Kaia is the CEO cofounder of keyboardio – premium ergonomic keyboard using open source and open hardware!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed

Become a supporter on Patreon:

Show Notes:

• Keyboardio: heirloom-grade keyboards for serious typists
• keyboardio (@keyboardio) | Twitter
• (1) Keyboardio
• Keyboardio (@keyboardio) • Instagram photos and videos
• Adafruit Industries, Unique & fun DIY electronics and kits
• Welcome to delightful, modern payroll | ZenPayroll
• HipChat – Private group chat, video chat, instant messaging for teams | HipChat
• Kaia Dekker (@quince) | Twitter

Transcription:

ANGELA: This is Women’s Tech Radio.
PAIGE: A show on the Jupiter Broadcasting Network, interviewing interesting women in technology. Exploring their roles and how they’re successful in technology careers. I’m Paige.
ANGELA: And I’m Angela.
PAIGE: So, Angela, today we’re interviewing Kaia, she is from Keyboardio, which is a badass software company that is trying to reinvent the way that we use keyboards, and we talked to her about the Kickstarter process, the open hardware process, the open software process, and how she got involved in all that, so it’s a really fascinating interview.
ANGELA: And before we get into that, I just want to mention that you can support Women’s Tech Radio and the Jupiter Broadcasting Network by going to Patreon.com/today. That is a general bucket of Jupiter Broadcasting support. We have a bunch of other shows, but specifically if you go there and you donate, it is also contributing to Women’s Tech Radio.
PAIGE: And we get started by asking Kaia what she’s up to in tech today.
KAIA: I am Kaia Dekker and I’m currently the co-founder and CEO of a company called Keyboardio. We make premium ergonomic keyboards that are also open hardware, so they’re super hackable. We give you the firmware source, we give you schematics for the electronics, and still are selling it fully assembled as a finished product, but at the same time, it’s also open hardware. So if you want to open it up and hack it, you can.
PAIGE: So, an open hardware keyboard. How did you get there?
KAIA: My co-founder who is also my husband had really bad wrists and cubital tunnel, like a repetitive stress injury from typing too much. He professionally had been a programmer for most of his life, and had tried out something like 20 or 30 different ergonomic keyboards, and none of them were really working for him. So he started out as sort of a hobby project trying to build his own that would be tailored specifically to him and have a working keyboard that wouldn’t make his wrists hurt too much. And he started sort of spending more time on this and I was just getting out of business school and was trying to kind of what I wanted to do next. I knew I didn’t want to go back to the companies that I had worked at before, but hey, we may be able to spin this into a business! And keyboards in particular were really interesting to me, mostly from a blank slate design perspective where it’s this thing that most of us are using for eight hours plus almost every day that we literally have our hands on every day. It’s a very intimate, long lasting relationship with an object, but it’s not something that had seen a lot of design or really thought put into the design. Innovation, the basic keyboard design, it’s based on what a typewriter looked like in the nineteenth century which was based on how you could build something in the nineteenth century. The technology has come a lot farther, the understanding of what makes for good design has come a lot farther, and there is no reason not to make something that would be better. So I was really attracted to the idea of being able to rethink this tool that we use all the time and what would it be like if you were to start over a little bit. We ended up with something, it’s a little weird, a little different. So the materials are different. We have an enclosure made out of wood as opposed to plastic or aluminum. The shape is really different. It’s based around originally research on different hand shapes and what keys people can reach easily, and iterated probably two dozen times before we ended up where we are today. It’s fully programmable, so it’s trying to be a little bit smarter as a piece of hardware as opposed to just sort of a dumb input device.
ANGELA: Right, and specifically one of the first things I pick up when I see your keyboard is that it’s the left and the right hand are separated. They’re broken in the middle if that makes sense. And we’ve seen Microsoft put out a keyboard like that, but what they did was they took a standard keyboard and just broke it in half essentially and moved it at an angle, whereas yours, the actual keys are placed differently with more focus on thumb work than any other keyboard that I’ve seen.
KAIA: Yeah, so we’ve put the keys in columns because that’s the way, if you look at your hands and sort of bend your fingers, they move in a column. They don’t move in a sort of strange diagonal method, the staggered layout of a traditional keyboard. And we’ve actually somewhat subtly arched them to follow the actual arch that your fingers make. It takes a bit of retraining to follow an ergonomic layout, but once you do, it just feels a lot more natural, which makes sense. It’s building something designed around how your hands work as opposed to just following the sort of cargo culting the same thing that we’ve done for a very long time.
ANGELA: Now, I have a question. It is reprogrammable, but when I was taking typing classes back in seventh and eighth grade, I learned some history about keyboards, and that is that they used to be in alphabetical order, and this may or may not be accurate.
PAIGE: It’s accurate.
ANGELA: Okay. And that it was scrambled onto the keyboard because people were too fast. They learned it, they knew the prediction of where the letters would be based on the alphabet was too fast, so they scrambled them up to slow people down because the technology couldn’t keep up. Well, I think technology can keep up now, and I am wondering have you, well, because it’s reprogrammable, I think anybody can change how the letters are, but have you done any specific keyboards with it in alphabetical order instead of scrambled?
