MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Become a supporter on Patreon:

— Show Notes: —

• Coder Radio – Teespring

Product Review

• Das Keyboard 4 Soft Tactile

• Mechanical Keyboards – Discover – Massdrop

Hoopla

• Apple: Dash developer had two accounts, 25 apps, and almost a thousand fraudulent reviews

Dash V Apple What Does it Mean?

• The facts
• Apple’s Case
• The scary part
• Can’t we all just grow up a smidge?
• Wider consequences?

How It Feels to Learn Javascript in 2016

• The hiring game

• I Can’t Hire For Sales! – dominickm.com

• LowRes Coder | Play homegrown retro games and program your own!

The post Everybody's Keyboard Fighting | CR 227 first appeared on Jupiter Broadcasting.

Thunderbolt 3 promise to unify the connector and usher in peace and tranquility. But when will we see it ship? Microsoft has prices & ship dates for Windows 10, Apple has a major Mac Flaw & Google wants to kinda give you better privacy controls.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Video Feed | Torrent Feed

Become a supporter on Patreon

Show Notes:

• Intel Announces Thunderbolt 3 With USB-C, Single-Cable Support for Dual 4K Displays at 60Hz – Mac Rumors
• Thunderbolt 3 embraces USB Type-C connector, doubles bandwidth to 40Gbps | Ars Technica UK
• Apple, Feeling Heat From Spotify, to Offer Streaming Music Service – WSJ
• New exploit leaves most Macs vulnerable to permanent backdooring | Ars Technica
• Google Centralizes Privacy And Security Controls On New Web Dashboard | TechCrunch
• Hello World: Windows 10 Available on July 29
• Microsoft: Windows 10 Home costs $119, Pro costs $199
• Blocks Wearables will start taking orders for its modular smartwatch this summer | The Verge

The post Google's Creepiness Controls | Tech Talk Today 177 first appeared on Jupiter Broadcasting.

We start with the leaked celebrity photos, cloud storage’s critical flaw, Anand Shimpi leaving AnandTech for Apple, China giving MS 20 days & much more!

Plus the big test of Microsoft’s commitment to user privacy.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Naked celebrity hack: security experts focus on iCloud backup theory | The Guardian

Over the weekend, hundreds of nude photos of celebrities were leaked on 4chan before spreading to multiple Internet sites, with one of the involved hackers pointing towards iCloud as the source of the material.

One theory gaining ground is that many of the pictures had been accumulated by one hacker over a period of time – and were then “popped” by another hacker who somehow broke into a machine belonging to the first. Lending weight to that was that one of the earliest photos found in a cache released online dated to December 2011, while the most recent was from 14 August.

Some have also pointed to the presence of a Dropbox tutorial file in one hacked account as suggesting that the third-party cloud storage service was a source of some pictures.

• Mac Rumors: Apple Mac iOS Rumors and News You Care About

• Apple Says It Is “Actively Investigating” Celeb Photo Hack | Re/code

Apple said Monday it was “actively investigating” the violation of several of its iCloud accounts, in which revealing photos and videos of prominent Hollywood actresses were taken and posted all over the Web.

FBI investigating alleged iCloud celebrity hack as Reddit ‘suspect’ declares innocence

[The FBI is] aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter. Any further comment would be inappropriate at this time.

Reddit sleuths, meantime, accused Southern Digital Media sysadmin Brian F Hamade of being the man who leaked the photos. This was based on the same drive names appearing on a screenshot posted by the leaker and ones on an old Reddit post by Hamade.

Hamade has this morning denied the claims in an interview with Buzzfeed, claiming that he did post the screenshot but that it was Photoshopped.

• 4ARww0T.jpg (490×490)

AnandTech Publisher Anand Shimpi Headed to Apple | Re/code

Anand Lal Shimpi, the editor and publisher of the well-regarded AnandTech site, is going to work at Apple.

An Apple rep confirmed that the company was hiring Shimpi, but wouldn’t provide any other details.

Last night, via a post on the site he founded in 1997, Shimpi said he was “officially retiring from the tech publishing world,” but didn’t say what he was doing next. “I won’t stay idle forever. There are a bunch of challenges out there :)”, he wrote.

AnandTech will continue publishing, and would be run by new editor in chief Ryan Smith.

