Feed aggregator

An anonymous reader writes "Google is at daggers end with a law firm it's been using since 2008, after discovering that lawyers in the law firm, named Pepper Hamilton LLP, were representing a patent licensing business that sued Google's Android partners last month. Google has claimed that Pepper Hamilton LLP never provided notice that it was hired by Digitude Innovations LLC, the firm that filed patent infringement complaints against Google's business allies."

Read more of this story at Slashdot.

Forget all those old example on how to upload file. Express provides a very easy and simple to use file upload feature that every newbie (like me) should know and use.

Step 1:
Your form must be multipart.

<form name="uploadfile"  enctype="multipart/form-data" ...>
Step 2:
Here comes the req.files magic.

app.post('/upload', function(req, res) {     console.log( req.files.uploadfile );     console.log( req.files.uploadfile.name );     // use fs.rename to move the file and unlink after that});

Internally express is using formidable to do handle the file upload. But it's a surprise to me that formidable doc is a piece of shit, and express is obviously not advertising this feature enough.

If you are getting "Forbidden" error whenever you are trying to use res.sendfile, it's probably because you are using relative path. This is a potential security hole hence it's "Forbidden".

So instead of res.sendfile( __dirname + "/../public/home.html"), use the path module to normalize the path to the file. Like the below,


path = require('path');var filepath = path.normalize( __dirname + "/../public/home.html");res.sendfile( filepath );

“The only position that leaves me with no cognitive dissonance is atheism. It is not a creed. Death is certain, replacing both the siren-song of Paradise and the dread of Hell. Life on this earth, with all its mystery and … Continue reading →

I just had an orgasmic chilli high at The Chilli Rush. I came to know of the outlet through colleagues and given my attraction to all things spicy, my interest was piqued. The outlet serves pretty good food at ordinary … Continue reading →

Who can forget Hitchens iconic phrase: “That which can be asserted without evidence, can be dismissed without evidence”? He’s easily one of the most prominent intellectuals and accomplished orators of the 21st century. Yet, it has been recently, in the … Continue reading →

I’ve been hiring developers for a number of years now. Jobstreet is generally the go-to hiring portal. Here’s the resume of the median candidate I find on Jobstreet: Name, race and religion (apparently, race and religion matter enough to employers … Continue reading →

Been evaluating products for the last couple weeks. Here are some observations: Have videos that show the product at work. I can only read/watch so much marketing talk (it’s always the same talk). Show me videos and give me the option … Continue reading →

Note: This is a long read, but if you make it to the end, I’d appreciate your comments Google+ is the latest social offering from Google. It was launched end June, and has had a rapid ramp-up with an estimated … Continue reading →

Console logging object’s is straightforward in Node.js. A basic console.log(object) works well in printing out member variables and functions of an object: var obj = { "name": "ditesh", "age": 13 }; console.log(obj); // Outputs { name: 'ditesh', age: 13 } … Continue reading →

Today was Bersih’s peaceful rally in Kuala Lumpur, Malaysia’s capital. Approximately 50,000 Malaysians turned up to support Bersih’s call for free and fair elections, despite water cannons, tear gas and mass arrests by the police. There have been many videos … Continue reading →

I was trying to figure out how to implement the UIDL command as part of a POP3 daemon I am building using Node.js. UIDL is an optional command in RFC 1939, but many POP3 clients use it in the leave-message-on-server … Continue reading →

In 1967, a cabin fire in Apollo 1, scheduled to be the first manned lunar landing program, killed all three cabin members. Gene Krantz, most famously known as NASA’s flight director during the Apollo 13 manned mission, responded to the … Continue reading →

An anonymous reader writes "The U.S. Election Assistance Commission is sponsoring an online, open innovation challenge to search for creative answers to the question: 'How might we design an accessible election experience for everyone?' The goal is to develop ideas for how to make elections more accessible to everyone, especially people with disabilities."

Read more of this story at Slashdot.

