Developping for the translation industry RSS 2.0

 Wednesday, March 10, 2010

First off: no, it’s not a joke! April 1st is in three weeks.

Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe. Only the most brutish of brute force efforts (and 1,500 years of processing time) could manage to bypass its 768-bit variety.

Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a very close eye on your server room's power supply.

From the article on techworld:

RSA authentication is susceptible, they say, to changes in the voltage supply to a private key holder. The researchers – Andrea Pellegrini, Valeria Bertacco and Todd Austin - outline their findings in a paper titled “Fault-based attack of RSA authentication”  to be presented 10 March at the Design, Automation and Test in Europe conference.

Quite scary…


Other posts:

US Investigators Pinpoint Author Of Google Attack Code

Google Translator Hacked

What is LDAP injection?

Tips to enhance your SQL Server security

Password aren't a good defense?

Wednesday, March 10, 2010 9:32:52 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
News | Security
 Wednesday, February 24, 2010

The SQL Server functions ISNULL and COALESCE seem to occupy the same space in terms of functionality. The only difference is that ISNULL is restricted to only two parameters, while COALESCE can take any number of parameters. So why ever use ISNULL?

First of all, the simple answer for why to prefer ISNULL over COALESCE when given the choice is that ISNULL tends to produce query plans that are more efficient than COALESCE's. Examine the query plans for the two queries given below to see the difference:

SELECT a.au_id, 
((SELECT price
               FROM   titles
               WHERE  title_id = ta.title_id),0)
FROM   authors a
       JOIN titleauthor ta
         ON a.au_id = ta.au_id


SELECT a.au_id, 
       Coalesce((SELECT price
                 FROM   titles
                 WHERE  title_id = ta.title_id),0)
FROM   authors a
       JOIN titleauthor ta
         ON a.au_id = ta.au_id

The first query uses one less nested loop in it’s execution plan than the second, resulting in a lower overall cost. Note that I would never recommend writing queries that nest subqueries within functions. This example was only intended to show you the difference between the two generated execution plans, not to recommend a certain T-SQL coding style.

The other bit that most people don't know about ISNULL and COALESCE is that the return data type for ISNULL is guaranteed to be the same as the data type of the first parameter. However, the return data type of COALESCE is determined by data type precedence rules (see the Books Online topic "Data Type Precedence"). Therefore, the following queries will produce two different outputs:

DECLARE  @Example CHAR(2)
SET @Example = NULL

SELECT Isnull(@Example,'abcde'),

In this example, the first expression using ISNULL will return 'ab', which is the declared datatype of the first parameter, a char(2). The second expression using COALESCE will return the highest precedence data type, which is the longer string 'abcde.'

To summarize:

  • When you only need to coalesce two arguments, use ISNULL instead because it performs better.
  • When using COALESCE, you may want to use explicit casting to ensure you get a consistent return data type.

Other posts:

5 ways to generate random numbers with a T-SQL query

How to remove leading zeros from the results of an SQL Query

How to get the list of object modifications in SQL Server

How to use derived tables to boost SQL performance

Good Joke on SQL Injection

Wednesday, February 24, 2010 10:15:13 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
Code Snippet | SQL
 Tuesday, February 23, 2010

China-us-flagsThe big news over the past few months were the Aurora attacks and how they seemed to originate from China, last month Microsoft took the unusual step and released an Out-Of-Band patch for the IE6 0-Day vulnerability used in the attacks.

It was always thought the exploit originated from China due to parts of the code only being discovered on Chinese language sites, the latest news is that the actual origin of the code has been discovered by US investigators.

US investigators have pinpointed the author of a key piece of code used in the alleged cyber attacks on Google and at least 33 other companies last year, according to a new report.

Citing a researcher working for the US government, The Financial Times reports that a Chinese freelance security consultant in his 30s wrote the code that exploited a hole in Microsoft’s Internet Explorer browser. The report also says that Chinese authorities had “special access” to this consultant’s work and that he posted at least a portion of the code to a hacking forum.

