Wednesday, December 08, 2010

Security issue in Website Optimiser

email post

Security issue in Website Optimiser

Dear Website Optimiser user,

We are writing to inform you of a potential security issue with Website Optimiser. By exploiting a vulnerability in the Website Optimiser Control Script, an attacker might be able to execute malicious code on your site using a Cross-Site Scripting (XSS) attack. This attack can only take place if a website or browser has already been compromised by a separate attack. While the immediate probability of this attack is low, we urge you to take action to protect your site.

We have fixed the bug, and all new experiments are not susceptible. However, any experiments you are currently running need to be updated to fix the bug on your site. Additionally, if you have any Website Optimiser scripts from paused or stopped experiments created before 3 December 2010, you will need to remove or update that code as well.

There are two ways to update your code. You can either stop current experiments, remove the old scripts and create a new experiment, or you can update the code on your site directly. We strongly recommend creating a new experiment as it is the simpler method.

Creating a New Experiment

  1. Stop any currently running Website Optimiser experiments
  2. Remove all the Website Optimiser scripts from your site
  3. Create a new experiment as normal. New experiments are not vulnerable.

Updating the Website Optimizer Control Script Directly

  1. Locate the Control Script on your site. It looks like this:
A/B Test Control Script
<!-- Google Website Optimiser Control Script -->
<script>
function utmx_section(){}function utmx(){}
(function(){var k='XXXXXXXXXX',d=document,l=d.location,c=d.cookie;function f(n){
if(c){var i=c.indexOf(n+'=');if(i>-1){var j=c.indexOf(';',i);return c.substring(i+n.
length+1,j<0?c.length:j)}}}var x=f('__utmx'),xx=f('__utmxx'),h=l.hash;
d.write('<sc'+'ript src="'+
'http'+(l.protocol=='https:'?'s://ssl':'://www')+'.google-analytics.com'
+'/siteopt.js?v=1&utmxkey='+k+'&utmx='+(x?x:'')+'&utmxx='+(xx?xx:'')+'&utmxtime='
+new Date().valueOf()+(h?'&utmxhash='+escape(h.substr(1)):'')+
'" type="text/javascript" charset="utf-8"></sc'+'ript>')})();
</script><script>utmx("url",'A/B');</script>
<!-- End of Google Website Optimizer Control Script -->
Multivariate Test Control Script
<!-- Google Website Optimizer Control Script -->
<script>
function utmx_section(){}function utmx(){}
(function(){var k='XXXXXXXXXX',d=document,l=d.location,c=d.cookie;function f(n){
if(c){var i=c.indexOf(n+'=');if(i>-1){var j=c.indexOf(';',i);return c.substring(i+n.
length+1,j<0?c.length:j)}}}var x=f('__utmx'),xx=f('__utmxx'),h=l.hash;
d.write('<sc'+'ript src="'+
'http'+(l.protocol=='https:'?'s://ssl':'://www')+'.google-analytics.com'
+'/siteopt.js?v=1&utmxkey='+k+'&utmx='+(x?x:'')+'&utmxx='+(xx?xx:'')+'&utmxtime='
+new Date().valueOf()+(h?'&utmxhash='+escape(h.substr(1)):'')+
'" type="text/javascript" charset="utf-8"></sc'+'ript>')})();
</script>
<-- End of Google Website Optimizer Control Script -->
  1. Locate the following in the Control Script: return c.substring(...
  2. Modify the following line as shown:
    BEFORE: return c.substring(i+n.length+1,j<0?c.length:j)
    FIXED: return escape(c.substring(i+n.length+1,j<0?c.length:j))
    Make sure to include the final closing brackets “)”
Fixed A/B Control Script
<!-- Google Website Optimizer Control Script -->
<script>
function utmx_section(){}function utmx(){} (function(){var k='XXXXXXXXXX',d=document,l=d.location,c=d.cookie;function f(n){ if(c){var i=c.indexOf(n+'=');if(i>-1){var j=c.indexOf(';',i);
return escape(c.substring(i+n.length+1,j<0?c.length:j))}}}
var x=f('__utmx'),xx=f('__utmxx'),h=l.hash; d.write('<sc'+'ript src="'+
'http'+(l.protocol=='https:'?'s://ssl':'://www')+'.google-analytics.com'
+'/siteopt.js?v=1&utmxkey='+k+'&utmx='+(x?x:'')+'&utmxx='+(xx?xx:'')+'&utmxtime='
+new Date().valueOf()+(h?'&utmxhash='+escape(h.substr(1)):'')+
'" type="text/javascript" charset="utf-8"></sc'+'ript>')})();
</script><script>utmx("url",'A/B');
</script>
<-- End of Google Website Optimizer Control Script -->