KAIA: Yeah, so there are a lot of stories. It’s actually really fascinating the history of why people stuck with QWERTY when it isn’t a particularly good design. I still type QWERTY because I’ve been typing it for decades, and for me, learning a new layout wasn’t going to be enough faster, enough more efficient. For me the limiting factor isn’t usually how fast I can type, it’s how fast my brain goes. And so, until I learn how to think faster, I’m not going to worry too much about optimizing for speed. Definitely, some of the people we’ve had beta testing are people who used vorac or other alternative key layouts. There’s actually a very fascinating group of people who have a community online where they will basically track all of their key presses and then feed it into a program to figure out their own personal custom layout that minimizes finger movement. So you can have your own thing that’s completely different from anyone else’s. Otherwise, QWERTY is pretty standard. Vorac is pretty common, and then there is something sort of similar to vorac but based on a more recent and bigger purpose of data to figure out where to put the keys called culmac and that’s actually built into Mac OS and other things as well, so it’s pretty popular. Not as popular as vorac, and of course, not nearly as popular as qwerty, but those three plus one other alternative are built into the firmware by default, and then if you want to change what any particular key does, you are able to do that as well.
ANGELA: Now, if I go to keyboard.ao, there is a lot of information on here, and it shows the keyboard, but I’m wondering, what I don’t see is, and/or, are you planning to put out a ten key?
KAIA: We’ve thought about it. Right now we are just about to ink a contract for manufacturing our first product, the model one, which is what’s called a 60 percent keyboard. It doesn’t have a separate tenkey pad, and I think once we’ve got that produced, or a little further down the line, we’re going to really kind of look at the product road map and figure out what comes next. Right now we’re a small company and we don’t quite have the resources.
ANGELA: Honestly, if the keyboard were better and more functional, easier to reach the numbers, maybe ten key, maybe it would eliminate that need which I think is what Paige was kind of snobbily implying with her–you didn’t even comment, but you said you and your tenkeys or whatever.
PAIGE: I have a lot of friends that I’ve gotten into this argument, because I have friends who won’t buy laptops that don’t have tenkeys.
ANGELA: Well, you could always get a USB tenkey.
PAIGE: How often do you actually use a ten key?
ANGELA: That’s the thing, if your work is in numbers, it is very handy.
PAIGE: If you’re an accountant or something.
ANGELA: Well, even some things I do, I would really prefer a ten key, so I was just curious.
KAIA: We do have a numlock mode that turns kind of the right hand side into basically a ten key, which is definitely, I’m the one that gets stuck doing all of the accounting, and I switched to that for doing that. It’s easier.
PAIGE: That actually makes even more sense than a separate tenkey.
ANGELA: Yes, it does, you’re right.
PAIGE: So, you’ve been kind of on this journey. What was it like to go from kind of a business background kind of into this crazy tech world? You dove in deep. This is hardware, software, open source on both side, it’s a pretty complex crazy project.
KAIA: Yeah, I’ve never been one for just sticking my toe in. I’m kind of a jump all the way in kind of girl. I’d always been interested in tech. I went to a technology magnet focused high school and then I went to MIT which has a very strong engineering culture and a lot of people building things for fun on the weekends and in the evenings, and I’ve always followed that and been interested in that. I ended up sort of in business almost somewhat accidentally. I had been a physics major and undergrad and thought that I’d been sort of pushed that way by teachers and so on, and I thought okay, this is what I’ll do as a career. And then I sort of realized junior year that I didn’t have, one the type of mind that works really well doing physics research, and two, I didn’t really have the temperament to live an academic type of life. You need to be a type of person who can work by themselves and be very driven and work in a very hardworking, but in many ways, a very slow paced environment. That just wasn’t, I realized by that time, that wasn’t the kind of environment where I did my best work or where I was happiest. I preferred working with other people, like things that are much more fast paced, even if you’re working on something that’s not as fundamental as understanding new things about the universe, I’m just happier when I’m working on fast paced things with a lot of different people to bounce ideas off of and to learn from. So I kind of pivoted I guess into doing then technology investment banking which has paid very well, but I sort of left as soon as I got my first bonus check, and I did managing consulting for a while, and then software marketing, then ended up doing this. It’s interesting. There is definitely things that you get used to when you’re working for large companies or on behalf of very large companies that just don’t apply in the startup world where you have to learn to get by with a lot fewer resources when you’re a startup, and there’s no one a lot of times where you can go out and find the person in such and such department who knows about something because you are the such and such department.
PAIGE: You’re every department.
KAIA: Yeah, but it’s been great. We relocated to the San Francisco Bay Area which has been amazing just in terms of there is a community of hardware startups out here, and anything from you need to borrow a part last minute or getting someone to take a second look at your boards and trying to figure out why they’re not working or getting advice on how to choose a manufacturer, whether or not paying for a sourcing agent is worth it. Anything from the business end to a big architectural type decisions to just day to day prototyping help, like it’s been so amazing to be around so many really talented, really interesting people working on hardware. It’s really been amazing.
PAIGE: That’s really neat that the community would still play such a role. You would think hardware is so much more of a, I don’t know, a set thing, that there’s more like set ways to do it, but I think it’s just as mutable as software.
