The Comcast Merger Isn’t About Lines On A Map; It’s About Controlling The Delivery Of Information

Posted on by

The joy of being a vertically integrated company is being able to exercise something called vertical leverage. Basically, the bigger Comcast gets, the more extraordinary financial power they wield. The terms they can negotiate upstream and downstream are more likely to be favorable to them, and not to anyone else.

A report [PDF] from the Consumer Federation of America calls these “bottleneck points.” And the bigger Comcast gets, the more of them they have — as in their recent peering dispute with Netflix.

via The Comcast Merger Isn’t About Lines On A Map; It’s About Controlling The Delivery Of Information – Consumerist.

In the end, making Comcast bigger only gives it more leverage — a company that would control the lion’s share of to-the-home information for this country. Until such a time when (and if) wireless and fiber providers begin offering a service that competes with cable Internet on speed, availability and cost, consumers are only going to see the walls around Comcast’s sandbox grow taller, while bottlenecked Internet businesses face higher and higher tolls for access to a huge portion of American homes and offices.

BASIC at 50

Posted on by

At 4 a.m. on May 1, 1964, in the basement of College Hall, Professor John Kemeny and a student programmer simultaneously typed RUN on neighboring terminals. When they both got back correct answers to their simple programs, time-sharing and BASIC were born.

via BASIC at 50.

Dropbox’s Next Chapter: Corporate Customers, IPO, Condi Rice, and Eddie Vedder

Posted on by

Many corporations altogether forbid the use of Dropbox (including Bloomberg LP, parent of Bloomberg Businessweek). Security software maker Symantec (SYMC) posts online instructions on how clients can block Dropbox, while Citrix (CTXS), which provides a competing product, found Dropbox to be one of the most blacklisted applications by companies in a 2012 report. Even businesses that use Dropbox often do so with caution. “It’s extremely convenient to share marketing materials,” says Markus Ament, chief product officer of Taulia, a five-year old cloud-computing startup. “We try to avoid using Dropbox for sensitive data. Right now, we’re not taking any chances.”

via Dropbox’s Next Chapter: Corporate Customers, IPO, Condi Rice, and Eddie Vedder – Businessweek.

More on Heartbleed

Posted on by

This is a pretty serious problem so I’ll devote more space to  another collection of tidbits from various sources.

EDITED TO ADD (4/9): Has anyone looked at all the low-margin non-upgradable embedded systems that use OpenSSL? An upgrade path that involves the trash, a visit to Best Buy, and a credit card isn’t going to be fun for anyone.

via Schneier on Security: Heartbleed.

From: https://news.ycombinator.com/item?id=7548991

The fact is that no programmer is good enough to write code which is free from such vulnerabilities. Programmers are, after all, trained and skilled in following the logic of their program. But in languages without bounds checks, that logic can fall away as the computer starts reading or executing raw memory, which is no longer connected to specific variables or lines of code in your program. All non-bounds-checked languages expose multiple levels of the computer to the program, and you are kidding yourself if you think you can handle this better than the OpenSSL team.

We can’t end all bugs in software, but we can plug this seemingly endless source of bugs which has been affecting the Internet since the Morris worm. It has now cost us a two-year window in which 70% of our internet traffic was potentially exposed. It will cost us more before we manage to end it.

Ironic how the above link uses https.  The Ars Technica article below has interesting screenshots.

From: Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style

For an idea of the type of information that remains available to anyone who knows how to use open source tools like this one, just consider Yahoo Mail, the world’s most widely used Web mail service. The images below were recovered by Mark Loman, a malware and security researcher with no privileged access to Yahoo Mail servers. The plaintext passwords appearing in them have been obscured to protect the Yahoo Mail users they belong to, a courtesy not everyone exploiting this vulnerability is likely to offer. To retrieve them, Loman sent a series of requests to servers running Yahoo Mail at precisely the same time as the credentials just happened to be stored—Russian roulette-style—in Yahoo memory.

OpenSSL bug CVE-2014-0160

Posted on by

If you’re using an older OpenSSL version, you’re safe.

via OpenSSL bug CVE-2014-0160 | The Tor Blog.

