Slashdot Mirror

We really don't want systemd to do its "dependency logic" for mounts. Case in point: have a btrfs RAID, physically remove one of its disks and mount with -o degraded. A basic operation that doesn't involve an init daemon and is impossible to get wrong, right? Not on systemd. If your RAID happens to be in fstab (ie, any real case other than when running from rescue media), systemd will helpfully instantly unmount it again. There's no known workaround for this bug other than commenting out the mount in fstab (or upgrading to sysvinit...).

I don't get how one could possibly screw this up. So systemd runs a daemon statting all your mountpoints just so it can unmount them if it believes some dependency isn't met?!?

Other cases where it messes with filesystems are not better. Where rsyslog goes to great lengths to ensure logs survive a system crash, sometimes even in annoying ways (like disk spinup on laptops) and uses append-only plain text logs that are readable even when heavily corrupted, systemd not only makes corruption and total data loss nearly guaranteed, but even goes out of its way to disable data consistency features (checksums, protection from torn writes, transactions) because "performance" and spams you with warnings if you manually turn them back.

It's easy (for a technical person) to simply not use facebook and block their 2/3 domains, but it's almost impossible to do that with Google, considering GoogleAPIs, Captcha, Doubleclick, Analytics, GoogleAdServices, GoogleSyndication, GTM, Plus, etc, etc.

Considering you yourself just listed them out, what's so difficult about blocking them?
On my desktop I use uBlock Origin with scripts blocked from googlesyndication, doubleclick, googletagmanager and google-analytics. On my phone, I use AdAway to map these domains to localhost.

"we'll probably figure out how create a system that uses authenticated electronic ledgers to prevent fraudulent tampering (blockchains, etc) while still preserving anonymity."

We'll probably not.

This is not impossible. In fact it is a solved problem. Blind Signatures can be used to do this. I actually designed and mostly implemented such a system: Source and docs here. I also was not the first to do this (David Chaum deserves far more credit than I do: his contributions to cryptography have enabled so many amazing things including my little experiment) .

That system lets everyone vote exactly once, maintains secret ballot, and gives voters the tools to confirm their vote was counted, and if not they can cryptographically prove it to the media or any auditors available.

However it also makes buying and selling of votes very robust and easy. Without an isolated voting booth, there really isn't any hope of making it impractical to sell your vote, or force people to vote particular ways. This is as important as the secret ballot: both are requirements for our electoral systems.

I have designed electoral systems, that use a voter booth, paper records, and some cryptographic verifiability that are resistant to coercion and vote selling/buying which makes me think there may be room improvement in this area. However paper ballots and voting booths are pretty close to ideal: The simple paper system is also easier for people to trust and verify, which is very important for elections.

I had a conversation on this just Friday, so weird that it's on /. a day later. As a KDE user and Qt developer (who uses Qt). The widget's-only Qt of old was solid. The QtQuick that KDE4 was based on didn't really fit. It's a transition that's still being made. Couple that with Aaron Siego, who I called out for making non-user-centric design decisions, was more intent on showing off what they *could* now do rather (plasmoid rotation? what's the use case?) than using QtQuick to better the UI. Couple that with some integration problems between the classical widget/Quick environments, it was not the best of all transitions.

Unfortunately, that transition is still going on today. It results in a paralysis of direction and focus. Qt used to, with widgets, have seamless theme management so that a KDE App would look native. Unfortunately, the QtQuick primitives that were initially released don't. The higher order QtQuick Controls, came later, and with not the best license or quality. Internally Qt has been pulled in many directions and a changed hands several times. Trolltech, Nokia, Digia and now the Qt Company.

That being said, I think we are there now, finally, 6 years later, to really do software transition to QtQuick. QtQuick 2 is amazing and up-coming Qt 5.8 will be that release which is the completion of the concept.The 5.6/5.7 that is out now is really great, 5.8 will be the last bit of polish.There are still some holes, there always will be, but QtQuick is something so new and different it took a while to figure out.

As a developer who uses Qt, and has been using Qt professionally since 2004, QtQuick makes it trivial to write applications. The next easiest was with PyQt.

In addition there is a port of QML (the language of QtQuick (Javascript with markup)) to Wed, called QMLWeb. This has the capability to revolutionize web development - no more HTML or CSS, bringing the ease of app development to the web.