KAIA: It’s much more so now than it was 20 years ago or even five or ten years ago and I think it’s still shaking out a little bit. Historically, at least, hardware was something that took huge investment and had very low returns and was something that you could only do if you were a big company or had a lot of money. The prototyping phase of things has gotten so much easier with it being very accessible to have rapid prototyping technologies like 3D printing or laser cutters and CNC mills and so on being much more accessible due to things like tech shop or Hackerspaces where they have these machines available and let people from the community access them, to things like Arduino or teensy or other microcontrollers or environments where the first embedded programming is done for you, so you don’t really have to start from scratch, you can hook together things and do a quick prototype without having to put in quite as much of an investment as you used to. And things like Digikey or Adafruit where being able to access, I need ten of a part is very easy and affordable now, and you don’t have to buy an entire real component to get it, you can find pretty much any component you want and order it in pretty much any quantity that you want. So the prototyping phase is a lot easier.
PAIGE: Yeah, it’s like we’re finally catching up with hardware where we’ve been with software for a long time. Like we’re building these hardware frameworks almost that kind of piece together in a way that makes things fast, easy, and accessible. I’ve seen so many things around Portland or other places where it’s like hey, come over and work on Arduino’s for the day, and just seeing like little kids up to big adults playing with hardware for the first time is really fascinating.
KAIA: Yeah, it’s amazing. That’s one of the reasons we wanted to make our product open source was that getting people, like the moment, whenever you have a programming language that you’re learning and you get Hello World to work, and when it’s like your first time programming anything, it’s a really magical feeling that like I got the computer to do this thing, and when you do it in hardware, when you get a light pattern to flash up or do things like that, it’s even more magical. It’s a tangible piece of the world that you are controlling through the code that you’re writing and it’s a really, really awesome feeling.
PAIGE: Yeah, I totally agree. This winter I played with my Raspberry Pie and some relays for the first time and made some lights light up and it was like as inspiring as Hello World is. This was even more like woah!
KAIA: Yeah, and I think the question for hardware is like the prototyping phase, we’re finally catching up, and it’s getting from your first working prototype into production which is obviously not something that every project wants, but if you’re trying to build a company and build products, you do eventually have to make the change away from 3D printing and hooking things together with cables and Arduino and so on. You have to make a fundamental shift in the technologies you’re using to move to even small scale mass production, and that’s something where there is a bunch of different people trying to figure out how to make it easier and make it better. But it’s still just very complicated that there is, not only do you have all of these systems where the changes you make to your electrical layout are going to make your actual physical hardware layout change, and that involves, you might need to get mechanical engineering skill and electrical engineering skill and industrial design type of skill all involved just to make what seems like it should be a really small change, which I mean, that’s a hard problem. And then figuring out what does that do when you take it into production, how does that change things, and very small changes can make very big changes and very big costs down the line.
PAIGE: Your margin for error is very small.
KAIA: Yeah, and it’s something from software where I think people have gotten so used to Agile or other sort of sprints to make quick changes in small increments and keep building on that, and it’s not something that transfers over to hardware necessarily as well, which is frustrating to someone who likes being able to fool around and try different things and realizing that there is much more kind of top down planning you have to do is not necessarily how people have trained to do it.
PAIGE: Yeah, you have to give a pivot for polish.
KAIA: Yeah that’s a great way of putting it.
PAIGE: So, in that vein, you guys ran an amazingly successful Kickstarter, originally reaching for $120,000.00 goal, you hit $650. What was that like to go through? What are some of the challenges you’ve had afterwards or during? Can you talk to us a little bit about that?
KAIA: Sure. It was an amazing experience in Kickstarter. Especially as the person who ends up being in charge of the business stuff, there is always the primary question in my mind, and before we did the Kickstarter was like I think there is a market for this. We’ve got a bunch of people on our mailing list, people seem to think it’s really interesting, but does anyone actually want this? You don’t really trust that people will want a product until they put in their credit card number. So that was great and sort of took this thing that I’ve been worrying about for months and sort of just eliminated it really quickly. It’s like yeah, there are a lot of people who kind of get what we’re trying to do and see why we’re trying to do it that way. And yeah, the whole Kickstarter experience was really cool. We did a cross country road trip from Boston where we used to live to San Francisco and stopped at Makerspaces just about every day and did little meet ups talking about here is how you could build your own keyboard with the materials and tools that are in this Makerspace, and letting people put their hands on our product. It’s a somewhat weird and different product, and so being able to put your hands on it, actually see it, actually try it out is the time when a lot of people sort of get it for the first time, and it was also kind of a great way, like Kickstarter, or any crowdfunding is a lot of work where you have people writing you every day and you have to manage are you doing ads, and there is all this stuff you have to kind of manage and being able to have something that we were doing every day that took the focus away from–its hyper focused on this campaign, and let us look and see what people were doing at different Makerspaces was really cool. We were lucky that it was sort of something that was on grand for us that we are open hardware, we did come out of kind of a hobby maker type of place, but honestly, it’s always so cool to see like what people are making and what people are doing and talk to people who do cool things and put cool things together.
ANGELA: How big is your team? Is it just you and your husband and some 1099?
