Best Of Blog

Wednesday May 24, 2017

Screenshot - 5_24_2017 , 12_42_02 PM_thumb001.png

Security vulnerability found in movie subtitle files

Yikes, this is unpleasant for those who download subtitles online.

Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC),


posted by mouser donate to mouser - May 24, 2017, 12:40 PM
social bookmark this story (permalink)
(read 11 comments)

Tuesday May 09, 2017

MGEN - Next generation music AI - open source (C++) project looking for collaborators

Programmer Alexey Arkhipenko posted on the forum today looking for collaborators for his new open source automated music composition program..

Alexey writes:

I started a new desktop C++ project, which is aimed at evolution of automated/aided music composition and virtual instruments performance, which (I believe) is a path to the new age in the music world.

Main ideas:
- Create different music composition / analysis / advise algorithms - currently three algorithms are working
- Automatically adapt midi files or generated notes for live playback with best virtual instruments - currently adaptation for piano, Samplemodeling Brass and Embertone Friedlander Violin is working
- Develop the framework (visualization, playback to DAW...) - currently main functions are working

Video introduction (not all features are shown):

Project url:

Click here to read more and discuss..

posted by rualark donate to rualark - May 09, 2017, 01:27 PM
social bookmark this story (permalink)
(read 2 comments)


Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable

Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable

Microsoft on Monday patched a severe code-execution vulnerability in the malware protection engine that is used in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016), just three days after it came to its attention. Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.
The exploit (officially dubbed CVE-2017-0290) allows a remote attacker to take over a system without any interaction from the system owner: it's simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft's malware protection engine—websites, file shares—could be used as an attack vector. Tavis Ormandy, one of the Google Project Zero researchers who discovered the flaw, warned that exploits were "wormable," meaning they could lead to a self-replicating chain of attacks that moved from vulnerable machine to vulnerable machine.


posted by mouser donate to mouser - May 09, 2017, 11:44 AM
social bookmark this story (permalink)
(read 23 comments)

Wednesday May 03, 2017

Beware Google Docs Phishing Scam Today and How to Fix

A particularly convincing looking and wide spread phishing scam went out to lots of people today, appearing to come from a google docs sharing email.

More info here:

A widely reported e-mail purporting to be a request to share a Google Docs document is actually a well-disguised phishing attack. It directs the user to a lookalike site and grants the site access to the target's Google credentials. If the victim clicks on the prompt to give the site permission to use Google credentials, the phish then harvests all the contacts in the victim's Gmail address book and adds them to its list of targets. The phish appears to have been initially targeted at a number of reporters, but it quickly spread widely across the Internet. Some of the sites associated with the attack appear to have been shut down.

How to deal with it if you got tricked into clicking it:

It’s not that this is some “website that looks like google” and is “duplicating the google sign-in page”. It’s an actual Google Doc app, that you have to give permission to access your account details. That’s what makes it so dangerous, that it’s acting as a normal app would, requiring normal google authentication and authorization. It doesn’t gain access to your credentials, but the permissions it requests gives it access to a hell of a lot of stuff in your account. You have to revoke the app permissions at if you gave it access. People are saying on twitter “change your password”, but that won’t revoke access, you have to actively revoke access to disconnect the malicious app from your account. Click on each app in the list, any that are listed for today (or whenever you clicked through the email), revoke it to be safe. For me, it was called something like “Google Docs”, but may not be the same for everyone.

posted by mouser donate to mouser - May 03, 2017, 09:31 PM
social bookmark this story (permalink)
(read 3 comments)

Tuesday April 25, 2017

Screenshot - 4_25_2017 , 4_05_41 PM_thumb002.png

Breakdown of Juicero expensive juice-pack squeezing machine travesty

Last week Bloomberg published an article exposing how easy it is to “hack” Juicero’s produce packs by squeezing them with your hands, deeming the $699 (now $399) WiFi-connected juice press completely unnecessary. Nearly overnight, Juicero has become the posterchild for Silicon Valley excess....

I hope this post serves as a lesson to other hardware startups that spending tens of millions of dollars on product development prior to shipping a single unit is a goal that’s not worth striving for.

Juicero’s Press is an incredibly complicated piece of engineering. Of the hundreds of consumer products I’ve taken apart over the years, this is easily among the top 5% on the complexity scale.

posted by mouser donate to mouser - April 25, 2017, 04:05 PM
social bookmark this story (permalink)
(read 2 comments)

Two amazing talks on the creation of "Legacy" style board games

I've posted before about how I had the most amazing time playing the board game Pandemic Legacy.
Pandemic (2007) is one of the most famous cooperative board games, and it is a great game in its own right.  But the idea of a Legacy game is to add elements to the game that change each time you play it.
Stickers are applied to cards, new boxes are opened revealing new pieces to play with, and new surprises are unveiled as an ongoing story unfolds over the course of a 12-24 games.

