[syndicated profile] lecta_feed

Posted by Mary

With yesterday’s release of Spam All the Links, I’ve finished my long awaited project of departing the Geek Feminism blog.

I was involved in the blog on, if not from the first day of its existence, at least from the first week of it. My involvement in the blog was huge, and comprises among other things:

  • over 200 posts to the blog
  • founding and for a long time running the Ask a Geek Feminist, Wednesday Geek Woman and Cookie of the Week series
  • doing a linkspam post by myself multiple times a week for about a year
  • recruiting the initial team of Linkspammers and setting up their manual, mailing list and of course, the script that supports them
  • recruiting several other bloggers, including Tim, Restructure! and Courtney S
  • a bunch of sysadmin of the self-hosted WordPress install (it’s now hosted on WordPress.com)

My leaving the blog is delayed news. I initially told the co-bloggers I was leaving close to a year ago now (mid-August, if I’d waited much longer on writing this I could have posted on the one year anniversary), because my output had dried up. I feel in large part that what happened was that I spent about ten years in geekdom (1999–2009) accumulating about three years of material for the blog, and then I ran out of things to write about there. I also have two more children and one more business than I had when I was first writing for it, and, very crucially, one less unfinished PhD to avoid. But I had a handover todo list to plod my way through, and Spam All the Links was the last item on it!

I remain involved in Geek Feminism as an administrator on the Geek Feminism wiki, on which I had about 25% of total edits last I looked, although the same sense of being a dry well is there too.

The blog was obviously hugely important for me, both as an outlet for that ten years of pent up opinionating and, to my surprise, because I ended up moving into the space professionally. I’m glad I did it.

Today, I would say these are my five favourite posts I made to the blog:

“Girl stuff” in Free Software, August 2009:

Terri mention[ed] that she had resisted at times working on things perceived as ‘girl stuff’. In Free Software this includes but is not limited to documentation, usability research, community management and (somewhat unusually for wider society) sometimes management in general. The audience immediately hit on it, and it swirled around me all week.

Why we document, August 2009:

I do not in fact find writing the wiki documentation of incidents in geekdom very satisfying. The comment linked at the beginning of the post compared the descriptions to a rope tying geekdom to the past. Sometimes being known as a wiki editor and pursued around IRC with endless links to yet another anonymous commenter or well-known developer advising women to shut up and take it and write some damned code anyway is like a rope tying me to the bottom of the ocean.

But what makes it worth it for me is that when people are scratching their heads over why women would avoid such a revolutionarily free environment like Free Software development, did maybe something bad actually happen, that women have answers.

(I’d be very interested in other people’s takes on this in 2015, which is a very different landscape in terms of the visibility of geek sexism than 2009 was.)

Why don’t you just hit him?, December 2010:

This is the kind of advice given by people who don’t actually want to help. Or perhaps don’t know how they can. It’s like if you’re a parent of a bullying victim, and you find yourself repeating “ignore it”, “fight back with fists” or whatever fairly useless advice you yourself were once on the receiving end of. It’s expressing at best helplessness, and at worst victim-blaming. It’s personalising a cultural problem.

You are not helpless in the face of harassment. Call for policies, implement policies, call out harassment when you overhear it, or report it. Stand with people who discuss their experiences publicly.

Anti-pseudonym bingo, July 2011:

Let’s recap really quickly: wanting to and being able to use your legal name everywhere is associated with privilege. Non-exhaustive list of reasons you might not want to use it on social networks: everyone knows you by a nickname; you want everyone to know you by a nickname; you’re experimenting with changing some aspect of your identity online before you do it elsewhere; online circles are the only place it’s safe to express some aspect of your identity, ever; your legal name marks you as a member of a group disproportionately targeted for harassment; you want to say things or make connections that you don’t want to share with colleagues, family or bosses; you hate your legal name because it is shared with an abusive family member; your legal name doesn’t match your gender identity; you want to participate in a social network as a fictional character; the mere thought of your stalker seeing even your locked down profile makes you sick; you want to create a special-purpose account; you’re an activist wanting to share information but will be in danger if identified; your legal name is imposed by a legal system that doesn’t match your culture… you know, stuff that only affects a really teeny minority numerically, and only a little bit, you know?

But I’m mostly listing it here because I always have fun with the design of my bingo cards. (This was my first time, Sexist joke bingo is better looking.)

I take it we aren’t cute enough for you?, August 2012:

… why girls? Why do we not have 170 comments on our blog reaching out to women who are frustrated with geekdom? I want to get this out in the open: people love to support geek girls, they are considerably more ambivalent about supporting geek women.

The one I’m still astonished I had time for was transcribing the entire Doubleclicks “Nothing to Prove” video. 2013? I don’t remember having that kind of time in 2013!

Thanks to my many co-bloggers over the five years I was a varyingly active blogger at Geek Feminism. I may be done, at least for a time and perhaps in that format, but here’s to a new generation of geek feminist writers joining the existing one!

Hand holding aloft a cocktail glass
from an image by Susanne Nilsson, CC BY-SA
Image credit: Cheers! by Susanne Nilsson, Creative Commons Attribution-Sharealike. The version used in this post was cropped and colour adjusted by Mary.
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

The Trump Hotel Collection, a string of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, appears to be the latest victim of a credit card breach, according to data shared by several U.S.-based banks.

Trump International Hotel and Tower in Chicago.

Trump International Hotel and Tower in Chicago.

Contacted regarding reports from sources at several banks who traced a pattern of fraudulent debit and credit card charges to accounts that had all been used at Trump hotels, the company declined multiple requests for comment.

Update, 4:56 p.m. ET: The Trump Organization just acknowledged the issue with a brief statement from The Donald’s third child, Eric Trump, executive vice president of development and acquisitions: “Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties,” the statement reads. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”

Original story:

But sources in the financial industry say they have little doubt that Trump properties in several U.S. locations — including Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York — are dealing with a card breach that appears to extend back to at least February 2015.