According to The Financial Times report, the unnamed security consultant who wrote the exploit code is not a full-time government worker and did not launch the attacks himself. In fact, the FT says, he “would prefer not to be used in such offensive efforts.”

The reports says that when he posted the code to the hacking forum, he described it as something he was “working on.”

With a January blog post, Google announced that attacks originating from China had pilfered unspecified intellectual property from the company, and Microsoft later said the attack had exploited a hole in its Internet Explorer 6 browser. According to security researchers, at least 33 other companies were targeted by similar attacks.

Put simply, this means that the “consultant” who created the code posted a proof of concept for this exploit on a hacking forum. Then someone took this proof of concept, turned it into a working exploit and attacked 33 US based companies.

It will be interesting to watch how this story will unfold after this and if it’s going to increase the tension between the US and China governments. The whole cyberwar has been going on for quite a while now with both sides trying to secretly steal information from each other.

So far the author of the code has not been named and his real identity or purpose is still a little vague.

Source: The Register


Other posts:

Google Will Pay 500$ Bounty For Each Chrome Browser Bugs You Find

Google Translator Hacked

Password aren't a good defense?

In the news: Google negotiating cooperation with the NSA

Some tips to enhance your SQL Server security

How To: Create an Outlook 2003 addin using VSTO SE and Visual Studio 2005

Tuesday, February 23, 2010 10:33:37 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
News | Security
 Monday, February 22, 2010

Scott Hanselman recently has published the survey results of : What .NET Framework features do you use?

Quite interesting numbers! It interesting to see that such a high percentage of the respondants still use winforms. It’s also interesting to note that the number of Silverlight users is higher than the number of WPF users.

The survey also shows that WebForms, Ajax, WCF and Linq2SQL are clearly the technologies of choice as of now.


Other posts:

How-To: hiring and managing geeks

Sorting strings for real people - A human-friendly IComparer

How to set NTFS permissions using C# 2005

How to Use Active Directory to authenticate users in C#

How to find monday of the current week using T-SQL

Monday, February 22, 2010 11:13:35 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
 Wednesday, February 10, 2010

PhotographerI like to use to use images to help illustrate the theme or point of a blog post. It’s a proven “best practice” in blogging and I highly recommend that every blogger do it.

One trick for easily finding and properly using images in your blog posts is to search the creative commons licensed photos on the photo sharing site Flickr.

So, what’s Creative Commons?

Creative Commons is a non-profit organization that has created a standardized set of tools for granting various levels of permission for people to use creative works freely. The author or in this case photographer of the works designates a type of license and then Flickr allows you to sort through and find only photos that are free to be used for blog posts. I choose to use photos that carry the attribution/share alike license. This means that I may use the image here as long as I attribute the image to the Flickr user’s account where I found it. Here’s Flickr’s description of CC licenses.

So, here’s how to find and grab great images.

  1. Surf to the Flickr Creative Commons Search Page – all images you search for here are free to use with proper attribution
  2. Search for a specific phrase or concept and choose the image that fits
  3. Click on “all sizes” and choose the size you wish to post on your blog
  4. Right click the image and choose “copy image location” – use this path to paste into your blog post where you want the image to appear
  5. Somewhere in your post add the words – Image credit and the link to the Flickr account where you found the image (see at the bottom of the post)

To be a good photo user make sure you add your own images and make the available through the proper CC license – you can make this a default Flickr account setting.

Image credit: dashitnow

Other Posts:

The Best Damn Web Marketing Checklist, Period!

What Are Customers Saying About You Online?

8 easy tips to drive traffic from search engines to your site

Wednesday, February 10, 2010 9:35:46 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
 Tuesday, February 09, 2010

This is a very funny video that I found a while ago… Tought I should share it with you all!


Other posts:

List of Crazy Laws in the United States

When CAPTCHA goes bad

Chuck Norris Programming facts and More Programming Chuck Norris facts

Remember Windows ME?

