Thursday, July 22, 2010

Blogger vs. Wordpress.com Comparison Chart - 2010

In the following chart features at Blogger (blogspot.com) andWordpress.com are compared. These are the two main contenders for free blog hosting. Features which are clearly better at either BlogSpot or Wordpress have been highlighted. Widgets are listed in another summary table after the features list. If you have your own website with PHP/MySQL support, you can download and use WordPress with no restrictions (get it here).
Updated June 2010.
FeatureBlogger.comWordpress.com
Themes and customizationNew: Blogger has introduced a collection of easy-to-customize templates (more info). Earlier templates are not available in the new collection, but you can still edit them.No template editing. Style sheet editing is only available as a paid upgrade. Many of the 90+ themes let you upload a header image. Some have additional customization options.
Visitor statsYou can include third party tracker scripts
— or any type of script.
No scripts allowed. The admin dashboard shows 2 days of statsand daily, weekly and monthly graphs.
ImportOnly from another BlogSpot blog.Import from Blogger, Yahoo! 360, Type·Pad, MovabIe·Type, Posterous, Vox.com, Live·JournaI or another WordPress blog.
Image storage1 Gigabyte. There is no interface to browse through the images unless you sign up forPicasa Web Albums.3 Gigabytes. Paid upgrades are available to add more space.
You can also upload.ppt.doc.odt and .pdffiles (more file types with an upgrade).
GalleriesYou can use Picasa Web Albums.Simply add the tag [gallery] to any post or page (more info).
Static pagesBlogger allows up to 10 static pages to be created (more info).Create posts or 'pages'. Static pages are listed in separate menus.
Categories'Labels'.'Categories'.
Optional excerptsExpandable post summaries (more info).Some WP themes allow unique text. Others depend on a "more" tag.
Post by emailSubmit your posts by email. You can receive new posts by email too (helpful for team blogs).Submit your posts by email. Images can be attached (more info).
Contact formsNot available. You could add a third-party contact form, however.Simply add the tag
[contact-form]
to any post or page.
Domain namesFree domain name mapping (more info).A paid upgrade is required to map a custom domain.
Private blogsYou can restrict access to invited Google account holders.You can restrict access to 35 invited Wordpress account holders (unlimited with a paid upgrade).
Alternatively, individual posts can be password protected or Private.
Team blogsAdministrators and non-administrators only.Administrator, Editors, Authors and Contributors.
CommentsVisual confirmation and moderation options, but no editing of comments.Moderation, comment editing and Akismet spam protection.
WidgetsSee the next table.
Blogger comments:
Visitors can preview comments. They can also choose to receive follow-up comments by email. However, the embedded Comment Form option is entirely dependent on JavaScript.
Wordpress comments:
In 2009 Wordpress.com added follow-ups by email and comment threading options. Wordpress has more comment options than Blogger, but there have been problems with Akismet spam protection. See this post on the WP user forum...
http://en.forums.wordpress.com/topic.php?id=16584
Widgets compared:
BlogSpot Widgets
Edit pagesYou can add up to 10 stand-alone pages.
Add a GadgetSoftware applications that do cool things. There's an extensive menu in the sidebar.
FollowersDisplays a list of users who follow your blog.
Blog ListShow off what you read with a blogroll of your favourite blogs.
Subscription LinksLet your readers easily subscribe to your blog with popular feed readers.
SlideshowAdd a slideshow of your photos to your blog.
NewsreelAutomatically add current headlines from Google News to your blog. (see an example)
Video BarDisplay clips from YouTube and Google Video for your readers to watch without leaving the page.
ListAdd a list of your favourite books, films or anything you like.
Link ListAdd a collection of your favourite sites, blogs or web pages.
Picture
[for the sidebar]
Add a picture from your computer or from somewhere else on the web.
TextAdd some words to your blog - like a welcome message - with our rich text editor.
HTML/JavaScriptAdd third-party functionality or other code to your blog. [ i.e., any third-party widget]
AdSenseEarn revenue by displaying relevant ads on your blog.
FeedAdd content from a site feed to your blog.
Labels [categories]Show all the labels of posts in your blog.
LogoChoose from a variety of Blogger logos to add to your page.
ProfileDisplay information about yourself. [Wordpress blogs have an "About" page]
Page HeaderDisplay your blog's title and description.
Blog ArchiveDisplay links to older posts.
PollSurvey your visitors by adding a poll to your blog. [Regular visitors can dictate the outcome by voting again and again!]
Wordpress.com Widgets
Akismet | Archives | Authors | Author Grid | Blog Stats | Blog Subscriptions | Box.net file sharing | Calendar | Categories | Category cloud | del.icio.us | Flickr | Gravatar | Image | Links | Meebo | Meta | Pages | Recent Comments | Recent Posts | RSS | RSS Links| Search | SocialVibe | Tag Cloud | Text | Top Clicks | Top Posts | Top Rated | Twitter | Vod:Pod Videos
In addition, WordPress shortcodes are widgets for individual posts.

