Skip to content

Welcome
Hardware
Internet
Networking
Security
Data Recovery
Duplication
Support
Contact
Webmail

Monthly Archives: February 2020

For anyone wondering what all the different Adobe apps actually do…

Category: Technology

Search for:

Recent Posts

Why Quake3 was so fast : Fast Inverse Square Root
A Nice Little Cryptography Primer
pfSense / Wireguard / Bad Code / Close Call
Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)
Cryptocurrencies and Coinbase

Slashdot

News for nerds

Nine WiFi Routers Used by Millions Were Vulnerable to 226 Flaws
by EditorDavid on 05/12/2021 at 4:34 am
"Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them," reports Bleeping Computer, "even when running the latest firmware." Slashdot reader joshuark shared their report: The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people... Researchers at IoT Inspector carried out the security tests in collaboration with CHIP magazine, focusing on models used mainly by small firms and home users. "For Chip's router evaluation, vendors provided them with current models, which were upgraded to the latest firmware version," Florian Lukavsky, CTO & Founder at IoT Inspector, told BleepingComputer via email. "The firmware versions were automatically analyzed by IoT Inspector and checked for more than 5,000 CVEs and other security issues...." While not all flaws carried the same risk, the team found some common problems that affected most of the tested models: - Outdated Linux kernel in the firmware - Outdated multimedia and VPN functions - Over-reliance on older versions of BusyBox - Use of weak default passwords like "admin" - Presence of hardcoded credentials in plain text form.... All of the affected manufacturers responded to the researchers' findings and released firmware patches. The researchers demonstrated one exploit they found on one of the routers that extracted the AES key used for the firmware encryption, letting malicious firmware image updates pass verification checks on the device — and thus potentially planting malware on the router. jd (Slashdot reader #1,658) shares another perspective on the same study from Security Week: Not all of the identified weaknesses are considered real security flaws, and for some bugs it is unclear whether exploitation is even possible. However, many of the identified vulnerabilities (ranging from 2 in AVM devices to nearly a dozen in other routers) were classified as high- and medium-severity. Read more of this story at Slashdot.
Comcast Reduced 'Working Latency' By 90% with AQM. Is This the Future?
by EditorDavid on 05/12/2021 at 2:34 am
Long-time Slashdot reader mtaht writes: Comcast fully deployed bufferbloat fixes across their entire network over the past year, demonstrating 90% improvements in working latency and jitter — which is described in this article by by Comcast Vice President of Technology Policy & Standards. (The article's Cumulative Distribution Function chart is to die for...) But: did anybody notice? Did any other ISPs adopt AQM tech? How many of y'all out there are running smart queue management (sch_cake in linux) nowadays? But wait — it gets even more interesting... The Comcast official anticipates even less latency with the newest Wi-Fi 6E standard. (And for home users, the article links to a page recommending "a router whose manufacturer understands the principles of bufferbloat, and has updated the firmware to use one of the Smart Queue Management algorithms such as cake, fq_codel, PIE.") But then the Comcast VP looks to the future, and where all of this is leading: Currently under discussion at the IETF in the Transport Area Working Group is a proposal for Low Latency, Low Loss Scalable Throughput. This potential approach to achieve very low latency may result in working latencies of roughly one millisecond (though perhaps 1-5 milliseconds initially). As the IETF sorts out the best technical path forward through experimentation and consensus-building (including debate of alternatives), in a few years we may see the beginning of a shift to sub-5 millisecond working latency. This seems likely to not only improve the quality of experience of existing applications but also create a network foundation on which entirely new classes of applications will be built. While we can certainly think of usable augmented and virtual reality (AR and VR), these are applications we know about today. But what happens when the time to access resources on the Internet is the same, or close to the time to access local compute or storage resources? What if the core assumption that developers make about networks — that there is an unpredictable and variable delay — goes away? This is a central assumption embedded into the design of more or less all existing applications. So, if that assumption changes, then we can potentially rethink the design of many applications and all sorts of new applications will become possible. That is a big deal and exciting to think about the possibilities! In a few years, when most people have 1 Gbps, 10 Gbps, or eventually 100 Gbps connections in their home, it is perhaps easy to imagine that connection speed is not the only key factor in your performance. We're perhaps entering an era where consistently low working latency will become the next big thing that differentiates various Internet access services and application services/platforms. Beyond that, factors likely exceptionally high uptime, proactive/adaptive security, dynamic privacy protection, and other new things will likely also play a role. But keep an eye on working latency — there's a lot of exciting things happening! Read more of this story at Slashdot.
