According to Wood, the file, which can be found at /Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog, contains more than just the user’s login information.
In re-testing the vulnerability last night Wood discovered that the user’s full name, address, device ID and geolocation data are all being stored in clear text as well. This information popped up after Wood reinstalled the app and monitored the session.cslog file during user signup.
A list of four special Linux distributions for kids
Learning at an early age can be best enhanced in an environment that encourages exploration. There is no other operating system that offers such variety and autonomy to customize the system based on specific needs like Linux. Like toys and clothes for kids, the Linux community has developed specific operating systems that can offer them a fun learning environment. I believe that to boost curiosity in kids, it is important to create a set up that gives them a feeling of wonder.
via A list of four special Linux distributions for kids | opensource.com.
I haven’t installed any of these but found the concept interesting.
Federal Court Strikes Down Net Neutrality Rules, Sides with Big Telecom
In other words, the FCC didn’t have the authority to impose its rules because it defined broadband internet as an information service rather than a common carrier service, like telephones.
via Federal Court Strikes Down Net Neutrality Rules, Sides with Big Telecom.
How Is Reactive Different from Procedural Programming?
A recent post on Reactive Programming triggered discussions about what is and isn’t considered Reactive Logic. In fact, many have already discovered that Reactive Programming can help improve quality and transparency, reduce programming time and decrease maintenance. But for others, it raises questions like:
- How does Reactive differ from conventional event-oriented programming?
- Isn’t Reactive just another form of triggers?
- What kind of an improvement in coding can you expect using Reactive and why?
So to help clear things up, here is a real-life example that will show the power and long-term advantages Reactive offers. In this scenario, we’ll compare what it takes to implement business logic using Reactive Programming versus two different conventional procedural Programming models: Java with Hibernate and MySQL triggers.
Zero-Day Flaws Found, Patched In Siemens Switches
The Siemens switch zero-day vulnerabilities are in the Web server interface to the devices. The researcher says the first of the two zero-day flaws he found in the Siemens SCALANCE X-200 switch was basic: a poorly constructed session ID setup, which would allow an attacker to hijack an administrative session on the switch without credentials. The session ID basically exposes the client’s IP address so an attacker could then hijack the admin’s Web-based session while managing the switch. “But you don’t log onto these switches very often — maybe once a year– so, in that sense, it’s a weak vulnerability,” he says.
The more critical zero-day Leverett found in the switch was the second one, which would let an attacker take over the admin operations of the switch — no authentication required. The attacker could then download any network configuration information, or upload a malware-ridden firmware update, for example, Leverett says. “The device assumes if you know the URL, you must have authentication. But it never asks you to authenticate [for it],” he says.
via Zero-Day Flaws Found, Patched In Siemens Switches — Dark Reading.
xkcd 1313: Regex Golf
I found that the hover text, “/bu|[rn]t|[coy]e|[mtg]a|j|iso|n[hl]|[ae]d|lev|sh|[lnd]i|[po]o|ls/ matches the last names of elected US presidents but not their opponents.“, contains a confusing contradiction. There are several last names (like “Nixon”) that denote both elected presidents and opponents. So no regular expression could both match and not match “Nixon”. I could only assume that Randall meant for these names to be winners and not losers (and in fact he later confirmed that was the correct interpretation).
So that got me thinking: can I come up with an algorithm to find a short regex that covers the winners and not the losers?
I started by finding a page that lists winners and losers of US presidential elections through 2000. Adding the 2004-2012 results I get: …
Apparently there is a Regex Golf game.
Type a regex in the box. You get ten points per correct match. Hit Enter to go to the next ‘level’.
Nook sales crashed by over 66 percent during 2013 holiday season
On Thursday, Barnes & Noble announced that “device and accessories sales” plummeted to $88.7 million during the October through December 2013 holiday period, a drop of 66.7 percent. The company attributed the drop to “lower unit selling volume and lower average selling prices.” Of course, that’s prime shopping season, when most retailers see a spike in sales. The company added that “digital content sales” were $36.5 million during the same time frame, a drop of 27.3 percent.
via Nook sales crashed by over 66 percent during 2013 holiday season | Ars Technica.
Weaknesses – Bitcoin
An attacker that controls more than 50% of the network’s computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:
- Reverse transactions that he sends while he’s in control. This has the potential to double-spend transactions that previously had already been seen in the block chain.
- Prevent some or all transactions from gaining any confirmations
- Prevent some or all other miners from mining any valid blocks
via Weaknesses – Bitcoin.
With less than 50%, the same kind of attacks are possible, but with less than 100% rate of success. For example, someone with only 40% of the network computing power can overcome a 6-deep confirmed transaction with a 50% success rate.
Many eyes on Earth
By contrast, the swarm satellites’ cameras will always be on, photographing everything in their path and, owing to their numbers, will pass over the same points on Earth with a frequency of hours to a few days, depending on latitude.
The biggest customers of conventional commercial imaging satellites are governments, in particular intelligence agencies and the military. Prices can be prohibitive for many other potential users, including researchers,
via Many eyes on Earth : Nature News & Comment.
Because the swarms are still to be launched, scientists have yet to fully assess the quality of the imagery. But the satellites’ spatial resolutions of 1–5 metres are much higher than those of most scientific satellites. Landsat, NASA’s Earth-observation workhorse, for example, has a resolution of 15–100 metres depending on the spectral frequency, with 30 metres in the visible-light range.
How Not To Sort By Average Rating
PROBLEM: You are a web programmer. You have users. Your users rate stuff on your site. You want to put the highest-rated stuff at the top and lowest-rated at the bottom. You need some sort of “score” to sort by.
via How Not To Sort By Average Rating.
CORRECT SOLUTION: Score = Lower bound of Wilson score confidence interval for a Bernoulli parameter
Say what: We need to balance the proportion of positive ratings with the uncertainty of a small number of observations. Fortunately, the math for this was worked out in 1927 by Edwin B. Wilson. What we want to ask is: Given the ratings I have, there is a 95% chance that the “real” fraction of positive ratings is at least what? Wilson gives the answer. Considering only positive and negative ratings (i.e. not a 5-star scale), the lower bound on the proportion of positive ratings is given by:
