Framework – Jupiter Broadcasting

Unless you’re been living under a rock or hiding in some tall grass you’ve probably heard of Pokémon GO, the app that has taken America by storm. With its augmented reality platform, Pokémon have been appearing everywhere across America from rivers and lakes to hospital rooms, and users of the app have spent all weekend trying to catch new Pokémon and train them to be the very best.

Pokemon game adds $7.5 billion to Nintendo market value in two days | Reuters

Shares in Japan’s Nintendo Co Ltd (7974.T) soared again on Monday, bringing market-value gains to $7.5 billion in just two days as investors cheered the runaway success of Pokemon GO – its first long-awaited venture in mobile gaming.

Not dead yet: Oracle promises big plans for Java EE

Programming Pitfalls: Cors & Spring Boot

Spring Boot is an offshoot of the popular Spring framework and brings many conveniences from modern non-Java web development frameworks to Spring developers. It’s related to the Spring MVC framework but is more geared toward use in a mircoservices architecture.

Spring Boot

Takes an opinionated view of building production-ready Spring applications. Spring Boot favors convention over configuration and is designed to get you up and running as quickly as possible.

GitMasque Update

Masque operations are now performed on a copy of the target repos dir, so your local history is not altered

Git errors are now bubbled up to the user

Exclusive: Google is building two Android Wear smartwatches with Google Assistant integration

Speaking to Android Police, a reliable source has told us that Google is currently building two Android Wear devices – possibly Nexus-branded – for release some time after the latest Nexus phones are announced.

Feedback

The post PokéCode | CR 213 first appeared on Jupiter Broadcasting.

Mike’s Big Year | CR 184

chris — Mon, 21 Dec 2015 10:27:54 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

As we gear up for our end of year episode, we look back at a few moments in 2015 that we loved. From big news, new directions & industry trends that reflected into our personal lives.

It’s a very special edition of Coder Radio!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Holiday Link List:

Take Part in Crowdfunding JB

The post Mike’s Big Year | CR 184 first appeared on Jupiter Broadcasting.

I Came, I Saw, Ionic | CR 179

chris — Mon, 16 Nov 2015 15:09:48 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Microsoft kills a major Windows development initiative & becomes one of the top contributors to Go.

Mike has a new love & gets a bit ironic about Ionic. He explains why this framework just might be his new home.

Plus some great feedback & we bask in the dawn of the age of utility.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Hoopla:

Microsoft is currently the top Go Contriubtor

Microsoft adopts Google’s Go language into Azure

Mark Russinovich, CTO of Microsoft Azure, announced at All Things Open, that Microsoft is adding “experimental support” for Google’s open-source Go language, into its Azure cloud service.

Another $1 Million Crowdfunded Gadget Company Collapses

Remember the Robotic Dragonfly? The little drone was an early crowdfunding success story, netting over a $1 million in pledges on Indiegogo in 2012. At the time, it was one of the first crowdfunded gadgets to raise more than a million dollars. The project promised a tiny robot that can fly like a bird and hover like an insect — and for $99, too. Bad news, friends. This little drone is not taking off as scheduled.

The company announced yesterday that it is in deep financial trouble. But it’s not their fault, the founders say in notes on Indiegogo. It’s PayPal and Indiegogo’s fault for not releasing funds. How much? The company didn’t release that information.

The direction of computing is only going in one way—to the cloud

The direction of computing is going in just one way—towards the cloud. As companies and individuals learn what it can do, many new ways of working are opening up. For example, if you’re selling a service or providing an app via the cloud, all your users are permanently or very frequently connected. You can watch how they use your product, and feed that information straight back into your development cycle to alleviate points of pain or optimise and expand popular areas. That simply wasn’t possible before. You can analyse and act on real-time data to add far more intelligence to your product than your users’ devices can support, as Siri and Google Now already show. The constraints of pre-cloud computing are fading away, and the age of true utility is here.

Ionic Dev Diaries

Mike’s in the last phase of development for releasing an Ionic / Cordova app under BT.
Why Ionic?
The road so far.
Platform specific concerns?

Feedback

Experience, money, or fun???

The post I Came, I Saw, Ionic | CR 179 first appeared on Jupiter Broadcasting.

Millennials and Mentors | WTR 40

chris — Wed, 16 Sep 2015 13:02:22 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Elizabeth cofounded WWC NYC and is a front end engineer. She discusses her path as a millennial/youngling in the technology field.

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed

Become a supporter on Patreon:

Show Notes:

Transcription:

ANGELA: PAIGE: ANGELA: PAIGE:: ANGELA: PAIGE: ELIZABETH: PAIGE: ELIZABETH: PAIGE: ELIZABETH: PAIGE: ELIZABETH: PAIGE: ELIZABETH: PAIGE: ELIZABETH: PAIGE: ELIZABETH: ANGELA: ELIZABETH: PAIGE: ELIZABETH: PAIGE: ANGELA: PAIGE: ELIZABETH: PAIGE: ANGELA: ELIZABETH: PAIGE: ELIZABETH: PAIGE: ELIZABETH: PAIGE: ELIZABETH: ANGELA: ELIZABETH: ANGELA: ELIZABETH: PAIGE: ANGELA: PAIGE: ANGELA: PAIGE: ELIZABETH: PAIGE: ELIZABETH: PAIGE: ELIZABETH: ANGELA: PAIGE: ELIZABETH: ANGELA: PAIGE: ELIZABETH: PAIGE: ELIZABETH: PAIGE: ANGELA: PAIGE: ANGELA: PAIGE: ELIZABETH: ANGELA: ELIZABETH: PAIGE: ANGELA: PAIGE: ELIZABETH: PAIGE: ELIZABETH: PAIGE: ELIZABETH: PAIGE: ELIZABETH: ANGELA: PAIGE: This is Women’s Tech Radio.
A show on the Jupiter Broadcasting Network, interviewing interesting women in technology. Exploring their roles and how they’re successful in technology careers. I’m Paige.
And I’m Angela.
So, Angela, today we’re going to dive into an awesome interview with Elizabeth, who self-identifies as a millennial youngling and talk about her career, her transition, what she thinks about coming up in a culture where tech was okay and all sorts of different juicy topics.
And before we get into the interview, I’d like to mention that you can support Women’s Tech Radio by going to patreon.com/jupitersignal. You can subscribe for as little as $3.00 a month and support this awesome content. Go to patreon.com/jupitersignal.
And we got started our interview by asking Elizabeth what she’s up to in technology these days.
I am a software engineer, and I was previously at a corporate company that did all the media stuff, and now I’m looking for new opportunities.
Awesome. So what side of software engineering are you into?
Which of the cornucopia? I do mostly front-end software engineering, so lots of HTML CSS, mostly JavaScript, a lot of frameworks where I hope to do many more.
How do you feel about the exploding front-end framework–I would almost call it a problem. It seems like every day there’s a new one and everyone wants to jump on the new hotness.
Yeah, I started in technology about three years ago, and I remember I was, you know, the common I’m just entering into the industry problem is which framework do you start out with? And I thought Python. Python back then was–that was the jam. And it’s not to say it’s not now, but now everything is in JavaScript, so you can work in front end and back end, and I don’t need to learn another language and its intricacies, so I’m going to say JavaScript is the best. That’s a 2015 opinion. I reserve to change.
I’m going to hold you to that in five years, all right? I’m an advocate the same way. I run a JavaScript jam night, I guess, every week for Women Who Code, and the reason that I chose JavaScript is because it is so agnostic in the stack. Like you really can’t go from node all the way out to front end basic JavaScript and jQuery and angular. It’s a great choice for a first language, although it’s not as pretty or as easy to read as like a Revere or Python. It’s so practical.
It is. And there are so many things that are happening with it. The New York City JavaScript community has just exploded over the past year. There is Brooklyn JS and there’s a plethora of meetups that are just focused on JavaScript. And what is it–there’s all these fancy type of developers coming up, so there is the note–if you just practice note JS, there is a node JS engineer where I’ve seen a copious amount of job openings for.
Yeah, it’s really starting to blow up. It’s interesting because everybody is like we want a five year experience node JS engineer. I’m like, are you sure you understand what you’re asking for there? Like time traveling node engineers?
Well, it’s all open source, so they’ll finagle those dates.
Right? That’s very cool. So you mentioned that you’ve only been doing this for three years. So how did you get into it? Tell me about your journey there.
Yeah, I’m a self-proclaimed Youngling. And about three years ago, I got accepted into a program for Google and so Google flew me out there for three weeks and talked to me about computer science and it was called Google’s Computer Science Summer Seminar. So like their version of incorporating all the students into what they do and into the application. And so it was Google. It was an amazing experience, my first time out in Mountain View, if not California, and I was just enamored with technology afterwards, as you would be, with so many pretty colors and all those octobikes. So that was the original start. And then I went into college for computer science, and unfortunately, college for me wasn’t the best experience. It wasn’t the right environment or the culture, and I think that just has to do more with the school that I chose and I didn’t know what I wanted out of a college. So it was a very unfulfilling experience. But then I dropped out about a year and a half ago, and I joined Time Inc. as an intern. That was a really good experience being involved in corporate and being involved in the media. Again, total 180s from what I had ever experienced in the past. And after I was an intern, I was on boarded full-time working as a mobile developer and then a developer evangelist and then just like a general software engineer. So I’ve gone through a couple of iterations there. And now I’ve got a little bit of time to relax, which is so well needed. I’m currently binging on The Good Wife and haven’t binged on a show in a while now, so I’m really happy to just kick back this weekend.
Sounds like you’ve been through the gamut of tech already so quickly. So it sounds like you’ve touched on a lot of different things. What was kind of like the hardest part for you stepping into that tech culture as a–what did you call yourself–a youngling I think?