If you cannot use the official Logitech Unifying management software because you use X11/Linux rather than windows, try compiling ltunify from source code. I own a Logitech K400 wireless keyboard with trackpad, and ltunify successfully configured it.

an open source tool called zxcvbn by Dropbox that is actually good at it

What the hell does Dropbox have against us Dvorak users?

At first I was all like, so the security expert can tell me that some of these password meters rate things like "p@ssword" as secure when they're obviously not, but they're not /quite/ expert enough to come up with a better tool that can more accurately gauge password strength?!@

Then I read the article; lo and behold, the author actually points out an open source tool called zxcvbn by Dropbox that is actually good at it (or at least, doesn't suck on the harsh battery of tests that these products were subject to (basically just running five passwords through six different meters).

tldr: use zxcvbn

Testing of the ports maybe, AD probably not... but. the FOSS community is very good at implementing specifications. If the object model is sufficiently well-designed, then maybe Libreoffice, Samba, OpenLDAP, MariaDB etc, will get hooks/shims/modules/whatever for a Linux Powershell.

The system level interfaces depend on how far the abstraction goes. They demonstrate obtaining objects for running processes... much easier and more accurate than grepping for PIDs.

https://github.com/PowerShell/PowerShell/tree/master/docs/learning-powershell

Their grep example is kind of ridiculous:

grep -Rin "sometext" --include="*.cs"

Becomes:

Get-ChildItem -Recurse -Filter *.cs | Select-String -Pattern "sometext"

But then look at stuff like their debugging and breakpoints: https://github.com/PowerShell/PowerShell/blob/master/docs/learning-powershell/debugging-from-commandline.md

There's a lot of hard work and cool ideas in there. It would be a mistake to ignore it because the syntax is awkward and MS is behind it.

Testing of the ports maybe, AD probably not... but. the FOSS community is very good at implementing specifications. If the object model is sufficiently well-designed, then maybe Libreoffice, Samba, OpenLDAP, MariaDB etc, will get hooks/shims/modules/whatever for a Linux Powershell.

The system level interfaces depend on how far the abstraction goes. They demonstrate obtaining objects for running processes... much easier and more accurate than grepping for PIDs.

https://github.com/PowerShell/PowerShell/tree/master/docs/learning-powershell

Their grep example is kind of ridiculous:

grep -Rin "sometext" --include="*.cs"

Becomes:

Get-ChildItem -Recurse -Filter *.cs | Select-String -Pattern "sometext"

But then look at stuff like their debugging and breakpoints: https://github.com/PowerShell/PowerShell/blob/master/docs/learning-powershell/debugging-from-commandline.md

There's a lot of hard work and cool ideas in there. It would be a mistake to ignore it because the syntax is awkward and MS is behind it.

MIT License

https://github.com/PowerShell/...

MIT -- no extinguishing that https://github.com/PowerShell/...

If you'll wander over to the PowerShell Github repo, the readme does state that it is released under the MIT License. Of course, they bury that info at the very bottom of the page.

And here's the original message provided by The Shadow Brokers
The original URL hosting the file was taken down but it was mirrored here:
Shadow Broker Message

The text is below in case that mirror stops working too.

From:
bitmessage = BM-NBvAHfp5Y6wBykgbirVLndZtEFCYGht8
i2p-bote = [removed to satisfy slashdot form validator]

Equation Group Cyber Weapons Auction - Invitation

!!! Attention government sponsors of cyber warfare and those who profit from it !!!!

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

Picture Urls
- ------------
http://imgur.com/a/sYpyn
https://theshadowbrokers.tumbl...
https://github.com/theshadowbr...


File Urls
- ----------
magnet:?xt=urn:btih:40a5f1514514fb67943f137f7fde0a7b5e991f76&tr=http://diftracker.i2p/announce.php
https://mega.nz/#!zEAU1AQL!oWJ...
https://app.box.com/s/amgkpu1d...
https://www.dropbox.com/s/g8kv...
https://ln.sync.com/dl/5bd1916...
https://yadi.sk/d/QY6smCgTtoNz...