Theme choices

Blogger has introduced new, easy-to-customize templates. Earlier templates can be modified, or you can install a third party theme. Make sure that third party themes have the latest layout tags.
Although the Wordpress.com collection of 90+ themes sounds like a lot, options for customization are limited unless you pay for an upgrade that allows stylesheet editing. Wordpress.com uses a scheme called Typekit for changing fonts, while Blogger offers a straightforward method to choose between standard fonts.

Ongoing improvements

The WordPress team frequently add new features and themes, and since the new BlogSpot publishing system was rolled out in 2006, the Blogger software team have added new features too. Visit the developer blogs to find out what's new:

Conclusion

In 2007, I wanted to find out what was on offer in terms of free blog hosting. Before that, Blogger was looking stale, and Wordpress.com didn't have nearly as many themes or features as it does now. I chose Blogger, and this was my first post. If Wordpress.com allowed stylesheet editing without having to pay, and visitor statscomparable to the tracker scripts you can obtain for free, my choice would have been Wordpress.com for sure.

HOT TOPICS TO BE PREPARED

Installation & Management of RedHatLinux
LVM
NIS
NFS
DHCP
DNS
Samba
APACHE & TOMCAT
POSTFIX
RPMS
OPENSSH
SELINUX
IPTABLES  EBBTABLES
DUMP
USER ADMINISTRATION
EDITOR
KICKSTART
SCO Openserver 5  & RHEL4 & RHEL5
EFS
RAID
Checkpoint
FTP
YUM
DNS/BIND
MAIL (QMAIL,POSTFIX,SENDMAIL,DOVECOT)
WEB
TUX
SQUID PROXY
SQUID GUARD
KERNEL
QUOTA
LDAP
TCPWRAPPERS
MYSQL
POSTGRES
VIRTUALHOSTING & SSL
VIRTUALBOX & VMWARE & VIRTUALIZATION
FILE SYSTEMS
DEVICES
TCP/IP
BACKUPS
OPTIMIZATIONS
HTML
PHP
MYSQL
SHELLSCRIPTING
MAILSERVER
SECURITY IMPLEMENTATION & ENHANCEMENT
PXE
RSYNCSERVER
DRBD
HEARTBEAT
CLUSTERING
WIKI SERVERS
NAGIOS SERVERS
GRUOPWARESERVER
FILE PERMISSIONS
MOUNTING & DEVICES
IMAP & POP3
TROUBLESHOOTING NETWORK
RPM
KENEL
NAS, FREENAS, SAN
TUNING  MONITORING  UPGRADING
RECOVERY
LOAD BALANCING
LVM
QUOTAS
TCP WRAPPERS
XINETD
CRON
NETWORK MONITORING TOOLS
SSL
WGET
NMAP
FIREWALLS
STEALTH FIREWALLS
SNORT
THINCLIENTS
XEN
KVM

Version Controlling Softwares
-----------------------------
Perforce
Trac
Svn
Cvs
Git

