I've had to set up a SharePoint 2010 Virtual machine for upcoming projects. The problem is that SharePoint 2010 requires Windows 2008 server 64bit.

OK, no problem... I've got a 64 bit machine. Hmmm.... But at the time of reformatting my machine I didn't have the 64-bit Ubuntu with me, so I installed the 32 bit.

So... the question is can you install a 64 bit guest on top of a 32 bit host? Yes! Well, at least using VirtualBox - I can't really comment on other virtual technologies. The other thing is that my physical CPU is a Intel p8600 64-bit processor with VT-x

In order to get it to work, I had to enable a setting in the BIOS which allowed Virtual Box to Virtualise a 64 bit machine. This was achieved by rebooting my machine, entering the BIOS and checking the following to fields under the Virtualisation section:

Virtualisation: "This field specifies whether a Virtual Machine Monitor (VMM) can utilize the additional hardware capabilities provided by Intel(R) Virtualization Technology."

and

VT for Direct I/O: "This field specifies whether a Virtual Machine Monitor (VMM) can utilize the additional hardware capabilities provided by Intel(R) Virtualization Technology for Direct I/O."

In order to get VirtualBox to actually recognise this, I had to reboot the machine a few times - Very weird... But thhen suddenly, it worked! (Just make sure that you enable the settings for the specific virtual machine in VirtualBox as well. )

In my review of Kubuntu 10.10, I closed in saying that I probably wasn't going to keep it for very long. There seemed to be a few bugs in the UI, with some of the windows tearing. But I got used to most of the small idiosyncrasies and liked some of the features. So, I ended up running it for about 3 months. I've just reinstalled Ubuntu 10.10 on my main laptop and have once again feel much more at home. Firstly, I used a stopwatch to see how long it would take to install, remembering that I was totally blown away at the speed of the Kubuntu installation. Well, this time round it took a whopping 6 minutes, 20 seconds! As I didn't have a network connection at that point, I did have to install the extra media codecs afterwards, but all in all it was amaisingly fast!







Once started up, I was also much happier with the responsiveness - launching applications just seems much faster and makes for a better experience.

So, with my Kubuntu phase behind me and my curiosity satisfied, here's how they stack up:

Firstly, both flavours are largely built on the same codebase. The major difference is the user interface components. Kubuntu, as the naming suggests, is based on the KDE interface whereas Ubuntu is based on the Gnome interface. So the difference between the two largely comes down the personal preferences regarding these interfaces.

The Kubuntu UI looks better than Ubuntu IMO. There are tons of cool widgets to add to the desktop, the notifications are pretty nice and overall it has a more polished look. This all comes at a cost though. On my machine it didn't run very smoothly as well as the previously mentioned tearing problems. I'm not sure exactly what the problem was because I haven't experienced the same problem in Ubuntu, so I'm guessing that it's got something to do with my graphics card/ QT libraries. But remember that even though I'm comparing the base installations here, It's pretty easy to install additional components to spruce up those that you're not happy with. Eg. A new main menu.

There are similar effects using KWin to those provided by Compiz such as a 3D cube desktop and wobbly windows, but I find that the Compiz effects are a bit smoother. In general I preferred the level of customisation of the effects that can be achieved with Compiz Fusion Settings Manager.

The suspend to disk feature didn't work at all for me causing it to hang, forcing a reboot. The suspend to RAM did work correctly however. The boot times seem to be much better in Ubuntu than Kubuntu, but then again there's been much written about the work done to get the boot times to under 10 seconds on an "average" machine. I've found that there seem to be intermittent problems with the suspend in Ubuntu. This seems to be a problem with the latest releases because I've never seen this before.

When it comes to the package managers, I prefer the Ubuntu Software Centre interface of Ubuntu as opposed to Kpackagekit in Kubuntu, but they both really do the same thing.

As far as applications are concerned, there's not much of a difference. For every app in Kubuntu there's a corresponding one in Ubuntu and there's nothing that really stopping you from running KDE/QT applications in Ubuntu/Gnome. (Apart from a less optimised system in terms of memory usage.) Plus, there are many that are written for both the QT/Kubuntu and GTK/Ubuntu interfaces.