KAIA: Yeah, we’ve floated up and down. We don’t have quite enough work in any one discipline to have another full time person coming on, but we have had in the past full time contractors from–currently we have a friend of mine who is working on EE, and she is, I don’t know, it will be a couple of weeks contract probably. We’re pretty close to being done with the electrical, and we’ve had people helping out with industrial design and mechanical as well at different points in the past, so I think peak size would be like five people and sometimes it’s just the two of us.
PAIGE: This is fascinating, a very cool story. I don’t know, I was wondering, so you said there is kind of embedded software for this. Do you guys actually run an embedded processor in the keyboard? Like is there something it’s actually running on like Arduino, Lennox, or whatever?
KAIA: The chip is an Apple chip. It’s an 18 mega 30T4, which is the same thing that’s in an Arduino Leonardo, so it’s not technically an Arduino because we’re not buying a board from Arduino, but we’re what we call Arduino at heart where essentially what we’ve done is take the Arduino and squish it onto our own board and made a couple of little changes, but it’s compatible with the Arduino developer environment. So right now I can just pull up the Arduino ID, use it to make changes to the firmware and use that to flash the keyboard which is cool. When we were trying to decide which architecture to use, we had actually originally been using something else and ended up switching over to this branch of Arduino because you just, you’re going to have to have some kind of processor anyway, like why not pick one that has this huge ecosystem of other people writing code and making devices that are compatible with it.
PAIGE: That makes total sense. Making that approachable is huge. So just one final question for you before we get out of here. Oh, I have two actually. First, I would love to know what you work in day to day for tools. I love to know other people’s stacks like what kind of tools are you using. You mentioned the Arduino IDE. Is there anything else that kind of keeps you going day to day? Especially I’m always interested in the business stack because I don’t touch that most of the time.
KAIA: We do sort of a mix of ad hoc tools and otherwise available tools. I would say the most important tool that we use is slack, which I’m sure you hear a lot is great for communication both within our team, with investors and contractors.
PAIGE: I think that might have actually been one of the first–you might be the first person to bring slack up on the show.
KAIA: Okay. It’s a great tool. I’m happy to evangelize about it. it’s a team communication tool, and it’s an example of really good design where it sort of sets the norms for communication being friendly and kind of fun, but also very easy to–it’s designed by the team that had made flikr back in the day, or a lot of the same team anyway, and it’s really software sort of made with love.
PAIGE: It’s a fantastic tool. I’m in slack every day, and I agree. I think it’s interesting because in my mind, like as a super old nerd, it’s like IRC with user friendliness. But super useful.
KAIA: We use hackpad for a lot of other things that don’t quite fit into slack in terms of communication, so daily to do lists, we’ve tried out probably most of the tools that are out there like Trello and so on for keeping track of thing and product management type tools, and every time we sort of just end up reverting back to Excel or Google Sheets in terms of they don’t add enough–the complexity that they add doesn’t add enough value to be worth it. And then some of the more mundane things like for payroll and accounting and stuff, I use Zero and Zenpayroll and all these SAS providers which are great and definitely much easier to use than some of the things that I had been using even a couple of years ago.
PAIGE: That’s a neat stack. I like that–slack is very cool. I definitely encourage people to check that out. I actually just signed up for the, there is a, I’m pretty sure it’s just Women in Tech Slack. It’s an invite only, but you can apply for an invitation and then you get invited and the community has been really great so far. They are very friendly and there is a lot of resource sharing and just general helping each other out which has been really cool. And my last question, before we ramble on any more is, looking at the future of kind of what’s happening in technology–be it hardware or software–what gets you the most excited?
KAIA: I think the thing that excites me the most is the fact that there are companies out there that are taking things that we already have technologies for and really applying a lot of thought and design to them. I mean, slack is an example of that where Hipchat had been around there for a long time, IRC has been around for decades, but they aren’t adding a lot of new functionality, they’re just taking a user experience that hadn’t been very good and transforming it into something that’s awesome.
ANGELA: Sounds like Apple.
PAIGE: A lot of people make that argument for things like Airbnb. Really originally it was Craig’s List, but ten percent better.
ANGELA: And focused.
PAIGE: And focused, yeah, and Uber. Uber is just a cab service.
KAIA: Yeah, and that’s a trend, as a user I completely appreciate and it’s starting to come into more enterprise tools as well. We just put in a preorder for a Glowforge which is a laser cutter which is something that is a great tool to have, but traditionally it costs $10,000.00 and you’ve ended up spending about a third to a half of your time with it trying to fix problems with different issues with it, and they’re coming out with a laser cutter at a lower price point that is also supported by software that takes away a lot of the pain points of using this tool. This is something that is a prototyping tool, it’s not used by consumers for the most part, but they’re still taking that philosophy and applying it to that. I think people’s expectations in terms of design have come up a lot, and that’s an amazing thing.
ANGELA: Thank you for listening to this episode of Women’s Tech Radio. Remember you can go to JupiterBroadcasting.com for the show notes as well as a full transcription, and you can find us on Twitter @heywtr.
PAIGE: We’d love to hear what you think about the show. If you’d like to tell us, you can use the contact form on the website or email us at wtr@jupiterbroadcasting.com. You can also follow us on Twitter @heywtr. Thanks for listening.