If confirmed, the incident would be the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments. In March, upscale hotel chain Mandarin Oriental disclosed a compromise. The following month, hotel franchising firm White Lodging acknowledged that, for the second time in 12 months, card processing systems at several of its locations were breached by hackers.

It is likely that the huge number of card breaches at U.S.-based organizations over the past year represents a response by fraudsters to upcoming changes in the United States designed to make credit and debit cards more difficult and expensive to counterfeit. Non-chip cards store cardholder data on a magnetic stripe, which can be trivially copied and re-encoded onto virtually anything else with a magnetic stripe.

emvkeyMagnetic-stripe based cards are the primary target for hackers who have been breaking into retailers like Target and Home Depot and installing malicious software on the cash registers: The data is quite valuable to crooks because it can be sold to thieves who encode the information onto new plastic and go shopping at big box stores for stuff they can easily resell for cash (think high-dollar gift cards and electronics).

In October 2015, merchants that have not yet installed card readers which accept more secure chip-based cards will assume responsibility for the cost of fraud from counterfeit cards. While most experts believe it may be years after that deadline before most merchants have switched entirely to chip-based card readers (and many U.S. banks are only now thinking about issuing chip-based cards to customers) cyber thieves no doubt well understand they won’t have this enormously profitable cash cow around much longer, and they’re busy milking it for all it’s worth.

For more on chip cards and why most U.S. banks are moving to chip-and-signature over the more widely used chip-and-PIN approach, check out this story.

Big Bangs

Jul. 1st, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Note: Today's post contains a word that starts with "p" and rhymes with "Venus." Parents, please parent accordingly.

 

Before you head out to stock up on fireworks this weekend, here's a handy tip from the folks over at Lamebook:

Perhaps I should rephrase that.

(Also: ow.)

 

What I meant was, when it comes to fireworks, you really want the most bang for your buck:

So always look for the cartoon steam whistle shouting, "Bang!"

 

You should also familiarize yourself with what fireworks actually look like, so you don't end up with a bunch of...bombs. (See what I did there?)

Even if they are patriotically
potent
powerful

penis-ish ones.

No, trust me, you don't want sprinkles.

 

I see...slushies.

 

Oh my gosh! They killed Blinky!

(That's the red ghost from Pac-Man, kids. Now stop making me feel old.)

 

Important rocket safety tip:

The flamey bits should always come out the back.

 

Also, don't forget your patriotic donut holes!

At least they remembered the blue balls this time.

 

Oh, and Canada, lest you think I've forgotten you:

Happy Bloody Band Aid day!

(Once you see it, it's all you'll see.)

 

Thanks to Jessica G., Dawn S., Gail D., Deanna T., Amber S., Leanne O., Saralyn T., & Jennifer O., who make 'em go "Oh, oh, oh" while they shoot across the sky-y-y.

In a firework-y way, I mean.

Not a penis-ishy way.


NEW GOAL: Work the word "penis-ishy" into as many conversation today as possible. Starting...NOW.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Unit Testing on iOS

Jul. 1st, 2015 12:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

Broken glass

Credit: Wikipedia

Historically, there hasn’t been a lot of testing done on iOS, and we see the results of that every day—regressions, crashes, consistently reproducible failures. As we build more complex applications, manual testing takes more and more time and automated testing becomes increasingly necessary.

The biggest challenge of testing on iOS starts at the UIViewController with the tangling of view and control code. Sometimes it continues all the way down, and model and database code also becomes entwined. Testing on iOS is a vicious cycle – the architecture patterns are hard to test, so we don’t test, so we don’t consider testability in our architecture, so things become even harder to test.

The first step is to break this cycle, which starts with breaking up the UIViewController. There’s a Reactive Cocoa pattern called MVVM but regardless of the approach we take, we need to get that control code out of the UIViewController, then we can test them separately. I’ve outlined a strategy for that in more detail here.

This might seem a bit overwhelming, so a good place to start when writing unit tests is the class with the least complexity and the fewest dependencies. Typically this is our model classes. When it comes to model classes it can be tempting to think that this is so simple that there’s no need to test it. But I think it’s still worthwhile because:

  1. How would we decide when something is “complicated” enough to test?
  2. What if it later became more complicated?
  3. If it were that easy, the test would be very quick to write.
  4. We want to be confident this piece works well, so that we can rely on it in larger tests later.

As we get to more complicated objects we need to master the art of Dependency Injection. This is when we pass an argument in the initialiser, rather than creating it in the class. Dependency injection helps make our code more testable by clarifying dependent objects that we can replace with mocks or otherwise control or observe.

Unit-Testing UI Code

As mentioned above, it’s challenging to test UI code on iOS because of that entangling of control and view code. Let’s talk about one example: testing buttons.

Typically, when testing buttons, we don’t actually test the buttons—we test that the methods that are added to the buttons work as they should. There are two downsides to this.

Firstly, we have to expose a method for testing. Not that big a deal—this is why Java has the @VisibleForTesting annotation. But we might prefer not to do that. In Objective-C we can also declare a category in our test class to allow our tests to “see” the private method, but I like this strategy even less.

Secondly—and most importantly—this doesn’t actually test what happens when the button is tapped. What if the wrong @selector is set? Or if we autocomplete to UIControlEventTouchUpOutside instead of UIControlEventTouchUpInside?

Alternative: we write tests to return real UIButtons, then we can tap it and verify what happens. I’ve covered how in more detail here.

UIAutomation

UIAutomation tests are also known as monkey tests—something that will go through and tap buttons on your app and make things happen. These are proper “black box” tests—all they know about is the UI, not the inner workings of your code.

UIAutomation tests are integration tests, rather than unit tests, so it’s a complementary testing strategy to writing extensive unit tests. While unit tests check the internal workings of your app, UIAutomation tests are a good way to check the flow of the app—that each view controller loads, for example.

UIAutomation tests are:

  • Slower to run.
  • Hard to test corner cases on.