Free Files (Proof)
- ------------------
eqgrp-free-file.tar.xz.gpg
sha256sum = [removed to satisfy slashdot form validator]
gpg --decrypt --output eqgrp-free-file.tar.xz eqgrp-free-file.tar.xz.gpg
Password = theequationgroup


Auction Files
- -------------
eqgrp_auction_file.tar.xz.asc
sha256sum = [removed to satisfy slashdot form validator]
Password = ????

Auction Instructions
- --------------------
We auction best files to highest bidder. Auction files better than stuxnet. Auction files better than free files we already give you. The party which sends most bitcoins to address: before bidding stops is winner, we tell how to decrypt. Very important!!! When you send bitcoin you add additional output to transaction. You add OP_Return output. In Op_Return output you put your (bidder) contact info. We suggest use bitmessage or I2P-bote email address. No other information will be disclosed by us publicly. Do not believe unsigned messages. We will contact winner with decryption instructions. Winner can do with files as they please, we not release files to public.

FAQ
- ---
Q: Why I want auction files, why send bitcoin? A: If you like free files (proof), you send bitcoin. If you want know your networks hacked, you send bitcoin. If you want hack networks as like equation group, you send bitcoin. If you want reverse, write many words, make big name for self, get many customers, you send bitcoin. If want to know what we take, you send bitcoin.

Q: What is in auction files? A: Is secret. Equation Group not know what lost. We want Equation Group to bid so we keep secret. You bid against Equation Group, win and find out or bid pump price up, piss them off, everyone wins.

Q: What if bid and no win, get bitcoins back? A: Sorry lose bidding war lose bitcoin a

The Shadow Brokers github repo was taken down but not before it was mirrored :)

https://github.com/nneonneo/eqgrp-free-file

Everything (that was made available in the sample tarball) is inside the Firewall folder.
Most of the human readable stuff is in Firewall/OPS and Firewall/SCRIPTS.

From the very little scanning I did, it seems most of the stuff is meant to attack Cisco PIX and Cisco ASA firewalls/routers.

There are quite a few scripts for preparing/setting up an ops terminal from which an antagonist can launch attacks.

One of the attack techniques involves instructing a pix/asa to fetch an implant over http (or ftp) from a web server running on an ops terminal.
So some of scripts install an http server (apache or tiny httpd) on the ops terminal.
The antagonist supplies the implant (the software bug) on the ops terminal.
Then they use vulnerabilities in the pix to instruct it to fetch the implant, upgrade the target's OS or load a module into the running system and then that gives them full access.

The binaries and implants are provided in the repo as well.

In that case, you apparently want autopep8 instead.

A publisher or ad network can still protect users by recompressing advertisers' uploaded files. There are two ways to go about this. One is to use a JPEG optimizer such as IJG's jpegtran, which optimizes JPEG files without additional loss. The other is to require advertisers to upload PNGs or high-quality JPEGs and then transcode them to web quality using mozjpeg.

Here is an example of some clear, easy to read, written-to-the-highest-standard MUMPS code for your inspection.

Wow

Here is an example of some clear, easy to read, written-to-the-highest-standard MUMPS code for your inspection.

If anyone's curious, I've dropped the decrypted contents of the "free sample" up on GitHub: https://github.com/nneonneo/eq.... Hopefully this makes analyzing the collection a bit easier. The code's pretty old - 2010-2013 according to timestamps - but it does look like real exploit/implant code from a distance.

By 2011, Docker had ARM support.
https://github.com/docker/dock...

This is a known issue and is being worked on by the actual Avast! support : https://forum.avast.com/index....
I don't know how the OP submitted the ticket, but it went to a "retention specialist" who probably thought he was trying to use it on Ubuntu (at least that's what I understand from the first email reply). And it is not just Avast!, see for example similar problems with Kaspersky: https://github.com/Microsoft/B... and more: https://github.com/Microsoft/B...

This is a known issue and is being worked on by the actual Avast! support : https://forum.avast.com/index....
I don't know how the OP submitted the ticket, but it went to a "retention specialist" who probably thought he was trying to use it on Ubuntu (at least that's what I understand from the first email reply). And it is not just Avast!, see for example similar problems with Kaspersky: https://github.com/Microsoft/B... and more: https://github.com/Microsoft/B...

