|view older items|
Friday May 22, 2015
HTTPS exploit ready to terrorise
Normally I will would just leave an extended title and a link, but this article is too important & too sad, to risk being unnoticed:
I don't know if this is old news, but I think it certainly is bad news:
Quote from: TechRadar
HTTPS exploit ready to terrorise thousands of websites and mail servers
By Jamie Hinks http://www.techradar.com/...-and-mail-servers-1294458
Diffie-Hellman downgrade weakness allows hackers in.
Almost 100,000 HTTPS websites are under threat from a new vulnerability born out of attempts by the US in the early 1990s to break the encryption used by foreign entities.
First reported by Ars Technica, the 'Logjam' vulnerability affects 8.4% of the world's top one million websites in addition to a slightly higher percentage of the mail servers in the IPv4 address space, according to researchers.
"Logjam shows us once again why it's a terrible idea to deliberately weaken cryptography, as the FBI and some in law enforcement are now calling for," J. Alex Halderman, one of the scientists behind the research, told Ars Technica in an email. "That's exactly what the US did in the 1990s with crypto export restrictions, and today that backdoor is wide open, threatening the security of a large part of the web."
The exploit lets eavesdroppers view data passing over encrypted connections and then modify it to successfully perform man-in-the-middle attacks. It is born out of a flaw in the transport layer security (TLS) protocol that allows websites and mail servers to set up encrypted connections with end users, and the Diffie-Hellman key exchange is where the weakness lies.
Attackers are using Logjam to take advantage of a subset of servers supporting Diffie-Hellman, which allows two parties that have never met to set up a special key even if they are communicating over an unsecured connection.
To take advantage of vulnerable connections, attackers have to use the number sieve algorithm to precompute data. After doing that they can successfully perform man-in-the-middle attacks against the same vulnerable connection.
Keep your browser updated
Only Internet Explorer has been updated to protect against the exploit, although the researchers have been in touch with the developers of Chrome, Firefox and Safari to ensure that a fix will be implemented that rejects encrypted connections under a minimum of 1024 bits.
Researchers are advising server administrators to switch off support for the DHE_EXPORT ciphersuites that permit Diffie-Hellman connections to be downgraded and they have even provided a guide on how to do so securely. For end users, make sure your browser or email client is kept completely up-to-date with the very latest version.
*INCORRECT USE OF [attachthumb=#]. You need to specify the attachment number, for example [attachthumb=1].
>"... rejects encrypted connections under a minimum of 1024 bits"<!!!
Turns out it even was made close at home!
Tuesday May 19, 2015
Tindie - Online Hardware Makerspace
While looking into how to get experience with JTAG using a Raspberry Pi, came across tindie:
Tindie is the largest marketplace online for open hardware. Thousands of our inventions are open source. The schematics and source code are available for anyone to study, remix, or even clone.
Has any one picked up anything via tindie?
Found a "USB Lithium Ion coin cell battery charger LIR2032, CR2032 replacement":
(Though it may be that care and timing are needed to stop the charging appropriately.)
Sunday May 17, 2015
Microsoft "Hyperlapse" tech is finally available to play with
I am shocked - shocked I say! - to see that there appear to be no previous threads on the whole "hyperlapse" thing (according to the Search at least). This is a variation of timelapse where the camera actually moves *large* distances (as opposed to the small dolly shots of most timelapse) while maintaining (relatively) smooth motion, creating an amazing combination of realistic and surreal imagery and motion. It really just has to be seen to be appreciated. This is an excellent introduction to what can be achieved:
Like many things this is a technique that has been around for quite some time (earliest example I've seen was shot on film in 1995!) and was pioneered by some innovative photographer/videographers, painstakingly investing tons of time and effort into getting good results. And as with most great artistic innovations it is now starting to become more achievable for the average person who *doesn't* have days or weeks on their hand to plan, shoot, and edit such complex projects.
We first saw tools that anyone could use to create Hyperlapses from Google Maps street view data, which produced some cool results in itself. But the image quality and consistency were of course limited and the subject matter even more so. And whatever you did, it just wasn't *personal*, it wasn't *your* video.