SQL Injection humor 

Tuesday, February 09, 2010 3:22:16 PM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -

Here is a quick and easy way to remove multiple whitespaces from a string, leaving only one space character between tokens.

               (@string VARCHAR
    SET @string = Ltrim
    WHILE Charindex
('  ',@string) > 1
      SET @string = Replace
(@string,'  ',' ')
    RETURN @string


Other Posts:

How to generate random numbers with a T-SQL query

How to insert a file in an image column in SQL Server 2005

How to track the growth of your SQL Server database

SQL Server indexing best practices and guidelines

How to remove leading zeros from the results of an SQL Query

Tuesday, February 09, 2010 1:24:17 PM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
Code Snippet | SQL

Google is developing software for the first phone capable of translating foreign languages almost instantly — like the Babel Fish in The Hitchhiker’s Guide to the Galaxy.

By building on existing technologies in voice recognition and automatic translation, Google hopes to have a basic system ready within a couple of years. If it works, it could eventually transform communication among speakers of the world’s 6,000-plus languages.

The company has already created an automatic system for translating text on computers, which is being honed by scanning millions of multi-lingual websites and documents. So far it covers 52 languages, adding Haitian Creole last week.

Google also has a voice recognition system that enables phone users to conduct web searches by speaking commands into their phones rather than typing them in.

“We think speech-to-speech translation should be possible and work reasonably well in a few years’ time,” said Franz Och, Google’s head of translation services.

“Clearly, for it to work smoothly, you need a combination of high-accuracy machine translation and high-accuracy voice recognition, and that’s what we’re working on.

“If you look at the progress in machine translation and corresponding advances in voice recognition, there has been huge progress recently.”

Although automatic text translators are now reasonably effective, voice recognition has proved more challenging.

“Everyone has a different voice, accent and pitch,” said Och. “But recognition should be effective with mobile phones because by nature they are personal to you. The phone should get a feel for your voice from past voice search queries, for example.”

The translation software is likely to become more accurate the more it is used. And while some translation systems use crude rules based on the grammar of languages, Google is exploiting its vast database of websites and translated documents to improve the accuracy of its system.

“The more data we input, the better the quality,” said Och. There is no shortage of help. “There are a lot of language enthusiasts out there,” he said.

However, some experts believe the hurdles to live translation remain high. David Crystal, honorary professor of linguistics at Bangor University, said: “The problem with speech recognition is the variability in accents. No system at the moment can handle that properly.

“Maybe Google will be able to get there faster than everyone else, but I think it’s unlikely we’ll have a speech device in the next few years that could handle high-speed Glaswegian slang.

“The future, though, looks very interesting. If you have a Babel Fish, the need to learn foreign languages is removed.”

In the Hitchhiker’s Guide to the Galaxy, the small, yellow Babel Fish was capable of translating any language when placed in the ear. It sparked a bloody war because everyone became able to understand what other people were saying.

Source: Times Online


Other Posts:

Google Willing To Pay 500$ Bounty For Each Chrome Browser Bugs You Find

Silverlight Game Creation Tutorials

Facts and Figures about the Language Industry

Google Translator Hacked

Compendium of Dumb Laws in the United States

Tuesday, February 09, 2010 9:39:00 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
Language Industry | News
 Friday, February 05, 2010

You can place a robots.txt file in the root of your site to help inform search engines and other bots about the areas of your site that you don’t want them to access. For example, you may not want bots to access the content of your images folder: 

User-agent: *
Disallow: /images/

You can also provide instructions for particular bots. For example, to exclude Google image search from your entire site, use this: 

User-agent: Googlebot-Image
Disallow: /

The robots.txt standard is unfortunately very limited; it only supports the User-agent and Disallow fields, and the only wildcard allowed is when you specify it by itself in User-agent, as in the previous example.

Google has introduced support for a couple of extensions to the robots.txt standard. First, you can use limited patterns in pathnames. You can also specify an Allow clause. Since those extensions are specific to Google, you should probably only use them with one of the Google user agents or with Googlebot, which all of its bots recognize.