Fixed Multivariate Control Script
<!-- Google Website Optimizer Control Script -->
<script>
function utmx_section(){}function utmx(){}
(function(){var k='XXXXXXXXXX',d=document,l=d.location,c=d.cookie;function f(n){
if(c){var i=c.indexOf(n+'=');if(i>-1){var j=c.indexOf(';',i);
return escape(c.substring(i+n.length+1,j<0?c.length:j))}}}
var x=f('__utmx'),xx=f('__utmxx'),h=l.hash; d.write('<sc'+'ript src="'+
'http'+(l.protocol=='https:'?'s://ssl':'://www')+'.google-analytics.com'
+'/siteopt.js?v=1&utmxkey='+k+'&utmx='+(x?x:'')+'&utmxx='+(xx?xx:'')+'&utmxtime='
+new Date().valueOf()+(h?'&utmxhash='+escape(h.substr(1)):'')+
'" type="text/javascript" charset="utf-8"></sc'+'ript>')})();
</script>
<-- End of Google Website Optimizer Control Script -->

Note that the k=XXXXXXXXX line in the above Control Script examples is a placeholder.

Your experiment will continue as normal after you’ve made this update. There’s no need to pause or restart the experiment.

We’re committed to keeping Website Optimiser secure, and we’re deeply sorry for this issue. We will continue to work hard to prevent future vulnerabilities.


Yours sincerely,
Trevor
Google Website Optimiser Team

Saturday, December 04, 2010

SiSoftware Sandra 2011 Released

email post

SiSoftware Sandra 2011 Released


SiSoftware Sandra 2011 Released: London, UK, 4th November 2010 - Media Transcode, Blu-Ray and further GPGPU support.


A year ago, SiSoftware released Sandra 2010 with full support for Windows 7; in the 18 months since the launch of Windows 7, more than ever before we have seen the line blur between PC and entertainment hubs. Two months ago we released a Blu-Ray benchmark, now we have added a brand-new Media Transcoding benchmark using the new Media Foundation of Windows 7. We have also added yet another benchmark (GPGPU Cryptography) which allows direct comparison of CPU performance (using crypto instruction sets) and GPGPU performance.

Benchmarking 101 Benchmarking in Detail: London, UK, November 4th 2011 - We have started a series of articles to detail the new benchmarks of the latest version, Sandra 2011.

Learn what they do, how their work and what the results mean. How do current devices (CPUs, GPGPUs, memory, drives, etc.) compare and how future, soon to be released devices fare?

CPU vs. GPGPU: Arithmetic Performance
CPU vs. GPGPU: Memory Performance
OpenCL GPGPU Performance (OpenCL vs. CUDA/STREAM)
OpenCL CPU Performance (OpenCL vs native/Java/.Net)
DirectX 11 Compute Shader SiSoftware DirectX 11 Compute Shader Support Released: London, UK, 4th January 2010 - SiSoftware releases its suite of DirectX 11 Compute Shader GPGPU benchmarks as part of SiSoftware Sandra 2010.