Bug Tracking Systems
--------------------
Jira
Bugzilla
Mantis

Monitoring Systems
------------------
Nagios
Cacti

System Configuration Tool
-------------------------
Puppet
Webmin

Scripting
---------
Shell Script
Perl
Python

Unsorted
========
Shavlik
Qualys
Nessus
f-secure
insecure
cryptome
milworm
securityfocus
nist
nsa
fireeye
sans storm center
cert
-----------------
zabbix
opennms
zenoss
ossim
bt
ossec
snort
ntop
arpwatch
damn vl

cloonix
vyatta
rancid - config differ
packetdesign
opnet
quagga
splunk
---------------------
grub2
filesystems
ios
LVM
ip route
iptables
ssh
lfs
vim
httpd
memcached
nmap
dns
selinux
snmp
mpls
sslv3 renegotiation
pdf encryption
----------------------
ono plugin
alto rfc 5693
ideal lattice
puppet

Hacker's Always Think One step Next than IT professionals


Thinking like a successful hacker is not much different from thinking like a good
developer. The most successful hackers follow a specific methodology that they have
developed over time. They apply patience and carefully document every step of their
work, much like developers.
The hacker's objective is to compromise the intended target or application. The hacker
begins with little or no information about the target; however, by the end of the analysis,
the attacker will have constructed a detailed roadmap that will allow them to compromise
the target. This can only be achieved through careful analysis and a methodical approach
to investigating the soon-to-be-victim.
The hacker's systematic method generally covers these seven steps:
1. Perform a footprint analysis
2. Enumerate information
3. Obtain access through user manipulation
4. Escalate privileges
5. Gather additional passwords and secrets
6. Install backdoors
7. Leverage the compromised system
This article shows you how hackers approach the tasks of breaking into networks and
systems and compromising software applications. By knowing more about the hackers'
methodology, you can beat them at their own game.
Perform a footprint analysis
The attacker first identifies the various domain names that he's interested in exploiting.
He then performs a footprint analysis of the target to gather as much information as
possible through publicly available sources. The footprint analysis gives the hacker an
indication of how large the target might be, how many potential entry points exist, and
what, if any, security mechanisms might exist to thwart the attack.
During a footprint analysis, the hacker attempts to discover all potentially related
information that may be useful during the attack. This information includes:
Company names
Domain names
Business subsidiaries
Internet Protocol (IP) networks
Phone numbers
Hackers pay particular attention to potential entry points that might circumvent the "front
door." For example, rather than attempting to break through a major corporation's
firewall, the attacker identifies a startup company (just acquired by the major
corporation) and then attempts to leverage weak security in the smaller company that
might provide unrestricted virtual private network (VPN) access to the larger target.
Port scanners are used to determine which hosts are alive on the Internet, which
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports are
listening on each system, and the operating system that is installed on each host.
Traceroutes are performed to help identify the relationship of each host to every other and
to identify potential security mechanisms between the attacker and the target.
After the port scanning and tracerouting is finished, attackers create a network map that
represents their understanding of the target's Internet footprint. This map is used for the
second phase of the attack: information enumeration.
Commonly used tools
Nslookup Command line tool in Windows NT 4.0, Windows 2000, and Windows XP
that can be used to perform DNS queries and zone transfers.
Tracert Command line tool used by hackers to create network maps of the target's
network presence.
SamSpade The SamSpade.org Web interface that performs Whois lookups, forward and
reverse DNS searches, and traceroutes.
Nmap Unix-based port scanner.
ScanLine Windows NT-based port scanner.
Things to consider
Look at utilizing some of same methodologies that hackers use to assess an application
that they're trying to penetrate. Questions to ask yourself about the applications that you
develop include:
What is your application's footprint on the operating system?
What partner code does the application rely upon? If the partner application is
hacked, will that enable the attacker to hack your application?
What information is the application, or system, presenting to unauthenticated
users?
What listening ports does your software open on the system? Will malformed
packets or flood attacks stop the service, or consume memory or CPU cycles?
Are there firewalls, or application chokepoints, that can be used to prevent
unauthenticated users from walking in the front door?
Enumerate information
After the hackers have performed the footprint analysis and generated a map that
approximates their knowledge of the target network, they then gather as much data as
possible from the targeted system.
Web, FTP, and mail server version Hackers will try to determine what version of
Web, File Transfer Protocol (FTP), or mail server is running by connecting to the
listening TCP and UDP ports and sending random data to each. Many services respond to