Enter Microsoft Hyperlapse Pro!
Microsoft began doing research in this area a few years back and showed some tremendously promising results processing average GoPro-style mounted action camera videos into highly watchable compressed versions of the journey the camera captured. Rather than watching an hour long rock climbing expedition on a head-mounted camera, you can watch it in 60 seconds, with a fluid impression of the environment much as in the hyperlapses shown in the video above. This was a fairly revolutionary idea and the results of Microsoft's research really have to be seen to be properly appreciated:
Unfortunately, while MS's research was promising, there was no software to go with it...
Well, I've had a web change detector watching their page for over a year now, waiting for the actual availability of software that implements their seemingly cool tech, and at long last it's available! GHacks has a good write-up:
Microsoft Hyperlapse Pro can be downloaded from Microsoft's Research website. It is compatible with all recent versions of Windows and only available as a 64-bit version.
The installation is straightforward and the installer itself is clean and does not include any surprises.
The hyperlapse video creation process itself is divided into four parts. First thing you do is create a new project and import a supported video format. Hyperlapse Pro supports mp4, mov and wmv video files only.
Unfortunately it does come with a watermark currently, which is a real shame, but it's still cool to be able to play with the fruits of their research. Instagram came out with a similar processing technology in an iOS-only app about 8 months ago, so this kind of thing has been available for a while already. However Instagram's approach is not as thorough or capable as Microsoft's seems to be, and of course it's iOS-only. Microsoft has the PC application as well as an option for both Windows Phone and Android owners to play with.
Thursday May 07, 2015
O'Reilly ebooks and video training 50% off today
"In celebration of Day Against DRM"
For anyone interested, O'Reilly (the tech book people, not the Bill) is having a 50% off sale on all e-books and video training. Offer ends May 8, 2015 5 am PT.
Friday May 01, 2015
The DonationCoder 2015 10th Anniversary Fundraiser is Now Officially Over!
The DonationCoder 2015 10th Anniversary Fundraiser is Now Officially Over!
My heart is just overflowing with gratitude and pride at the incredible response from everyone -- it's been amazing and humbling and reinvigorating.
The donations are enough to pay for several years of hosting costs, so we're going to be here, doing our thing, ad free, for the foreseeable future. And I could not be happier about that.
* Total donations during the fundraiser: $15,649 (the most we've ever raised in a fundraiser).
* Total number of donors: 927 (the most donors we've ever had in a fundraiser).
Even if you didn't donate, I want to thank all of you who have expressed encouragement and support for the site -- it makes all the difference.
And now we return the site to it's normal look (without the fundraiser banner), for now...
But be warned, the success of the fundraiser means that we're finally going to migrate to a proper Content Management System and try to improve areas of the site. Stay tuned!
Thursday April 30, 2015
Final 24 hours of the DonationCoder.com 10th anniversary fundraiser
If you've donated to our site recently -- thank you! You can stop reading right now.
April 30th is the last day of our 10th Annual Fundraiser.
If it's been a while since you last visited, I'd ask you to stop by the website to see what you helped create: A friendly community of software connoisseurs and a huge collection of applications free of ads, toolbars, or any such junk, still going strong after 10 years.
Your donation helped make that possible. Now we need your help again to improve the site -- will you consider making another donation?
There are only a few days left until the end of the fundraiser (the first one in 3 years), and it looks like we're going to meet or exceed our goal of raising $10,000. With your help we can make a statement and do so decisively, with a record number of donors.
On behalf of everyone at DonationCoder, thank you!
To donate now, click: here.
Tuesday April 28, 2015
Some DC software updates
I've released a bunch of updates to some of my larger software apps in the last two days:
Monday April 27, 2015
New WordPress exploit makes it easy to hijack wp sites - fix just released
WordPress just released a critical security update that fixes the 0day vulnerability described below.
The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server. Attack code has been released that targets one of the latest versions of WordPress, making it a zero-day exploit that could touch off a series of site hijackings throughout the Internet.
