Have you heard the latest track by gzip? Maybe it’ll end up on a “Greatest Hits” album alongside Philip Glass.

Visualization techniques such as animated algorithms can help programmers better grasp the abstract theories that make software work. Could auralization, the sound equivalent of visualization, provide similar insights? Postgrad student (and J. S. Bach fan) [Cessu] developed a program to do just that. By carefully mapping registers to notes, and slowing the tempo to a human timescale, the result is a cacophonous machine that offers a glimpse into the operation of various programs. You might find the resulting minimalist “music” insightful, entertaining…or maybe just incredibly grating.

[thanks Shadikka]

Which is a better method for finding vulnerabilities, fuzzing or static-code analysis? The question will be put to the test at next month’s Black Hat USA conference, where two experienced hackers security researchers will be given a piece of mystery code and one hour to find all the vulnerabilities they can using one of the two methods. [Charlie Miller] from Independent Security Evaluators will use fuzzing and [Sean Fay] from Fortify Software will use static-code analysis to detect the vulnerabilities in the code. We reported on [Miller]’s fuzzing talk while at Toorcon 9.

The pair will be allowed to use their own equipment, but they won’t see the code until the moment the showdown begins. For an added bit of fun, conference attendees are welcome to join in the contest. The audience member who finds the most exploits within the hour wins a free dinner at a new Las Vegas restaurant. But you don’t have to wait until then to weigh in; go ahead and post your thoughts on fuzzing vs. static-code analysis in the comments, just be ready to back up your claims.