The mechanism of MIT’s new shapeshifting output device is remarkably simple. It is based on the well known pin screen devices that you can use to take a 3D impression of an object. A 2D plate of pins can be moved to create a surface.
Should arrays start with 0 or 1?
“Should array indices start at 0 or 1? My compromise of 0.5 was rejected without, I thought, proper consideration.” — Stan Kelly-Bootle
Microsoft Warns Customers Away From RC4, SHA-1
RC4 is among the older stream cipher suites in use today, and there have been a number of practical attacks against it, including plaintext-recovery attacks. The improvements in computing power have made many of these attacks more feasible for attackers, and so Microsoft is telling developers to drop RC4 from their applications.
via Microsoft Warns Customers Away From RC4, SHA-1 | Threatpost | The First Stop For Security News.
The software company also is recommending that certificate authorities and others stop using the SHA-1 algorithm.
Your visual how-to guide for SELinux policy enforcement
Note: SELinux does not let you side step DAC Controls. SELinux is a parallel enforcement model. An application has to be allowed by BOTH SELinux and DAC to do certain activities. This can lead to confusion for administrators since the process gets Permission Denied. Administrators see Permission Denied means something is wrong with DAC, not SELinux labels.
via Your visual how-to guide for SELinux policy enforcement | opensource.com.\
DAC=Discretionary Access Control
SELinux is a powerful labeling system, controlling access granted to individual processes by the kernel. The primary feature of this is type enforcement where rules define the access allowed to a process is allowed based on the labeled type of the process and the labeled type of the object.
For regular users SELinux can be a complete PITA which usually needs to be disabled or set to just log the violation only. I recall in past years installing some service and trying to figure out why it wouldn’t work until the logs revealed I didn’t have things set up in a way SELinux wants. Currently I try and minimize SELinux violations because it seems like it has a point most of the time.
The second operating system hiding in every mobile phone
The insecurity of baseband software is not by error; it’s by design. The standards that govern how these baseband processors and radios work were designed in the ’80s, ending up with a complicated codebase written in the ’90s – complete with a ’90s attitude towards security. For instance, there is barely any exploit mitigation, so exploits are free to run amok. What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted. Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave.
via The second operating system hiding in every mobile phone.
From: Baseband Hacking: A New Frontier for Smartphone Break-ins
Previously, mobile hacking attempts have involved the phone’s operating system or other software, but this one focuses on breaking into a phone’s baseband processor, which is the hardware that sends and receives radio signals to cell towers.
Trio of young coders build health-care website in days
“We were surprised to see that it was actually fairly difficult to use HealthCare.gov to find and understand our options,” he told CNN. “Given that the data was publicly available, we thought that it made a lot of sense to take the data that was on there and just make it easy to search through and view available plans.”
The result is a bare-bones site that lets users enter their zip code, plus details about their family and income, to find suggested plans in their area.
via Trio of young coders build health-care website in days – CNN.com.
The site is here at www.thehealthsherpa.com and it seems pretty damn good!
Cisco-threatening open switch coming from Facebook, Intel, and Broadcom
The network project would similarly provide an alternative to vendors like Cisco, Arista Networks, and Dell’s Force 10 division. The Open Compute Project promises a “specification and a reference box for an open, OS-agnostic top-of-rack switch.” Whether that reference box will be based on an amalgam of submitted specifications or just one of them isn’t clear yet, and no release date has been set.
via Cisco-threatening open switch coming from Facebook, Intel, and Broadcom | Ars Technica.
In response to today’s Facebook announcement, Cisco said in a statement to Ars, “It’s important to acknowledge that the largest web-scale companies driving OCP have the skills, resources, and specialized traffic patterns that justify considering this approach carefully. However, most IT departments won’t relish taking on the additional operational cost, skills and expertise that are required to integrate their own technology.
Singles’ Day Is China’s Cyber Monday
The holiday hasn’t always been about shopping. Five years ago, only about two dozen companies were offering discounts on Singles’ Day, also known as “Double 11.”
Then Alibaba entered the game in 2009 and within three years, Singles’ Day had become the biggest 24-hour shopping event in the world.
via Singles’ Day Is China’s Cyber Monday – Business Insider.
Stop listening to your users
He said after the application is released, they don’t learn from the complaints nearly as much as they learn from watching the employees use the application on the job and see where the issues are. It’s much easier to observe the problem than trying to tease it out of the users.
You Are a Rogue Device
The user’s guide for one of Aruba’s recent software products states: “The wireless network has a wealth of information about unassociated and associated devices.” That software includes “a location engine that calculates associated and unassociated device location every 30 seconds by default… The last 1,000 historical locations are stored for each MAC address.”
For now, Seattle’s mesh network is concentrated in the downtown area. But the SPD has indicated in PowerPoint presentations—also acquired by The Stranger—that it hopes to eventually have “citywide deployment” of the system that, again, has potential surveillance capabilities that the SPD declined to answer questions about. That could give a whole new meaning to the phrase “real-time situational awareness.”
This is why you should always have wifi disabled, in “airplane mode,” turned off when not in use. Only turn on wifi for your device manually when you need to use a network. Doing this also extends battery life because running the radio interface uses a lot of juice. This network they built in Seattle would have great public benefit if it were open for all to use and there’s few engineering reasons why it can’t be. Since emergencies are rare may as well utilize it and then kick people off indiscriminately when the network truly is needed. I suspect however it’s not open for use by the rabble. Another blurb from the article:
It’s reasonable to assume that locally gleaned information will be shared with other organizations, including federal ones. An SPD diagram of the mesh network, for example, shows its information heading to institutions large and small, including the King County Sheriff’s Office, the US Coast Guard, and our local fusion center.
Fusion centers, if you’re unfamiliar with the term, are information-sharing hubs, defined by the Department of Homeland Security as “focal points” for the “receipt, analysis, gathering, and sharing” of surveillance information.
At least if they’re going to spy provide some value to the spied upon “user.”