this random data with a banner—data that identifies the running application and
potentially version information. Hackers will cross-reference this information to
vulnerability databases such as SecurityFocus to look for possible exploits.
Sensitive information If the hackers are able to contact the host on certain ports (for
example, TCP 139 or 445), they will attempt to anonymously enumerate sensitive
information from the system including:
User names
Last logon dates
Password change dates
Group membership
The hacker can use the information obtained from this query in a brute force attack to
gain access to the system as an authenticated user. For example, the hacker will
enumerate members of the local administrators group, looking for user names like TEST
or BACKUP that might have easily guessed passwords.
Commonly used tools
Netcat (listed under Network Utility Tools) The hacker's Swiss army knife. Used for
banner grabbing and port scanning, among other things.
Epdump/Rpcdump Tools to gain information about remote procedure call (RPC)
services on a server.
Getmac (Windows NT resource kit) Windows NT command to obtaining the media
access control (MAC) Ethernet layer address and binding order for a computer running
Windows NT 4.0, Windows 2000, or Windows XP.
DumpSec Security auditing program for Windows NT systems. It enumerates user and
group details from a chosen system. This is the audit and enumeration tool of choice for
Big Five auditors (PricewaterhouseCoopers, Ernst & Young, KPMG, Arthur Andersen,
and Deloitte & Touche) and hackers alike.
SDKs Many software development kits (SDKs) provide hackers with the basic tools that
they need to learn more about systems.
Things to consider
What information can be obtained from listening ports? What level of permission
is required to enumerate this information?
Is there logging in place to determine that someone has enumerated this
information?
Does the potential exist for an authenticated user to view security-sensitive data or
personally identified information (PII) that might compromise privacy concerns?
What banner information does the application provide to the user? Can this be
suppressed or modified by the system administrator?
Obtain access through user manipulation
After the hackers have learned enough basic information about their target, they will
attempt to gain access to the target system by masquerading as authorized users. This
means that they need a password for a user account that they have discovered through
steps one and two above. There are two common ways to get that password: by using
social engineering or by using a brute force attack.
Social engineering
It's amazing what an unsuspecting employee will do for someone who sounds
authoritative. Some hackers will take the information that they acquired from the domain
registration or the company's Web site and directly contact an employee by phone.
With a little conning, they can get that employee to reveal their password without raising
any concerns. Their conversations might go something like this:
This is the help desk and we're troubleshooting various network segments. I'm
sniffing the network segment you're on, and I'd like to watch the network as you
type in your password. Please tell me each character of your password as you type
it in, and I will watch to make sure that I see them on the network.
Or,
We've done an audit of your password and found it to be insecure. Please change it
to xYzA1G24# so that it will be less likely to be cracked in the future.
Brute force attack
If the social engineering approach doesn't work or isn't an option, there's the brute force
approach. These attacks can be waged against any application or service that accepts user
authentication, including (but not limited to):
Network basic input/output system (NetBIOS) over TCP (TCP 139)
Direct Host (TCP 445)
Lightweight Directory Access Protocol (LDAP), (TCP 389)
FTP (TCP 21)
Telnet (TCP 23)
Simple Network Management Protocol (SNMP), (UDP 161)
Point-to-Point Tunneling Protocol (PPTP), (TCP 1723)
Terminal Services (TCP 3389)
If the hacker is able to contact one of these services, he will use the user names gathered
in earlier steps to launch a brute force attack. Brute force guessing tools leverage
dictionary files that might represent the user's password. Each dictionary word (or variant
thereof) is considered a potential password and is paired with each user name until access
is obtained.
Typical installations of Windows NT 4.0, Windows 2000, and Windows XP will not
capture this attack because failed logon auditing is not enabled by default. Unless
complex passwords are present for each user account, a dictionary attack can be quite
successful against an unmonitored host.
In order to mask their identity, hackers will attempt to elude detection even if failed logon
auditing has been enabled. By using computer names with non-printable ASCII
characters, their computer names will appear as blank in the audit logs.
Commonly used tool
NetBIOS auditing tool Brute force password guessing tool.
Things to consider
Is failed logon auditing enabled by default?
Are there server-side mechanisms that you can use to slow down or lock out a
brute force attack?
Can you trace the source of the brute force logon attack back to a specific
location? What location information can you obtain? DNS name or IP address?
Computer name? Gateway address or specific host address?