An Open Source FPS is still being built in people bedrooms by a small team. http://www.xonotic.org/ There's also a MOD that lets you mke massive changes to the game and physics to basically create crazy game play. https://github.com/MarioSMB/mo...

most can be ported from Win32 to POSIX and MFC to a cross-platform framework like Qt with minimal effort through existing migration frameworks (google them).

Are you referring to Qt/MFC Migration Framework?

That's just security in general, if I have the source and can recompile it then I can just remove the security bits.

If a Bluetooth pedometer syncs its readings to a server through a free application on a PC, how should the operator of the server protect other users from seeing falsified data contributed through a modified application?

What windows applications include inseparable coupling to kernel mode drivers?

Support for connecting to iOS devices in iTunes for Windows is one example, as far as I understand.

And of these applications which ones cannot simply dual license the driver component and why?

Because proprietary driver components specific to the client application are "by their nature extensions of the covered work" and thus fail to qualify under the GPL's exception for an "aggregate".

js+html+canvas API is a perfect way to encode vector animations, with similar compression ratios (assuming transport compression) as flash.

I agree that Canvas or SVG would be the ideal solution going forward. Have you tried any non-Adobe tools for authoring such animations that you're willing to recommend? I don't want to rely on Adobe Animate because it's available only for rental.

For legacy content, there is shumway.

If Shumway could replace Flash Player the way pdf.js replaced the Adobe Reader plug-in, that would be great. But as far as I can tell, Mozilla canceled Shumway. There hasn't been a status report in over a year, and the graph of contributions to Git appears to have flatlined over the past 11 months.

In the meantime, where is WebAssembly?

Right here.

But web browsers desperately need a better way to run code than turning it into JS - something like LLVM bitcode that can be compiled and run at near-native speeds instead of the crappy 2-10x slower JS. Chrome did something called PNaCl along those lines but it would have to be adopted across all browsers.

I see that you meant Linux. Also, that feature left Insider status on the 2nd, when the Anniversary Update was release. Now, if they could just get the JVM running properly on it...

A) It's not that intelligent and certainly doesn't reason. There was a framework to the competition, so it wasn't a wild goose chase within the x86 ISA. For example, https://github.com/CyberGrandChallenge/samples/blob/master/examples/CADET_00001/src/service.c. This code has a 'bug" that's only found by brute forcing ASCII characters on input to that function.

B) EFF doesn't need to worry about this thing becoming sentient and starting Skynet. It's certainly a predefined set of common system flaws which, at best, use machine learning for their implementation.

https://www.cybergrandchallenge.com/tech

huh. like this. how about that - someone's already done it. https://github.com/okTurtles/d...

Can you create an application from scratch using only Javascript?

If you're a Mac user, you could try it with JSCocoa.

Vendor apps are a little trickier but for Windows 10 garbage out of the box, consider the following:
https://gist.github.com/alirob...

It requires a little effort to get exactly what you want but it's a great powershell script. You might also consider installing and tweaking ClassicShell.

Some corrections to your post:

1. Windows 10 isn't an open platform because the OS will uninstall your programs if they are not Microsoft's preference. Cf. https://tech.slashdot.org/stor...

2. The telemetry that was backported to Windows 7 can be uninstalled by denying certain updates. Cf. https://gist.github.com/xvital...

3. According to American style, the question mark only goes inside the quotation marks if a question is the substance of what is being quoted. Cf. http://www.grammarbook.com/pun...

Soon all those Windows vulnerabilities will be available on Linux too.

Not quite sure what you mean by that.

Do they allow you to compile from source at least or is it a closed binary that needs root rights?

The release is source, it's right here https://github.com/microsoft/ChakraCore licensed under MIT.

For those who don't know, ChakraCore is open source; the code is on GitHub, under the MIT license.

https://github.com/Microsoft/ChakraCore

You can think of Qubes as a desktop OS that demotes monolithic kernels (hopelessly insecure) to the role of providing features/drivers within unprivileged VMs. This is similar to the microkernel philosophy, but also recognizes that monolithic kernels are still where all the drivers and apps are to be found.

Qubes also employs IOMMU hardware to contain network and USB controllers within unprivileged VMs to protect against DMA attacks. The admin VM that runs the desktop environment has no direct access to networking, and the user can assign other PCI devices to VMs as they see fit.