It is an incredible experience -- by far the best gaming experience I've hard in decades of playing board games.

It really makes me want to get into making one of these kinds of games..

Anyway, the designers of Pandemic Legacy recently gave a couple of talks on the development of the game, and the talks are surprisingly insightful and useful for anyone considering working on this kind of thing, and I hadn't realized how seriously they considered some of the issues that just seemed to flow naturally during the course of the games..

Highly recommended for anyone interested in this kind of thing..

Video 1:

Video 2:

posted by mouser donate to mouser - April 25, 2017, 02:00 PM
social bookmark this story (permalink)
(read 1 comment)

Thursday April 20, 2017


Game Design Kit

There was a thread a while back about prototyping games, and the high costs of doing so.  But now, there's a kickstarter for that.

The White Box: A Game Design Workshop-in-a-Box

The White Box is a learning, planning, and prototyping tool for tabletop game designers.

It contains a book of 18 essays on game design and production, covering subjects like where to find a great concept, how to use randomness, what to ask playtesters, and whether it’s wise to self-publish.

It includes an abundance of components to get you started right away, from cubes and meeples to dice, discs, and chits.

Maybe you have a golden idea inside you burning to come out. Maybe you want to tell a story or explore a problem. Do you dream of seeing your name on a box at your local game store? Or perhaps you see game design as a path to fame, fortune, and a satisfying career.

The White Box is for aspiring professionals, creative young people, and literally anyone who’s ever wanted to build their own game without having to plunder their game library for bits.

posted by wraith808 donate to wraith808 - April 20, 2017, 12:43 PM
social bookmark this story (permalink)
(read 3 comments)

Monday April 17, 2017

Get legal access to paywalled research and science papers free with Unpaywall

Good news for those of us who follow research and science but don't have deep pockets.

Details here:  http://www.opencultu...e+%28Open+Culture%29

posted by 40hz donate to 40hz - April 17, 2017, 12:09 PM
social bookmark this story (permalink)
(read 10 comments)

Friday March 24, 2017

Some long-overdue updates to my more popular apps - Mar 24, 2017

Mar 24, 2017:

I've uploaded long-overdue updates to some of my more popular apps.

The most significant improvement is that these apps should now look much better on high-DPI screens -- 4k displays and displays where the text size is set to something larger than 100%.

More updates will be coming soon..

posted by mouser donate to mouser - March 24, 2017, 05:17 AM
social bookmark this story (permalink)
(read 2 comments)

Monday March 20, 2017

Screenshot - 3_20_2017 , 1_12_47 AM_thumb001.png

When testing untrustworthy software, remember virtual machines can be escaped

For those of us who occasionally test "untrustworthy" software from sources we can't be sure of, using a virtual machine is generally considered "safe".  Whatever happens in a virtual machine stays in a virtual machine -- or so we hope.

This is just a reminder that malware authors are actively trying to find ways to break out of virtual machines and infect the host pc, and to be careful.

Contestants at this year's Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.


posted by mouser donate to mouser - March 20, 2017, 01:12 AM
social bookmark this story (permalink)
(read 10 comments)

Tuesday February 14, 2017

Screenshot - 2_14_2017 , 5_12_01 AM_thumb001.png

Re: Hardware and software for quality youtube podcasting (for boardgaming)?

Nice long article on getting your podcast recordings to sound amazing: "The ear training guide for audio producers"


"This post will help you identify problematic audio, prevent the most common problems and recognize when it’s time to call for help. It’s a great reference guide for anyone who works with audio, from new producers to seasoned veterans."

posted by mouser donate to mouser - February 14, 2017, 05:12 AM
discovered on
social bookmark this story (permalink)
(read 6 comments)

Saturday February 11, 2017

Screenshot - 2_11_2017 , 8_30_13 AM.png

If you have a Wordpress site you need to patch it against latest vulnerability

Attacks on websites running an outdated version of WordPress are increasing at a viral rate. Almost 2 million pages have been defaced since a serious vulnerability in the content management system came to light nine days ago. The figure represents a 26 percent spike in the past 24 hours.

posted by mouser donate to mouser - February 11, 2017, 08:30 AM
social bookmark this story (permalink)
(read 7 comments)

Wednesday February 08, 2017

Do you know how the "I am not a robot" anti-spam checkboxes work?

Many people don't realize what these "I am not a robot" (re)Captcha things are actually doing..

It's pretty cool -- it's all about watching your BEHAVIOR and mouse movement:

See also: https://nakedsecurit...uivery-mouse-clicks/

posted by mouser donate to mouser - February 08, 2017, 07:30 AM
social bookmark this story (permalink)
(read 5 comments)

Where are the ads? is funded by donations from readers like you. If you find this site useful, please consider becoming a supporting member by making a small one-time donation, in the amount of your choice. | About Us