New submitter KA.7210 writes "I am an employed mechanical engineer, having worked with the same company since graduation from college 5 years ago. I am looking to increase my credentials by taking more engineering courses, potentially towards a certificate or a full master's degree. Going to school full time is not an option, and there is only one engineering school near me that offers a program that resembles what I wish to study, and also has the courses at night. Therefore, I have begun to look at online options, and it appears there are many legitimate, recognizable schools offering advanced courses in my area of interest. My question to Slashdot readers out there is: how do employers view degrees/advanced credentials obtained online, when compared to the more typical in-person education? Does anyone have specific experience with this situation? The eventual degree itself will have no indication that it was obtained online, but simple inference will show that it was not likely I maintained my employment on the east coast while attending school in-person on the west coast. I wish to invest my time wisely, and hope that some readers out there have experience with this issue!"

Read more of this story at Slashdot.

wiredmikey writes "A hacker who tried to land an IT job at Marriott by hacking into the company's computer systems, and then unwisely extorting the company into hiring him, has been sentenced to 30 months in prison. The hacker started his malicious quest to land a job at Marriott by sending an email to Marriott containing documents taken after hacking into Marriott servers to prove his claim. He then threatened to reveal confidential information he obtained if Marriott did not give him a job in the company's IT department. He was granted a job interview, but little did he know, Marriott worked with the U.S. Secret Service to create a fictitious Marriott employee for use by the Secret Service in an undercover operation to communicate with the hacker. He then was flown in for a face-to-face 'interview' where he admitted more and shared details of how he hacked in. He was then arrested and he pleaded guilty back in November 2011. Marriott claims the incident cost the company between $400,000 and $1 million in salaries, consultant expenses and other costs."

Read more of this story at Slashdot.

I like my N900 very much, I mean not many people can go around spawn a shell on their palms right?  Sadly althought in my humble opinion N900 is the best thing a phone can offer (fully total control on the phone, straight forward cross compiling like u did on your normal nix unlike the other linux. 

However it is regret to say that every  awesome stuff in the world have it's own Achilles Heel . (The memory is small, the stock speed of the CPU is only 600Mhz, and the usb female charger port is always on the loose).

So I decided to give myself an upgrade to N9. the Supposely to be the successor for N900. with 1Ghz Proc and 1 Gig Ram should have some deep impact right?
So here is the Pros and COns for N9.

1. It`s Faster, Amoled
2. Multitouch all u need is a swipe.

Now here`s the Bad thing ...
1. Half Ass Cooked OSThe moment u enabled Developer mode. U realise that the Phone is bundled with Half-Ass determination unlike the N900. Default repo is worst. U didn`t even have the basic unzip package is not available. CMS tool such as svn and git are borked . It's much better to compile everything  yourself rather then finding the correct Repo.
2. Limited root even in a developer mode. 
This is most likely due to Aegis Security Framework dat is similliar towards SE-Linux. But possess a lot of problem. Any unsigned binary dat did n `t registered with Aegis won`t be executed. Or any code-execution that required root privileged such as raw socket won`t be able to done. Ping is accepted since it's in the Aegis Whitelist. Luckily it was not dat much hassle . There are few tricks u can do ..
-  Using Taviso http://seclists.org/fulldisclosure/2010/Oct/257 (Find the allowed suid ) -  Flash the firmware back and then apply the open-mode patch. http://maemo.cloud-7.de/HARM/N9/openmode_kernel_PR1.1/
3. No external mmc slot and using microsim instead of normal sim.. (Defakkk?)
So there you go my review on N9. It's really a superb phone that will be abandoned by its maker but not it`s user.

sciencehabit writes "Petroleum geologists have long used air guns in their search for oil and gas deposits. Sudden blasts from the devices generate seismic waves that they use to map underground rock formations. Could the same technique be used to study earthquakes? A team of Chinese scientists thinks so. The researchers have designed an air gun that could be useful in monitoring changes in stress buildup along fault zones."