The last piece of the Qubes picture is that it departs from how most hypervisors handle graphics, keyboards and inter-VM copying. Each is properly virtualized using a very simple protocol that is highly resistant to attack, so that VMs cannot sniff your clipboard contents or keystrokes, or take screenshots, etc. Copying between Qubes VMs is also probably much safer than copying between air-gapped machines using discs or flash drives because the former is far simpler.

The Qubes Security Bulletin for this Xen vulnerability can be viewed here.

Most Xen vulns either do not apply to Qubes or are DOS, and the Qubes project is skeptical that this one can be realistically used against Qubes. Still, the bulletin also describes how this vuln belongs to a class of memory management bugs that the Xen project has not done a good job in rectifying. This appears to be Xen's "weak spot" that could be a perennial source of vulns. As a result, Qubes will be moving away from PVMs (which use the questionable memory mapping code) to HVMs which employ on-silicon SLAT for VMs.

Most of the people on Slashdot would be better-served by using either uBlock Origin or uMatrix instead of ABP.

I would say uBlock Origin and uMatrix.

I'm running both of those, and also scriptblock, but most users will only want uMatrix.

The "regular end user" set that I would recommend is uMatrix, uBlock Origin, Privacy Badger, Flashblock. (Flashblock isn't just for flash, it is also for stopping html5 auto-play)

For us grumpy old paranoid farts who don't mind having to fiddle before a site can run client code, then add in scriptblock.

Most of the people on Slashdot would be better-served by using either uBlock Origin or uMatrix instead of ABP.

I would say uBlock Origin and uMatrix.

I'm running both of those, and also scriptblock, but most users will only want uMatrix.

The "regular end user" set that I would recommend is uMatrix, uBlock Origin, Privacy Badger, Flashblock. (Flashblock isn't just for flash, it is also for stopping html5 auto-play)

For us grumpy old paranoid farts who don't mind having to fiddle before a site can run client code, then add in scriptblock.

Most of the people on Slashdot would be better-served by using either uBlock Origin or uMatrix instead of ABP.

uBlock Origin is a drop-in content blocker that "just works" out of the box. It's great for dropping onto non-techies computers and knowing that they'll be a lot better off. Plus, unlike ABP, it doesn't allow ads through by design for companies willing to pay, and it's also significantly more efficient than ABP in terms of its processing and memory overhead (though APK may point out that it's still less efficient than a hosts file...).

uMatrix, however, is likely better for many of the people around here, since it provides a simple UI made up of a matrix of boxes that allow you to enable/disable different types of content on a per-subdomain basis for each site you visit. By default, it only allows CSS and images from sites other than the one you're on, which blocks basically all tracking immediately, but also breaks functionality on some sites until you whitelist specific items. For me, I find that if I drop it onto a new computer, there's 2-3 weeks of infrequent fiddling needed before I've gotten it configured to the point where I'm not having to open it up on a daily basis, but after that, I only need to pop it open once in a blue moon and it works like a champ.

Ghostery is fine and all, and it used to be one of my go-to add-ons, but I find that for anywhere it comes up short (either because it lets stuff through that it shouldn't, or doesn't let stuff through that I want), it's a pain to manually configure. In contrast, uBlock Origin and uMatrix put those controls right in front of you, which is why they've become my preferred ones.

Most of the people on Slashdot would be better-served by using either uBlock Origin or uMatrix instead of ABP.

uBlock Origin is a drop-in content blocker that "just works" out of the box. It's great for dropping onto non-techies computers and knowing that they'll be a lot better off. Plus, unlike ABP, it doesn't allow ads through by design for companies willing to pay, and it's also significantly more efficient than ABP in terms of its processing and memory overhead (though APK may point out that it's still less efficient than a hosts file...).

uMatrix, however, is likely better for many of the people around here, since it provides a simple UI made up of a matrix of boxes that allow you to enable/disable different types of content on a per-subdomain basis for each site you visit. By default, it only allows CSS and images from sites other than the one you're on, which blocks basically all tracking immediately, but also breaks functionality on some sites until you whitelist specific items. For me, I find that if I drop it onto a new computer, there's 2-3 weeks of infrequent fiddling needed before I've gotten it configured to the point where I'm not having to open it up on a daily basis, but after that, I only need to pop it open once in a blue moon and it works like a champ.

