strangle their fourth child as soon as she is born because otherwise she would die of starvation. Desperately poor and hungry, Wang Lung sells his furniture for a bit of silver to take his family south, though he refuses to sell his land. They ride a firewagon to a southern city, where they live in a makeshift hut on the street. They survive by O-lan, the grandfather, and the children begging for food and Wang Lung pulling a jinrickshaw (or rickshaw) for the rich, or pulling wagonloads of cargo at night.

    In the southern city, Wang Lung perceives the extraordinary wealth of westerners and Chinese aristocrats and capitalists, and he is interested in the revolutionaries’ protests of the oppression of the poor. He watches soldiers seize innocent men and force them to carry equipment for their armies. Yet Wang Lung’s overriding concern is to get back to his beloved land. He gets his chance when the enemy invades the city and the rich people flee; Wang Lung and O-lan join the throng of poor people who loot the nearby rich man’s house and get enough gold and jewels to enable them to return north. They repair their house and plough the fields, having bought seeds, an ox, new furniture and farm tools, and finally more land from the bankrupt House of Hwang.

    There follow seven years of prosperity, during which the sons grow and begin school; a third son is born with a twin sister, and the harvest is so plentiful that Wang Lung hires laborers and his loyal neighbor, Ching, as a steward. When a flood causes a general famine in the seventh year, Wang Lung is rich enough not to worry about survival yet, while his lands are under water, he becomes restless in his idleness. Bored with his plain and coarse wife, he ventures into a tea shop in town operated by a man from the south where the rich and idle spend their time drinking, gambling, and visiting prostitutes. There he begins an affair with Lotus, a delicately beautiful but manipulatively demanding courtesan whom he desires obsessively. Wang Lung is cruel to his wife and children and spends his fortune on Lotus, finally using up much of his savings to purchase her and build an adjacent courtyard for her to live in as his second wife. Here Lotus indolently lies around in silks, eating expensive delicacies, and gossiping with the deceitful and opportunistic wife of Wang Lung’s uncle.

    But discord arises immediately. O-lan is deeply hurt and angry, which makes Wang Lung defensively guilty and cold with her; there are conflicts between O-lan and Lotus’ maid Cuckoo who had mistreated O-lan when she was a concubine of the old master in the House of Hwang. Wang Lung’s old father protests the decadence of catering to a “harlot” in the house. Finally, Lotus is intolerant of Wang Lung’s children, especially his favorite daughter who had become mentally disabled due to malnutrition during the famine. As a result, Wang Lung’s passion for Lotus eventually cools, and when the flood recedes and he returns to his farming work, he is no longer obsessed with love.

    In the last third of the book, Wang Lung experiences a succession of joys and sorrows in his family relationships and in his farming. Seasons of good harvests are punctuated by occasional bad years, due to a heavy flood, a severe winter freeze, and a scourge of locusts. Yet on the whole Wang Lung continues to prosper. His wealth, however, also brings a series of discontents. His first son is idle and interested only in women; Wang Lung is furious when he finds the son has visited first a local prostitute and then his own Lotus, so he arranges a marriage for him. Moreover, Wang Lung’s good-for-nothing uncle, with his wife and son, force themselves on the family with their demands for money and their morally corrupting influence; Wang Lung must be kind to them because the uncle is a leader of a band of robbers, from which Wang Lung’s prosperous household is protected for as long as he provides for the uncle. He eventually renders the uncle and his wife harmless by making them addicted to opium.

    Family affairs continue to have ups and downs. O-lan’s sickness finally overpowers her, and Wang Lung’s tender solicitousness to her on her deathbed cannot fully compensate for the insults she received when Lotus moved into the house. She is content to die only after her first son’s marriage is consummated, so she can expect a grandson. Wang Lung’s father dies immediately after O-lan, and the faithful steward Ching is buried next. But these losses are accompanied by new joys: the first son produces grandsons and granddaughters, and the second son — a successful grain merchant — and the second daughter are also married and have children.

    As Wang Lung ages, he rents out his farm land to tenants. His eldest son persuades him to buy the old estate of the House of Hwang in town, both as a means of moving out from the place where the disgraceful uncle and his wife live, and as a symbol of Wang Lung’s elevated social position. Wang Lung is gratified that now he can take the place of the Old Master of Hwang who once intimidated him so much. But although Wang Lung is head of a three generation extended family who live in luxury with numerous servants, he cannot find peace. The two older brothers and their wives quarrel; the youngest son refuses to become a farmer as Wang Lung had intended and instead joins the army. The uncle’s malicious son causes more trouble when he brings his military regiment to camp for six weeks in Wang Lung’s elegant house. And Wang Lung, long tired of the aging Lotus, finds some comfort in taking the young slave Pear Blossom as his concubine.

    Finally, Wang Lung returns to the earthen house of his land to die. Material prosperity has brought him superficial social satisfaction, but only his land can provide peace and security. Even his final days are troubled, when he overhears his two older sons planning to sell the land as soon as he dies.

    #Chine #USA #histoire #politique #littérature

  • Problems with payment terminal communication protocol “ZVT” in Germany, allowing
    • to read payment cards from the LAN
    • to read PIN codes remotely (Security Research Lab)

    Fraudsters can, among other things, refund money, or print SIM card top-up vouchers – all at the cost of the victim merchant.

    Details of this will appear at the Chaos Communication Congress

    Full agenda:

    #ZVT #Poseidon

  • TeX.js: Typesetting for the Web

    This page in­tro­duces #TEX.js, a JavaScript li­brary for per­form­ing high-qual­ity type­set­ting within web browsers. It is de­signed to re­quire only basic fa­mil­iar­ity with Hy­per-Text Markup Lan­guage (HTML) from the au­thor — no knowl­edge about JavaScript or Cas­cad­ing Style Sheets (CSS) is nec­es­sary. Al­though not as so­phis­ti­cated as the TEX type­set­ting en­gine, the out­put pro­duced is of much higher qual­ity than that which can be ob­tained by un­styled HTML.

  • Forban - a simple link-local opportunistic #p2p free software (or how to share files with your local neighbors)

    #Forban is a kind of p2p (peer2peer) #filesharing application for link-local and local area network. Forban works independently from Internet and use only the local area capabilities to announce, discover, search or share files. Forban relies on HTTP and he is opportunistic (meaning replicating any files seen in his proximity or interest). [...] You can also run Forban on your #PirateBox.