Transcribed by Carrie Cotter | Transcription@cotterville.net

The post Keyboardio | WTR 44 first appeared on Jupiter Broadcasting.

The Backronym vulnerability hits MySQL right in the SSL protection, we’ll share the details. The hacker Group that hit Apple & Microsoft intensifies their attacks & a survey shows many core Linux tools are at risk.

Plus some great questions, a rockin’ roundup & much much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Backronym – ssl stripping mysql connections

• Researchers have identified a serious vulnerability in some versions of MySQL that allows an attacker to strip SSL/TLS connections of their security wrapping transparently.
• Researchers at Duo Security realized that even when they set the correct option to initiate an SSL connection with the MySQL server, they could not make the client enforce a secure connection.
• This means that an attacker with a man-in-the-middle position could force an unencrypted connection and passively sniff all of the unencrypted queries from the client to the MySQL database.
• The vulnerability lies within the behaviour of the ‘–ssl’ client option, which on affected versions it is being treated as “advisory”. Therefore while the option would attempt an SSL/TLS connection to be initiated towards a server, it would not actually require it. This allows a MITM attack to transparently “strip” the SSL/TLS protection.
• The issue affects the ssl client option whether used directly or triggered automatically by the use of other ssl options.
• The vulnerability affects MySQL 5.7.2 and earlier versions, along with MySQL Connector versions 6.1.2 and earlier, all versions of Percona Server and all versions of MariaDB.
• The vulnerability is nicknamed BACKRONYM (Bad Authentication Causes Kritical Risk Over Networks Yikes MySQL) by the Duo researchers, who also put up a site that riffs on the recent trend of researchers putting up sites for major vulnerabilities.
• What does BACKRONYM stand for? Bad Authentication Causes Kritical Risk Over Networks, Yikes MySQL!
• They say: “We spent countless hours analyzing the BACKRONYM vulnerability to come up with a human-readable description that would convey the underlying root-cause to infosec professionals.”
• What do I need to do to fix BACKRONYM?
• Step 1: PANIC! I mean look at that logo – your database is basically exploding!
• Step 2: Tell all your friends about BACKRONYM. Use your thought leadership talents to write blog post about BACKRONYM to reap sweet Internet karma. Leverage your efforts in responding to BACKRONYM to build political capital with the executives in your organization. Make sure your parents know it’s not safe to shop online until BACKRONYM is eradicated.
• Step 3: Actually remediate the vulnerability in any of your affected MySQL client-side libraries (also MariaDB and Percona). Unfortunately, there’s no patch backported for MySQL <= 5.7.2. So if you’re on MySQL 5.6 like 99.99% of the Internet is, you’re basically out of luck and have to upgrade to the MySQL 5.7 “preview release” or figure out how to pull in libmysqlclient >= 6.1.3. Backporting security fixes is hard, apparently.
• Additional Coverage: New PHP release to fix backronym flaw
• The BACKRONYM Vulnerability