I find that statement quite interesting due to how many security experts tout keeping your software constantly updated without realizing sometimes updates can introduce exploit vectors.

From:  The Heartbleed Bug

What makes the Heartbleed Bug unique?

Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

Am I affected by the bug?

You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL.

From: Exploits allow attackers to obtain private keys used to decrypt sensitive data.

They called on white-hat hackers to set up “honeypots” of vulnerable TLS servers designed to entrap attackers in an attempt to see if the bug is being actively exploited in the wild. The researchers have dubbed the vulnerability Heartbleed because the underlying bug resides in the OpenSSL implementation of the TLS heartbeat extension as described in RFC 6520 of the Internet Engineering Task Force.

The beginners guide to breaking website security with nothing more than a Pineapple

Posted on by

What you’re looking at in the image above is a little device about the size of a cigarette packet running a piece of firmware known as “Jasager” (which over in Germany means “The Yes Man”) based on OpenWrt (think of it as Linux for embedded devices). Selling for only $100, it packs Wi-Fi capabilities, a USB jack, a couple of RJ45 Ethernet connectors and implements a kernal mode wireless feature known as “Karma”.

via Troy Hunt: The beginners guide to breaking website security with nothing more than a Pineapple.

But why on earth would a victim connect to the Pineapple in the first place?! Well firstly, we’ve become alarmingly accustomed to connecting to random wireless access points whilst we’re out and about. When the average person is at the airport waiting for a flight and sees an SSID named “Free Airport Wi-Fi”, what are they going to do? Assume it’s an attacker’s honeypot and stay away from it or believe that it’s free airport Wi-Fi and dive right in? Exactly.

Ubiquiti Networks, Inc.

Posted on by

Ubiquiti Networks (NASDAQ: UBNT) is closing the digital divide by building network communication platforms for everyone and everywhere. With over 10 million devices deployed in over 180 countries, Ubiquiti is transforming under-networked businesses and communities. Our leading edge platforms, airMAX™, UniFi™, airFiber™, airVision™, mFi™ and EdgeMAX™ combine innovative technology, disruptive price performance and the support of a global user community to eliminate barriers to connectivity.

via About Us | Ubiquiti Networks, Inc..

Ubiquiti is a competitor of Ruckus wireless.  Here’s an interesting review using some of Ruckus’ products.

Another competitor is Xirrus.  And also Aruba and of course Cisco.

Inside Major League Baseball’s “Hypothesis Machine”

Posted on by

Baseball data, over 95% of which has been created over the last five years, will continue to mount—leading MLB decision-makers to invest in more powerful analytics tools. While there are plenty of business intelligence and database options, teams are now looking to supercomputing—or at least, the spawn of HPC—to help them gain the competitive edge.

via Inside Major League Baseball’s “Hypothesis Machine”.

Please.  The problem with current baseball analytics isn’t the deluge of data, it’s the deluge of crackpot theories that add more and more irrelevant variables to the mix.  Most baseball analytics misuse mathematics and created by people who are simply selling a website.

Speaking of selling a website; is this a good place to introduce the sister site to bucktownbell.com?  🙂

baseball.brandylion.com

All data in above data model crunched using perl,awk, and bash on a standard PC.  Baseball is not that complicated where it requires a supercomputer to crunch historical or current season data.  More  from the article…

He explained that what teams, just like governments and drug development researchers, are looking for is a “hypothesis machine” that will allow them to integrate multiple, deep data wells and pose several questions against the same data.

Washington University team builds out prototype to win first GlobalHack

Posted on by

Each team had to create an application that scores and weighs sales opportunities in Salesforce according to an algorithm, then displays the ranked opportunities in a graphical user interface.

Gabe Lozano, co-founder of the event and CEO at LockerDome, told Silicon Prairie News that the team built out all of the UI/UX, integrated it with Salesforce and created a prototype-grade algorithm within the 48-hour window. As a result, TopOPPS is going to expand upon the team’s work for the earliest versions of its software.

via Washington University team builds out prototype to win first GlobalHack – Silicon Prairie News.