|view older items|
Thursday November 27, 2014
Watercolorbot - $300 watercolor painting printer
This looks pretty amazing to me:
"Starting with vector artwork on your computer — or following along as you sketch in real time — the WaterColorBot dips its brush in water, goes and gets the right color of paint, and paints before your eyes... While earlier versions of the WaterColorBot came as a kit (with some assembly required), the WaterColorBot 2.0 comes assembled, tested, and ready to use. It also comes with a starter set of watercolor paints, paper, and a brush. Please see the FAQ below for a more detailed list of the kit contents."
Friday November 21, 2014
*INCORRECT USE OF [attachthumb=#]. You need to specify the attachment number, for example [attachthumb=1].
Google Contributor: A New (not so new) way to fund the web
Contributor by Google
An experiment in additional ways to fund the web.
Today’s Internet is mostly funded by advertising. But what if there were a way to directly support the people who create the sites you visit each day?
Introducing Contributor by Google.
My largest problem with this... is that it's by Google.
Choose a monthly contribution.
Visit participating sites.
Support the people who make the web.
It seems a lot like patreon.
Visit participating sites.
When you visit a participating website, part of your contribution goes to the creators of that site. As a reminder of your support, you’ll see a thank you message - often accompanied by a pixel pattern - where you might normally see an ad.
In theory, it seems like a good idea. In practice... well, Google long ago abandoned the do no evil pledge.
Thursday November 13, 2014
Experimenting with Other Programming Languages
I've spent most of my life coding C++, and dabbling in other languages (most recently Python).
But the list of programming languages that I've never written a line of code in is starting to get big, and I think it's time I put an end to that.
So I've decided I'm going to try to do a little experimenting with other programming languages, and wanted other coders here to join me, and post your updates here.
For my first stop on the tour, I spent today coding in Go.
I was inspired to write a program to solve a homework assignment given to the daughter of one of our fellow DC members.
The assignment is as follows:
"Given a set of numbers, and a target value, find an expression using + - * / and which uses each of the numbers exactly once, which reaches the target."
For example, given the numbers [2, 3, 6, 15] find an expression that reaches the target value of 7.
Note that there may be multiple expressions that reach a given target value. Rather than find a specific solution to a specific problem -- I was more interested in writing a program that would find ALL possible expressions given a set of n numbers, and then looking for particular targets which have few possible solutions, reasoning that these would be nice and hard puzzles to solve.
I started out by trying to calculate a formula for the # of possible expressions of n numbers. That turned out to be a very fun mathematical journey, and I encourage the mathematically inclined among you to give it a try. I'll share my formula later so as not to spoil the problem.
Anyway, so today I coded this program in Go. Looks like about 400 lines of code, and definitely a non-trivial and interesting project.
Speed and memory seemed quite reasonable, no complaints there. Error messages were reasonable.
I'll post the source code soon after I give anyone else a chance to have some fun.
However, I can't say I really enjoy Go after my day with it. Some parts of it are ugly and unpleasant, and I don't approve of many of the language design decisions.
In fairness, this wasn't really something that made use of the real strengths of Go, so perhaps it wasn't the fairest of tests.
Here's a test for you if you decide to try coding this program. I will give out a prize of a free DC mug for anyone who can solve this by writing their own version of this program before I post my source code at the end of the month.
Given the numbers [2 3 4 5 6 7 8], find TWO good, and fundamentally different, solutions that yield the target value of "2741"
Announcing .NET 2015 - .NET as Open Source, .NET on Mac and Linux
Announcing .NET 2015 - .NET as Open Source, .NET on Mac and Linux, and Visual Studio Community
It's happening. It's the reason that a lot of us came to work for Microsoft, and I think it's both the end of an era but also the beginning of amazing things to come.
The .NET 2015 wave of releases is upon us. Here's what's happening and we announced it today in New York. There's a lot here, so drink it all in slowly.
