MIT Open Course Ware

MIT OpenCourseWare is a web-based repository of MIT university course materials.
It is free, it doesn't require any registration. Obviously, you can't get any certificate or degree!

Others universities all over the world are sharing Course Materials: official ones are those affiliated to the Open Course Ware Consortium.

A great step towards education for all people is to make content and knowledge available for free and the smoothest way possible.

Contents are available as lecture notes, exams, videos, audio files...

It is also possible to contriute on this activity, translating contents in non-english languages or use them (giving the proper attribution to the original MIT Faculty Author/s).
Contents are released in Creative Commons BY-NC-SA License.

Accelerometer-based mouse

A little preview... A full review in few days!

Non-exploitable vulnerabilities at source code level

I am writing a small article describing a kind of vulnerability that can be used against Linux Kernel.
This is due gcc and its optimization procedures, in some cases, make some source code buggy.
Furthermore, in this case, if SELinux is enabled, the system becomes weaker.

The vulnerability is described here (by Brad Spengler) and it can be exploited in Linux Kernel 2.6.30+/RHEL5 2.6.18 in /dev/net/tun.
The implmentation (was, before being fixed):

struct sock *sk = tun->sk;  // initialize sk with tun->sk
…
if (!tun)
return POLLERR;  // if tun is NULL return error

As tun is dereferenced (to use tun->sk) the compiler assumes that tun is non NULL, so it removes the check for tun against NULL.
Avoiding the initial crash caused to bad initialization (using mmap and SELinux), it is possible to exploit the Kernel because there is no check against tun.

I can point You all to this blog, in which are described a lot of vulnerabilities (also silently fixed ones).
Milw0rm is another source of exploit notices.

Songs...

Some good music... I wanted to add a mixtape but favtape is down.

• Kasabian - LSF (NON official video on Youtube)
• Chemical Brothers - Let Forever Be (video on Youtube)
• The Verve - Love is Noise (video on Youtube)
• Harry Nilsson - Jump into the Fire (video on Youtube)
• Jet - Are You Gonna Be My Girl (NON official video on Youtube)
• Peter, Bjorn & John - Young Folks (video on Youtube)
  

How to localize Firefox 3.5.4pre (or latest)

You added Mozilla Firefox repositories to Synaptics and you're getting only the English version of the browser?
Searching for other stuff, I reached this place...

Get your xpi file and your Firefox will be localized!

Google Android porting on x86 - UPDATE

Google Android version 1.5 (Cupcake) has been ported on the ASUS EeePc 701.
Two members of Google Groups, beyounn and cwhuang01 created a Google Code group named Android-x86, in which we are "branching" the original Google Android source code in order to obtain an updated, fully featured and working OS.
We were trying to make Cupcake boot on different NetBooks and/or VirtualBox VMs. So we decided to merge our works.
Current status:

• Intel on-board VGA is working (with 2.6.30 Kernel it is possible to set the right resolution)
• GPS USB Serial device is correctly binded to OS
• LAN 100Mbit Network Adapter is working (both DHCP and static configuration)
• WiFi Atheros 5k Network Adapter is working (both DHCP and static configuration)
• USB Mouse (software mouse) and/or Keyboard works
• USB Pen Drive or Memory reader can be mounted as SD Card
• Audio is working (ALSA was not working due to a rebuild mistake in the Android Make System)
• OpenGL-ES are going to be supported, there's a group of developers sharing their code here
  

Firefox 3.5.1 still exposing bugs

Firefox 3.5.1 represents a step towards a faster browser.
Several benchmarks show Safari 4, Opera 10 and Chrome as the fastest browsers on the market - I heard "Webkit rules" - and they only seem to lack in the plug-ins feature.
I'm not taking into account IE X.x because... I think it already exists only because is bundled into the most common OS in the world. And there's no reason to use it.

Anyway... After the first exploit (more here) soon patched by Mozilla team, we got a bug in JavaScript engine, not well managed in 3.5.1.
The issue is well described here and this time it is not useful for executing code (at the moment), but "only" for a DoS.
Possible workaround? Disable JavaScript, No-Script plug-in or switch to the older JavaScript engine from about:config, disabling javascript.options.jit.content. Choosing the 3rd option, there will be a drop in the overall performances of Firefox.