Overall, there seems to be better integration of the various non-UI components in Ubuntu. And most of the new developments such as the Me menu, Gwibber social client etc. are only found in Ubuntu.

So... Which one would I recommend...? If opinions were unanimous, this question wouldn't really exist - it would be a no-brainer. It always comes down to personal preferences. But for the purpose of some baseline recommendation...

On the performance front, without having done any formal comparisons, I think that Kubuntu seems a little less fluid because of the "heavy" graphical effects. I've heard numerous comments on how Kubuntu looks closer to Windows Vista/7 than Ubuntu does. And many people use this as their basis for deciding. I disagree - It terms of the transparent components, yes. But aside from that, Ubuntu may be more intuitive from a Windows user perspective. I also think that Ubuntu is much simpler than Kubuntu, but don't let this lead you to believe that it's not as "powerful". On the contrary - Some tasks that should be "difficult" to do like setting up a mobile wireless connection using a dongle couldn't be easier.

So... It's not that straight forward decision, but try out both an decide for yourself.

I've got some stones that I've found in my garden which are guaranteed to grant you immortality! And furthermore, I'll give you a 100% money back guarantee!

Yeh.... WHATEVER!


Power Balance Australia has been forced to admit that their product is a scam: "The Australian Competition and Consumer Commission (ACCC) has ordered
Power Balance Australia to refund all customers who feel they were
misled by the supposed benefits of Power Balance bands." ACCC Link Gizmodo

I can't believe that people still fall for this "magic" these days, or even that it's allowed to get to this point. I'm just hoping to spread the word about this and maybe stop someone being duped into paying good money for a piece of funky rubber.

This is part one of the series detailing the OWASP top 10 web application vulnerabilities. (See intro)



http://xkcd.com/327


An SQL Injection attack is a type of code injection attack where an attacker exploits a vulnerability in the database layer of an application. This can occur when user input is incorrectly filtered for escape characters. Serious system damage can be suffered such as lost data or entire databases, compromised systems etc.

A classic example of this is in login screens. A user could enter a valid username in the "username" field and a specially constructed string in the password field. If this input is not filtered correctly, the database layer could build up a SQL query which returns incorrect results. Eg, an attacker enters "Administrator" in the username field and "anything' or 1=1 --" in the password field. If the user input isn't filtered correctly, the following SQL query could be built up:

select * from user_table where user_name = 'Administrator' and password = 'anything' or 1=1 --'

Now, because (1=1) is always true, the SQL should return all users where username = 'Administrator'. Another important part is the comment characters "--". This causes the database to ignore the rest of the statement, without which the last quote at the end of the string would render the query invalid. This effectively, bypasses the password check and could allow an attacker to log into the system with any valid username. Remember that most SQL syntaxes differ slightly, so there may be many different variants of the above attack depending on the database used.

This is only a simple example, but the possibilities are endless - consider what would happen if the following statement was executed:

SELECT * FROM someTable WHERE someField = 'x'; DROP TABLE user_table; --';

This shows that it is possible to not only construct a query which returns incorrect data, but also to modify databases. It therefore doesn't take too much imagination to extend this to inserting a totally new user into the database or modifying an existing password.

Now, the question is how does an attacker learn the names of the tables or fields that some attacks rely on? Firstly, tables are normally named fairly logically, so a bit of guesswork goes a long way, but incorrect error handling is a dead give-away. A string which deliberately creates an incorrectly formatted SQL statement, will throw an exception from the database. If the entire stacktrace and message is displayed on the page, instead of an error page with a generic message, the select statement may be displayed indicating the table and field names used in the statement. This is the only opening a hacker needs...

So, Lesson 1 - As with CSS attacks, sanitise all input data.

And lesson 2 - Make sure that all exceptions are caught and make sure you handle all exceptions properly. Set up a default error page which shows a generic message.


Twitter Delicious Facebook Digg Stumbleupon Favorites More