Can the attackers subvert the event logs or application-specific logs after they get
in?
Does this protocol need to be turned on by default?
Escalate privileges
After hackers have discovered a password for a user account and obtained user-level
privileges to a host, they will attempt to escalate their permissions. They usually start by
reviewing all the information on the host that they are able to view:
Batch files containing hardcoded user names and passwords are hacker's gold.
Registry keys containing application or user passwords are also worthy of a peek.
Reading e-mail or other documents that are stored on the system may also provide
additional information to hackers that may enable them to gain privileges to other
systems on the network.
If hackers are unable to enumerate any useful static information from the system, they
may proceed to trojan the system. This usually involves copying malicious code to the
user's system and giving it the same name as a frequently used piece of software.
For example, a hacker may replace Notepad.exe with a piece of trojan code that makes
someone called "Eric" an administrator on the system before the program launches
Notepad. The next time the system owner logs on as administrator and launches Notepad,
the "Eric" account is added to the administrators group, unbeknownst to the person who
launched Notepad.
If the hacker is not willing to wait for the user to take a specific action on the system, he
may leverage system services to do the dirty work for them. For example, the attacker
may locate a system service that launches with administrative or system privileges, and
then replace this file with a trojan file to "make Eric admin." When this system is
restarted, the service will launch, causing the trojan to execute with administrative
privileges.
Things to consider
Are users able to view sensitive information?
Are passwords for the application stored in a secure manner?
Are passwords stored in clear text in batch files?
What registry keys can ordinary users write to? Do any of these keys execute with
higher-level (or system) privileges?
Can user-level accounts modify the security context for services such that they
can be used to launch trojans with local system privileges?
Are there any files that the user can overwrite that are called by services running
under higher levels of privileges?
Gather additional passwords and secrets
The first thing that hackers do after they have logged on to a system with administrator
credentials is to obtain the password file. Hackers can use tools such as Pwdump2 to
obtain the password hashes from the local security accounts manager (SAM) database or
Active Directory of a domain controller. Password hashes can be fed to programs like
LC3 or John the Ripper and cracked.
As an administrator, hackers can obtain the clear-text passwords from the local security
authority (LSA). Specifically, passwords that are used to start services are stored
(obfuscated and reversibly encrypted) in the LSA. Using tools such as Lsadump2, the
clear-text passwords for the accounts that are used to start corresponding services can be
enumerated.
Although this may not be a risk if the account starting the service is an administrative
member on this local system (or a lesser privileged account), a larger threat may be
present if the account that is used to start the service is an administrative member of the
domain (or higher-level domain). In the worst instance, the hacker (as a local
administrator) may be able to obtain the clear-text password for a domain administrator
account for a domain that they had yet to hack.
After local, and potentially domain level, passwords have been obtained, the hacker will
cross-reference user name\password combinations that have been obtained with user
names that they've enumerated from other systems during the enumeration phase. With
enough time or the right amount of luck, the hacker will be able to obtain administrative
access to all computers in the network, having only initially compromised one computer.
Commonly used tools
Pwdump2 Tool that can obtain password hashes from the SAM database or the Active
Directory.
Lsadump2 Tool that exposes the contents of the LSA in clear text.
LC3 Password auditing tool that evaluates Windows NT, Windows 2000, and Windows
XP password hashes.
John the Ripper Password cracking tool for several operating systems.
Things to consider
Are logs generated when the password files are accessed?
Are logs generated when the administrator attempts to inject rogue code into
system processes in an attempt to access password data?
Are passwords being stored on the system for any accounts that may have greater
levels of permission than the local administrator accounts?
Is the password for the administrator-level accounts on one system the same as
the password for administrator accounts on other systems?
Are users encouraged to select complex passwords?
Install backdoors
In case hackers are detected and need to leave the computer in a hurry, they frequently
create a backdoor on each system they compromise. Backdoors can take many forms, but
the most common is a listening port on the system that will enable the hacker to access
the system remotely (with or without special credentials).
Firewalls or router filtering may prevent the hacker from later accessing these ports;
however, common router filtering may not block high numbered TCP ports (or any UDP
