My heart is ok, but my eyes are bleeding

Originally posted on Leaf Security Research:

TL;DR: heartbleed is bad, but not world ending. OpenSSL is not any more vulnerable because of its freelists and would still be vulnerable without them.

We felt that there weren’t enough heartbleed write-ups yet, so we wrote another one. Unlike many of the other posts, we are not going to talk about the TLS protocol or why we think the heartbeat extension is pointless. Instead, we are going to focus on the bug itself and more specifically, why sensitive data gets leaked.

First we would like to state that, as far as complexity goes, the heartbleed vulnerability is nothing special, but that doesn’t mean it was easy to find. All bugs are easy to spot after someone else points them out to you. Hindsight is 20/20 after all. Riku, Antti and Matti at Codenomicon and Neel Mehta at Google all independently discovered this bug. Neel was also kind enough to…

View original 2,226 more words

Hacker School banning “feigned surprise” is absolutely brilliant

eksith:

“Feigned surprise” should be banned in any organization that purports to bestow knowledge and build confidence as it does the opposite in both.

Originally posted on Coffee Spoons of Code:

[Since you might wonder while reading this piece what my relationship to Hacker School is: I have no relationship with Hacker School. It has been described to me, and I have devoured the blog. If I made a mistake, let me know.]

The biggest insight I’ve had as a programmer is just how often other programmers are portraying false confidence. My natural approach to problem-solving is Socratic, feeling out different ideas and taking small, well-supported steps. Compare and contrast that with making gigantic pronouncements full of bravado. Writing software is inherently an exercise in managing complexity, which is best done with caution.

The best developers I’ve worked with were willing to admit when they didn’t know something. Of course they could learn quickly. If you meet an arrogant developer who pretends to know everything, be careful. To them, their ego is more important than your software. An insecure person who…

View original 244 more words

Text File formats – ASCII Delimited Text – Not CSV or TAB delimited text

Originally posted on Ronald Duncan's Blog:

Unfortunately a quick google search on “ASCII Delimited Text” shows that IBM and Oracle failed to read the ASCII specification and both define ASCII Delimited Text as a CSV format.  ASCII Delimited Text should use the record separators defined as ASCII 28-31.

The most common formats are CSV (Comma Separated Values) and tab delimited text.  Tab delimited text breaks when ever you have either a field with a tab or a new line in it, and CSV breaks depending on the implementation on Quotes, Commas and lines. Sadly Quotes, Commas and Tab characters are very common in text, and this makes the formats extremely bad for exporting and importing data.  There are some other formats such as pipe (|) delimited text, and whilst better in that | is less frequently used they still suffer from being printable characters that are entered into text, and worst of all people, when they…

View original 183 more words

Virtual Reality and the F word

People hate Facebook for almost the same reasons they hate the DMV. They’ve become a de-facto license provider for content and contacts with friends and this is even before we get to the privacy issues. After all, you can’t drive to see your folks or drive to a political rally by car without a license. The act ( driving ) and the means ( car ) require special access now that enables said privileges and, to my eye, much the same as commenting on a blog post or seeing your family and friends.

The act ( commenting ) and the means ( site ) require special access as well. The major difference, of course, is that the Department of Motor Vehicles is a government institution and Facebook is a convenience institution. Both have dubious records keeping private records private; one due to incompetence and the other due to profit.

Plenty of sites E.G. Quora and Scribd make Facebook the login provider and, in many cases, the only means to interact such as leaving feedback. So many, in fact that virtually everyone I bump into these days look at their FB account with disdain, yet keep it around for fear of losing contact. Much like the DMV, Facebook is a necessary ( arguable ) evil.

Via @jasonforal

Via @jasonforal

So Oculus VR

Oculus VR created the best and, thus far, only product that takes us closer to the goal of fully immersive VR. Previous efforts have been marginal successes at best and vaporware at worst, however OR was one of the first to not only have the viable product, but a usable development framework that is already seeing applications put into practice. When they signed aboard the legendary developer and sexy beast ( anti-lag and anti-me ) John Carmack of Doom, Quake and Wolfenstein 3D and, more recently Armadillo Aerospace fame aboard, we all thought “now we’re actually getting somewhere with VR!”

If you haven’t been off the tech radar for a while or, like me, are a borderline luddite, you’ve probably come across the product or at least the name of this nifty company. Oculus Rift ( OR ) aims to do for Virtual Reality, what the mobile phone did for communication. To strip it from the pages of speculative fiction and bring about a new age of interaction and experience into the world of gaming and… herein lies the problem.

Oculus was bought by Facebook for $2 Billion, with a b, a capital B and illion boy howdy that’s a lot of money, probably. Now we have a company that aims to reimagine the way we experience reality and a company that has rewired the way we experience experiences. They both touch upon the need for voyeurism and vicarious fancy, of the innocent kind I’m sure, that we all possess to some degree. The problem is what will Facebook, a profile vendor much like Google is an ad space vendor, will do to the experience that OR brings.

Is this the kind of power we want to leave in the hands of a private profile vendor?

That’s a stupid question.

It’s a stupid question because the answer to it is irrelevant no matter what the appropriateness is of a Virtual Reality vendor teaming up with a company known for selling experiences. Or rather the profiles of those having those experiences.

Cannot be unseen

You can close your eyes, but you cannot avert them or look away from the experience completely without taking off the set. We’re far away from contact lenses that will directly project an image into your eyes, but not too far from the fact that OR is capable of creating a full immersive experience that’s pretty much the next best thing until the next leap in technological progress.

Facebook is no longer interested in just your vacation in Hawaii. They’re interested in selling Hawaii to you right at home into your eyes. Not only that, it isn’t a far stretch of an imagination to see a future in which you not only share your profiles via text, but profiles as experiences. Why leave home when you can live with your family without actually getting on that car at all? And with that, I have fulfilled my Philip K. Dick quota for the day.

Facebook’s purchase makes perfect sense in that context and it would have been stupid for Oculus VR, which engages in some of the most expensive research in tech space, to turn down the offer.

Whether we like it or not, we’re living in a world that any product or service that can be imagined, will eventually be created and experienced with varying degrees of success. Whether Oculus VR or some other company will take the last mantle of glory is yet to be seen, but suffice it to say, we’re not too far off from the time when people will look back at our text and emoji based status updates and exclaim, “my, how quaint!” or an equivalent in whatever vernacular exists at the time.

New Ascetics

Originally posted on FormFonts 3D Models:

by Fred Abler

Something small is happening. A generation of young people have come down with ‘cabin fever’. The viral vector spreading this fever is a tumble-log called Cabin Porn. If you haven’t heard about it yet, well… you just did.

Cabin Porn is a visual atlas of cabin typology – dilapidated cabins from the last century, spanky new cabins, lake cabins, remote cabins, slab-cabins. Cabins, shacks and huts, small… and even smaller.

Fig 1.Image of a hiker’s hut near Arthur’s Pass, New Zealand.  Submitted by Greg Brown. Stress heads at work can now visit their ‘quiet place’ online at Cabin Porn.  DSFW – Definitely Safe for Work.

The Blogging-sphere has enjoyed round speculation as to why Cabin Fever is upon us. Everything from ‘urban hipster angst’, to ‘channeling your inner-Thoreau’, or simply the ‘need to find a quiet place’ have been proposed.

But in an age…

View original 375 more words