Hacker Group That Hit Twitter, Facebook, Apple and Microsoft Intensifies Attacks

• The hacker group, which security researchers from Kaspersky Lab and Symantec call Wild Neutron or Morpho, has broken into the networks of over 45 large companies since 2012.
• After the 2013 attacks against Twitter, Facebook, Apple and Microsoft were highly publicized, the group went underground and temporarily halted its activity.
• Symantec has named the group behind the attacks “Butterfly”.
• Butterfly is technically proficient and well resourced. The group has developed a suite of custom malware tools capable of attacking both Windows and Apple computers, and appears to have used at least one zero-day vulnerability in its attacks. It keeps a low profile and maintains good operational security. After successfully compromising a target organization, it cleans up after itself before moving on to its next target.
• The first signs of Butterfly’s activities emerged in early 2013 when several major technology and internet firms were compromised. Twitter, Facebook, Apple and Microsoft disclosed that they had been compromised by very similar attacks. This was done by compromising a website used by mobile developers (that we covered before on the show) using a Java zero-day exploit to infect them with malware.
• The malware used in these attacks was a Mac OS X back door known as OSX.Pintsized. Subsequent analysis by security researcher Eric Romang identified a Windows back door, Backdoor.Jiripbot, which was also used in the attacks.
• Symantec has to date discovered 49 different organizations in more than 20 countries that have been attacked by Butterfly.
• Butterfly has also shown an interest in the commodities sector, attacking two major companies involved in gold and oil in late 2014. In addition to this, the Central Asian offices of a global law firm were compromised in June 2015. The company specializes in finance and natural resources specific to that region. The latter was one of at least three law firms the group has targeted over the past three years.
• Butterfly has also developed a number of its own hacking tools. Hacktool.Securetunnel is a modified version of OpenSSH which contains additional code to pass a command-and-control (C&C) server address and port to a compromised computer.
• Hacktool.Bannerjack is meanwhile used to retrieve default messages issued by Telnet, HTTP, and generic Transmission Control Protocol (TCP) servers. Symantec believes it is used to locate any potentially vulnerable servers on the local network, likely including printers, routers, HTTP servers, and any other generic TCP server.
• The group uses Hacktool.Eventlog to parse event logs, dumping out ones of interest, and delete entries. It also kills processes and performs a secure self-delete. Hacktool.Proxy.A is used to create a proxy connection that allows attackers to route traffic through an intermediary node, onto their destination node.
• Based on the profile of the victims and the type of information targeted by the attackers, Symantec believes that Butterfly is financially motivated, stealing information it can potentially profit from. The group appears to be agnostic about the nationality of its targets, leading us to believe that Butterfly is unaffiliated to any nation state.
• Links:
• Butterfly: Profiting from high-level corporate attacks | Symantec Connect Community
• Hacktool.Securetunnel | Symantec
• Wild Neutron – Economic espionage threat actor returns with new tricks – Securelist

Core Linux tools top list of most at-risk software

• The CII (Core Infrastructure Initiative), a Linux Foundation effort assembled in the wake of the Heartbleed fiasco to provide development support for key Internet protocols, has opened the doors on its Census Project — an effort to figure out what projects need support now, instead of waiting for them to break.
• The Census, with both its code and results available on GitHub, assembles metrics about open source projects found in Debian Linux’s package list and on openhub.net, then scores them based on the amount of risk each presents.
• A copy of the census data downloaded from GitHub on Friday morning showed 395 projects in the census, with the top-listed projects to be core Linux utilities. Ftp, netcat-traditional, tcpd, and whois all scored 11 out of a possible 15.
• High scores in the survey, said the CII in its page on the project, don’t mean a given program should be ditched, or that it’s to be presumed vulnerable. Rather, it means “the project may not be getting the attention that it deserves and that it merits further investigation.”
• Apache’s https Web server, a large and “vitally important” project with many vulnerabilities tracked over the years, ranked as an 8 in part because “there’s already large development & review team in place.”
• Busybox, a project found in many embedded Linux applications that has been implicated before with security concerns, ranked even lower, at 6.
• One of tricky issues that bubbles up is the complications posed by dependencies between projects. For the libaprutil1-ldap project (with a score of 8), the notes indicate that “the general Apache Portable Runtime (APR) appears to be actively maintained. However, it’s not as clear that the LDAP library in it is as actively managed.” Likewise, anything that uses the Kerberos authentication system — recently implicated in a security issue — typically has “Kerberos” in the notes.
• linuxfoundation/cii-census · GitHub

Feedback:

• 6gig SAS

• fail2ban

• Colo or No-Go

Round Up:

• International cybercrime marketplace taken down
• Larry Wall on Perl 6 and teaching kids to code
• Uninstalled Google Photos? Thought your pics safe from slurping? WRONG, bozo
• Toshiba owned OCZ launches new line of SSDs at $0.40/GB. Uses new flash memory and controller directly from Toshiba. Do you trust something new? From
• ID Theft Service Proprietor Gets 13 Years
• When security and politics collide: Lifespan in the SES (Senior Executive Service)
• Intel confirms tick-tock-shattering Kaby Lake processor as Moore’s Law falters

The post Butterflies & Backronyms | TechSNAP 224 first appeared on Jupiter Broadcasting.