ports), or may allow traffic to pass if it originates on a specific source port, like TCP 20,
53, or 8. If strong filtering or firewalling is in place, more complex backdoors may be
necessary.
One form of a complex backdoor involves reverse trafficking. Reverse trafficking enables
the attacker to bypass the existing security mechanisms. While routers and firewalls may
prevent all unsolicited packets from entering the network from the outside, it is highly
likely that a client within the firewall is allowed to initiate a connection on a specified
port number to any host on the outside. A trojan of this type might be scheduled to
contact the hacker's computer on a regular basis over TCP port 80. The client computer
may "push" a system-level command shell to the hacker, so the hacker can then execute
code on the "protected" computer.
An example of reverse trafficking was the Code Red worm. Code Red would instruct
unpatched Web servers (over TCP port 80) to execute a Tiny File Transfer Protocol
(TFTP) connection from the server to a host on the Internet, where it would then obtain a
piece of rogue code. The initiating traffic to the Web server over port 80 was completely
legitimate (and would even pass firewalls), and in most cases, the firewalls and routers
would allow the Web server to initiate a TFTP (UDP 69) connection to the hacker's
computer on the Internet.
There are few, if any, valid reasons why Web servers should ever need to initiate a TFTP
or server message block (SMB) connection to any host on the Internet. Firewalls and
routers should be configured to block unsolicited outbound traffic originating from Web
or mail servers to untrusted computers on the Internet.
Commonly used tool
Netcat Hacker's Swiss army knife. Can be used to "shovel shells" to remote systems.
Things to consider
Does the system or application have any mechanism to identify trojan code that
may be running on the system?
Can the system detect devices or services that the attacker has created?
Is there a baseline of known listening ports, services, and devices against which
the system can be monitored to help determine if a rogue piece of code has been
executed?
Are security devices (firewalls, routers) configured to prevent unwanted outbound
traffic from originating from each host?
Leverage the compromised system
Port redirectors In order to circumvent traditional security devices, hackers may create
port redirectors on the first compromised host that will automatically pass all traffic to
other internal hosts. Port redirectors can help bypass port filters, routers, and firewalls,
and may even be encrypted over a Secure Sockets Layer (SSL) tunnel to evade intrusion
detection devices.
When a port redirector is used to traffic packets between the hacker's computer and the
target system, the hacker's true identity is essentially "laundered." If the target system is
enabled for failed logon auditing, or is running a third-party intrusion detection system, it
will record the IP address or computer name of the host running the port redirector, not
the hacker's computer. This may make it very difficult for the attacker to be identified, as
all traffic going to and coming from the target system appears to be legitimate
connections to the computer that is proxying the hacker's traffic by means of the port
redirector.
Hacking other systems After the hacker has fully hacked the local system, installed
their backdoors and port redirectors, and obtained all the information available to them,
they will proceed to hack other systems on the network. Most often there are matching
service, administrator, or support accounts residing on each system that make it easy for
the attacker to compromise each system in a short amount of time. As each new system is
hacked, the attacker performs the steps outlined above to gather additional system and
password information.
Attackers continue to leverage information on each system until they identify passwords
for accounts that reside on highly prized systems including payroll, root domain
controllers, and Web servers. The process of scanning and exploiting systems in this
manner can often be automated, letting hackers grab a few hours of rest, or allowing them
to focus their attentions on other areas of the target company.
It's difficult to identify this type of activity because the attacker is usually operating under
the guise of a valid administrator account. Unless the attacker is caught before he gains
administrator access, it may be nearly impossible to flush him from the network.
Commonly used tool
Fpipe A port redirector for Windows systems. Allows the source port for redirected
traffic to be specified.
Things to consider
Are processes in place to monitor system logs across multiple computers and
correlate attack sequences to suggest that an automated attack is in process?
Are group memberships reviewed on a regular basis to ensure that new "hacker
accounts" haven't been added to administrative groups?
Resources
Microsoft Security Web site Public Web site with links to security bulletins and product
security information.
Hacking Exposed: Network Security Secrets and Solutions, Third Edition Stuart
McClure, Joel Scambray, and George Kurtz take a comprehensive look at hacker
methodologies across multiple platforms and devices.
Hacking Exposed Windows 2000: Network Security Secrets and Solutions Scambray and
McClure detail hacker techniques specific to Microsoft platforms.

