permission denied for file write

Posted on by

Redirections such as > or | are performed by the running shell, before it invokes sudo.

You have to either use

sudo sh -c "echo blah > /proc/blah", or run a root shell with sudo -s.

via linux – Bash: permission denied for file write – Super User.

This had me stumped until the greatness of google divined the answer and why my user script couldn’t write to a root owned file using plain old sudo.  After figuring this out I also realized I don’t need to write to a root owned file after all but I found this solution interesting.

Treasure Data Projects 500 Percent Growth This Year, Launches New “Plazma” Distributed Database

Posted on by

They’re also launching a new distributed database called Plazma, which offers significant improvements over HDFS (Hadoop Distributed Files System). Plazma is significantly better than HDFS precisely because it’s more efficient and is able to compile and parse data at a much faster rate.

via Treasure Data Projects 500 Percent Growth This Year, Launches New “Plazma” Distributed Database | TechCrunch.

Radio Shack TRS-80 vs. Commodore 64: Battle of the Titans

Posted on by

Both computers—the mind-blowing C-64 and the somewhat bland TRS-80—feature their own version of the language we mentioned earlier, BASIC. In fact, the two versions are virtually identical. Nevertheless, the company paying top dollar for that ad you see to the right, Commodore, has created a more spectacular version of the language. Therefore, the award for BASIC must go to the C-64. William Shatner is always right, after all.

via Radio Shack TRS-80 vs. Commodore 64: Battle of the Titans.

Foursquare’s API Is A Pillar Of The Mobile App Ecosystem

Posted on by

Pick up your smartphone. Search through some of your favorite apps. Do you have Uber? Maybe Foodspotting? Surely you have Instagram. These apps, as well as a significant amount of the most popular apps in Apple’s App Store and Google Play, use Foursquare location data. For developers who have user actions or content tied to Foursquare venue IDs it would be difficult (if not impossible in some cases) to migrate their services off the Foursquare location database.

via Foursquare’s API Is A Pillar Of The Mobile App Ecosystem | TechCrunch.

Panasonic’s Developed a Simple Sensor Tweak That Vastly Improves Low Light Photography

Posted on by

What’s particularly neat about this new approach is that it can be used with any kind of sensor without modification; CMOS, CCD, or BSI. And the filters can be produced using the same materials and manufacturing processes in place today. Which means we’ll probably be seeing this technology implemented on cameras sooner rather than later. [DigInfo TV]

via Panasonic’s Developed a Simple Sensor Tweak That Vastly Improves Low Light Photography.

Developer Freedom At Stake As Oracle Clings To Java API Copyrights In Google Fight

Posted on by

Oracle lost in their attempt to protect their position using patents. They lost in their attempt to claim Google copied anything but a few lines of code. If they succeed in claiming you need their permission to use the Java APIs that they pushed as a community standard, software developers and innovation will be the losers. Learning the Java language is relatively simple, but mastering its APIs is a major investment you make as a Java developer. What Android did for Java developers is to allow them to make use of their individual career and professional investment to engage in a mobile marketplace that Sun failed to properly engage in.

via Developer Freedom At Stake As Oracle Clings To Java API Copyrights In Google Fight | TechCrunch.

The Computer Fraud and Abuse Act Is a Failed Experiment

Posted on by

Over the years, legislatures and the courts progressively have treated the unauthorized movement of data bits over someone else’s chattel into a “trespass” of that chattel–an activity I’ll call “online trespass to chattels.” For example, many states have enacted computer crime laws that restrict unauthorized use of Internet and telecommunications equipment.

via The Computer Fraud and Abuse Act Is a Failed Experiment – Forbes.

As a result, these proposed changes will end the adverse consequences from the online trespass to chattels experiment while letting chattel owners prevent socially disadvantageous online usage of their chattels.

That Internet War Apocalypse Is a Lie

Posted on by

CloudFlare CEO Matthew Prince tells a harrowing story of warding off the internet attack after Spamhaus hired him—which is certainly true—but warns us of existential threats to the net still lurking out there, like lost Soviet nukes:

via That Internet War Apocalypse Is a Lie.

This would be so terrifying if it weren’t advertising. Prince, of course, is in the business of selling protection against online attacks. And his company is, as far as I can tell, pretty good at this business. But he’s also clearly in the business of scaring people: in his blog post today, he warns that the Spamhaus attack “may prove to be relatively modest” compared to what comes next. Bigger nukes, I suppose.

Here’s an another excerpt on the latest DDoS kerfuffle that made a lot of news recently.

So what’s the answer? Short of shutting down all 27 million resolvers, the Open DNS Resolver Project and others such as DNS service providers Afilias recommend the implementation of source address validation. An IETF RFC, BCP-38, exists that spells out how to use source address validation and build such an architecture to defeat IP source address spoofing.

via Open DNS Resolvers Center Stage in Massive DDoS Attacks | threatpost.

According to the article one component to implementing this requires cooperation from ISPs who may not see this as a priority.

Sslstrip Tutorial

Posted on by

Description: SSLstrip was released by Moxie to demonstrate the vulnerabilities he spoke about at Blackhat 2009. In this video we will look at how to get started with SSLstrip. We setup 2 vmware machines, one running Widnows XP (victim) and the other Backtrack 3 (Attacker). Before we actually begin hacking using SSLstrip, we need to setup the entire Man in the Middle Mechanism and packet redirection / forwarding mechanism. We do this by using the following commands in sequence:

via Sslstrip Tutorial.

This tool assumes a man in the middle setup and that http traffic (port 80) gets redirected to a port sslstrip listens to on the attacker’s machine (port 10000 in this video).  Sslstrip then intercepts https traffic and returns to the victim http traffic.  The victim thinking his traffic is encrypted is  transmitting in plain text while sslstrip manages the ssl session with the victim’s destination (i.e. bank).  Since this attack is using http the victim does not need to validate an ssl certificate thus it’s transparent.  Detecting this attack is simple because the browser returns http in the displayed url instead of https so an alert victim should know.  But not everyone may notice this.