Be sure to check out all the blog posts I'm linking to at the end, but here's my personal rollup and take on the situation.
We are serious about open source and cross platform.
.NET Core 5 is the modern, componentized framework that ships via NuGet. That means you can ship a private version of the .NET Core Framework with your app. Other apps' versions can't change your app's behavior.
We are building a .NET Core CLR for Windows, Mac and Linux and it will be both open source and it will be supported by Microsoft. It'll all happen at https://github.com/dotnet.
We are open sourcing the RyuJit and the .NET GC and making them both cross-platform.
ASP.NET 5 will work everywhere.
ASP.NET 5 will be available for Windows, Mac, and Linux. Mac and Linux support will come soon and it's all going to happen in the open on GitHub at https://github.com/aspnet.
ASP.NET 5 will include a web server for Mac and Linux called kestrel built on libuv. It's similar to the one that comes with node, and you could front it with Nginx for production, for example.
Developers should have a great experience.
There is a new FREE SKU for Visual Studio for open source developers and students called Visual Studio Community. It supports extensions and lots more all in one download. This is not Express. This is basically Pro.
Visual Studio 2015 and ASP.NET 5 will support gulp, grunt, bower and npm for front end developers.
A community team (including myself and Sayed from the ASP.NET and web tools team have created the OmniSharp organization along with the Kulture build system as a way to bring real Intellisense to Sublime, Atom, Brackets, Vim, and Emacs on Windows, Linux, and Mac. Check out http://www.omnisharp.net as well as blog posts by team members Jonathan Channon
Even more open source.
Much of the .NET Core Framework 4.6 and its Reference Source source is going on GitHub. It's being relicensed under the MIT license, so Mono (and you!) can use that source code in their .NET implementations.
There's a new hub for Microsoft open source that is hosted GitHub at http://microsoft.github.io.
Open sourcing .NET makes good sense. It makes good business sense, good community sense, and today everyone at Microsoft see this like we do.
This could be a MASSIVE game changer...simply...wow.
Tuesday November 11, 2014
Everything You Need To Start Making Webcomics For Free
The webcomic is the best storytelling medium for hobbyists. Its visual nature hooks readers faster than written form stories. Its serial nature allows for bite-sized consumption without sacrificing long story arcs. And best of all, it’s a heck of a lot cheaper than making films or writing novels.
Given enough time and determination, anyone can make webcomics for free, and that includes you. Here’s how to get started right away.
Read the full story here: http://www.makeuseof.com/...rt-making-webcomics-free/
Wednesday November 05, 2014
The item that caught my attention was the algorithm for splitting a payment among multiple participants in a project, by trying to find a fair way to divide it based on participants assessment of others. The website offers little explanation for the algorithm, but does link to a published paper on the algorithm (written by people other than those who made the website).
Monday October 27, 2014
Super-sized Newsletter for Oct 25, 2014 - Codename: NANY 2015 Preppers
1. Newsletter Editorial
Greetings. It's been a whopping 156 days since the last newsletter, and in that time..
New threads started: 1,300.
New posts: 12,000 (number of those deleted as spam: 468).
New members who joined: 13,600 (number of those banned for spamming: 700).
New donors: 714.
The important news to tell you about is that our big "New Apps for the New Year (NANY) 2015" event is fast approaching. You can read all about it below, in the first section of the newsletter. We'd love to have your participation in it.
See you on the forum!
2. NANY 2015 Event (New Apps for the New Year)
Since 2007 we have held an annual event that we call NANY (New Apps for the New Year), where we ask the coders who hang out on DonationCoder to create some new piece of free software and share it with the world on January 1st of the new year (browse previous year entries here).
There are no winners or losers, it's simply a celebration of programming and creating new software and sharing it with the world. Everyone who participates gets a commemorative mug. You can target any operating system (desktop or mobile) or even make a web-based tool. It can be a game, utility, large application, whatever.