UIAutomation tests are great for:

  • Showing that the things you built are glued together correctly.
  • Making sure your app is accessible throughout.
  • Checking that each view loads.
  • Testing things like carousels.

I like KIF (which stands for “Keep It Functional”), which is a wrapper around Apple’s UIAutomation framework that allows you to write the KIF tests in Objective-C rather than JavaScript.

If you’re interested in learning about testing iOS code in more detail, I have a workshop with sample app that covers these strategies in more detail.

[syndicated profile] bruce_schneier_feed

Posted by schneier

I don't have much to say about the recent hack of the US Office of Personnel Management, which has been attributed to China (and seems to be getting worse all the time). We know that government networks aren't any more secure than corporate networks, and might even be less secure.

I agree with Ben Wittes here (although not the imaginary double standard he talks about in the rest of the essay):

For the record, I have no problem with the Chinese going after this kind of data. Espionage is a rough business and the Chinese owe as little to the privacy rights of our citizens as our intelligence services do to the employees of the Chinese government. It's our government's job to protect this material, knowing it could be used to compromise, threaten, or injure its people­ -- not the job of the People's Liberation Army to forebear collection of material that may have real utility.

Former NSA Director Michael Hayden says much the same thing:

If Hayden had had the ability to get the equivalent Chinese records when running CIA or NSA, he says, "I would not have thought twice. I would not have asked permission. I'd have launched the star fleet. And we'd have brought those suckers home at the speed of light." The episode, he says, "is not shame on China. This is shame on us for not protecting that kind of information." The episode is "a tremendously big deal, and my deepest emotion is embarrassment."

My question is this: Has anyone thought about the possibility of the attackers manipulating data in the database? What are the potential attacks that could stem from adding, deleting, and changing data? I don't think they can add a person with a security clearance, but I'd like someone who knows more than I do to understand the risks.

[syndicated profile] geekfeminism_feed

Posted by Leigh Honeywell

This is another round of Geek feminism classifieds. If you’re looking to hire women, find some people to participate in your study, find female speakers, or just want some like-minded folk to join your open source project, this is the thread for you!

Here’s how it works:

  1. Geeky subjects only. We take a wide view of geekdom, but if your thing isn’t related to an obviously geeky topic, you’ll probably want to give a bit of background on why the readers of Geek Feminism would be interested.
  2. Explain what your project/event/thing is, or link to a webpage that provides clear, informative information about it. Ideally you’ll also explain why geek women might find it particularly awesome.
  3. Explain what you’re looking for. Even if it’s not a job ad, think of it like one: what is the activity/role in question, and what would it involve? What is the profile of people you’re looking for?
  4. GF has international readership, so please be sure to indicate the location if you’re advertising a job position, conference, or other thing where the location matters. Remember that city acronyms aren’t always known world-wide and lots of cities share names, so be as clear as possible! (That is, don’t say “SF[O]” or “NYC” or “Melb”, say “San Francisco, USA”, “New York City, USA” or “Melbourne, Australia”.) And if you can provide travel/relocation assistance, we’d love to know about it.
  5. Keep it legal. Most jurisdictions do not allow you to (eg.) advertise jobs for only people of a given gender. So don’t do that. If you are advertising for something that falls into this category, think of this as an opportunity to boost the signal to women who might be interested.
  6. If you’re asking for participants in a study, please note Mary’s helpful guide to soliciting research participation on the ‘net, especially the “bare minimum” section.
  7. Provide a way for people to contact you, such as your email address or a link to apply in the case of job advertisements. (The email addresses entered in the comment form here are not public, so readers won’t see them.)
  8. Keep an eye on comments here, in case people ask for clarification or more details. (You can subscribe to comments via email or RSS.)

If you’d like some more background/tips on how to reach out to women for your project/event/whatever, take a look at Recruiting women on the Geek Feminism Wiki.)

Good luck!

[syndicated profile] epbot_feed

Posted by Jen

It's amazing how much we all use a website we hate, isn't it? 'Cuz let's face it: a lot of us hate - HATE - Facebook.



And yet, how else can we keep up with all our family, friends, and favorite blogs/artists/interests?

I'm still dependent on FB because I blog for a living, and even with FB censoring Page reach down to a small fraction of my followers, there's STILL no better way to reach people. Because love it or hate it, everyone is on Facebook.

Sadly I have no solutions for my fellow Page managers, since FB is determined to run us all out of business. Here's a snapshot of what I mean:


(This is for Cake Wrecks, which has 424,000 FB followers. As you can see, Facebook is charging four THOUSAND dollars for a single post to reach about 35% of those followers. Wha whaaaa?)


However, for the rest of you, I DO have one or two tricks up my sleeve. 

See, as a reader, I've finally figured out how to use Facebook to see what I want to see, in the order I want to see it. I have two lists, which I'll show you how to set up and use. The first shows me only the friends' and family updates I'm most interested in - which is less than 50 people - in chronological order.

The second list acts as a quasi-RSS feed, and is my new favorite thing. It shows me, in chronological order, all my favorite websites, artists, cosplayers, humor sites, etc. etc. It's all the good stuff on FB, with none of the bad.

Ever get Facebook fatigue? You know, where you're tired of all the ranting and vague-booking and political sniping? That's the bad stuff I'm talking about. By setting up this new feed list, though, I can surf all the happy stuff in one place. And it's awesome.

So here's how to do it:

To Make Your Friends List:

Scroll down the left side of your FB feed until you see "Friends." When you hover your mouse there, a "More" will appear beside it:

Click that.

This will open a new page:

(For the record, I have no idea how Epbot or my old high school got in here [twice], and FB won't let me remove them! THANKS FACEBOOK.)

Now click "Create List," name it something snazzy like "My Fav Peeps" or "The Gang," and add in all the friends & fam you like. I recommend keeping this list small, since that's the whole point of making a curated list. Besides, how well do you know your 8th grade boyfriend now, anyway?
 

Once your new list is made, it will appear under the Friends heading in your left sidebar. Find it, hover your cursor over the little gear beside it, and select "Add To Favorites:"


("Favourites?" Is FB British now?)


