Philippine Linux Users Group (PLUG) ()

Ariz Jacinto | 1 Mar 01:46

Re: [SUMMARY] good book on secure programming?

you're not a compulsive shopper, are you? :)

try going to a HFB (half-prized bookstore) near you.
at HFB, you can resell the books after you're done
(speed)reading or after realizing that the content
doesn't have a long shelf life after all

or next time, try settling for the e-book version which
is way more cheaper, readily available, portable and
eco-friendly(?). i also like bringing books with me but
i hate traveling with them. that's why those portable
e-book readers are timely :)

On Fri, Feb 29, 2008 at 1:06 AM, Drexx Laggui [personal] <drexxl-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

29Feb2008 (UTC +8)

Thanks to all that replied! Namely, but without any particular order:
Ariz Jacinto <acjacinto-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>

Miguel Paraz <mparaz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Eduardo Tongson <propolice-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>

I couldn't make up my mind, so I went Amazon.com shopping (lots of
great book excerpts there!), and these are some of what I got:
http://www.amazon.com/gp/product/0321444426
http://www.amazon.com/gp/product/0321349989
http://www.amazon.com/gp/product/0596002424
http://www.amazon.com/gp/product/0764544683
http://www.amazon.com/gp/product/1597491950
http://www.amazon.com/gp/product/0131568191
http://www.amazon.com/gp/product/0321335724
http://www.amazon.com/gp/product/0321304861

And while waiting for those to arrive in a month or so, I'm
temporarily going though ISO/IEC 18045:2005 (free for download from):
http://standards.iso.org/ittf/PubliclyAvailableStandards/index.html

On 2/26/08, Drexx Laggui [personal] wrote:
...

> I need to update myself. Anybody here that can recommend a good book
> on auditing or testing complex software applications? Doesn't have to
> be C/C++ centric, but it'll help.
>
> Is this a good one? Nowadays I just have to ask because O'Reilly books
> haven't been consistent on quality.
> http://www.oreilly.com/catalog/securecdng/toc.html
> http://www.oreilly.com/catalog/secureprgckbk/toc.html

Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA
http://www.laggui.com ( Singapore / Manila / California )
Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer
PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug-cunTk1MwBs8iFSDQTTA3ONd+tgCGH7ND@public.gmane.org (#PLUG <at> irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@... (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

headers

Drexx Laggui [personal] | 1 Mar 02:53

Re: Fwd: HD Moore is interested on outsourcing Metasploit to the Philippines

01Mar2008 (UTC +8)

For the curious, I dug through my old e-mail and found the e-mail that
*started* our conversations :) There's only one little catch, I think,
for the rest of the PLUG'ers... HD Moore's and my implied
understanding is that any financial transaction, from Hacker
Foundation to the researchers (or vice-versa for the audit reports),
will course through a US entity (which in my case, through my Palo
Alto office).

On Mon, September 18, 2006 09:33, H D Moore wrote:
...
> If you know anyone who is a sharp programmer, knows one of
> ruby/perl/python, and would like to be paid to work on Metasploit, please
> let me know. Metasploit has just partnered with the Hacker Foundation to
> provide tax deductions to US entities that donate to Metasploit. We would
> love to use the donation funds to sponsor Metasploit development around
> the world.
>
> if you are interested in putting together a team of researchers, I would
> like to work together and try to help pay for their time, using the
> donation funds to help lower your costs and provide some clear goals for
> exploit development.
>
> What do you think? Is there a better way we could work together on this?
...

On 3/1/08, Ariz Jacinto <acjacinto@...> wrote:
> <inline>
>
> > On 29Feb2008 (UTC +8), Drexx Laggui [personal] wrote:
> >... HD Moore
> > sent me an e-mail if we were interested in having 'sploit development
> > outsourced here in PH. But currently we're not ready because we're
> > kinda distracted with client contracts right now. Interested anyway?
> > HD Moore has a budget, but not very much --and that's why I went for
> > lotsa books.