Google Gives a First Look at the Chrome OS


Google gave the first demonstration of its Chrome operating system today, at the same time opening the source code to the public. The company highlighted features that have grown out of what vice president of product management Sundar Pichai called "a fundamentally different model of computing." Unlike other operating systems, which merely incorporate the Internet, Chrome is completely focused on it.
Credit: Technology Review

The Chrome OS is based so aggressively on the Internet that devices running it will not even have hard drives, Pichai said, emphasizing that "every app is a Web app." All data will be stored in the cloud, and every application will be accessed through the Chrome browser. Because of this, he added, users will never have to install software or manage updates on the device.

The user interface closely resembles the Chrome browser. When the user opens applications, they appear as tabbed windows across the top of the screen. Users can stick their favorite applications to the desktop with one click, creating permanent tabs for them.

Pichai coyly demonstrated the way the Chrome OS can deal with competitors' file formats. He inserted a USB drive into a laptop running Chrome OS, launching a window that showed that the device contained several Microsoft Excel files. When he clicked on one of the files, the system automatically pulled up the Windows Live Web-based version of Excel, opening the file inside.

"It turns out that Microsoft launched a killer app for Chrome OS," Pichai said, adding that anyone who writes a Web application is writing an application for Chrome by default.

The effect, Pichai hopes, is "speed, simplicity, and security." Today's version of the operating system can boot up in seven seconds and open a Web application in an additional three, he said. Google engineers are working to make those times shorter.

The implications of the Web-focused design were spelled out more fully by Matthew Papakipos, engineering director for Chrome OS. Part of the security scheme for Chrome is that it's hard to make any unauthorized changes to the system, he explained. The root filesystem, which stores the core files needed to make software run, is stored in a read-only format. On top of that, every time the user boots the machine, Chrome OS verifies cryptographic signatures that ensure that the operating system software is properly updated, and matches the build Google has approved.

Story continues below

If the system fails any of these checks, the operating system automatically launches into a recovery procedure and reinstalls the correct version of Chrome, Papakipos said. Normally, reinstalling an operating system is a painful process because of the effect that has on the user's data, settings, and applications. In the case of Chrome, he noted, all of that information will remain unaffected in the cloud.

Some data, such as Wi-Fi settings, is cached on the machine, but Papakipos said this is only to make the system work faster. The data is always synced back to the cloud. The vision, he added, is that a user could eventually get a new device, log in, and find everything running just as it had before, with all the settings still in place.
Pichai said that Google plans to launch the first devices running Chrome OS by next year's holiday season. The operating system won't be available for download, however. Because of its tight integration between software and hardware, users will have to buy a Chrome device from one of Google's partners in order to use it. Google plans to give partners strict hardware requirements for the devices, specifying particular wireless cards and other components.

Developers interested in testing and debugging the system could run it today in a virtual machine.

Initially, Pichai said, Google is focused on "netbook-like devices" and expects that most of its target market will also have a desktop machine at home for applications that might not be available online or too processor-intensive to run, such as Photoshop. The Chrome OS is not intended for running without an Internet connection, but will have some offline capabilities. It will be able to display books or play media loaded from an external device, and it will be able to run Web applications that take advantage of the offline capabilities of new Web standards.

Though Google's Chrome browser hasn't yet taken over the marketplace, the operating system could stand a better chance, says James Staten, a principal analyst at Forrester Research. While users have to choose to download and use the browser, they might get the operating system by default in devices such as netbooks, and Staten believes that Google is counting on this. The key will be to make users happy enough with Chrome that they keep the software.

The strategy is a bit risky, Staten says, pointing out that though some netbook manufacturers have offered Linux-based operating systems by default, "there's been a heavy preference for swapping to Windows." Google hopes that users will want to use Google services such as Docs, Maps, and Gmail, and thus will like the integration that the Chrome operating system provides, he says.