This will put your new list higher up on the sidebar, under your name with your other Favorites:



That's your friend list done. Fun, right? Now let's do the Pages one.


To Make Your Pages List:

This one is trickier, since FB doesn't want you to see your favorite Pages without the Pages themselves paying for the privilege. In fact, you may notice there's already a Pages feed on your sidebar:
 

Trouble is, that default Pages Feed is just as censored and out-of-order as your regular "top stories" news feed, so you'll end up missing the vast majority of what you want to see. (Plus there's no "Most Recent" option, so you can't rearrange it to chronological order.)

Eventually I found a solution, though. It's under "Interests" in your left sidebar. Click the word itself (even though it doesn't *look* click-able) and you'll get this:



Now click "Add Interests":


And then "Create List."

This will bring up a pop-up window filled with all the Pages you already follow:

(Do I follow more Pages than Friends? Yes, yes I do.)

Scroll through and click all the ones you want on the List, give it a name, and you're done!

[You can also use this method to make a Friends list; just click down on the left from the highlighted "Pages" to "Friends", and you'll get a window full of all your current FB friends.]

Your new Pages list will appear under Interests in the left sidebar:


As with your Friends list, hover over the gear icon & select "Add to Favorites."

Now your two new lists are conveniently located at the top of your left sidebar, under your name:


So with one click you can get right to the most important updates, or, if you're having one of those "done with humanity" days, just skip the personal updates all together and go to your Favorite Pages feed.

If you have more time to kill, of course, you can always view your news feed the way FB serves it.

Ah, but what if you only check FB on your phone? Well, good news: these lists work there, too! In the FB app, just select the "More" icon in the lower righthand corner of the screen, and it will bring up your Favorites. Easy-peasy!

Need new Pages to follow? Start with all your favorite blogs (HI!) and websites, then add your favorite Etsy sellers, artists, cosplayers, and even stores like ThinkGeek. It won't take long 'til your FB feed is just as happy and fun as mine, promise.

Oh, and speaking for the rest of my beleaguered Page managers out there, please - PLEASE - remember to like, comment, and/or share those FB posts you want to see more of. This is our livelihood, and that interaction can still help more of you see what we post.


I hope this helps you guys get a little more out of Facebook! 

Now, go purge those Friends lists. You know it's time. ;)

Code release: Spam All the Links

Jun. 30th, 2015 11:25 pm
[syndicated profile] lecta_feed

Posted by Mary

The Geek Feminism blog’s Linkspam tradition started back in August 2009, in the very early days of the blog and by September it had occurred to us to take submissions through bookmarking services. From shortly after that point there were a sequence of scripts that pulled links out of RSS feeds. Last year, I began cleaning up my script and turning it into the one link-hoovering script to rule them all. It sucks links out of bookmarking sites, Twitter and WordPress sites and bundles them all up into an email that is sent to the linkspamming team there for curation, pre-formatted in HTML and with title and suggestion descriptions for each link. It even attempts to filter out links already posted in previous linkspams.

The Geek Feminism linkspammers aren’t the only link compilers in town, and it’s possible we’re not the only group who would find my script useful. I’ve therefore finished generalising it, and I’ve released it as Spam All the Links on Gitlab. It’s a Python 3 script that should run on most standard Python environments.

Spam All the Links

Spam All the Links is a command line script that fetches URL suggestions from
several sources and assembles them into one email. That email can in turn be
pasted into a blog entry or otherwise used to share the list of links.

Use case

Spam All the Links was written to assist in producing the Geek Feminism linkspam posts. It was developed to check WordPress comments, bookmarking websites such as Pinboard, and Twitter, for links tagged “geekfeminism”, assemble them into one email, and email them to an editor who could use the email as the basis for a blog post.

The script has been generalised to allow searches of RSS/Atom feeds, Twitter, and WordPress blog comments as specified by a configuration file.

Email output

The email output of the script has three components:

  1. a plain text email with the list of links
  2. a HTML email with the list of links
  3. an attachment with the HTML formatted links but no surrounding text so as to be easily copy and pasted

All three parts of the email can be templated with Jinja2.

Sources of links

Spam All the Links currently can be configured to check multiple sources of links, in these forms:

  1. RSS/Atom feeds, such as those produced by the bookmarking sites Pinboard or Diigo, where the link, title and description of the link can be derived from the equivalent fields in the RSS/Atom. (bookmarkfeed in the configuration file)
  2. RSS/Atom feeds where links can be found in the ‘body’ of a post (postfeed in the configuration file)
  3. Twitter searches (twitter in the configuration file)
  4. comments on WordPress blog entries (wpcommentsfeed in the configuration file)

More info, and the code, is available at the Spam All the Links repository at Gitlab. It is available under the MIT free software licence.

[syndicated profile] bruce_schneier_feed

Posted by schneier

The official Twitter feed for my blog is @schneierblog. The account @Bruce_Schneier also mirrors my blog, but it is not mine. I have nothing to do with it, and I don't know who owns it.

Normally I wouldn't mind, but the unofficial blog fails intermittently. Also, @Bruce_Schneier follows people who then think I'm following them. I'm not; I never log in to Twitter and I don't follow anyone there.

So if you want to read my blog on Twitter, please make sure you're following @schneierblog. If you are the person who runs the @Bruce_Schneier account -- if anyone is even running it anymore -- please e-mail me at the address on my Contact page.

And if anyone from the Twitter fraud department is reading this, please contact me. I know I can get the @Bruce_Schneier account deleted, but I don't want to lose the 27,300 followers on it. What I want is to consolidate them with the 67,700 followers on my real account. There's no way to explain this on the form to report Twitter impersonation. (Although maybe I should just delete the account. I didn't do it 18 months ago when there were only 16,000 followers on that account, and look what happened. It'll only be worse next year.)

July Wrecks Forth

Jun. 30th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

"Ok, staff, July 4th is coming and we need new cake designs. I'm talking stuff that screams, 'AMERICA.'" [pointing] "Jackie, GO."

