Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Submission + - Chronicles of a F/OSS security project (Arachni) (ecsypno.com)

Submitted by Zapotek
Zapotek writes: A story of curiosity, experimentation, development, million euro deal, fraudsters, abandonment and revitalization.

From the inception of the F/OSS Arachni WebAppSec scanner to the opening of Ecsypno’s doors with its flagship product Codename SCNR.

Submission + - SPAM: The Windmill Survey

Submitted by Zapotek
Zapotek writes: Hello all,

I would like to bring the Windmill Survey to your attention, a global human empowerment project.

The aim of the project is to bring awareness to community issues, identify populace problem spots and drive further research and analysis into these matters, in hopes of finding and applying solutions.
I.e. the usual "making the world a better place" stand, but with a solid approach and plan aimed towards quantitatively identifying issues and helping increase the quality of life of citizens everywhere.

I (Anastasios, "Tasos" for short, Laskos) am the founder and leader of this project and now is the time to raise awareness and steady/substantial funding, thus I'd like to appeal to your good nature to have a look at the project and spread the word.

Feedback would also be sincerely welcomed, so long as it's not all "doom and gloom and heading for failure"-ridden.

Best of regards,
Tasos Laskos.
- Windmill Survey project Founder, Leader
- Ecsypno Single Member P.C. Founder, CEO, Director of R&D
Link to Original Source

Submission + - Ecsypno's Codename SCNR: Scalable, accessible, unrestricted DAST/IAST (ecsypno.com)

Submitted by Zapotek
Zapotek writes: Ecsypno's Codename SCNR DAST/IAST product is the result of more than a decade's worth of R&D, coming from the industry known Free & Public/Open-Source Arachni WebAppSec Scanner Framework.

There are a number of competing products out there, at similar levels of sophistication, but none at Codename SCNR's price point and not without restrictions.

Codename SCNR offers unrestricted functionality to scan all you need, as much as you need, better improving your security posture — in an resource-accessible manner.

  Unrestricted target domains
  Unrestricted amount of scan time
  Unrestricted pages
  Unrestricted scans (parallel too)

Business logic written in Ruby, resource intensive parts in Rust, Chromium for DOM level-3 support and libcurl for HTTP communications; winning combinations for longevity, stability and performance.

Powered by advanced heuristics and a smidgen of machine-learning, it excels in vulnerability analysis/verification, as well as performance, based on its ML-backed audit scheduling.

Interfaces include:
  Ruby API, for highly-customized, scripted scans.
  REST API for easy integration.
  CLI scanner utilities, for terminal availability.
  WebUI, for ease of use.
  Distributed deployments (using remote Agents and Schedulers), for scalability.

Ecsypno is a young startup, doing R&D in web security automation (mainly DAST/IAST tooling) and distributed-computing, with a soft-spot for F/OSS.

Comment Re:This is um. Ok. I guess? (Score 1) 20

Right now this deals with divisible workloads. All there is for MPI are the Ruby RPC and a shared hashmap with callbacks to serve possibly even as a channel.
I don't imagine anyone using this for other tasks although the project was just born and high-performance code can be added via native C/C++/Rust extensions to the project. That'd go into Cuboid though, not Peplum, Peplum would just benefit

Submission + - Peplum: A F/OSS distributed parallel computing solution (github.com)

Submitted by Zapotek
Zapotek writes: Peplum is a F/OSS (MIT licensed) project aimed at making clustering/super-computing affordable and accessible, by making it simple to setup a distributed parallel computing environment for abstract applications.

It can be used for educational/research purposes or to build commercial solutions in the cloud or on-premise or even used to speed up your routine at home.

It is written in the Ruby programming language, thus coming with an entire ecosystem of libraries and the capability to run abstract Ruby code, execute external utilities, run OS commands, call C/C++/Rust routines and more.

Peplum is powered by Cuboid, a F/OSS (MIT licensed) abstract framework for distributed computing — both of them are funded by Ecsypno Single Member P.C., a new R&D and Consulting company.

From running simulations, to network mapping/security scans, to password cracking/recovery or just encoding your collection of music and video, and many more, and using multiple machines to do so, Peplum has you covered — the implementation of course can be up to you.

TLDR: You no longer have to only imagine a Beowulf cluster of those, you can now easily build one yourself with Peplum.

Submission + - Peplum: F/OSS super-computing at Home with Ruby Infrastructure (ecsypno.com)

Submitted by Zapotek
Zapotek writes: Hello all,

It's been very busy here at Ecsypno skunkworks these last few days when it comes to research and development into distributed computing systems.

Armed with Cuboid, Qmap was built, which tackled the handling of nmap in a distributed environment, with great results. Afterwards, an iterative clean-up process led to a template of sorts, for scheduling most applications in such environments.

With that, Peplum was born, which allows for OS applications, Ruby code and C/C++/Rust code (via Ruby extensions) to be distributed across machines and tackle the processing of neatly grouped objects.