China gives Microsoft 20 days to provide explanation in anti-trust probe | Reuters

A Chinese anti-trust regulator said on Monday it has given Microsoft Corp (MSFT.O) 20 days to reply to queries on the compatibility of its Windows operating system and Office software suite amid a probe into the world’s largest software company.

The State Administration for Industry and Commerce (SAIC) questioned Microsoft Vice President David Chen and gave the company a deadline to make an explanation, the agency said in a short statement on its website.

According to a state media report on Monday, Microsoft’s use of verification codes also spurred complaints from Chinese companies. Their use “may have violated China’s anti-monopoly law”, the official Xinhua news agency said on Monday.

Microsoft refuses to comply after judge revives overseas data search warrant | ZDNet

A US judge has lifted a stay on a ruling, forcing Microsoft to hand over data it stores overseas. But the software giant said it will not comply, pending an appeal.

The government says that the order is not appealable at this stage, and Preska agrees. The Friday order says that the contempt order would be subject to appellate review. This disagreement over the path to appeal is, says the order, “the subject of hot dispute.”

Support Aaron Seigo creating videos about free software

The post The Cloud Exposed | Tech Talk Today 51 first appeared on Jupiter Broadcasting.

A company known for backup shuts down after their AWS account gets hacked, the Hedge fund thats under attack, how far you can get with a little cab data…

Your questions, our answers, and much, much more!

Thanks to:

— Show Notes: —

Company shuts down after their AWS account compromised, all customer data deleted

• Code Spaces, a source code hosting and backup service has ceased doing business
• On June 17th the company came under a DDoS attack, which is apparently business as normal for them
• Later, they found messages in their Amazon Web Services portal, urging them to contact a hotmail address
• When contacted, the attacker demanded a large ransom
• When Code Spaces attempted to change their passwords in the AWS control panel, additional administrator accounts added by the attacker were used to delete all EC2 virtual machines, S3 stores and EBS volumes in the account before all accessed could be revoked
• The most embarrassing part of the situation is the text on the original Code Spaces website:
  “Backing up data is one thing, but it is meaningless without a recovery plan, not only that [but also] a recovery plan—and one that is well-practiced and proven to work time and time again,” “Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced.”
• It is not clear what the Code Spaces backup strategy was, but it seemed to involve the same Amazon account
• In general, the idea with an “offsite” backup is to separate it from a failure of the primary. If you keep the backups for your database beside the database server and your office burns down, what good are the backups
• What if Amazon suffered a catastrophic data loss? or what if your account is compromised?
• The backups should have at least been in a different Amazon account that was very strictly controlled, or better yet, stored in some other service
• It is still unclear how the account was compromised, but it seems likely that Code Spaces was not making use of the Amazon’s Multi-Factor Authentication service, which offers either a mobile phone app, or two different types of hardware authenticators (key fob and credit-card style)

Poorly anonymized NYC Taxi data, de-anonymized

• Under an Open Data initiative, the New York City Taxi & Limousine Commission released the anonymized GPS logs of all taxi trips in 2013 (173 million trips)
• Chris Whong got a hold of this data and did some interesting stuff with it
• When he was done with it, he posted the data for everyone
• Developer Vijay Pandurangan took a look at the data and noticed that the medallion and hack numbers appeared to simply be MD5 hashes
• In particular, the driver with ID# CFCD208495D565EF66E7DFF9F98764DA appeared to have an impossibly large number of trips
• Turns out, that is the MD5 hash of “0”, cases where the data was unavailable
• Realizing that the data was only anonymized using MD5, and knowing the structure of a drivers license # (5-7 characters, with specific characters being numbers or letters), he was able to brute force all 24 million combinations in only 2 minutes using a single CPU
• Once this was done, he had the original un-anonymized data
• Using other websites, it is possible to link the medallion and hack numbers to the owners names
• Original Post
• Additional Coverage – Ars Technica
• To prevent this, there are a number of approaches, the fastest but weakest is a ‘secret key’. Instead of md5(hack#) just do md5(SUPERLONGSECRETKEYhack#), as long as the attacker doesn’t know the secret key, and it is long enough to make guessing it impractical, the data would remain anonymized
• Another option is to use the md5 hash of the encrypted form of the value. However this eventually just relies on a secret key as well. However, if the data never needs to be anonymized, a very strong key can be used, and that key can then be destroyed, making decryption impossible.