A landmark ruling in Germany combined with the media’s attempt to label Bitcoin legal status collide this week on the Plan B show. Plus the security warning Blockchain.info users need to know, and Butterfly Labs pokes the hornets nest!

Downloads:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | Video Feed | Torrent Feed | iTunes Audio | Ogg Feed

— Support the Show —

• Donate to the network with your worthless fiat or your fancy bitcoins!

• Tip address:

  1HE36CMdeYCF9N7rmpfa5BwKMGb1PfkNyD

— Feedback —

• Wallet Address Question

• waxwing comments on US vs Bitcoin Revolution | Plan B 19

• I put all my life savings into bitcoins

Help spread the word on iTunes with a Rating and Review:

• iTunes – Plan B by Jupiter Broadcasting

Call or txt the Show:

1 (352) 587-5262

(352) 58-PLANB

— Discussion —

Bitcoin now \’unit of account\’ in Germany

• German government okays Bitcoins for private transactions | PCWorld

The German Federal Ministry of Finance said on Monday that Bitcoin is not a full-fledged currency but that it is permissible to use it in private transactions.

But if companies want to use Bitcoins for commercial transactions, they need the permission of the Federal Financial Supervisory Authority (BaFin), said Martin Chaudhuri, ministry spokesman.

• Bitcoin now \’unit of account\’ in Germany

While not putting Bitcoins on the same footing as formal currencies such as the pound or dollar, Germany\’s move does mean that people who have speculated in the online cryptocurrency could be liable for capital gains taxes if they sell them less than a year after acquiring them.

People who have held on to them for longer will not be liable, the ministry told German MP Frank Schaeffler, who raised the question with the ministry. German authorities are trying to work out how — or whether — they could determine taxes due on Bitcoin transactions between individuals.

• Germany\’s ruling on Bitcoin paves the way for its legitimacy in the EU | The Verge

The most interesting aspect of the German ruling may be the consequences for the rest of the EU. The designation means that any exchange that wants to sell Bitcoin in Germany knows exactly what it needs to do: get a license from BaFin under Article 32 Kreditwesengesetz. Once an exchange is licensed in Germany, it would be allowed to operate anywhere in the EU — a stark contrast from the US, which requires a federal registration in addition to separate licenses from the states.

BFL 600 GH Bitcoin Mining Card

Performance Specifications

• 600 GH/s nominal performance ( + / – 20% )
• 350w (0.6w/GH conservative estimate)

Connectivity

• USB 2.0 – Monarch cards can be used as an external computer peripheral and chained via USB hub. In this mode it can be controlled via an Android host or standard Linux or Windows computer.
• PCI Express – Monarch cards consume two PCI slots when installed in a standard ATX motherboard. The PCIe format used is 1X for maximum compatibility.

Mining Software compatibility

• EasyMiner software is provided for Android, Windows & Linux operating systems.
• BFGminer – Open source available
• CGminer – Open source available
• BitMinter – Java Client

Prior to this announcement, BFL’s largest mining rig ran at 500 GH/s and cost $22,484. It required over 100 chips and an enclosure of almost two cubic feet. The new 600 GH/s device will be the first ASIC miner to take the form factor of a standard graphics card.

Blockchain.info Users Need to Update Browser Plugin/Clear Cache

• Blockchain.info security [FUNDS STOLEN]

Jesse James has informed me of a problem with the rng used by blockchain.info javascript clients being poorly seeded when initialised in a background webworker task. In some browsers this could lead to duplicate R values being used when signing transactions (Firefox is likely to be particularly vulnerable). This issue effects the transaction signing code only, not the generation of private keys.

Patches have now been deployed, Please ensure you upgrade to the latest version of your Blockchain.info client.

• Chrome extension – v2.85
• Fixefox extension – v1.97
• Mac client – v0.11

Users of the web interface should clear their browsers cache before next login.

Only a handful of addresses are known to be affected thus far. Likely if you have been affected by this problem your coins will have been taken already. All affected users will be refunded in full, please PM me or email help@blockchain.info.

Bitcoin Pick

• Myths – Bitcoin

Let\’s clear up some common Bitcoin misconceptions.