Those Cute Cats Online? They Help Spread Misinformation
by EditorDavid on 04/12/2021 at 11:34 pm
"Videos and GIFs of cute animals — usually cats — have gone viral online for almost as long as the internet has been around..." writes the New York Times. "Now, it is becoming increasingly clear how widely the old-school internet trick is being used by people and organizations peddling false information online, misinformation researchers say." The posts with the animals do not directly spread false information. But they can draw a huge audience that can be redirected to a publication or site spreading false information about election fraud, unproven coronavirus cures and other baseless conspiracy theories entirely unrelated to the videos. Sometimes, following a feed of cute animals on Facebook unknowingly signs users up as subscribers to misleading posts from the same publisher. Melissa Ryan, chief executive of Card Strategies, a consulting firm that researches disinformation, said this kind of "engagement bait" helped misinformation actors generate clicks on their pages, which can make them more prominent in users' feeds in the future. That prominence can drive a broader audience to content with inaccurate or misleading information, she said. "The strategy works because the platforms continue to reward engagement over everything else," Ms. Ryan said, "even when that engagement comes from" publications that also publish false or misleading content. Read more of this story at Slashdot.
'Advent of Code' Has Begun - and Other Geeky Daily Programming Challenges
by EditorDavid on 04/12/2021 at 10:35 pm
I Programmer writes: December 1st is much anticipated among those who like programming puzzles. It is time to start collecting stars by solving small puzzles on the Advent of Code website with the goal of amassing 50 stars by Christmas Day, December 25th. Raku has also opened its advent calendar and there's a brand new Bekk Christmas blog with informational content on multiple topics... At the time of writing we are only 10.5 hours into Advent of Code's Day 1, almost 50,000 users have completed both puzzles and another 8,484 have completed the first. [Some programmers are even livestreaming their progress on Twitch, or sharing their thoughts (and some particuarly creative solutions) in the Advent of Code subreddit.] We can credit Perl with pioneering the idea of a programming advent calendar with daily articles with a festive theme and the Raku Advent Calendar now continues the tradition. Now in its 13th year, but only the third with its new name this year's first advent post solves a problem faced by Santa of creating thumbnails of approaching 2 billion images... Smashing magazine has pulled together its own exhaustive list of additional geek-themed advent calendars. Some of the other highlights: The beloved site "24 Pull Requests" has relaunched for 2021, daring participants to make 24 pull requests before December 24th. (The site's tagline is "giving back to open source for the holidays.") Over the years 26,465 contributors (as well as 25,738 organizations) have already participated through the site. The Advent of JavaScript and Advent of CSS sites promise 24 puzzles delivered by email (though you'll have to pay if you also want them to email you the solutions!) This year also saw daily challenges from the sixth annual Code Security advent calendar being announced on Twitter, while TryHackMe.com has its own set of cybersecurity puzzles (and even a few prizes). Read more of this story at Slashdot.
JetBrains Announces 'Fleet' IDE to Compete with Microsoft's Visual Studio Code
by EditorDavid on 04/12/2021 at 9:34 pm
On Monday JetBrains (creators of the Kotlin programming language and makers of the integrated development environment IntelliJ IDEA) made an announcement: a preview for a lightweight new multi-language IDE called Fleet using IntelliJ's code-processing engine with a distributed IDE architecture and a reimagined UI. By Friday they'd received an "overwhelming" number of requests, and announced the preview program had stopped accepting new requests. ("To subscribe for updates and the public preview announcement at jetbrains.com/fleet or follow @JetBrains_Fleet on Twitter.") They'd received 80,000 requests in just the first 30 hours, reports Visual Studio magazine: Although JetBrains didn't even mention VS Code in its Nov. 28 announcement, many media pundits immediately characterized it along the lines of an "answer to Visual Studio Code," a "response to Visual Studio Code," a "competitor to Visual Studio Code" and so on... "When you first launch Fleet, it starts up as a full-fledged editor that provides syntax highlighting, simple code completion, and all the things you'd expect from an editor," JetBrains said. "But wait, there's more! Fleet is also a fully functional IDE bringing