For example, you can block PNG files from all Google user agents as follows: 

User-agent: Googlebot
Disallow: /*.png$

As with regular expressions, the asterisk means to match any sequence of characters, and the dollar sign means to match the end of the string. Those are the only two pattern matching characters that Google supports.

To disable all bots except for Google, use this: 

User-agent: *
Disallow: /

User-agent: Googlebot
Allow: /

To exclude pages with sort as the first element of a query string that can be followed by any other text, use this:

User-agent: Googlebot
Disallow: /*?sort

This clause will also work only woth the Google bots.


Other posts:

White House new Robots.txt

8 easy tips to drive traffic from search engines to your site

Huge List of Dumb and Crazy Laws in the United States

Tools for Web developers

Friday, February 05, 2010 2:26:11 PM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -

In January, Google went public with news that some of its systems had been hacked, along with those of a number of US-based companies. The attacks had targeted both accounts maintained by political activists and commercial code, and Google pointed the finger straight at China, vowing to change its entire approach to business in that country. But a report now suggests that the company is also looking to beef up its internal defenses to prevent a repeat of the attacks.

The Washington Post is reporting that Google has started negotiations with the US National Security Agency about a collaborative effort to analyze the attack and figure out how best to prevent a recurrence. The Post is citing confidential sources, as the deal isn't final and, even if it were, it's unlikely that Google would seek to publicize it.

For starters, both organizations have already been the target of many complaints by privacy advocates, the NSA for its domestic surveillance efforts, Google for its data retention policies. The combination of the two would clearly make the advocates far more uneasy, and might help them make their case with the wider public. Meanwhile, as the report notes, private companies have often been loath to share information about their proprietary systems with the government for a variety of reasons.

That may explain why the negotiations have been going slowly, as the NSA would clearly need access to and understanding of Google's infrastructure in order to fully evaluate the attacks and future risks. And that's precisely the sort of proprietary information that Google is presumably reluctant to provide anyone with—even a highly secretive organization like the NSA.

Other posts:

Google Willing To Pay 500$ Bounty For Each Chrome Browser Bugs You Find

Google Translator Hacked

BusinessWeek hit by SQL Injection attack

Password aren't a good defense?

Friday, February 05, 2010 10:30:04 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
News | Security
 Wednesday, February 03, 2010

The sys.objects system table offers you some information on the last modifications made on any database object. As a quick example, the following script queries for the list of user tables modified since the start of this year.

SET @date = '2010-01-01'

SELECT   name, 
FROM     sys.objects
         AND modify_date >= @date
ORDER BY modify_date

Now this knowledge can help you manage your SQL Servers more easily. You could, for example, create a script that runs every night and send you within an email the list of objects modified the last day.

The list of available types to filter your search are:

AF Aggregate function (CLR)
C CHECK constraint
D DEFAULT (constraint or stand-alone)
F FOREIGN KEY constraint
FN SQL scalar function
FS Assembly (CLR) scalar-function
FT Assembly (CLR) table-valued function
IF SQL inline table-valued function
IT Internal table
P SQL Stored Procedure
PC Assembly (CLR) stored-procedure
PG Plan guide
PK PRIMARY KEY constraint
R Rule (old-style, stand-alone)
RF Replication-filter-procedure
S System base table
SN Synonym
SQ Service queue
TA Assembly (CLR) DML trigger
TF SQL table-valued-function
TR SQL DML trigger
TT Table type
U Table (user-defined)
UQ UNIQUE constraint
V View
X Extended stored procedure


Other posts:

How to: Find The List Of Unused Tables Since The Last SQL Server Restart

Differences between temporary tables and table variables

Using derived tables to boost SQL performance

How to track the growth of your database

Wednesday, February 03, 2010 11:00:54 AM (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
Code Snippet | SQL

About the author/Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2019
Stanislas Biron
Sign In
Total Posts: 135
This Year: 0
This Month: 0
This Week: 0
Comments: 1
All Content © 2019, Stanislas Biron