"Uh... butterflies?"

"I like it. Pat?"

 

"Maybe a gator-lookin' thing?"

"Smart thinking; we'll ride the dinosaur craze. Gail?"

"Um. Poo cupcakes?"

"We already make those, Gail."

"... with red, white, and blue sprinkles?"

"PERFECT.

 

"Wesley, my man! Give me something sexy."

"Ok, you're going to love this. Picture, if you will..." [jazz hands] "...FLOPPY WANG."

"Ooooh, EDGY.

 

"But just to be safe, you better stick to your burning trashcans."

"I told you, they're not..."

[Everyone all together] "Shut up, Wesley."

 

"Now, Sally, baby! Whaddaya got that screams 'AMERICA'?"

"It's like you're the only one who gets me, Sally."

 

Thanks to Anna S., Cassidy T., Madison W., D.E., Emma D., & Caroline and Elyse for the thumbs up.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] bruce_schneier_feed

Posted by schneier

Interesting research from 2012: "The Dynamics of Evolving Beliefs, Concerns, Emotions, and Behavioral Avoidance Following 9/11: A Longitudinal Analysis of Representative Archival Samples":

Abstract: September 11 created a natural experiment that enables us to track the psychological effects of a large-scale terror event over time. The archival data came from 8,070 participants of 10 ABC and CBS News polls collected from September 2001 until September 2006. Six questions investigated emotional, behavioral, and cognitive responses to the events of September 11 over a five-year period. We found that heightened responses after September 11 dissipated and reached a plateau at various points in time over a five-year period. We also found that emotional, cognitive, and behavioral reactions were moderated by age, sex, political affiliation, and proximity to the attack. Both emotional and behavioral responses returned to a normal state after one year, whereas cognitively-based perceptions of risk were still diminishing as late as September 2006. These results provide insight into how individuals will perceive and respond to future similar attacks.

This Week

Jun. 30th, 2015 12:00 am
[syndicated profile] accidentallyincode_feed

Posted by Cate

plitvice

Life

Crashed so hard last weekend after not taking enough of a break. Then mid-week got away and was so focused on having a life (vacation! yay!) I forgot I do this post every week.

Went to Croatia. Saw some beautiful lakes. Left stress behind. Was amazing.

Work

Getting through stuff before I left. Some things that have been a source of stress seem to be getting better so that is something. I don’t know if it is the break or if it is real but I feel optimistic and that is what matters!

We’re running our first ever Technically Speaking in person event in Denver in August.

I’m speaking at Leeds Tech Hub on July 9th.

Media

Watching the West Wing. Reading Just Fucking Ship.

Product Links Amazon.

Published

A new edition of Technically Speaking is out.

I storified my tweets from the Museum of Broken Relationships.

On The Internet

TEMPEST Attack

Jun. 29th, 2015 01:38 pm
[syndicated profile] bruce_schneier_feed

Posted by schneier

There's a new paper on a low-cost TEMPEST attack against PC cryptography:

We demonstrate the extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Common laptops, and popular implementations of RSA and ElGamal encryptions, are vulnerable to this attack, including those that implement the decryption using modern exponentiation algorithms such as sliding-window, or even its side-channel resistant variant, fixed-window (m-ary) exponentiation.

We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis.

From Wired:

Researchers at Tel Aviv University and Israel's Technion research institute have developed a new palm-sized device that can wirelessly steal data from a nearby laptop based on the radio waves leaked by its processor's power use. Their spy bug, built for less than $300, is designed to allow anyone to "listen" to the accidental radio emanations of a computer's electronics from 19 inches away and derive the user's secret decryption keys, enabling the attacker to read their encrypted communications. And that device, described in a paper they're presenting at the Workshop on Cryptographic Hardware and Embedded Systems in September, is both cheaper and more compact than similar attacks from the past -- so small, in fact, that the Israeli researchers demonstrated it can fit inside a piece of pita bread.

Another article. NSA article from 1972 on TEMPEST. Hacker News thread. Reddit thread.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Cybercriminals have long relied on compromised Web sites to host malicious software for use in drive-by download attacks, but at least one crime gang is taking it a step further: New research shows that crooks spreading the Dyre malware for use in cyberheists are leveraging hacked wireless routers to deliver their password-stealing crimeware.

Ubiquity Networks airRouter

Ubiquity Networks airRouter

Dyre (a.k.a. “Dyreza”) is generally installed by a downloader Trojan that is flagged by most tools under the name “Upatre.” The latter is most often delivered via malicious e-mails containing a link which directs unsuspecting users to servers hosting malicious javascript or a basic redirection to a malicious payload. If the user clicks the malicious link, it may serve a bogus file — such as an invoice or bank statement — that if extracted and opened reaches out to an Upatre control server to download Dyre.

According to a recent in-depth report from Symantec, Dyre is a highly developed piece of malware, capable of hijacking all three major web browsers and intercepting internet banking sessions in order to harvest the victim’s credentials and send them to the attackers. Dyre is often used to download additional malware on to the victim’s computer, and in many cases the victim machine is added to a botnet which is then used to send out thousands of spam emails in order to spread the threat.

Recently, researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking Upatre being served from hundreds of compromised home routers — particularly routers powered by MikroTik and Ubiquiti’s AirOS.

“We have seen literally hundreds of wireless access points, and routers connected in relation to this botnet, usually AirOS,” said Bryan Campbell, lead threat intelligence analyst at Fujitsu. “The consistency in which the botnet is communicating with compromised routers in relation to both distribution and communication leads us to believe known vulnerabilities are being exploited in the firmware which allows this to occur.”

airos

Campbell said it’s not clear why so many routers appear to be implicated in the botnet. Perhaps the attackers are merely exploiting routers with default credentials (e.g., “ubnt” for both username and password on most Ubiquiti AirOS routers). Fujitsu also found a disturbing number of the systems in the botnet had the port for telnet connections wide open.