10 Web Application Security Scanners To Monitor Your Internet Activity!
1. Netsparker Community Edition
According to their website, Netsparker is the only false-positive-free web application security scanner. Simply point it at your website and it will automatically discover the flaws that could leave you dangerously exposed.
The Websecurify Suite is a web application security solution designed to run entirely from your web browser. It packs our awesome web application security framework combined with the power of client-side technologies.
This web application security scanner allows you to track the following security vulnerabilities,
- File disclosure
- Database Injection
- XSS (Cross Site Scripting) injection
- Command Execution detection
- CRLF Injection
- XXE (XmleXternal Entity) injection
- Use of know potentially dangerous files
- Weak .htaccess configurations that can be bypassed
- Presence of backup files giving sensitive information
This is a web application security scanner that searches for security loopholes like SQL Injection, XSS and other known attacks.
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly.
Watcher is a Fiddler addon which aims to assist penetration testers in passively finding Web-application vulnerabilities. The security field today has several good choices for HTTP proxies which assist auditors and pen-testers.
Exploit-Me Mobile (EMM) is an open source project demonstrating common mobile application vulnerabilities in the iOS and Android platforms. ExploitMe Mobile is a training platform built based on the common mobile application security pitfalls.
WebScarab has a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned.
10. Acunetix Web Application Security Scanner
According to the company, the features of this security tools includes,
- AcuSensor Technology
- Industry's most advanced and in-depth SQL injection and Cross site scripting testing
- Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
- Visual macro recorder makes testing web forms and password protected areas easy
- Support for pages with CAPTCHA, single sign-on and Two Factor authentication mechanisms
- Extensive reporting facilities including PCI compliance reports
- Multi-threaded and lightning fast scanner - processes thousands of pages with ease
- Intelligent crawler detects web server type, application language and smartphone-optimized sites.
- Acunetix crawls and analyzes different types of websites including HTML5, SOAP and AJAX
- Port scans a web server and runs security checks against network services running on the server
A Malicious Del.icio.us?
Google blacklisted bit.ly several days ago in a move that caught many publishers off guard. We started seeing spotty reports of del.icio.us being blacklisted over the weekend and it has now gone full-blown with all del.icio.us links apparently being blacklisted by Chrome as hosting malware.
Delicious has changed hands several times over the years and recently was re-sold earlier this year to Science Inc. They also rebranded several years ago to delicious.com which is not blacklisted, but there are likely a large number of legacy .us links out there. [Edit: Thanks Kelson]
Bit.ly has now been removed from Google’s Safe Browsing list which is the list that Google maintains of known malicious websites that engage in malware distribution and phishing. [Edit: Correction, we are still seeing bit.ly links being flagged by Google's GSB and Chrome] It’s also one of the data sources that Wordfence uses to scan your site’s files, posts and comment for malicious activity and infections.
Friday October 24, 2014
In one of the best things I've seen in a long time, especially as an aspiring writer.
from https://www.gitbook.io/about (stripped of pretty formatting)
GitBook makes it easy to publish great books.
Discover gorgeous books from the community.
Publish your books easily thanks to a great workflow.
Monetize your paid books in less than 5 minutes.
Simple to update, publish and update your books easily using Git or the editor.
Responsive, books can be read on all devices, laptops, tablets, phones, kindles, etc.
Editor, use the GitBook editor to write beautiful books, on Mac, Windows or Linux.
Git, books are versionned and collaborative using the GIT scm.
Markdown, books are written using the markdown syntax.
Open Source, built on top of the open source GitBook technology.
o more thanks to powerful integrations.
E-book readers, books are readable on the Amazon Kindle, Nook and other readers.
iBooks, books are readable on iPad, iPhone and Mac using iBooks.
GitHub, write your book on GitHub and publish it in seconds through GitBook.
Monetize your books
Choose your own minimum and suggested prices, from $0 (or free) to $100.