In essence, Peplum:

        Is a distributed computing solution backed by Cuboid.
        Its basic function is to distribute workloads and deliver payloads across multiple machines and thus parallelize otherwise time consuming tasks.
        Allows you to combine several machines and built a cluster/supercomputer of sorts with great ease.

After that was dealt with, it was time to port Qmap over to Peplum for easier long-term maintenance, thus renamed Peplum::Nmap.

So that was quite the weekend!

We have high hopes for Peplum as it basically means easy, simple and joyful cloud/clustering/super-computing at home, on-premise, anywhere really. Along with the capability to turn a lot of security oriented apps into super versions of themselves, it is quite the infrastructure.

Submission + - QMap: A F/OSS distributed network mapper/security scanner backed by nmap (github.com)

Submitted by Zapotek
Zapotek writes: QMap is a distributed network mapper/security scanner backed by Cuboid for its distributed architecture and nmap for the scanning engine.
Its basic function is to split the scanning of IP ranges across multiple machines and thus parallelize an otherwise quite time consuming task.

Qmap can initiate scans from the same machine, but the idea behind it is to use a Grid which transparently load-balances and line-aggregates, in order to combine resources and perform a faster scan than one single machine could.
The cool thing is that it doesn't matter to which machine you refer for Instance spawning, the appropriate one is going to be the one providing it.

You can configure its REST service to use any Grid member and perform your scan.
The REST service is good for integration, so it's your safe bet; you can however also take advantage of the internal RPC protocol and opt for something less resource intensive and high-performance.
Open Source

Stack Overflow Stats Reveal 'the Brutal Lifecycle of JavaScript Frameworks' (stackoverflow.blog) 165

Posted by EditorDavid from the reacting-to-React dept.
A developer on the Internal Tools team at Stack Overflow reveals some new statistics from their 'Trends' tool: JavaScript UI frameworks and libraries work in cycles. Every six months or so, a new one pops up, claiming that it has revolutionized UI development. Thousands of developers adopt it into their new projects, blog posts are written, Stack Overflow questions are asked and answered, and then a newer (and even more revolutionary) framework pops up to usurp the throne...

There appears to be a quick ascent, as the framework gains popularity and then a slightly less quick but steady decline as developers adopt newer technologies. These lifecycles only last a couple of years. Starting around 2011, there seems to be major adoption of a couple of competing frameworks: Backbone, Knockout, and Ember. Questions about these tags appear to grow until around 2013 and have been in steady decline since, at about the same time as AngularJS started growing. The latest startup is the Vue.js framework, which has shown quick adoption, as it is one of the fastest growing tags on Stack Overflow. Only time can tell how long this growth will last.
"Let's be honest," the post concludes. "The size of a developer community certainly counts; it contributes to a thriving open source environment, and makes it easier to find help on Stack Overflow."
Data Storage

NAND Flash Density Surpasses HDDs', But Price Is Still a Sticking Point (computerworld.com) 185

Posted by timothy from the daddy-what-were-spinning-media-and-what-was-their-areal-density? dept.
Lucas123 writes: With the introduction of 3D or stacked NAND flash memory, non-volatile memory has for the first time surpassed that of hard disk drives in density. This year, Micron revealed it had demonstrated areal densities in its laboratories of up to 2.77 terabits per square inch (Tbpsi) for its 3D NAND. That compares with the densest HDDs of about 1.3Tbpsi. While NAND flash may have surpassed hard drives in density, it doesn't mean the medium has reached price parity with HDDs — nor will it anytime soon. One roadblock to price parity is the cost of revamping existing or building new 3D NAND fabrication plant, which far exceeds that of hard drive manufacturing facilities, according to market research firm Coughlin Associates. HDD makers are also preparing to launch even denser products using technologies such as heat assisted magnetic recording.

Comment Re:"nonconsensual sex or touching" (Score 1) 399

by Zapotek (#50961315) Attached to: The War On Campus Sexual Assault Goes Digital
Because my job isn't to report on this and because the bit I copied was enough to being attention to the point I was trying to make, with said point having nothing to do with gender but rather the author's attempt at manipulation by counting together touch and rape.

Not to mention the fact that this was obviously a quote of the full description, with the description being a mere scroll away.

You saw a gender bias where there was none, so it was probably just your own.

Comment "nonconsensual sex or touching" (Score 4, Insightful) 399

by Zapotek (#50960983) Attached to: The War On Campus Sexual Assault Goes Digital

According to a recent study of 27 schools, about one-quarter of female undergraduates said they had experienced nonconsensual sex or touching since entering college

So basically they asked about touching and sex just so they can put the phrase "nonconsensual sex" and "one-quarter" together?

Those 2 are nowhere near the same level of severity to be reported in that fashion.
I've been touched plenty times nonconsensually, I figured "that's a bit too familiar" (yes I'm a man, yes by women), however I wouldn't place those occurrences nowhere near anything having to do with rape.

Slashdot Top Deals

Life is a healthy respect for mother nature laced with greed.

Close