In January 2015, KrebsOnSecurity broke the news that the botnet used to attack and briefly knock offline Microsoft’s Xbox and Sony Playstation’s networks relied entirely on hacked routers, all of which appeared to have been compromised remotely via telnet.

Whether you use a router from Ubiquiti or any other manufacturer, if you haven’t changed the default credentials on the device, it’s time to take care of that. If you don’t know whether you’ve changed the default administrative credentials for your wired or wireless router, you probably haven’t. Pop on over to routerpasswords.com and look up the make and model of your router.

To see whether your credentials are the default, you’ll need to open up a browser and enter the numeric address of your router’s administration page. For most routers, this will be 192.168.1.1 or 192.168.0.1. This page lists the default internal address for most routers. If you have no luck there, here’s a decent tutorial that should help most users find this address. And check out my Tools for a Safer PC primer for more tips on how to beef up the security of your router and your Web browser.

These Wrecks Have Got Your Number

Jun. 29th, 2015 01:01 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

So there's this hilarious wrecky outbreak happening across our nation's bakeries, but it requires a little explanation before you can truly appreciate how funny it is.

Here's the deal:

See that? That's an edible image sheet. These sheets are supposed to work like individual stickers: you cut them up and only use the numbers & phrases you need.

 

Instead, bakers just keep plastering the entire sheet on a cake.

At first I figured it HAD to be intentional. Maybe they give you an edible marker with the cake, so you circle the right numbers?

 

Then I saw this:

You've gotta wonder: what does the baker THINK is happening here?

 

Or how about this one:

That's right; the baker cut up the sheet so it would all (kind of) fit.

Love the random "th" sticking out of the bottom.

 

I think most people are too confused to understand what's wrong with these cakes, but enough of you are still sending them in. So, I've just been collecting them:

 

Biding my time...

 

Waiting for the right moment to finally ask:

Seriously, bakers?

SERIOUSLY??

 

Thanks to Heather W., Angela F., Heather C., Ashley M., Emily F., Melissa L., & Heather D. for the big pile of sheet... cakes.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

When you buy something expensive ...

Jun. 28th, 2015 03:42 pm
[syndicated profile] adulting_feed

… but don’t need to keep the packaging in case you move, do this:

I took pictures of the relevant bits, then sent them to myself AND included every single term I could think of that I would search for. Then threw that beautifully designed but oddly heavy box AWAY, because storage space, despite my wishes, is not infinite.

[syndicated profile] epbot_feed

Posted by Jen

Every now and then I get something fun sent to the Epbot P.O. box, but this latest surprise from reader Linda F. simply MUST be shared:

It's a Howler!

More specifically, it's Ron's Howler from Chamber of Secrets:


Linda made the paper Howler herself, then suspended it with clear fishing line in one of those crafty snap-together ornaments:
 
 You can't see the line at all, so it really looks like it's floating in there!

SO COOL.
 
 (This was a bugger to photograph! Finally resorted to a photo cube to cut most of the glare.)


Even the back side is perfect, with a little address label:
 

Linda finished it off with red ribbon bow and decorative wire hanger:

AHHHmazing.

Linda sent this along for our Harry Potter Christmas tree, of course, but 'til then I'm hanging it in my office! It's one of my new favorite things. Love.

 Linda has craft blog here, btw, but sadly I don't see any mention of this beauty, much less a tutorial. I've seen some Howler origami tutorials around online, though, so maybe you could modify and/or shrink one of those down to make an ornament of your own?

Thanks so much for the inspiration, Linda, and for the howling good addition to our Potter tree!


****

Time to announce this month's art winners!

So, the winner of the Wonder Woman print is... Buncha Stuffes!

And my wild-card winner, who gets her choice from the Pinterest give-away board, is the Jennifer with the blog "My Fur-Real Life!"

Congrats, you two, and please e-mail me your mailing addresses!

Sunday Sweets: Rainbow Connection

Jun. 28th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Why are there
so many
songs...

By Wild Orchid Baking Co

 

...about rainbows?

By The Greedy Baker

 

And what's on the other side?

By Molly's Creative Cakes

 

Rainbows are visions,
but only illusions,

By Art2eatCakes

and rainbows have nothing
to hide.

 

So we've been told and some choose to believe it.

By Torta-Couture Cakes

 

I know they're wrong, wait and see.

Submitted by Dagbjört, made by Reddit user MaGNeTIX's father. Details here.

 

Someday we'll find it, the rainbow connection.

By it's a piece of cake

 

The lovers,

By Yummy Mummy Cake Creations

 

the dreamers,

By Kakes by Karen

 

and me.

By Iced Delights Cakes

 

Happy Sunday, everybody!

Note from john- This post reminded me of one of my favorite posts ever: The Rainbow Connection (wrecky version).

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Sunday 28 June 2015

Jun. 28th, 2015 11:31 am
[syndicated profile] lecta_feed

Posted by Mary

We’ve had our used moving boxes picked up, and we’ve returned my overdue library books from Glebe. We’ve hung the pictures we haven’t seen in three years because the previous place didn’t have hooks. There’s things we aren’t on top of (at least two lights need electrical work) but on the basics we really are moved in now.

We had our housewarming party last weekend. That and my then-missing photos hard drive motivated the bulk of the box unpacking. I like to occasionally have parties and invite a huge number of people that I know. In lieu of culling the guest list, I give fairly short notice. We live in a short street, which made it easy to invite the new neighbours too. It fell on the solstice. I used to have solstice barbecues up at Balls Head Reserve and heat mulled wine in a pot on the electric barbecues in the dark. Not since V was born. But since the housewarming was on June 21, we made mulled wine in the crockpot and had heated party pies and sausage rolls. The latter used to be a welcome treat on dive boats, served with mugs of instant soup, restoring our body temperature between dives.

The next two weeks are school holidays, which will be less of a contrast for V than they were for us. He’s spending the two weeks in his usual after school care provider, in their full day vacation care program. They do a lot of excursions and activities and generally contribute to the school holiday crowding in public places. We’re visiting my family for a weekend but not otherwise going away because we’re going to the snow in September (if there is snow this year). For a while my life will be mainly house things.