Read more of this story at Slashdot.

Frédéric Descamps of Percona.

Percona Toolkit is Maatkit & Aspersa combined. Opensource and the tools are very useful for a DBA.

You need Perl, DBI, DBD::mysql, Term::ReadKey. Most tools are written in Perl, and whatever is in Bash is being re-written in Perl. There is also a tarball or RPM or DEB packages.

Know your environment. The hardware & OS are crucial for you to know. How much memory/CPU do you use? Do you use swap? Is this a physical/virtual machine? Do you have free space? What kind of RAID controller? Volumes? Disk? What about the network interfaces? What IO schedulers are used? Which filesystem is the data stored on? To answer all that, just use pt-summary.

Know your MySQL environment. Version? Build? How many databases? Where is the data directory? What about replication? What are key InnoDB settings? Storage engine in use? Index type? Foreign keys? Full text indexes? To answer all this and more use pt-mysql-summary.

pt-slave-find shows you the topology and replication hierarchy of your MySQL replication instances. An inventory of replicas!

Where is my disk I/O going? Use pt-diskstats which is an improved iostat. There is pt-ioprofile but it can be dangerous in production.

Now its time to get more intimate with your database. Let’s try to find the answer to these questions: how are the indexes used? Are there duplicate keys? Which queries are eating most of the resources? You can use pt-duplicate-key-checker to check for duplicate/redundant indexes or foreign keys. pt-index-usage can tell you which indexes are unused. If you think you have bad SQL, check out pt-query-advisor.

You can use pt-query-digest to analyze the slow query log and show a profile of the workload. You mostly use this with slow query logs & tcpdump’s. Be careful when you have dropped packets — results may tend to be fake then!

After all this, its time to maintain your environment.

pt-deadlock-logger checks InnoDB status to log MySQL deadlock information. It needs to run continually to capture things.

pt-fk-error-logger extracts and logs MySQL foreign key errors.

pt-online-schema-change to alter tables. It makes a “shadow copy” and swaps them. Extremely useful for large, long-running ALTER. Facebook uses the same technique.

Validate your upgrades as upgrades are the leading cause of downtime. Are queries using different indexes? Is query execution plan different? New errors? See pt-upgrade for this. Best to run this on a third machine (i.e. the old machine and a new machine to see how it goes).

Verify replication integrity – pt-table-checksum. Perform an online replication consistency check or checksum MySQL tables efficiently on one or many servers. Use it routinely (mandatory for 95% of MySQL users). Put it in a weekly crontab. Repair differences with pt-table-sync.

Repair out-of-sync replicas – pt-table-sync

Measure delay acfurately – pt-heartbeat

Deliberately delay replication – pt-slave-delay

Watch & restart MySQL replication after errors – pt-slave-restart

When there are problems, get the symptoms when it hurts. Look at pt-stalk (wait for a condition to occur them begin collecting data – eg. everytime the threads go over 2,000 you have a problem, so it collects stuff – it calls pt-collect), pt-collect (collect information from a server for some period of time), and pt-sift.

pt-mext looks at many samples of MySQL SHOW GLOBAL STATUS side-by-side. Default STATUS shows counter since the MySQL instances started. It is very helpful to see a delta of recent activity.

The future: pt-query-digest will do query reviews; pt-stalk will do “magical fault detection algorithm”. Its all opensource and its all on Launchpad at lp:percona-toolkit.

Related posts:

1. Practical MySQL Indexing guidelines by Stéphane Combaudon
2. Replication features of 2011 by Sergey Petrunia
3. MySQL synchronous replication in practice with Galera by Oli Sennhauser

tsu doh nimh writes "Two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies. Internet Identity, a Tacoma, Wash. company that sells security services, found evidence of at least one DNSChanger infection in computers at half of all Fortune 500 firms, and 27 out of 55 major government entities. Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan's DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web. The FBI is currently debating whether to extend the deadline or let it expire."

Read more of this story at Slashdot.