Compute Shader/DirectCompute is a new programmable shader stage introduced with DirectX 11 that expands Direct3D beyond graphics programming. We believe Compute Shader/DirectCompute will become 'the standard' for programming parallel workloads in Windows, thus we have ported all our GPGPUs benchmarks to DirectX 11 Compute Shader/DirectCompute. more...
OpenCL SiSoftware OpenCL Support Released: London, UK, 30th November 2009 - SiSoftware releases its suite of OpenCL GPGPU benchmarks as part of SiSoftware Sandra 2010.

OpenCL is an open standard for running parallel tasks on GPUs, CPUs and hardware accelerators using the same code - unlike proprietary solutions. We believe OpenCL will become 'the standard' for programming parallel workloads in the future, thus we have ported all our GPGPUs benchmarks to OpenCL.

Download:


Tricks to Deal With Bad Customer Service

email post

Tricks to Deal With Bad Customer Service


Cool customer services will make you want to continue to do business with a company. Bad customer service will frustrate you and make you think about taking your business else where. Dealing with bad customer service in the proper way will help you feel better about your experience and will help the company improve customer service.

Be specific about your complaint when you are speaking to a customer service representative. Many times, bad customer service is simply the result of the customer service representative misunderstanding your situation.


Stay calm and polite when you are speaking to any representative of the company. Becoming irate will hurt your chances of having your problem solved.


Ask to speak to a supervisor or manager if necessary. A manager or supervisor will usually have more options available to effectively fix your problem.


Offer your suggestions. If you have ways in mind to correct the problem or improve customer service, let the supervisor know. You may be able to offer a solution that the manager didn't think about.


Accept that you may have to compromise. In some cases, the solution that you are seeking may be impossible.

Write a letter to the company or business owner. Make sure that you include your initial problem, the names of everyone you spoke with, your specific customer service complaints, your proposed solution and your contact information.

Find a new business to frequent. If you find that you are unable to get your situation resolved in a mutually agreeable way, taking your business elsewhere will make a powerful statement. This is especially true if you are dealing with a small business.

Friday, December 03, 2010

Calling the UK Minister to act to protect the Internet's openness

email post

Calling the UK Minister to act to protect the Internet's openness


Today, a group of 18 organizations representing a broad spectrum of society and the economy has sent an open letter to Ed Vaizey, MP, the UK Minister in charge of digital issues, to call on the UK Government to reflect their recent commitment to the open Internet in action on the ground. Skype is part of this initiative because we believe it is important to remind policy makers, local governments and regulators throughout Europe that a verbal commitment will not be sufficient to establish and protect openness.

We strongly welcome the UK Government's recent statement of support for the open Internet, but we must not forget about the existing restrictions in place in the UK and many other countries around the globe. For example, in countries like France, Germany, Spain, or the UK (to name only a few), several, if not all, mobile operators prohibit their customers from using Skype on their mobiles or they only allow Skype usage at extra cost. Similar restrictions affect many other uses of the Internet, such as video, audio, instant messaging, streaming, P2P, etc. In order to remove these restrictions, the governments and regulatory authorities in these countries - including the UK - need to make sure that:
Users can send and receive the content, use the services and run the applications of their choice on the Internet, on the device of their choice

Traffic management is kept to a minimum, and only in place for purely technical or security reasons

There is meaningful transparency for consumers about traffic management

New models of Internet access don't compromise openness

Effective enforcement mechanisms are in place to ensure openness

Thursday, December 02, 2010

Scribus 1.3.9

email post

Scribus 1.3.9

Scribus - 47.45MB (Open Source)

Scribus is an open-source program that brings professional page layout to Linux/Unix, MacOS X, OS/2 and Windows.
It is powerful software that helps you create great looking documents of all kinds. It also comes with a lot of support options to help you achieve the best result. There is an enthusiastic and friendly community around Scribus that assists beginner and pro alike through our mailing list, IRC channel, wiki, contracted support, and the bugtracker.
Scribus supports professional features, such as CMYK color, spot color, separations, ICC color and robust commercial grade PDF.