We aren’t far from an adult education centre, so I’d like to enrol in a few courses over the next couple of years. Music, studio photography… And I’m excited about the possibilities of a house I can change over time. The biggest project I can imagine is getting the back courtyard substantially redesigned. There’s a lot of small stuff that can go before that though. I’ve even joined Pinterest to track inspiration; I’m reminded that in my Wikimania keynote in 2012 the issue of women using Pinterest rather than editing Wikipedia came up once or twice, which now seems mostly odd, since one is an encyclopedia and the other is a visual inspiration bookmarking site. Probably my “find interesting pictures of courtyards” moments will not overlap terribly much with my “find sources for recent Australian crimes” moments.

[syndicated profile] adulting_feed

… do it over the sink. Every time. 

If the thing on the move is solid (say, rice or beans or a shit-ton of those tiny metallic cake-decoration silver balls), do it over the garbage can.

This post is brought to you by Diet Coke floor-stickiness and the fact that I will be finding those fucking balls until I die.

A Busy Week for Ne’er-Do-Well News

Jun. 27th, 2015 08:24 pm
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

We often hear about the impact of cybercrime, but too seldom do we read about the successes that law enforcement officials have in apprehending those responsible and bringing them to justice. Last week was an especially busy time for cybercrime justice, with authorities across the globe bringing arrests, prosecutions and some cases stiff sentences in connection with a broad range of cyber crimes, including ATM and bank account cashouts, malware distribution and “swatting” attacks.

Ercan Findikoglu, posing with piles of cash.

Ercan Findikoglu, posing with piles of cash.

Prosecutors in New York had a big week. Appearing in the U.S. court system for the first time last week was Ercan “Segate” Findikoglu, a 33-year-old Turkish man who investigators say was the mastermind behind a series of Oceans 11-type ATM heists between 2011 and 2013 that netted thieves more than $55 million.

According to prosecutors, Findikoglu organized the so-called “ATM cashouts” by hacking into networks of several credit and debit card payment processors. With each processor, the intruders were able to simultaneously lift the daily withdrawal limits on numerous prepaid accounts and dramatically increase the account balances on those cards to allow ATM withdrawals far in excess of the legitimate card balances.

The cards were then cloned and sent to dozens of co-conspirators around the globe, who used the cards at ATMs to withdraw millions in cash in the span of just a few hours. Investigators say these attacks are known in the cybercrime underground as “unlimited operations” because the manipulation of withdrawal limits lets the crooks steal literally unlimited amounts of cash until the operation is shut down.

Two of the attacks attributed to Findikoglu and his alleged associates were first reported on this blog, including a February 2011 attack against Fidelity National Information Services (FIS), and a $5 million heist in late 2012 involving a card network in India. The most brazen and lucrative heist, a nearly $40 million cashout against the Bank of Muscat in Oman, was covered in a May 2013 New York Times piece, which concludes with a vignette about the violent murder of alleged accomplice in the scheme.

Also in New York, a Manhattan federal judge sentenced the co-creator of the “Blackshades” Trojan to nearly five years in prison after pleading guilty to helping hundreds of people use and spread the malware. Twenty-five year old Swedish national Alexander Yucel was ordered to forfeit $200,000 and relinquish all of the computer equipment he used in commission of his crimes.

As detailed in this May 2014 piece, Blackshades Users Had It Coming, the malware was sophisticated but marketed mainly on English language cybecrime forums to young men who probably would have a hard time hacking their way out of a paper bag, let alone into someone’s computer. Initially sold via PayPal for just $40, Blackshades offered users a way to remotely spy on victims, and even included tools and tutorials to help users infect victim PCs. Many of Yucel’s customers also have been rounded up by law enforcement here in the U.S. an abroad.

Matthew Tollis

Matthew Tollis

In a small victory for people fed up with so-called “swatting” — the act of calling in a fake hostage or bomb threat to emergency services with the intention of prompting a heavily-armed police response to a specific address — 22-year-old Connecticut resident Matthew Tollis pleaded guilty last week to multiple swatting incidents. (In an unrelated incident in 2013, this reporter was the victim of swatting, which resulted in our home being surrounded by a dozen or so police and Yours Truly being handcuffed in front of the whole neighborhood).

Tollis admitted belonging to a group that called itself “TeAM CrucifiX or Die,” a loose-knit cadre of young Microsoft XBox and swatting enthusiasts which later renamed itself the “ISIS Gang.” Interestingly, these past few weeks have seen the prosecution of another alleged ISIS Gang member — 17-year-old Finnish miscreant who goes by the nicknames “Ryan” and “Zeekill.” Ryan, whose real name is Julius Kivimaki, was one of several individuals who claimed to be involved in the Lizard Squad attacks that brought down the XBox and Sony Playstation networks in December 2014.

Kivimaki is being prosecuted in Finland for multiple alleged offenses, including payment fraud, money laundering and telecommunications harassment. Under Finnish law, Kivimaki cannot be extradited, but prosecutors there are seeking at least two to three years of jail time for the young man, who will turn 18 in August.

Julius "Ryan" Kivimaki.

Julius “Ryan” Kivimaki.

Finally, investigators with Europol announced the arrest of five individuals in Ukraine who are suspected of developing, exploiting and distributing the ZeuS and SpyEye malware — well known banking Trojans that have been used to steal hundreds of millions of dollars from consumers and small businesses.

According to Europol, each cybercriminal in the group had their specialty, but that the group as a whole specialized in creating malware, infecting machines, harvesting bank credentials and laundering the money through so-called money mule networks.

“On the digital underground forums, they actively traded stolen credentials, compromised bank account information and malware, while selling their hacking ‘services’ and looking for new cooperation partners in other cybercriminal activities,” Europol said. “This was a very active criminal group that worked in countries across all continents, infecting tens of thousands of users’ computers with banking Trojans, and subsequently targeted many major banks

The Europol statement on the action is otherwise light on details, but says the group is suspected of using Zeus and SpyEye malware to steal at least EUR 2 million from banks and their customers.

