Newegg hurtles toward Texas showdown with famed “patent troll”

Posted on November 18, 2013 by mea

But Jones didn’t invent SSL; nor did he invent RC4, an algorithm invented in 1987, two years before the filing date of the Jones patent.

Whatever his invention is, it came before the World Wide Web, which was made available to everyone in 1993. Jones filed for his patent in 1989, and it uses some distinctively pre-Web vocabulary; describing encryption via modems and phone lines.

via Newegg hurtles toward Texas showdown with famed “patent troll” | Ars Technica.

By claiming such common encryption, the TQP patent is essentially a “we-own-the-Internet” patent. Spangenberg declined to speak to Ars for this story, but in an August interview he said the TQP licensing campaign has reaped around $40 million in revenue.

Artificial Photosynthesis Made Practical

Posted on November 17, 2013 by mea

If you want hydrogen to power an engine or a fuel cell, it’s far cheaper to get it from natural gas than to make it by splitting water. Solar power, however, could compete with natural gas as a way to make hydrogen if the solar process were somewhere between 15 and 25 percent efficient, says the U.S. Department of Energy. While that’s more than twice as efficient as current approaches, researchers at Stanford University have recently developed materials that could make it possible to hit that goal. The work is described in the journal Science.

via Artificial Photosynthesis Made Practical | MIT Technology Review.

FCC: Unlock or We Regulate

Posted on November 17, 2013 by mea

The FCC’s new chairman, Tom Wheeler, is taking the wireless operators to task over their cellphone unlocking policies in his first month on the job. He has told them to get moving on addressing consumers’ rights to unlock their phones once their contracts are fulfilled — or they will face regulation.

via FCC: Unlock or We Regulate | Light Reading.

inForm Dynamic Shape Output

Posted on November 16, 2013 by mea

The mechanism of MIT’s new shapeshifting output device is remarkably simple. It is based on the well known pin screen devices that you can use to take a 3D impression of an object. A 2D plate of pins can be moved to create a surface.

Via inForm Dynamic Shape Output

Should arrays start with 0 or 1?

Posted on November 15, 2013 by mea

“Should array indices start at 0 or 1? My compromise of 0.5 was rejected without, I thought, proper consideration.” — Stan Kelly-Bootle

via Citation Needed – blarg?.

Microsoft Warns Customers Away From RC4, SHA-1

Posted on November 14, 2013 by mea

RC4 is among the older stream cipher suites in use today, and there have been a number of practical attacks against it, including plaintext-recovery attacks. The improvements in computing power have made many of these attacks more feasible for attackers, and so Microsoft is telling developers to drop RC4 from their applications.

via Microsoft Warns Customers Away From RC4, SHA-1 | Threatpost | The First Stop For Security News.

The software company also is recommending that certificate authorities and others stop using the SHA-1 algorithm.

Your visual how-to guide for SELinux policy enforcement

Posted on November 13, 2013 by mea

Note: SELinux does not let you side step DAC Controls. SELinux is a parallel enforcement model. An application has to be allowed by BOTH SELinux and DAC to do certain activities. This can lead to confusion for administrators since the process gets Permission Denied. Administrators see Permission Denied means something is wrong with DAC, not SELinux labels.

via Your visual how-to guide for SELinux policy enforcement | opensource.com.\

DAC=Discretionary Access Control

SELinux is a powerful labeling system, controlling access granted to individual processes by the kernel. The primary feature of this is type enforcement where rules define the access allowed to a process is allowed based on the labeled type of the process and the labeled type of the object.

For regular users SELinux can be a complete PITA which usually needs to be disabled or set to just log the violation only. I recall in past years installing some service and trying to figure out why it wouldn’t work until the logs revealed I didn’t have things set up in a way SELinux wants. Currently I try and minimize SELinux violations because it seems like it has a point most of the time.

The second operating system hiding in every mobile phone

Posted on November 13, 2013 by mea

The insecurity of baseband software is not by error; it’s by design. The standards that govern how these baseband processors and radios work were designed in the ’80s, ending up with a complicated codebase written in the ’90s – complete with a ’90s attitude towards security. For instance, there is barely any exploit mitigation, so exploits are free to run amok. What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted. Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave.

via The second operating system hiding in every mobile phone.

From: Baseband Hacking: A New Frontier for Smartphone Break-ins

Previously, mobile hacking attempts have involved the phone’s operating system or other software, but this one focuses on breaking into a phone’s baseband processor, which is the hardware that sends and receives radio signals to cell towers.

Trio of young coders build health-care website in days

Posted on November 12, 2013 by mea

“We were surprised to see that it was actually fairly difficult to use HealthCare.gov to find and understand our options,” he told CNN. “Given that the data was publicly available, we thought that it made a lot of sense to take the data that was on there and just make it easy to search through and view available plans.”

The result is a bare-bones site that lets users enter their zip code, plus details about their family and income, to find suggested plans in their area.

via Trio of young coders build health-care website in days – CNN.com.

The site is here at www.thehealthsherpa.com and it seems pretty damn good!

Cisco-threatening open switch coming from Facebook, Intel, and Broadcom

Posted on November 12, 2013 by mea

The network project would similarly provide an alternative to vendors like Cisco, Arista Networks, and Dell’s Force 10 division. The Open Compute Project promises a “specification and a reference box for an open, OS-agnostic top-of-rack switch.” Whether that reference box will be based on an amalgam of submitted specifications or just one of them isn’t clear yet, and no release date has been set.

via Cisco-threatening open switch coming from Facebook, Intel, and Broadcom | Ars Technica.

In response to today’s Facebook announcement, Cisco said in a statement to Ars, “It’s important to acknowledge that the largest web-scale companies driving OCP have the skills, resources, and specialized traffic patterns that justify considering this approach carefully. However, most IT departments won’t relish taking on the additional operational cost, skills and expertise that are required to integrate their own technology.

Bucktown Bell

Cut to the chase.