A youngling, a millennial. The hardest part, I think it’s very easy, especially when you’re young, and especially when you don’t know something about the subject to be like oh, yeah, you know what? I’ll just apply the–all these TED talks say that if you do a hundred hours in it, you’ll be 80 percent of the way there, or like there are a couple of stats on that. And I think with technology, it’s really easy to fool yourself, especially when you haven’t delved into its guts, that to fool yourself into convincing yourself that you’re quite good at it. It’s like hey, it’s only going to take a hundred hours to learn JavaScript, isn’t that the dream?
That’s really interesting, because over confidence isn’t the thing that I really think that women have in the tech field, but I can totally see where you’re coming from with that.
Yeah, every time I think about learning a different language, I’m like oh, you know what? I’ll just spend ten hours on Codecademy or delve into a framework, and I’ll understand like 80 percent of it. And unfortunately, that’s never worked. But I think probably it’s more to fool myself into just getting started, and then those ten hours become 100 which becomes 1,000, and then I’m an engineer that says oh, I can do this thing, but I also know that I can’t do–there’s so much more to this field, right? You know what you don’t know.
Right. That is the eternal problem is that the more you know, the more you know you don’t know. I actually, I think it is interesting, though. I think as the programming journey goes on, that 80 percent in ten hours really does start to happen. But it only happens if you’ve delved in deep enough somewhere where like you really understand the concepts behind what you’re doing as opposed to just how to do it. You know when I pick up a new framework now, I know the things to look for, I know how to look for like how are we handling flow, how are we handling IO, all of these different things and I can just really research like how that framework does it or how that language does it, and it really does–I do get that 80 percent in ten hours, but then that last 20 percent is like 10,000 hours.
And I haven’t gotten my 10,000 hours of programming yet, so I still don’t know what to look for as a junior programmer, so I falsely say to myself that I can do something very quickly, and I’m still getting there.
It was given wise advice to me when I first started working in tech was take your gut instinct for how long something is going to take, and then if you feel really, really confident that it’s going to take that long, multiply by three. And if you feel kind of confident that that’s how long it’s going to take, probably multiply by five.
Just keep multiplying it–
Yeah, especially, as much as we don’t have overconfidence in like the things that we can do, I think a lot of times humans are really good at being over confident with how fast we can do things, especially as computer geeks because we’re like, we’re so in such a fast culture or fast thing. Like the computer is fast, I must be fast. Like everything is quick.
You know what? I was having a really big problem with estimation of projects and I would be like oh, you know what, I’ll complete this in two days and it would end up taking ten days. So my just general rule of thumb is exactly that. Just multiply whatever my estimation is by five, and then I’m hoping for the day hopefully in the next couple of years that it will actually be my estimation.
Yeah, I have to say that I don’t think even for myself that I could do good estimations until I stepped back from programming and did a bunch of project management where I had to really sit down and break down things and charge people for things and like, oh, now I really kind of get it. So it wasn’t so much that my skill caught up in programming as my skill caught up in estimation. That was interesting.
Right. Interesting.
That’s really interesting that it would have to–the inclusion of a different field, if not a different industry entirely, what makes you understand this like archaic estimation tools.
Yeah, and I think–I don’t know–it’s like I love my journey and I love talking to a lot of people like you who have had kind of non-traditional tech journeys, because I think we do bring skills to the table that are that kind of cross over skills. Like the reason I know estimations is more for my time in Geek Squad or whatever doing those sorts of tasks. I have a better understanding of that, or like the fact that I run a volunteer group is actually why I can do project management. It’s not from tech. Your cross over skills are as important, if not more important.
You know, Paige, as you’re saying this, I told you beforehand, I just moderated a panel on Tuesday, and the panel’s title was Non Traditional Paths Through Technology. And it was focused on these four women that had different expectations, if not different career ambitions and just found themselves in technology. And one of them is working as a researcher, and another is delving into hardware. A third is organizing [indiscernible] center. So like these different paths into technology, the technology doesn’t necessarily mean that you’re a software engineer. And so, it was, as you’re speaking to this nontraditional root, I’m also a huge believer that you don’t just need to go to boot camp and learn all the things. You can become a research–what is it– like so many UX research positions nowadays that are open? Yeah, so that whole concept of you don’t just need to make like a total jump, a total 180. You can use your skills from whatever other lifetimes and you’re actually going to be a lot more valuable than if you had just started fresh.
Yeah, we’re actually talked to a couple guests where they’ve been in companies that are tech companies and they’ve transitioned to development inside the company. So if you’re interested in technology and you’re not sure if development is for you, there are a lot of other roles–everything from community evangelists, data research, like all of these different things depending on the kind of background you have. It could be a bridge, and then you can get exposed to the culture. And then once you’re inside the company, especially a lot of companies these days are looking for internal growth because training and hiring in places is expensive. Yeah, they want to grow the ones they have a lot.
Yeah, oh my gosh. I’m such a big believer in like advocating for talent as well as keeping your talent, and if they would like to try something, that’s such an awesome way to expose them to a different culture or different industry as well as keep them within the company and attain those skill sets.
So as a millennial and kind of the up and coming generation in that stuff, what do you think it takes for a company to take you? Because one of the biggest problems that we’re having in technology that I’m seeing and I’m really trying to really react to is that we’re getting a lot women in technology, but we’re losing them just as fast, which is hard. So what would it take for a company to keep you hooked?
Actually, the Women Who Code New York City network just had its first conference a couple of, if not a month ago, and we were focusing on women approaching, if not at mid-career. And so, I’m sure you know, the statistic is that 57 percent of women in technology that are at mid-career leave the industry. And so it’s just this awful problem of, even the women that we are attracting into technology are leaving, and yet we’re just packing more into the funnel and not thinking about how to keep them. For millennials, I would have to say, what a difficult question that is because myself, I’m so, I’m like, I’m like constantly chasing after different butterflies. And so, whichever one is the prettier one, that’s the one I’m going to go to. Also, we have this kind of awful structure nowadays that if another company offers me a promotion, even if I have the same skillset, I am able, I am in the opportunity and position to take it because of how booming the technology industry is. So I think that’s the way most people are getting to manager, VP, CEO, founder levels without having “paid their dues” myself included, absolutely.
So I think part of what Paige wanted to know was, what is pretty? Is it the job, is it the company, is it the benefits? Is it the type of management style, culture? What is pretty to you? Or is it just better than what you currently have and it could be any of the above?
I was kind of spoiled in the sense that I had an amazing mentor to guided me at Time, Inc. And then fantastically, I had another couple of mentors that also joined that group. So I’m a core believer that a mentor is one of the things that is going to keep me at a company that would just keep me grounded. Another thing that I think is very important is, so now that you’re able to think three months down the line with your mentor, well, any little intricacies as well as micro aggressions that you happen to come across, any problems that you have that is natural in any job, you should be able to rant to someone about. And so, if there is no person near you that you have been introduced to that is at your skill level, that is at your experience level, that is probably at your age level as well, I’m going to call that person an informal rant partner. Like if there is not someone for you to rant to, and if there is not someone to guide you towards your goals, that’s probably not going to be a company that you’re able to vent as well as grow in.
Yeah, a buddy system.
A buddy system, yep.
I love that of all the things you could have said, you said people. I think that that’s really important, and I think it’s extra important to our generation, your generation–I’m a little older, it’s okay.
Just a couple years.
I would definitely not identify as a millennial, but that’s okay.
Who I? I don’t think I would either.
So the mentorship, and it’s actually some of the feedback that I’ve been giving and getting with a lot of the women’s groups that I’m working with with trying to figure out this retention problem is like how do we mentor and why, especially do we have such resistance. And I should ask this–why do we have such resistance in women for mentoring? And Elizabeth, were any of your mentors women?
All three were.
Awesome.
Yeah, I have been, I don’t want to use the word blessed, but I’ve been very fortunate to have one mentor that was absolutely phenomenal and then she introduced me to two others that were also like amazing and very, I don’t want to say high up the chain, but it was a different experience. It was a different experience that I had ever seen before. They weren’t software engineers, they were managers if not higher.
Yeah, and that is definitely something is I think looking outside your role can be very fulfilling. It might not be what you need as like a code mentor, but I think in some ways those are easier to–you can kind of poke any developer and be like hey, can you answer this question? And most developers are pretty cool with answering questions. But like getting that mentorship relationship is, I don’t know, it can be outside your field and that’s okay.
I’m also going to say that you can’t force it. I’m calling them mentors, but I’m not sure that they know that they’ve been mentors to me. Or like it’s not a oh, you are my mentor, you have to meet me every three months and to talk to me about my goals for one hour. That’s not forcing that sort of relationship.
Sure, but that’s natural. Like my son is in first grade, and he has a student in his current class that was in his last year’s class that he calls his BFF, but that kid, my son is not his BFF. It’s very natural.
Yeah, and I think informal mentorship is probably a lot more comfortable, especially for women I have found. Men seem to be more comfortable because it’s sort of that like higher work goal relationship that their hormones demand. But we are much more like hey, we are just coffee buddies–and I look up to you so much. That’s been kind of my journey lately is how do we encourage mentorship. Also, I will ask you this question, do you have anyone you’re mentoring?
I don’t. I don’t think at this level I have a lot of experience to give, unfortunately. Maybe that’s just like Impostors Syndrome talking.
Yeah, I would say so.
I would totally call you out and say that you should totally be an informal mentor. It sounds like you participate in Women Who Code.
I do. I cofounded the New York City Network a year and a half ago, so I’ve also never got in the– no one has ever come up to me and been like let’s–I wanna make our coffee dates more consistent and for my benefit.
I actually kind of fell into the mentor role as I started Women Who Code really in Portland, and in some ways, I kind of pushed it a little bit with some people and it’s been very rewarding for both of us where I just saw some young people with–some young women with very high potential levels and I saw them struggling. I said, you know, hey, let’s talk. And we don’t necessarily have a time table where we talk every x often, but it was definitely me opening the door, because I think there is a lot of fear. And I think this is cross gender. It doesn’t really matter, but there’s a lot of fear of asking for that sort of thing, and I found someone I resonated with and I said you know, let’s do this. Let’s get your career going. Let’s make the moves that you need. So I encourage you to look for someone.
I will, and the next time I talk to you–the first time that I come up to Portland, that will be my goal.
Awesome. We will jam. I think that’s a real benefit of being involved in a network like Women Who Code where I do believe a lot that everybody should have a mentor, a peer, and a mentee. It’s a very healthy thing professionally and personally in a lot of ways.
I need to add that to my bucket list I guess.
I have some recommendations of all of those.
I do need to get involved with the Women Who Code and once I can have enough time.
I like to call that magical free time. It’s like a designer who’s also a developer. Magic free time. Awesome, Elizabeth, this has been really fun. I just had probably one more question for you. If you could look back and give yourself, your four year younger self advice, what would you say?
You know, Paige, it’s really funny that you say this because I have a 12 year old brother, so that’s actually a question I think about a lot.
How you would help him?
Yeah, how I would help him, what would I do better if I was 12 again, what information can I impart onto him and what will he actually understand? And so the one that I keep coming back to is listening to other people and most importantly, having empathy for them and their situation. And it’s really hard I think, it’s really hard to have empathy when you haven’t experienced much, me included, like I don’t think I’ve experienced much of the world, but being exposed to those sorts of different people and understanding what they’re going through makes you a lot more aware of the details that they portray in real life and maybe why they’re acting a little bit weird that day, or how it all adds up into us being like humans and people and really great people. So empathy is going to be my winner answer.
Okay. I like that. I like how broad that is. There was a quote and I was going to look it up, but I couldn’t do it fast enough. Be kind because we all have a great and terrible burden that nobody is aware of kind of thing and I like to move through the world with that. I did have one more question that I thought of that I think was really important, sorry.
And she’s excited about it.
I am. So you’re probably one of the youngest guests that we’ve had on the podcast, and I was wondering if growing up, you felt like you could just do tech like it was no big deal, or if you did still feel that kind of like it’s for boys kind of feel?
Paige, I actually went to a science and technical high school.
So you cheated.
So it was never a gender thing. It was a, who can get the best grade in the class kind of thing, and therefore, who has to study the most for that. But I didn’t grow up thinking I would be in technology at all. I thought I would–my father was a mechanical engineer, and so I thought I would go to school for mechanical engineering and like work at a job for five to ten years and like switch around, but technology and apparently Google had different other paths.
And computer engineering is still engineering, right?
If you say so.
Front-end and stuff. It definitely is different, but it’s the same mental mind path I think. But I am really encourage to hear that you looked at your dad’s career and said I could do that, no problem. I think that gives me a lot of hope for where we’re going.
My dad was a serial entrepreneur and a mechanical engineer and like an all-around awesome man, and then my mom has a Ph.D. in pharmacology and like a plethora of other things. So I had no shortage of ambition to look up to.
Thank you for listening to this episode of Women’s Tech Radio. Remember, you can find a full transcript of this show over at jupiterbroadcasting.com in the show notes. You can also go to the contact form at jupiterbroadcasting.com, be sure to select Women’s Tech Radio as the drop down show.
And you can add us on our RSS feed reader, or you can get us on iTunes. If you happen to have us on iTunes, please go ahead and leave us a review. We’d love to hear what you think of the show. You can also find us on Twitter @heywtr. Tweet us and we’d love to hear what you think.

Transcribed by Carrie Cotter | Transcription@cotterville.net

The post Millennials and Mentors | WTR 40 first appeared on Jupiter Broadcasting.

Conditional Swift Justice | CR 164

chris — Mon, 27 Jul 2015 14:21:33 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Mike argues why the web is the default platform of the future, we debate if third party mobile platforms should be written off, first impressions of the Ionic Framework & Chris has a few surprises to announce.

Plus our advice on leaving .Net, our response to ignoring the Pebble & why a slightly functional world isn’t a bad thing.

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

Become a supporter on Patreon:

Show Notes:

Hoopla

Arlington, WA to Grand Forks, ND

Android Security Vulnerability
Visual Studio 2015 Released

Ubuntu Phone review: years in the making, but still not consumer-ready

Ionic Framework

Feedback

The post Conditional Swift Justice | CR 164 first appeared on Jupiter Broadcasting.

Ripping me a new Protocol | TechSNAP 221

chris — Thu, 02 Jul 2015 19:05:26 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Amazon has a new TLS implementation & the details look great, we’ll share them with you. The technology that powers the NSA’s XKEYSCORE you could have deployed yourself.

Some fantastic questions, a big round up & much, much more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Amazon releases s2n, a new TLS implementation

s2n (signal2noise) is a brand new implementation of the TLS protocol in only ~6000 lines of code
It has been fully audited, and will be re-audited once per year, paid for by Amazon
It does not replace OpenSSL, as it only implements the TLS protocol (libssl) not the crypto primitives and algorithms (libcrypto). s2n can be built against any of the various libcrypto implementations, including: OpenSSL, LibreSSL, BoringSSL, and the Apple Common Crypto framework
The API appears to be very easy to use, and prevent many common errors
The client side of the library is not ready for use yet
Features:
- “s2n encrypts or erases plaintext data as quickly as possible. For example, decrypted data buffers are erased as they are read by the application.”
- “s2n uses operating system features to protect data from being swapped to disk or appearing in core dumps.”
- “s2n avoids implementing rarely used options and extensions, as well as features with a history of triggering protocol-level vulnerabilities. For example there is no support for session renegotiation or DTLS.”
- “s2n is written in C, but makes light use of standard C library functions and wraps all memory handling, string handling, and serialization in systematic boundary-enforcing checks.”
- “The security of TLS and its associated encryption algorithms depends upon secure random number generation. s2n provides every thread with two separate random number generators. One for “public” randomly generated data that may appear in the clear, and one for “private” data that should remain secret. This approach lessens the risk of potential predictability weaknesses in random number generation algorithms from leaking information across contexts. “
One of the main features is that, instead of having to specify which set of crypto algorithms you want to prefer, in what order, as we have discussed doing before for OpenSSL (in apache/nginx, etc), to can either use ‘default’, which will change with the times, or a specific snapshot date, that corresponds to what was the best practise at that time
Github Page
Additional Coverage – ThreatPost
It will be interesting to see how this compares with the new TLS API offered by LibreSSL, and which direction various applications choose to go.

How the NSA’s XKEYSCORE works

“The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers.”
“XKEYSCORE allows for incredibly broad surveillance of people based on perceived patterns of suspicious behavior. It is possible, for instance, to query the system to show the activities of people based on their location, nationality and websites visited. For instance, one slide displays the search “germansinpakistn,” showing an analyst querying XKEYSCORE for all individuals in Pakistan visiting specific German language message boards.”
“The sheer quantity of communications that XKEYSCORE processes, filters and queries is stunning. Around the world, when a person gets online to do anything — write an email, post to a social network, browse the web or play a video game — there’s a decent chance that the Internet traffic her device sends and receives is getting collected and processed by one of XKEYSCORE’s hundreds of servers scattered across the globe.”
“In order to make sense of such a massive and steady flow of information, analysts working for the National Security Agency, as well as partner spy agencies, have written thousands of snippets of code to detect different types of traffic and extract useful information from each type, according to documents dating up to 2013. For example, the system automatically detects if a given piece of traffic is an email. If it is, the system tags if it’s from Yahoo or Gmail, if it contains an airline itinerary, if it’s encrypted with PGP, or if the sender’s language is set to Arabic, along with myriad other details.”
You might expect some kind of highly specialized system to be required to do all of this, but that is not the case:
“XKEYSCORE is a piece of Linux software that is typically deployed on Red Hat servers. It uses the Apache web server and stores collected data in MySQL databases. File systems in a cluster are handled by the NFS distributed file system and the autofs service, and scheduled tasks are handled by the cron scheduling service. Systems administrators who maintain XKEYSCORE servers use SSH to connect to them, and they use tools such as rsync and vim, as well as a comprehensive command-line tool, to manage the software.”
The security of the system is also not as good as than you might imagine:
“Analysts connect to XKEYSCORE over HTTPS using standard web browsers such as Firefox. Internet Explorer is not supported. Analysts can log into the system with either a user ID and password or by using public key authentication.”
“When systems administrators log into XKEYSCORE servers to configure them, they appear to use a shared account, under the name “oper.” Adams notes, “That means that changes made by an administrator cannot be logged.” If one administrator does something malicious on an XKEYSCORE server using the “oper” user, it’s possible that the digital trail of what was done wouldn’t lead back to the administrator, since multiple operators use the account.”
“There appears to be another way an ill-intentioned systems administrator may be able to cover their tracks. Analysts wishing to query XKEYSCORE sign in via a web browser, and their searches are logged. This creates an audit trail, on which the system relies to assure that users aren’t doing overly broad searches that would pull up U.S. citizens’ web traffic. Systems administrators, however, are able to run MySQL queries. The documents indicate that administrators have the ability to directly query the MySQL databases, where the collected data is stored, apparently bypassing the audit trail.”
The system is not well designed, and could likely have been done better with existing open source tools, or commercial software designed to classify web traffic
“When data is collected at an XKEYSCORE field site, it is processed locally and ultimately stored in MySQL databases at that site. XKEYSCORE supports a federated query system, which means that an analyst can conduct a single query from the central XKEYSCORE website, and it will communicate over the Internet to all of the field sites, running the query everywhere at once.”
Your traffic is analyzed and will probably match a number of classifiers. The most specific classifier is added as a tag to your traffic. Eventually (3-5 days), your actual traffic is deleted to make room for newer traffic, but the metadata (those tags) are kept for 30-45 days
“This is done by using dictionaries of rules called appIDs, fingerprints and microplugins that are written in a custom programming language called GENESIS. Each of these can be identified by a unique name that resembles a directory tree, such as “mail/webmail/gmail,” “chat/yahoo,” or “botnet/blackenergybot/command/flood.””
“One document detailing XKEYSCORE appIDs and fingerprints lists several revealing examples. Windows Update requests appear to fall under the “update_service/windows” appID, and normal web requests fall under the “http/get” appID. XKEYSCORE can automatically detect Airblue travel itineraries with the “travel/airblue” fingerprint, and iPhone web browser traffic with the “browser/cellphone/iphone” fingerprint.”
“To tie it all together, when an Arabic speaker logs into a Yahoo email address, XKEYSCORE will store “mail/yahoo/login” as the associated appID. This stream of traffic will match the “mail/arabic” fingerprint (denoting language settings), as well as the “mail/yahoo/ymbm” fingerprint (which detects Yahoo browser cookies).”
“Sometimes the GENESIS programming language, which largely relies on Boolean logic, regular expressions and a set of simple functions, isn’t powerful enough to do the complex pattern-matching required to detect certain types of traffic. In these cases, as one slide puts it, “Power users can drop in to C++ to express themselves.” AppIDs or fingerprints that are written in C++ are called microplugins.”
All of this information is based on the Snowden leaks, and is from any years ago
“If XKEYSCORE development has continued at a similar pace over the last six years, it’s likely considerably more powerful today.”
Part 2 of Article

[SoHo Routers full of fail]

Home Routers that still support RIPv1 used in DDoS reflection attacks

RIPv1 is a routing protocol released in 1988 that was deprecated in 1996
It uses UDP and so an attacker can send a message to a home router with RIP enabled from a spoofed IP address, and that router will send the response to the victim, flooding their internet connection
““Since a majority of these sources sent packets predominantly of the 504-byte size, it’s pretty clear as to why they were leveraged for attack purposes. As attackers discover more sources, it is possible that this vector has the potential to create much larger attacks than what we’ve observed thus far,” the advisory cautions, pointing out that the unused devices could be put to work in larger and more distributed attacks.”
“Researchers at Akamai’s Prolexic Security Engineering and Research Team (PLXsert) today put out an advisory about an attack spotted May 16 that peaked at 12.9 Gbps. Akamai said that of the 53,693 devices that responded to RIPv1 queries in a scan it conducted, only 500 unique sources were identified in the DDoS attack. None of them use authentication, making them easy pickings.”
Akamai identified Netopia 2000 and 3000 series routers as the biggest culprits still running the vulnerable and ancient RIPv1 protocol on devices. Close to 19,000 Netopia routers responded in scans conducted by Akamai, which also noted that more than 5,000 ZET ZXv10 and TP-Link TD-8000 series routers collectively responded as well. Most of the Netopia routers, Akamai said, are issued by AT&T to customers in the U.S. BellSouth and MegaPath also distribute the routers, but to a much lesser extent.

Home Routers used to host Malware

Home routers were found to be hosting the Dyre malware
Symantec Research Paper of Dyre
Affected routers include MikroTik and Ubiquiti’s AirOS, which are higher end routers geared towards “power user” and small businesses
“We have seen literally hundreds of wireless access points, and routers connected in relation to this botnet, usually AirOS,” said Bryan Campbell, lead threat intelligence analyst at Fujitsu. “The consistency in which the botnet is communicating with compromised routers in relation to both distribution and communication leads us to believe known vulnerabilities are being exploited in the firmware which allows this to occur.”
“Campbell said it’s not clear why so many routers appear to be implicated in the botnet. Perhaps the attackers are merely exploiting routers with default credentials (e.g., “ubnt” for both username and password on most Ubiquiti AirOS routers). Fujitsu also found a disturbing number of the systems in the botnet had the port for telnet connections wide open.”

Feedback:

ZFS with 4K drives?
ZFS Replication Between FreeNAS and Linux
Splitting a pool
DNS Transfer Email Downtime Followup
FreeBSD Mastery: ZFS — Not just about ZFS

Round Up:

The post Ripping me a new Protocol | TechSNAP 221 first appeared on Jupiter Broadcasting.

Go Big or Go Lean! | CR 109

chris — Mon, 07 Jul 2014 12:59:58 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Mike reflects on his transition from dedicated developer to business management, what makes a business “big” vs “lean” and what the guys feel is a good fit for their goals.

Plus when to cut yourself off from a pet coding project, a book that promises to help you pick a Javascript Framework and more!

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

— Show Notes: —

Feedback / Follow Up:

Dev Hoopla:

Earlier this month the Yorba Foundation received a formal notice from the Internal Revenue Service (IRS) denying Yorba 501(c)(3) tax-exempt status. It’s possible this is nothing to be concerned with (at least, not unless you’re a part of Yorba). Reading their response, I believe this denial is actually a cause for concern for free software groups within the United States, and perhaps abroad.

The IRS reasons that since Yorba’s open source software may be used for any purpose, Yorba is not a charity. Consider all the for-profit and non-charitable ways the Apache server is used; I’d still argue Apache is a charitable organization.

The post Go Big or Go Lean! | CR 109 first appeared on Jupiter Broadcasting.

Paranoid Android Developers | CR 94

chris — Mon, 24 Mar 2014 10:45:19 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

Android growth is exploding, and showing no signs of slowing down… So why are big players still avoiding the platform? We’ll challenge some common misconceptions on why developers avoid Android.

Plus big Silicon Valley tech companies get busted colluding to keep wages low, the contractor fudge factor, your feedback..

And more!

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

— Show Notes: —

Feedback

Dev Hoopla:

Why don’t designers take Android seriously?

Hack Programming Language

Hack Isn’t PHP – Marco.org

PHP has always been poorly designed and poorly stewarded, but it\’s appealing to developers because it\’s easy to learn (and tons of programmers already know it, so it\’s easy to hire for), it\’s everywhere and runs on anything, it\’s very fast, and it\’s very simple to host and maintain server-side. In short, it\’s extremely practical.

Since Facebook is migrating its own code to Hack, pure PHP will become a less-tested second-class citizen on HHVM. This could devalue HHVM to the outside world, throwing away the benefits it’s bringing to PHP programmers everywhere. The closeness of the two languages will probably prevent this from becoming a significant problem, but it’s a problem nonetheless.

The post Paranoid Android Developers | CR 94 first appeared on Jupiter Broadcasting.

Risky Business | CR 43

chris — Mon, 01 Apr 2013 11:01:56 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

The Play Framework has been on Mike’s mind a lot recently. Also known as JavaPlay, an easy way to build web applications with Java and Scala. This week Mike shares what started out as a grand idea, but developed into a major reboot and overhaul of the project.

And why in the end, no matter what platform, software stack, or store you choose or avoid is always a risky choice.

Plus: How to bounce back from burnout, find new motivation, and get started.

Thanks to:

GoDaddy.com

Use our code coder295 to get a .COM for $2.95.

Direct Download:

MP3 Audio | OGG Audio | Video | Torrent | YouTube

RSS Feeds:

— Show Notes —

Feedback

Dev Hoopla

Pick of the week:

edufii.com – Athletes are Made

The post Risky Business | CR 43 first appeared on Jupiter Broadcasting.