Ghostery is fine and all, and it used to be one of my go-to add-ons, but I find that for anywhere it comes up short (either because it lets stuff through that it shouldn't, or doesn't let stuff through that I want), it's a pain to manually configure. In contrast, uBlock Origin and uMatrix put those controls right in front of you, which is why they've become my preferred ones.

The source is on github: https://github.com/vtoubiana/TrackMeNot

How It Works
TrackMeNot runs in Firefox and Chrome as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and Bing. It hides users' actual search trails in a cloud of 'ghost' queries, significantly increasing the difficulty of aggregating such data into accurate or identifying user profiles...To better simulate user behavior TrackMeNot uses a dynamic query mechanism to 'evolve' each client (uniquely) over time, parsing the results of its searches for 'logical' future query terms with which to replace those already used.

More info at: http://www.cs.nyu.edu/trackmen...

Load the site, get three seconds of viewing before some custom dialog in thrown in your face that blocks the contents wanting you to complete a survey or sign up for email spam. More often than not it seems like the method to close it is obfuscated or the exit button is tiny enough you have to squint to see it.

I don't bother trying to play their game of trying to find the exit, when there are extensions like this that always give you a consistent method for brushing that shit aside. These days, this and an ad blocker seem to be necessary for a decent browsing experience anymore.

I use also Greasemonkey with scripts to circumvent Anti-Adblock measures in WIRED

Just switch from Adblock Plus to uBlock Origin. WIRED doesn't harass me about using it and it's better anyway.

uBlock is also much more efficient. There is zero reason to continue to use ABP.

1956 Sturgeon story about mobile/wearable computing's potential that inspired Ted Nelson and others leading to the web and so the iPhone: https://archive.org/stream/gal...
https://archive.org/details/pr...

Let's hope the upside is realized -- not a surveillance/control downside.
http://pcast.ideascale.com/a/d...

Still trying to help when I can -- just so little time:
https://github.com/pdfernhout/...

Hope others can carry things forward in their won way -- and many are! :-)

Half-way through reading the "The Jennifer Project" new sci-fi novel by Larry Enright, which almost seems like a Skills of Xanadu remake in some ways. Nor sure how it ends. :-)
https://www.amazon.com/Jennife...

Hopefully not the same as "With Folded Hands". :-(
https://en.wikipedia.org/wiki/...

Yes, if only there were Objective C & Swift support, or REST or an official client library for PHP or node.js and JavaScript or Python, .Net, Ruby, Go... and more.

Yes, if only there were Objective C & Swift support, or REST or an official client library for PHP or node.js and JavaScript or Python, .Net, Ruby, Go... and more.

Yes, if only there were Objective C & Swift support, or REST or an official client library for PHP or node.js and JavaScript or Python, .Net, Ruby, Go... and more.

Running OpenWRT you may want to look into using dsnmasq to do the DNS blocking. From what I have seen there are a number of hosts files that can be used to populate dnsmasq so it blocks the windows spying. And hopefully this doesn't summon APK but one can setup a cron job to automatically populate block lists with various host files sources in OpenWRT which is what I do and it stops a lot of the crap on all devices. If looking for some host files to incorporate check out the source section of this page.

That however won't stop traffic to hard-coded IPs so there you would have to create some outbound firewall rules for the WAN interface that block traffic to specific IPs but that shouldn't be all that difficult

One issue I see with your hash is using it for sites that have piss poor password policies such as your password can't be over X characters long, or it has to contain letter, number, and limited list of symbols, etc. Your hash could possibly not match the requirements. What do you do in this case?

The final step of the hashing algorithm maps the resulting hash into a character string. The algorithm allows you to customise this mapping to use only a given subset of characters, or given length. Using this feature will require you to store this metadata in your state file, because you rarely get reminded of these password limitations at login, only at registration. Fortunately these sites are rare; the default policy of 8 characters with alpha + numeric + special – and the algorithm makes sure you have at least one of each – works fine for almost all sites.

I encourage you to download and try one of the implementations. The two I mentioned earlier implement the same algorithm, as does a Firefox version and a portable Javascript version.