Drexx Laggui  -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA
http://www.laggui.com  ( Singapore / Manila / California )
Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer
PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4  8363 FFEC 3976 FF31 8A4E
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@... (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

headers

Roger Filomeno | 1 Mar 13:06

Re: Incoming SMS to Kannel

Well once you start diverging from the kannel release branch to support our telco's unique quirks (patches), then aint it the same as building your own gateway at the very least?

Like i said, we forked kannel to PHP, its the same algorithms with changes to queuing. Ofcourse we can no longer go back to kannel's main branch if the new release becomes available. At the same time any changes we added are categorized proprietary so we cant submit them kannel to be added back to the branch. Actually if my memory serves me right, Dido mentioned that he did try submitting patches to the kannel dev to be added to the main release branch but it was rejected. Even if you read the mailing list, a lot of people has made patches (also found a patch about weighted load balancing) but the people maintaining kannel has rejected it as well citing numerous philosophical design differences between the maintainer and contributors. This is what i meant when i said Kannel cannot be fully controlled.

On Fri, Feb 29, 2008 at 9:27 PM, Orlando Andico <orly.andico <at> gmail.com> wrote:

It's not that you can't fully control Kannel --- it's open source.

It's that Kannel is written a certain way and is difficult to modify.
Plus it's in C, with all the pitfalls and gotchas inherent in that
approach.

My former employer did everything in Perl. And it scaled extremely well.

On Fri, Feb 29, 2008 at 5:45 PM, Roger Filomeno <rpfilomeno <at> gmail.com> wrote:
> Sorry for the rants of kannel, im not discrediting it. I just wanted to
> point out that its not the solution in all cases especially with what Mark
> wanted -- a sort of SMSC-to-SMSC relay.
>
> As pointed out by Orly, half of the solution is out there so why not build
> your own than rely on something that you cannot fully control like Kannel.
> Surely with such requirement as Mark posted, the project should be big and
> surely they have the technical power to build something that do what it
> should do than use Kannel that does only half. :D

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug <at> lists.linux.org.ph (#PLUG <at> irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

--
--
Roger P. Filomeno
International Project Manager
TechBiz Asia Group Pte Ltd

http://corruptedpartition.blogspot.com/
send MSG GODIE <YOUR MESSAGE> to 2948

$> who | grep -i blond | date; cd ~; unzip; touch; strip; finger; mount; gasp; yes; uptime; umount; sleep

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@... (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

headers

fooler mail | 2 Mar 02:54

Re: Incoming SMS to Kannel

ok roger... now i understand where you coming from... confusion begins
when a terminology doesnt fit to its term...

first.. you were talking about scalability but instead you were
referring to feature sets of kannel... it is the capacity thing and
not the features when load increases... that is what scalability is
all about in telecommunications and software engineering parlance...

second... you were talking about kannel cannot be controlled... you
simply misunderstood the true concept of open source ideology... as
the name implies.. you have all the freedom to do with the code... now
if you want to add something and apply a patch back to a particular
project (not only to kannel but to other projects as well)... dont
blame them as they see fit what is best for their project... same
thing if someone apply a patch to your project and you dont agree with
it.. you simply reject it... if you dont agree with them.. you have
the options to fork their project or start from scratch (as what you
did)... that is what happening to open source community as you saw
there were lots of projects forking into one another... thats the true
concept of open source - freedom to do with the code and not
controlling it...