Let everybody buy your book easily. GitBook accepts most credit & debit cards.
You keep the rights to your book, not us. So you can do a deal with a publisher at any time.
GitBook charges 20% per transaction.
I'm cautiously optimistic... could also be a big middle finger to the traditional publishing model...
Update: So, following my own advice to do more investigation on open-source projects I find interesting.
So far, I see that Gitbook is owned by FriendCode. Haven't done a corporate search, but a little cursory searching led me to Codebox (https://www.codebox.io/about). They are owned by FriendCode also, so I assume at this point some correlation.
There is also a concerning bit in their TOS- the use of real names, and the ability to terminate accounts.
Violation of any of the terms below will result in the termination of your Account. While FriendCode prohibits such conduct and Content on the Service, you understand and agree that FriendCode cannot be responsible for the Content posted on the Service and you nonetheless may be exposed to such materials. You agree to use the Service at your own risk.
I wrote an e-mail, and am waiting to hear back.
I'm a prospective user of gitbook.io, and I had a concern. I don't want to write under my real name. I have business concerns that I use my real name for, and don't want any contract or other issues, which is why I don't use my real name for either my hobby coding nor writing concerns.
However, it seems that things published must be connected to my legal name? Or I'm subject to summary termination of account?
I just wanted to make sure of what was actually meant, i.e. was this absolute? Especially in publishing where people ghost write and use pseudonyms, it seems that this is a bit short sighted.
Thanks for your time, and any response!
Update: I received a response today, which I've posted below.
If your book is a paid book, you have to use your legal name, because otherwise we can't legally transfer you the money.
But if the book is a free or private book, feel free to use a pseudonym, we'll suspend the book only if the content is a stolen or illegal content.
You can only signup using twitter or github, so if you want to use a pseudonym, please make sure that your real name is not written on your Twitter/Github user profile.
So it seems that you can publish free content under a pseudonym, but not paid content.
Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware
Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware
One of the sites effected is apparently CNet, as one of our customers got nailed by this while trying to download the latest copy of Avast AV (which is hosted on CNet). The customer in question is a hyper vigilant old schooler who doesn't like, trust, or use the internet for anything unless absolutely necessary. So they most likely got burnt by the idiotic marketing practice of having multiple unidentified huge green download buttons that infest CNet.
Wednesday October 15, 2014
Drupal Fixes Highly Critical SQL Injection Flaw
Drupal has patched a critical SQL injection vulnerability in version 7.x of the content management system that can allow arbitrary code execution. The flaw lies in an API that is specifically designed to help prevent against SQL injection attacks. "Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks," the Drupal advisory says. "A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks."
SSL broken, again, in POODLE attack
From the researchers that brought you BEAST and CRIME comes another attack against Secure Sockets Layer (SSL), one of the protocols that's used to secure Internet traffic from eavesdroppers both government and criminal.
Calling the new attack POODLE—that's "Padding Oracle On Downgraded Legacy Encryption"—the attack allows a man-in-the-middle, such as a malicious Wi-Fi hotspot or a compromised ISP, to extract data from secure HTTP connections. This in turn could let that attacker do things such as access online banking or e-mail systems. The flaw was documented by Bodo Möller, Thai Duong, and Krzysztof Kotowicz, all of whom work at Google. Thai Duong, working with Juliano Rizzo, described the similar BEAST attack in 2011 and the CRIME attack in 2012.
The attack depends on the fact that most Web servers and Web browsers allow the use of the ancient SSL version 3 protocol to secure their communications. Although SSL has been superseded by Transport Layer Security, it's still widely supported on both servers and clients alike and is still required for compatibility with Internet Explorer 6. SSLv3, unlike TLS 1.0 or newer, omits validation of certain pieces of data that accompany each message. Attackers can use this weakness to decipher an individual byte and time of the encrypted data, and in so doing, extract the plain text of the message byte by byte.
|view older items|