Direct Download Link is below:

Download Total Commander 7.56

email post
Total Commander 7.56
Christian Ghisler - 3.12MB (Shareware)

* Description
* Technical
* Change Log

Total Commander is a file manager for Windows similar to well-known DOS file manager.

Total Commander can handle archives as if they were subdirectories. It also has an internal ZIP-compatible packer. The search function allows you to search for files inside archives, even for text.

* Two file windows side by side
*
* Multiple language support
*
* Enhanced search function
*
* Compare files (now with editor) / synchronize directories
*
* Quick View panel with bitmap display
*
* ZIP, ARJ, LZH, RAR, UC2, TAR, GZ, CAB, ACE archive handling + plugins
*
* Built-in FTP client with FXP (server to server) and HTTP proxy support
*
* Parallel port link, multi-rename tool
*
* Tabbed interface, regular expressions, history+favorites buttons
*
* Thumbnails view, custom columns, enhanced search
*
* Compare editor, cursor in lister, separate trees, logging, enhanced overwrite dialog, and more

 Download:

HTML5 Demos and Examples

email post
HTML 5 experimentation and demos I've hacked together. Click on the browser support icon or the technology tag to filter the demos (the filter is an OR filter).
Introducing HTML


Demo Support Technology
dataset (data-* attributes) ie: none firefox: none opera: none safari: nightly chrome: live dataset
History API using pushState ie: none firefox: nightly opera: none safari: live chrome: live history
Drag files directly into your browser Not directly part of HTML5 ie: none firefox: live opera: none safari: none chrome: nightly file-api dnd
Simple chat client ie: none firefox: nightly opera: nightly safari: live chrome: live websocket
Two videos playing in sync ie: nightly firefox: live opera: live safari: live chrome: live video
Interactive canvas gradients ie: nightly firefox: live opera: live safari: live chrome: live canvas
Canvas & Video ie: nightly firefox: live opera: live safari: live chrome: live video canvas
Video ie: nightly firefox: live opera: live safari: live chrome: live video
Canvas ie: nightly firefox: live opera: live safari: live chrome: live canvas
Content Editable ie: live firefox: live opera: live safari: live chrome: live contenteditable storage
Geolocation Works on Safari Mobile too ie: none firefox: live opera: live safari: live chrome: live geolocation
postMessage same domain ie: live firefox: live opera: live safari: live chrome: live postMessage
postMessage cross domain ie: live firefox: live opera: live safari: live chrome: live postMessage
drag and drop ie: live firefox: live opera: none safari: live chrome: live dnd
drag anything ie: live firefox: live opera: none safari: live chrome: live dnd
offline detection Works on Safari Mobile too ie: none firefox: live opera: live safari: none chrome: none offline events
navigator.onLine tests Doesn't use events, only polls ie: live firefox: live opera: live safari: none chrome: none offline
on/offline event tests ie: none firefox: live opera: live safari: none chrome: none offline events
offline application using the manifest FF 3.6 is still buggy - doesn't request manifest after initial load ie: none firefox: live opera: live safari: live chrome: live offline manifest
Storage ie: live firefox: live opera: live safari: live chrome: live storage
Web SQL Database Storage ie: none firefox: none opera: live safari: live chrome: live sql-database
Web SQL Database - rollback test ie: none firefox: none opera: live safari: live chrome: live sql-database
Web Workers watch out - uses a lot of CPU! example without - will hang your browser ie: none firefox: live opera: live safari: live chrome: live workers




































































Wednesday, December 01, 2010

OpenOffice.org 3.3.0 Release Candidate 6

email post

OpenOffice.org 3.3.0 Release Candidate 6

The newest Release Candidate that is going towards the upcoming OpenOffice.org 3.3.0 is available for download. New things in 3.3.0 are described in detail in the New Features overview.

TO UBi pc players

email post
TO UBi pc players - Overclock.net - Overclocking.net

Do you think or feel you are abandoned by UBi?

I pre-ordered Assassins Creed brotherhood, which was said same day release as PS3 and XBOX if pre-order........
And many other things.............