Hackers attack hedge fund for monetary gain

• BAE systems, a British defense contractor that also specializes in cyber security, was called in to investigate after computers at a hedge fund were hacked
• The attackers somehow infiltrated the HFT (High Frequency Trading) system, and injected delays of several hundred microseconds into the order entry system
• This causes the Hedge Fund to miss out on profits it could have made on the trades
• It is suspected, that the attackers capitalized on this to make those profits themselves
• “Hedge funds “really have inadequate cybersecurity as a whole” and the attacks threaten to undermine the systems used globally for high-speed trading, said Tom Kellerman, chief cyber security officer for Trend Micro Inc. ”

Feedback:

• Docker flaw

• RE: Docker containers and “secure root” in a container 0

• Mirror SSD with HDD?

• SnapRAID

Round Up:

• Massachusetts high court orders suspect to decrypt his computers
• Department of Justice Canada IT department runs moch phishing campaign against staff, 37% take the bait in December, rates cut in half in April re-test after awareness campaign and additional training
• Security Industry is failing to fix underlying dangers – applications need to be securely written, rather than have security bolted on
• Huawei (Chinese router manufacturer) has some very strict password complexity requirements
• Company wins law suite with bank to recover funds stolen by hackers. 3.5 million was stolen from the company account in 2011 when it was taken over by hackers. The bank managed to claw back all but $299,000 of it, and the company sued the bank for the remaining balance and won $350,000
• Cisco open sources FNR cipher, designed to very quickly encrypt IP addresses to anonymize log data
• World Cup Security Team Accidentally Shares Its Awful Wi-Fi Password
• “Yo” mobile app hacked by 3 Georgia Tech students, founder hires one of the hackers
• LastPass CEO: The Truth About Your Password Security

The post Restores are Everything | TechSNAP 168 first appeared on Jupiter Broadcasting.

We chat with Dan at the Mozilla about his work on the Persona project, and how Mozilla offers developers a neutral platform for effective authentication.

Plus our thoughts on what’s troubling the Ubuntu Edge project, a batch of your questions, and much more!

Thanks to:

GoDaddy.com Use our code coder249 to get a .COM for $2.49.
UnitySync Visit dirwiz.com/unitysync use code coder for an extended trial and a year of maintenance.
Ting.com Visit coderradio.ting.com to save $25 off your device or service credits.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | Video Feed | Torrent Feed | iTunes Audio | iTunes Video

Feedback

• Dani\’s email: How can I follow my passion when my \’professional\’ experience is elsewhere
• Lennon\’s Email: Over worked
• Thanks for Fizzing my Buzz!
• Chris and his in-app purchase habbit

Persona

• Mozilla Persona — simple sign-in with email

At Mozilla, we believe that your online life is your business. With that in mind, we created Persona to make it easier to sign in to websites.

Persona allows you to sign in to sites using any of your existing email addresses; and if you use Yahoo! or Gmail for email, you will be able to sign in without having to create a new password.

• Mozilla Persona: A Better Way to Sign In

Connect with Mozilla Persona, the safest & easiest way to sign in.

• Home – Mozilla Webmaker
  > We\’re a global community that creates the web by making, teaching and remixing. Check out this week\’s most inspiring Makes and sign up to create your own.

Follow the show

• Email the show
• Join the Coder Radio Subreddit
• Live Monday 9am PST
• Music by: Ronald Jenkees
• Mike on Twitter
• Mike on Google+
• Mike’s website
• Chris on twitter
• Chris on Google+

The post Mozilla Persona | CR 63 first appeared on Jupiter Broadcasting.

We chat with Geoff “Heretic” Tuffli, the creator of Star Trek Online’s Duty Officer System. Heretic shares insights into how the system works, future ideas, and a few surprises. Plus we get some hints about Fleet Starbases!

Mav covers the tips you need to know if your STO account is ever hacked, and what steps you can take to get the best response from support. Plus we dig into the Field Generator Console controversy!

Subscribe via RSS and iTunes:
Subscribe... -- STOked -- iTunes HD Video iTunes iPod Video iTunes MP3 HD Video RSS iPod Video RSS MP3 Audio RSS OGG Audio RSS -- ALL SHOWS -- iTunes Large Video iTunes MP3 Large Video RSS MP3 Audio RSS OGG Audio RSS

[ad#shownotes]

Support the Show:

   

Show Notes: