kimono lets you turn any website into an API
Wir brauchen dringend ein Gesetz, das es längst gibt | law blog
Security quotes of the week [LWN.net]
In other words, because of pesky things like the Constitution in the United States and instead of just using existing, vast international resources to prosecute criminals and terrorists, we’re going to be expanding broken ISP filters against the advice of pretty much everybody. Granted what is deemed “extremist” will likely be entirely arbitrary, and as we’ve seen with the porn filters, there’s probably no limit to the number of entirely legal and legitimate websites UK citizens will find suddenly inaccessible.
— Karl Bode on expansion of the UK’s “porn” filters
Billy Rios, director of threat intelligence at Qualys, here [Kaspersky Security Analyst Summit] today said he and colleague Terry McCorkle purchased a secondhand Rapiscan 522 B X-ray system via eBay and found several blatant security weaknesses that leave the equipment vulnerable to abuse: It runs on the outdated Windows 98 operating system, stores user credentials in plain text, and includes a feature called Threat Image Projection used to train screeners by injecting .bmp images of contraband, such as a gun or knife, into a passenger carry-on in order to test the screener’s reaction during training sessions. The weak logins could allow a bad guy to project phony images on the X-ray display.
— Kelly Jackson Higgins in Dark Reading on vulnerabilities found in carry-on baggage screening devices
While much of the NSA’s capabilities to locate someone in the real world by their network activity piggy-backs on corporate surveillance capabilities, there’s a critical difference: False positives are much more expensive. If Google or Facebook get a physical location wrong, they show someone an ad for a restaurant they’re nowhere near. If the NSA gets a physical location wrong, they call a drone strike on innocent people.
— Bruce Schneier
Distribution quote of the week [LWN.net]
It is theoretically possible to give a loaded gun to a baby; things will probably work out fine. Searching for news about such mishaps, they are quite rare. Still, they do occur, and I suspect the industry has “warning labels” regarding leaving guns lying around.
strcpy-related security holes still occur these days, but I think they have been reduced. There has been a slight improvement; software is being written with a little bit more care. Fewer developers are handing strcpy “guns” to their users.
I believe the OpenBSD “warnings labels” do play a small part in improving the situation. You don’t need to reach all the grumpy programmers who believe they have godlike powers to avoid making overflow mistakes; if you reach some people, you get progress.
— Theo de Raadt
IMHO, nothing kills corner cases like polymorphism. Remove the conditions and you remove the dark corners where bugs like to hide.
— John Florian
“goto fail;” considered harmful [LWN.net]
Strict code formatting rules and constant code reviewing can lower the chance of such errors.
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
Broadcom releases SoC graphics driver source
Arduino-Network-Meter | c’t Hacks
Fünf Sätze hätten genügt
“Nach der Durchsuchung selbst war die Pressekonferenz der zweite grandiose Fehltritt der verantwortlichen Staatsanwälte.”
Innocent man beaten and tasered by California police for signaling he is deaf — RT USA
Schneier on Security: Tor User Identified by FBI
Schneier on Security: 1971 Social Engineering Attack
burglars
Teufelsmauer – devils wall
Chromium Blog: Run Chrome Apps on mobile using Apache Cordova
“giant tortoise” from pond – If I hadn’t it favorite it today I would do it again
WebKit.js: It’s happening for real, with Emscripten’s help | Badass JavaScript
Request response at its best. Good start in the new year. 9 people. Nice.
[stationary-traveller.eu] Bazaar-NG: 7 years of hacking on a distributed version control system
Boost your productivity with workspaces using Tmux and iTerm2 « Huy Nguyen
My Top Ten for most listen artists in 2013
01. Emika
02. Agnes Obel
03. Mogwai
04. Two Fingers
05. The Strokes
06. Jono El Grande
07. Cold Specks
08. Portugal. The Man
09. Veto
09. Anna Calvi
Der Postillon: Europäische Union plant Privatisierung von Sauerstoff
Page Weight Matters
What ever happend to the Hurd – The story of the GNU OS
What ever happend to the Hurd – The story of the GNU OS
Big Data – Crossing the Chasm in 2013! | Big data spreadsheet analytics with Apache Hadoop – Datameer Blog.
Schneier on Security: UGNazi
Buch | Kann man denn davon leben?
Sehr lesenswert! http://slowbudget.wordpress.com/inhalt/ “Aber warum schreiben wir all diese persönlichen Erwägungen so ausführlich, warum geben wir das preis? Was hat die Leserin oder der Leser davon? Wir denken, dass diese Hintergrundberichte das Bild der unabhängigen, selbstbestimmten Kulturarbeit abrunden und sicherlich entmystifizieren. Ihr sollt wissen, worauf ihr euch einlasst. Wir verkaufen hier nicht eine bestimmte Lebensweise oder einen Trend, wir sind lediglich bereit, unsere Arbeits- und Lebensweise offenzulegen. So kann jeder oder jede selbst entscheiden, ob sich der Aufwand des selbstbestimmten Arbeitens für sie oder ihn lohnt. Wir glauben, mit diesem kleinen Buch einen umfassenden Überblick gegeben zu haben, wie man eine selbstständige Kulturarbeit in diese Gesellschaft und in diese Zeit integrieren kann, wie man es handwerklich fertigbringt, von der eigenen Kulturarbeit seinen Lebensunterhalt zu bestreiten und wie schwierig das ist.”
mascha.me 
You must be logged in to post a comment.