On Sat, Mar 1, 2008 at 8:06 PM, Roger Filomeno <rpfilomeno@...> wrote:
> Well once you start diverging from the kannel release branch to support our
> telco's unique quirks (patches), then aint it the same as building your own
> gateway at the very least?
>
> Like i said, we forked kannel to PHP, its the same algorithms with changes
> to queuing. Ofcourse we can no longer go back to kannel's main branch if the
> new release becomes available. At the same time any changes we added are
> categorized proprietary so we cant submit them kannel to be added back to
> the branch. Actually if my memory serves me right, Dido mentioned that he
> did try submitting patches to the kannel dev to be added to the main release
> branch but it was rejected. Even if you read the mailing list, a lot of
> people has made patches (also found a patch about weighted load balancing)
> but the people maintaining kannel has rejected it as well citing numerous
> philosophical  design differences between the maintainer and contributors.
> This is what i meant when i said Kannel cannot be fully controlled.
>
> On Fri, Feb 29, 2008 at 9:27 PM, Orlando Andico <orly.andico@...>
> wrote:
> > It's not that you can't fully control Kannel --- it's open source.
> >
> > It's that Kannel is written a certain way and is difficult to modify.
> > Plus it's in C, with all the pitfalls and gotchas inherent in that
> > approach.
> >
> > My former employer did everything in Perl. And it scaled extremely well.
> >
> >
> >
> > On Fri, Feb 29, 2008 at 5:45 PM, Roger Filomeno <rpfilomeno@...>
> wrote:
> > > Sorry for the rants of kannel, im not discrediting it. I just wanted to
> > > point out that its not the solution in all cases especially with what
> Mark
> > > wanted -- a sort of SMSC-to-SMSC relay.
> > >
> > > As pointed out by Orly, half of the solution is out there so why not
> build
> > > your own than rely on something that you cannot fully control like
> Kannel.
> > > Surely with such requirement as Mark posted, the project should be big
> and
> > > surely they have the technical power to build something that do what it
> > > should do than use Kannel that does only half. :D
> >
> >
> >
> > _________________________________________________
> > Philippine Linux Users' Group (PLUG) Mailing List
> > plug@... (#PLUG @ irc.free.net.ph)
> > Read the Guidelines: http://linux.org.ph/lists
> > Searchable Archives: http://archives.free.net.ph
> >
>
>
>
> --
> --
> Roger P. Filomeno
> International Project Manager
> TechBiz Asia Group Pte Ltd
>
> http://corruptedpartition.blogspot.com/
> send MSG GODIE <YOUR MESSAGE> to 2948
>
> $> who | grep -i blond | date; cd ~; unzip; touch; strip; finger; mount;
> gasp; yes; uptime; umount; sleep
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> plug@... (#PLUG @ irc.free.net.ph)
> Read the Guidelines: http://linux.org.ph/lists
> Searchable Archives: http://archives.free.net.ph
>
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@... (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

headers

jan gestre | 2 Mar 16:30

File and Document versioning

Hi All,

Do you know any open source application that can do document/file versioning that can also do some sort of timer/audit function ( to monitor how long a person is working on a particular file)? Can svn do this? Is it user friendly?

TIA

jan.

--
http://jangestre.wordpress.com

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@... (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

headers

jan gestre | 2 Mar 16:34

Re: File and Document versioning

I forgot to add that the files is stored/running on a win2k3 box.

On Sun, Mar 2, 2008 at 7:30 AM, jan gestre <plugger.list-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

Hi All,

Do you know any open source application that can do document/file versioning that can also do some sort of timer/audit function ( to monitor how long a person is working on a particular file)? Can svn do this? Is it user friendly?

TIA

jan.

--
http://jangestre.wordpress.com

--
http://jangestre.wordpress.com

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@... (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

headers

Tito Mari Francis Escaño | 3 Mar 01:03

Re: File and Document versioning

SVN or CVS will do. When you say " to monitor how long a person is
working on a particular file", does it mean to monitor what the user
does with a particular file at a particular time? Would you need an
hourly account/record of what happens/changes to a file were done as
those were accessed? If you only want to monitor how long they
accessed a particular file, that could be the difference or span of
time between the previous repository commit and the latest commit
reflecting what was changed by who and when those changes were
committed back.

On Sun, Mar 2, 2008 at 11:30 PM, jan gestre <plugger.list <at> gmail.com> wrote:
>
> Hi All,
>
> Do you know any open source application that can do  document/file
> versioning that can also do some sort of timer/audit function ( to monitor
> how long a person is working on a particular file)? Can svn do this? Is it
> user friendly?
>
> TIA
>
> jan.
>
>
> --
> http://jangestre.wordpress.com
> _________________________________________________
>  Philippine Linux Users' Group (PLUG) Mailing List
>  plug <at> lists.linux.org.ph (#PLUG @ irc.free.net.ph)
>  Read the Guidelines: http://linux.org.ph/lists
>  Searchable Archives: http://archives.free.net.ph
>

--

-- 
Tito Mari Francis H. Escaño
Computer Engineer and Free Software Proponent
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug <at> lists.linux.org.ph (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

headers

jan gestre | 3 Mar 02:01

Re: File and Document versioning

On Sun, Mar 2, 2008 at 4:03 PM, Tito Mari Francis Escaño <titomarifrancis-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

SVN or CVS will do. When you say " to monitor how long a person is
working on a particular file", does it mean to monitor what the user
does with a particular file at a particular time?

yes, and more like what has changed since the last access.

Would you need an hourly account/record of what happens/changes to a file were done as
those were accessed?

not necessarily on an hour basis, basically we want to monitor their production efficiency.

If you only want to monitor how long they accessed a particular file, that could be the difference or span of
time between the previous repository commit and the latest commit reflecting what was changed by who and when those changes were committed back.

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@... (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

headers

Luisito G. Trinidad | 3 Mar 02:48

Re: firewall

hi guys.

can anyone here give some good tutorials about setting up firewall.
so that they cannot access site like youtube, friendster and others...

thnx.

i am newbie here.

regards! :)

--
Luisito Trinidad
Instructor/SysAd
General De Jesus College
San Isidro, Nueva Ecija
--*****---

Registered Linux User #446936

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@... (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

headers

david t. asuncion, jr. | 3 Mar 02:53

Re: firewall

Elo Luisito,

I am not sure how to do it with a firewall but I am using squid plus ACL to block unwanted sites.

Here are two links that I usually refer upon:

1. http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid
2. http://www.linux.com/articles/114084

I hope these helps.

On Mon, Mar 3, 2008 at 9:48 AM, Luisito G. Trinidad <siul1213-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

hi guys.

can anyone here give some good tutorials about setting up firewall.
so that they cannot access site like youtube, friendster and others...

thnx.

i am newbie here.

regards! :)

--
Luisito Trinidad
Instructor/SysAd
General De Jesus College
San Isidro, Nueva Ecija
--*****---

Registered Linux User #446936

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug-cunTk1MwBs8iFSDQTTA3ONd+tgCGH7ND@public.gmane.org (#PLUG <at> irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

--
David Tacasa Asuncion, Jr.
website keeper, forever linux newbie, BUM extraordinaire

Linux User # 406430
http://counter.li.org/

GPG: 0A024BC0

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@... (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph

16	January 2012
13	December 2011
35	November 2011
38	October 2011
109	September 2011
68	August 2011
90	July 2011
66	June 2011
41	May 2011
69	April 2011
124	March 2011
139	February 2011
145	January 2011
104	December 2010
27	November 2010
58	October 2010
105	September 2010
79	August 2010
84	July 2010
74	June 2010
38	May 2010
41	April 2010
60	March 2010
86	February 2010
95	January 2010
32	December 2009
107	November 2009
384	October 2009
96	September 2009
45	August 2009
257	July 2009
149	June 2009
143	May 2009
376	April 2009
278	March 2009
139	February 2009
143	January 2009
137	December 2008
149	November 2008
189	October 2008
248	September 2008
180	August 2008
341	July 2008
353	June 2008
350	May 2008
282	April 2008
305	March 2008
347	February 2008
250	January 2008
360	December 2007
336	November 2007
538	October 2007
437	September 2007
448	August 2007
501	July 2007
430	June 2007
432	May 2007
430	April 2007
628	March 2007
541	February 2007
347	January 2007
556	December 2006
341	November 2006
528	October 2006
644	September 2006
528	August 2006
650	July 2006
508	June 2006
544	May 2006
437	April 2006
618	March 2006
936	February 2006
729	January 2006
392	December 2005
370	November 2005
484	October 2005
681	September 2005
498	August 2005
371	July 2005
574	June 2005
433	May 2005
866	April 2005
730	March 2005
355	February 2005
435	January 2005
470	December 2004
542	November 2004
589	October 2004
732	September 2004
539	August 2004
777	July 2004
430	June 2004
372	May 2004
518	April 2004
418	March 2004
556	February 2004
309	January 2004
238	December 2003
648	November 2003
464	October 2003
160	September 2003
1	September 2002
1	August 2002
1	June 2002

Mon	Tue	Wed	Thu	Fri	Sat	Sun

					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31