Apology

Jun. 27th, 2015 08:29 pm
[syndicated profile] sumana_feed
Earlier today, during my stand-up comedy act at AlterConf Portland, I failed at living up to the AlterConf code of conduct and to my act's title, "Stand-Up Comedy that Doesn't Hurt". I made a joke that hurt members of the audience. The joke was in a section about attempts to be perceived as a cis ally:

I try to be intersectional in the media I consume, and sometimes that leads to carbon credit-style bargaining, like, "How many memoirs by trans women of color do I have to read before I go see 'Avengers: Age of Ultron'"? [laughter] And then sometimes there's cheating on that diet, like, "Does 'Mrs. Doubtfire' count?"

In this joke, it is not clear enough that the cis ally narrator is completely wrong to categorize "Mrs. Doubtfire" as having anything to do with the goal of reading and supporting trans narratives. I won't make it again and I'm sorry that I made a joke that hurt.

For this act I practiced in front of audiences that included trans people, and I asked them for feedback, but I was not thorough enough about checking beyond that for offensive material. In the future I'll be more thorough.

[syndicated profile] geekfeminism_feed

Posted by spam-spam

      • How NASA Broke The Gender Barrier In STEM | Fast Company (June 23): “The convergence of open data and female leadership has the potential to challenge traditional decision making across sectors and facilitate more data-driven and collaborative approaches in creating new ventures and solving problems. Datanauts was born out of NASA’s open-data priorities as a means to bring more women to the open-data table. While the program is intended for women and men, the founding class is made up entirely of women to encourage other female techies and makers to take the “data leap,” as Beth Beck, Open Innovation program manager at NASA’s Office of the Chief Information Officer, calls it. Future classes will include men.”
      • Fuck the Internet Shame Spiral | Gizmodo (June 23): “Once the tone police arrive, we’re no longer talking about how disturbing it is that one of the top scientists in the world thinks women shouldn’t be allowed to work in labs because he might fall in love with them. Instead, we’re talking about whether it’s appropriate for women to mock his comments by posting pictures of themselves on Instagram.”
      • I’m a female scientist, and I agree with Tim Hunt. | Medium (June 14): “Science is based on observations, which are the same thing as universal proof. Even I know that, and I’m just a woman whose brain is filled to capacity with yoga poses and recipes for gluten-free organic soap. Once, I was lured into a trap in the woods because I followed a trail of Sex and the City DVDs for three miles into a covered pit. Do you really think I could do something as complicated as thinking about science?”
      • Journalist Laurie Penny banned from Facebook for using pseudonym | The Guardian (June 24): “Facebook has been accused of putting users at risk “of rape and death threats” by a journalist who was banned from the social networking site for using a pseudonym.Laurie Penny, a contributing editor at the weekly political magazine the New Statesman, who also writes for the Guardian, said she had been kicked off Facebook for using a fake name to avoid being trolled.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

[syndicated profile] bruce_schneier_feed

Posted by schneier

I have always liked this one.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Other GCHQ News from Snowden

Jun. 26th, 2015 12:12 pm
[syndicated profile] bruce_schneier_feed

Posted by schneier

There are two other Snowden stories this week about GCHQ: one about its hacking practices, and the other about its propaganda and psychology research. The second is particularly disturbing:

While some of the unit's activities are focused on the claimed areas, JTRIG also appears to be intimately involved in traditional law enforcement areas and U.K.-specific activity, as previously unpublished documents demonstrate. An August 2009 JTRIG memo entitled "Operational Highlights" boasts of "GCHQ's first serious crime effects operation" against a website that was identifying police informants and members of a witness protection program. Another operation investigated an Internet forum allegedly "used to facilitate and execute online fraud." The document also describes GCHQ advice provided :to assist the UK negotiating team on climate change."

Particularly revealing is a fascinating 42-page document from 2011 detailing JTRIG's activities. It provides the most comprehensive and sweeping insight to date into the scope of this unit's extreme methods. Entitled "Behavioral Science Support for JTRIG's Effects and Online HUMINT [Human Intelligence] Operations," it describes the types of targets on which the unit focuses, the psychological and behavioral research it commissions and exploits, and its future organizational aspirations. It is authored by a psychologist, Mandeep K. Dhami.

Among other things, the document lays out the tactics the agency uses to manipulate public opinion, its scientific and psychological research into how human thinking and behavior can be influenced, and the broad range of targets that are traditionally the province of law enforcement rather than intelligence agencies.

Friday Favs 6/26/15

Jun. 26th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Some of my favorite submissions this week:

 

They asked for mountains:

And never has "Good Luck" looked quite so sarcastic.

 

Tessa tells me this wedding cake was supposed to look like bark:

Bark, huh?

Well, it DOES look pretty "ruff."

Eh? EH?

Oh, who asked you.

 

Guess where they wanted the 10:

"What am I, a mind reader?"

 

Not since the fictional peanut butter truck collided with the fictional chocolate truck has such a brilliant combination been accidentally discovered!!!

Just kidding.

But let's be honest: Duck Dynasty Hunger Games? You'd watch it.

 

And finally, Kelley asked for this wedding cake design:

Except with red pearls and no flowers.

 

Unfortunately, her baker confused "pearls" with "Atomic Fireballs.*"

...and then apparently smoothed out the icing with a hairbrush.

Bummer.


*Anyone else remember Atomic Fireballs? Those spicy cinnamon jawbreakers?

I'm... I'm showing my age again, aren't I.

Drat.

 

Thanks to Jessica G., Tessa R., Lauren R., Lisa W., Andrea L., & Kelley T. for the giggles.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Profile

terriko: (Default)
terriko

June 2015

S M T W T F S
  1 23 456
7 8910 111213
14 151617 1819 20
21222324252627
28 2930    

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 2nd, 2015 05:17 am
Powered by Dreamwidth Studios