To have a truly successful Web operating system, Google will have to make sure that users are satisfied that their data is consistent, available, and secure, says Amin Vadaht, a professor of computer science at the University of California, San Diego, who was one of the researchers to first look into the merits and challenges of such a system.

Google's resources and many data centers, combined with today's increasing bandwidth, make it easier to keep data available, but the problem hasn't been completely solved. As far as security in the cloud, Vadaht says, "with services like Gmail and Google Docs, Google has demonstrated that for certain applications, people and even companies are willing to give up a little control and potentially security in exchange for the convenience that its model provides."

Though he thinks now is the right time to launch a commercial Web operating system, Vadaht adds that adoption won't happen overnight. He says Google is "laying the seeds now for something that could become widespread over the next three to five years.

Carry Operating system In your USB Drive


It was weekend, I went to my friend to discuss about the weekend planning. At that time he shown me project created by Microsoft it is "Microsoft Unleashes Natal Project (2009)". It was really good and new technology developed by MS. At that time I have pen drive and wants to copy some data from his PC to my pen-drive. He was using XP on a laptop provided by his organization, I actually scared about the virus Of course anti-virus software is there not to worry. but still now a days many home computers are mostly inflected so cant copy or attached any usb drive on the machine so what could be the option for.... Yes there is I am using Linux base slax Operating system from couple of months, it has many features like you do not need to install video audio software into OS. It already has freeware office,players required functions installed already. So boot your machine from pen drive and carry data without having any risk of virus.

I am using slax for it............

Here is list for all Open-source USB based Os

http://en.wikipedia.org/wiki/Live_USB

* BackTrack: A distribution of linux that is made with security in mind and is commonly used for cracking WEP passcodes and has live installs including USB and CD.
* BeleniX: Customized OpenSolaris installs including live CD and live USB.[4]
* Billix: A multiboot distribution and system administration toolkit with the ability to install any of the included distributions.
* Damn Small Linux: Knoppix derived small installation, uses a 2.4 kernel, with JWM as default user interface.
* Debian
* Devil-Linux: for service installations e.g. firewall/router, no graphical interface, can boot from CD or USB.
* dyne:bolic: 100% free distribution for multimedia production, boots from CD and USB stick, with Xfce as default user interface.
* FaunOS: a live USB distribution based on Arch Linux
* Fedora (with Fedora Live USB creator)
* Gentoo Gentoo USB Live.
* Knoppix: Full live CD/USB based on Debian distro.
* Knopperdisk: A small distribution based on Gentoo but designed to be run from USB pen drives or floppy disks.
* MCNLive: Mandriva derived live CD, and live USB distribution.
* MilaX: Small OpenSolaris live CD and live USB distribution.
* Minix
* MooLux: Live-USB Linux based on linux Slackware that can be installed to hard drive with focus on Internet applications, multimedia and programming tools.
* NimbleX: A small (200mb) distribution based on Slackware.
* OpenSolaris: The Distribution Constructor project has tools allowing users to build an install image.
* openSUSE
* OS-9 RTOS: The standard OS-9 Configuration Wizard for X86 creates bootable USB sticks. OS-9 5.0 for X86 will support the creation of bootable CDs.
* OSx86
* PCLinuxOS: Version 2009.1 comes with a live USB creator tool, version 2008 "MiniMe" can be installed manually[5]
* Pentoo: Gentoo based live CD and live USB distribution focused on penetration testing and security assessment.
* Puppy Linux Designed for easy install on USB.[6]
* RUNT Linux: Based on Slackware with a 2.4 kernel and Umsdos filesystem. Designed as a network testing tool for students at North Carolina State University.
* sidux: Based on Debian unstable (sid)
* Slax: Slackware based installation.
* Sugar (desktop_environment) - Sugar on a Stick is a LiveUSB for children and learning.
* Super OS: usb-creator and cd2usb already included on the DVD
* Ubuntu (can be installed directly to a flash drive or USB external hard drive manually by using tools like usb-creator, UNetbootin, or cd2usb)
* Windows Preinstallation Environment: Freely available version of a live Windows installation, command-line only.