Category: Technology

I work in technology sector. And I do round a clock, not only from 9 to 5. It is my bread and butter, it is my hobby, it is the fascination of my life. And with the current rate of change particular in information technology (IT), there is always something new to learn, to try, to talk about. I often post news, thoughts, and reviews. And when I do, this is the category I use.

RFC 2142 : Mailbox names for common services, roles and functions

I’ve always relied on my mail servers having a complete and correct /etc/aliases file with all the necessary aliases.  I never even thought about who puts them there and why.  It was just one of those many things that just work.  Today I discovered that there is actually an RFC 2142, which describes standard mailbox names for common services, roles, and functions.  Here is the abstract:

This specification enumerates and describes Internet mail addresses (mailbox name @ host reference) to be used when contacting personnel at an organization. Mailbox names are provided for both operations and business functions. Additional mailbox names and aliases are not prohibited, but organizations which support email exchanges with the Internet are encouraged to support AT LEAST each mailbox name for which the associated function exists within the organization.

US Navy embracing social networks

While reading this article, I was really amazed by how much US Navy embraced social networks.

Over 90 documents relating to Navy social media use were made available online that give a window onto recommended military security practices for popular services and how naval culture squares with the anarchic world of Twitter, Facebook, and YouTube. More importantly, it also reveals how the Navy keeps tabs on sailors via social media.
In one case, the Navy shared a poster of sexual assault prevention tips on their official Facebook page at the request of the Defense Department’s Sexual Assault Prevention and Response office. The poster was a repurposed graphic that the Navy copied from Slutwalk Austin’s Facebook page.
The idea was to intentionally spur a debate among Navy personnel on sexual assault and to bring discussion of the topic into a semi-public forum. According to the Navy’s own report, “many thought [the poster] was funny, ‘dumb,’ or a joke, others were outraged, a few recognized the tone and intent” and Navy social media personnel managed the resulting comments thread. They moderated the discussion, noted how sailors treat discussion of sexual assault online and attempted to keep a respectful tone. In one case, the thread even uncovered what appeared to have been the sexual assault of a former sailor.

I wish more companies and organizations did the same.

On how Google+ will succeed

The Next Web blog runs a piece by Tom Anderson in which he explains why Google+ is not at all a failure many journalists paint it to be.  It’s quite interesting really, I do agree with a lot of it.

While perhaps all social networks need to capture subgroups of people to chew away at the core of more dominant players, Google’s massive scale — both the attention the brand receives — and the domains it owns: google.com, youtube.com, blogger.com, and gmail.com — have given Google a weapon no one else has: the power of attrition, via that little black bar and red notification. The constant reminder this black bar/red notification provides, means that Google+ doesn’t need to have high engagement numbers from all its users in the beginning. Day by day, one key person after another will find that they enjoy the G+ platform more than its competitors. They’ll start posting and then the ball starts rolling.

How broken is broken?

The Register runs an article with the title “AES crypto broken by ‘groundbreaking’ attack“. Inside the said article they have the following quote:

This technique is a divide-and-conquer attack. To find an unknown key, they partition all the possible keys into a set of groups. This is possible because AES subkeys only have small differences between rounds. They can then perform a smaller search for the full key because they can reuse partial bits of the key in later phases of the computation.

It’s impressive work but there’s no better cipher to use than AES for now.

So, it’s broken, but not really broken? Is that confusing or what? If not, you are probably versed in the field of cryptography. For the rest of us, there is a very useful update at the bottom of the article, which clears up some confusion:

Vulture Central has been deluged with missives from outraged readers complaining about the use of the word “broken” in the headline. “Broken” in cryptography is the result of any attack that is faster than brute force. The biclique technique described here allows attackers to recover keys up to five times faster than brute-force. AES may not be completely broken, but it’s broken nonetheless.

Today I’ve learned something new.

PHP regular expression to match English/Latin characters only

Today at work I came across a task which turned out to be much easier and simpler than I originally thought it would.  We have have a site with some user registration forms.  The site is translated into a number of languages, but due to the regulatory procedures, we have to force users to input their registration details in English only.  Using Latin characters, numbers, and punctuation.

I’ve refreshed my knowledge of Unicode and PCRE.  And then I came up with the following method which seems to do the job just fine.

/**
 * Check that given string only uses Latin characters, digits, and punctuation
 *
 * @param string $string String to validate
 * @return boolean True if Latin only, false otherwise
 */
public function validateLatin($string) {
    $result = false;

    if (preg_match("/^[\w\d\s.,-]*$/", $string)) {
        $result = true;
    }

    return $result;
}

In other words, just a standard regular expression with no Unicode trickery.  The ‘/u’ modifier would cause this to totally malfunction and match everything.  Good to know.