— Watch Live —

Tuesday 2pm PDT / 5pm EDT / 9pm GMT

• JbLive.tv

— Plan B Subreddit —

• Plan B Show

— Contact us —

• Chris on G+
• Drew on G+

— Music —

• Thanks to Ronald Jenkees and his fantastic track 7 Times

— Support the Show —

• Donate to the network with your worthless fiat or your fancy bitcoins!

• Tip address:

  1HE36CMdeYCF9N7rmpfa5BwKMGb1PfkNyD

The post Bitcoin is Legal-ish | Plan B 20 first appeared on Jupiter Broadcasting.

Butterfly Labs has shipped the first batch of their ASIC miners. David Perry joins us to chat about his 5GH/s Bitcoin miner, his experiences mining over the past week, and what he believes is Bitcoin’s image problem.

Plus: Have we reached a turning point for Bitcoin Mt Gox DDoSing? Bitcoin’s moment on the Colbert Report, the downside to Litecoin, your emails, and much more!

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | Video Feed | Torrent Feed | iTunes Audio | Ogg Feed

Show Notes:

— Feedback —

• 3D printing for Bitcoin and Litecoin

• Is there some way to transfer bitcoins without paying the 0.05 transfer fee?

• Can different clients have different transaction fees?

Help spread the word on iTunes with a Rating and Review:

• iTunes – Plan B by Jupiter Broadcasting

Call or txt the Show:

1 (352) 587-5262

(352) 58-PLANB

— Discussion —

• bitfloor

I am sorry to announce that due to circumstances outside of our control BitFloor must cease all trading operations indefinitely. Unfortunately, our US bank account is scheduled to be closed and we can no longer provide the same level of USD deposits and withdrawals as we have in the past. As such, I have made the decision to halt operations and return all funds.

• The Bitcoin Bubble Explained, Colbert-Style (Video)

Leave it to Stephen Colbert to cut through the chatter about bitcoins with his own brand of high-octane, self-interested analysis. In a segment about bitcoin trading that aired last week on The Colbert Report, Colbert posed: “If you don’t know what Bitcoin is — want to buy some bitcoins?”

• BitCoin, Or BetaCoin? What The Venture Capitalists Are Thinking

The next chapter of the story, he believes, will be the entry of a host of \”Smart money\” venture capitalists looking to build the currency\’s infrastructure.

• Have We Reached A Turning Point For Bitcoin Exchange DDoS?

Unlike past DDoS attacks, something very interesting happened yesterday: nothing. Trades trickled through and prices barely moved, remaining in a tight band for hours. The implications of that could be tremendously positive.

• Butterfly Labs ship Jalapeños ASIC Bitcoin miners to customers

The day has arrived, the Butterfly Labs forum Latest Update reads \”Jalapeños are making their way to their new homes. https://ow.ly/i/1WUo4″.

While there is no mention yet of numbers that have been shipped or when the other Butterfly Labs devices like the BitForce Single or Little Single will be shipping this will be welcome news to bitcoin miners everywhere.

• Shipping Update – Blogs – Bitcoin Mining Forum – Butterfly Labs

Monday 4/22 shipped 4 Jalapenos. 1 Customer and 3 developer units.

Tuesday 4/23 3 more to ship today to customers.

As we get ramped up here I won\’t be telling you how many we ship each day–just what day the orders were made that we are shipping. Right now I just want you to know the magnitude of the number of units so you can see we are not blowing these products out the door in great numbers. That will come later.

David Perry Gets a BFL Jalapeno, shares his Unboxing and Demo

• BFL Jalapeno Unboxing and Demo

BFL was kind enough to send me a pre-release demo unit so I could show everyone the awesomeness.

• Bitcoin\’s Image Problem

No matter what your personal politics say about Mr. Bernanke up there, you\’ve got to admit he looks pretty professional. Now what does the average mental image of a Bitcoiner look like?

• Coding In My Sleep – Dave’s Site

— Litecoin —

• Who is working on the JB Litecoin Pool?

• Real-time BTC-e LTC/USD chart

• Litecoin As a Means of Transactions (pros/cons list)

• Enjoying LTC, but some questions

— Grab Bag —

• bitcoinstatus.org

• Blockchain infographic)

— Watch Live —

Tuesday 2pm PDT / 5pm EDT / 9pm GMT

• JbLive.tv

— Plan B Subreddit —

• Plan B Show

— Contact us —

• Chris on G+
• Drew on G+

— Music —

• Thanks to Ronald Jenkees and his fantastic track 7 Times

— Support the Show —

• Donate to the network with your worthless fiat or your fancy bitcoins!

• Tip address:

  1HE36CMdeYCF9N7rmpfa5BwKMGb1PfkNyD

The post Flight of the Butterfly | Plan B 3 first appeared on Jupiter Broadcasting.