Official fix: https://wordpress.org/new.../2015/04/wordpress-4-2-1/
Sunday April 26, 2015
Micro Reviews of Board Games From a Non-Competetive Perspective: Small World
Time for another board game mini-review, this time for: Small World.
Small World is a very popular board game that's been around for a few years, but yesterday was the first time I've played it.
A quick video review from our friends at Starlit Citadel:
I played a 2-player game with a friend and we had a great time with it even our first time learning the rules and playing.
Perhaps what surprised me the most about the game is that I tend to shy away from games where there is direct, repated player conflict/confrontation, especially when it comes to "area control" mechanics (like battling over spaces on the board). Games like this (risk, etc.) feel much too confrontational to me, and they completely stress me out and make it so i don't have fun. If i am losing i feel nervous and if i'm winning i feel guilty. But Small World, which is based on such a mechanic -- was somehow free of any real confrontational "feel" -- which was wondeful. If you have a friend (or friends) who might tend to shy away from competitive type games, I recommend you give it a try.
One of the hallmarks of the game is that players take control of special creatures whose unique special abilities are mixed and matched, so every game is a bit different.. It's an incredible achievement in terms of game balance and entertainment. I think part of why it doesn't feel so confrontational is that over the course of the game, your chosen creatures (tribe) will suffer and you basically "retire" them when you want, and pick up a new set of creatures to control -- so in a way you're kind of happy to see them go into decline so you can play with a new set of creatures with new abilities. It's incredibly fun.
One caveat to this game is that, while the rules are fairly simple, you'll constantly have to be reading a large sheet that explains powers and abilities, which can sometimes be a little tricky, so you might very well have a problem with smaller kids, especially if you don't know the powers by heart when you try to teach them.
Highly recommended: 5 out of 5.
Friday April 24, 2015
"Think X" Book Series and the Textbook Manifesto
Recently came across and have started reading "Think Stats: Probability and Statistics for Programmers" by Allen B. Downey.
There are some other "Think X" books that look interesting too, where X might be "Python", "Bayes", "Complexity" or something else.
...books are available under free license that allow readers to copy and distribute the text; they are also free to modify it, which allows them to adapt the book to different needs, and to help develop new material.
These books are available in a variety of electronic formats; some are also for sale in hard copy.
Found the Textbook Manifesto by the same author:
Students should read and understand textbooks.
More details at: http://greenteapress.com/manifesto.html
Sounded pretty reasonable.
Friday April 17, 2015
Ludum Dare 32: April 17th-20th, 2015
DC member Deozaan writes:
Ludum Dare is a game programming contest that runs regularly, with a short window of time between announcement of a theme and due date.
The theme for LD32 is:
See you all in ~72 hours. I'm going to give it a shot.
Sunday April 05, 2015
Lists of Rogue Security Software?
Came across this this of "rogue" security software, software that deceives or misleads users into paying money for fake or simulated removal of malware (so is a form of ransomware) — or it claims to get rid of, but instead introduces malware to the computer.
Not sure how up-to-date it is.
Found some other lists that seemed clearly out-of-date by a year or more.
Apart from asking around, I guess if one is considering something for installation and it's small enough jotti, virustotal, and the like are likely to give useful feedback about the candidate in question.
Saturday April 04, 2015
You can now run Android apps on a Mac or PC with Google Chrome
Those of you who have read my posts on Google know that I view the company quite suspiciously.. They are masters of publicity and self-promotion and always find ways to get their hands into everything.. Often in roundabout ways like a spider that weaves a trap you don't realize you are in until it's too late. Which is not to say that the stuff they create isn't often quite excellent and useful.
So here's a predictable, and yet still intriguing, new way of extending google tentacles, the ability to run Android apps on windows using the Chrome Web Browser.
Google’s convergence of Chrome and Android is taking a big step forward this week. After launching a limited App Runtime for Chrome (ARC) back in September, Google is expanding its beta project to allow Android apps to run on Windows, OS X, and Linux. It’s an early experiment designed primarily for developers, but anyone can now download an APK of an existing Android app and launch it on a Windows / Linux PC, Mac, or Chromebook.
|view older items|