smart completion, refactorings, navigation, debugging, and everything else that you're used to having in an IDE — all with a single button click." "It starts up in an instant so you can begin working immediately..." boasts the Fleet web page, adding that Fleet "is designed to automatically detect your project configuration from the source code, maximizing the value you get from its smart code-processing engine while minimizing the need to configure the project in the IDE." And it also offers "project and context aware code completion, navigation to definitions and usages, on-the-fly code quality checks, and quick-fixes..." Fleet also offers a collaborative environment allowing developers to work together — not just sharing the editor, but also terminals and debugging sessions. (There's even a diff view for reviewing changes.) "Others can connect to a collaboration session you initiate on your machine, or everyone can connect to a shared remote dev environment," explains Fleet's web page. "It supports a number of remote work scenarios and can be run locally on the developer's computer, in the cloud, or on a remote server," reports SD Times. (And Fleet's home page says soon it will even run in Docker containers configured with an appropriate environment for your project.) SD Times adds that Fleet "currently supports Java, Kotlin, Go, Python, Rust, and JavaScript. The company plans to extend support to cover PHP, C++, C#, and HTML, which are the remaining languages that have IntelliJ IDEs." It's multi-platform — running on Linux, MacOS, or Windows — and Fleet's web page promises "a familiar and consistent user experience" offering one IDE for the many different technologies you might end up using. And yes, there's a dark theme. Read more of this story at Slashdot.
Twitter Admits 'Coordinated and Malicious' Activity Weaponizing Its New Privacy Policy
by EditorDavid on 04/12/2021 at 8:34 pm
CNN reports: Twitter acknowledged on Friday that a new policy it unveiled this week to protect users from harassment is being abused by malicious actors — days after journalists, left-wing activists and self-described "sedition hunters" reported their accounts had been locked for sharing publicly available images of anti-maskers, anti-vaccine protesters and suspected Capitol insurrectionists. The acknowledgment highlights how Twitter has been caught flat-footed by what it described in a statement as "a significant amount of coordinated and malicious" activity that led to "several errors" in Twitter's enforcement. "We've corrected those errors and are undergoing an internal review to make certain that this policy is used as intended — to curb the misuse of media to harass or intimidate private individuals," Twitter said. Unveiled on Tuesday, Twitter's new policy prohibits the sharing of images of private individuals without those people's consent. The rule was created, Twitter initially said, in a bid to prevent its platform from being abused to harass and intimidate people, particularly women, activists and minorities. But right-wing groups and anti-mask activists have quickly determined that the new Twitter policy offers an opportunity to strike back at those who might draw attention to their real-world identities. And in a matter of days, they established a coordinated campaign to flood Twitter with complaints that left-wing activists, Jan. 6 investigators and journalists covering rallies have published their faces without consent in violation of the new rule.... "Due to the new privacy policy at Twitter, things now unexpectedly work more in our favor as we can take down Antifa f****t doxxing pages more easily," read one recent message on the encrypted messaging app Telegram that was reviewed by CNN. The message, which has been viewed more than 19,000 times, lists dozens of Twitter accounts for supporters to target with claims of violations under the new privacy policy... After filing such reports, some individuals have publicly celebrated "weaponizing" Twitter's new rule. A pair of posts reviewed by CNN on the alternative social media site Gab boasted of making dozens of Twitter reports and urged allies to "stay on the offensive" against "antifa" and "their doxxing riot videos." The rapidly unfolding campaign highlights how a tool intended to help protect vulnerable individuals has quickly evolved to help shield others from the scrutiny that might stem from their public actions. Twitter's policy is generally not supposed to apply to large-scale protests or newsworthy events, the company had said on Tuesday. Yet CNN points out now that "those aspects of Twitter's own policy appear not to have been followed in at least several cases." Read more of this story at Slashdot.

Archives

November 2021
June 2021
March 2021
November 2020
October 2020
September 2020
February 2020
January 2020
October 2019
August 2018
July 2018
April 2018
February 2018
January 2018
December 2017
October 2017
September 2017
August 2016
July 2016
March 2016
February 2016
August 2015
May 2015

Categories

Innovation
Security
Software
Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability

© 2017 IT Sales & Services Ltd

Quality IT solutions in Tanzania since 2010

Iconic One Theme | Powered by Wordpress

Posting....