For this “controlled interruption” JAS recommends returning an address within the 127/8 loopback range: “Responding with an address inside 127/8 will likely interrupt any application depending on an NXDOMAIN or some other response, but importantly also prevents traffic from leaving the requestor’s network and blocks a malicious actor’s ability to intercede.”
Instead of the familiar 127.0.0.1 loopback address for localhost, the report suggests “127.0.53.53”. Because the result is so unusual, it’s likely to be flagged in logs and sysadmins who aren’t aware of a name collision issue are likely to search online for information about the address problems.
Bitcoin Exchange Mt. Gox Goes Offline Amid Allegations of $350 Million Hack
A coalition of bitcoin businesses — including bitcoin wallet-makers Coinbase and Blockchain — quickly put out a statement as news of the hack spread. “This tragic violation of the trust of users of Mt. Gox was the result of one company’s abhorrent actions and does not reflect the resilience or value of bitcoin and the digital currency industry,” they said. “There are hundreds of trustworthy and responsible companies involved in bitcoin.”
Coding Horror: App-pocalypse Now
Let’s start with the basics. How do you know which apps you need? How do you get them installed? How do you keep them updated? How many apps can you reasonably keep track of on a phone? On a tablet? Just the home screen? A few screens? A dozen screens? When you have millions of apps out there, this rapidly becomes less of a “slap a few icons on the page” problem and more of a search problem like the greater web. My son’s iPad has more than 10 pages of apps now, we don’t even bother with the pretense of scrolling through pages of icons, we just go straight to search every time.
Background Monitoring on Non-Jailbroken iOS 7 Devices
We have created a proof-of-concept “monitoring” app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.
via Background Monitoring on Non-Jailbroken iOS 7 Devices — and a Mitigation | FireEye Blog.
Before Apple fixes this issue, the only way for iOS users to avoid this security risk is to use the iOS task manager to stop the apps from running in the background to prevent potential background monitoring.
Yikes! This might be a problem for android devices as well. I have noticed that since a device stays on 24/7 resident apps can build up in the background because even though you think you closed an app it sometimes doesn’t actually close as in terminate until its icon is touched to activate. The proof of concept above got this “keylogger” through Apple’s App Store which is pretty remarkable.
How to prevent hidden cost of open source software
Following list contains criteria we use to evaluate whether we use an open source or not
- Is product sponsored by a company? It is a critical criterion if a product plays a critical role in your application and you do not have an alternative choice for it.
- Is open source license suitable for your product? It is illegal for you to deliver a commercial and closed source product include an open source library has a license is GPL
- Does open source product has good quality?
- Is open source product still be supported by adding new features, bug fix?
via How to prevent hidden cost of open source software – VietNam Software Outsourcing Service Company.
Grammar a bit bad but advice seems well grounded. All the above answers should be Yes.
20 superb data visualisation tools for web designers
One of the most common questions I get asked is how to get started with data visualisations. Beyond following blogs, you need to practise – and to practise, you need to understand the tools available. In this article, I want to introduce you to 20 different tools for creating visualisations: from simple charts to complex graphs, maps and infographics. Almost everything here is available for free, and some you have probably installed already.
via 20 superb data visualisation tools for web designers | Design | Creative Bloq.
Who needs sunlight? In Arizona, solar power never sleeps
In a parabolic trough plant like Solana, the mirrors are curved inward, with a glass tube running along the deepest point, or trough, of each mirror. The tube is full of synthetic oil (also known as heat transfer fluid, or HTF). The concave mirrors concentrate light onto this HTF, heating it to 740 degrees Fahrenheit. The system is extremely efficient in collecting heat and concentrating it to a blistering level; when I asked what would happen if I touched the tube, the reply was a curt “Trust me, you definitely don’t want to do that.”
Once the oil is up to temperature, about 270 miles of pipe transport it to the power block, where the HTF takes one of two pathways, depending on Solana’s current needs.
via Who needs sunlight? In Arizona, solar power never sleeps | Ars Technica.
Are We Shooting Ourselves in the Foot with Stack Overflow?
Unless you’ve been living under a rock for a past couple of years, you must have heard of the Toyota unintended acceleration (UA) cases, where Camry and other Toyota vehicles accelerated unexpectedly and some of them managed to kill people and all of them scared the hell out of their drivers.
The recent trial testimony delivered at the Oklahoma trial by an embedded guru Michael Barr for the fist time in history of these trials offers a glimpse into the Toyota throttle control software. In his deposition, Michael explains how a stack overflow could corrupt the critical variables of the operating system (OSEK in this case), because they were located in memory adjacent to the top of the stack. The following two slides from Michael’s testimony explain the memory layout around the stack and why stack overflow was likely in the Toyota code (see the complete set of Michael’s slides).
via Are We Shooting Ourselves in the Foot with Stack Overflow? « State Space.
WhatsApp, Bought by Facebook for $19 Billion, Promotes a Radical Anti-Corporate Message
The eye-popping price tag—about one-tenth the entire value of Facebook—is the shocker that’s drawn much media notice. But there’s another element to the story that is astounding: Koum and Acton have published a manifesto that radically critiques the foundation of modern capitalism—advertising—and denounces materialism. Facebook’s business model, of course, depends upon both.
Will Koum and Acton become part of the Borg they so eloquently decried? The first rule of Fight Club was “You do not talk about fight club.” The second rule was “You do not talk about fight club.” Now that Koum and Acton are billionaires and über-players on the tech scene, will they continue to spread their anti-consumerism, tech-is-for-the-people gospel? Will they change Facebook, or will Facebook change them?
Open Source Programming to the Software-Defined Network
Today, OpenDaylight is an open source platform for network programmability to enable SDN and create a solid foundation for Network Functions Virtualization (NFV) for networks at any size and scale. OpenDaylight software is a combination of components including a fully pluggable controller, interfaces, protocol plug-ins, and applications. The Northbound (programmatic) and Southbound (implementation) interfaces are meant to be clearly defined and documented APIs for network applications.
via OpenDaylight: Open Source Programming to the Software-Defined Network.
OpenDaylight delivered its first developer release, Hydrogen, on February 5th, 2014.