Extreme geekiness
There are 699 posts filed in X-Geek (this is page 32 of 70).
I was coming inside after watering some plants when I noticed the 3 qt. plastic container in my hand was strongly vibrating. I then realized that it was resonating almost perfectly with the sound my garage door opener was making!
That makes me think that if my garage is resonating with my opener it could be amplifying the noise the opener makes. A little creative adjustment to the position of the garage door opener might greatly dampen the noise created from my opener.
Yesterday I got curious about HD Radio so I pulled up the Wikipedia page on it. It turns out HD Radio a proprietary mess. Standard-owner iBiquity could’ve used one of the dozens of openly-available CODECs to create HD Radio (and the FCC could’ve mandated it) but instead it hacked the MPEG4-AAC standard into something proprietary. In the long run, this will set back American radio innovation as compared to Europe’s open standards-based approach. What a shame.
The end result is that radio manufacturers have to pay a royalty to make HD radio receivers. Station owners pay a large fee for the encoder and sign away 3% of their net profits. All of this is for a digital format with a nascent, unproven audience.
Looking to Raleigh’s leader in broadcast advancements, Capitol Broadcasting, I clicked on WRAL-FM’s homepage and found a link to listen online to the station’s HD broadcast. An Adobe Flash-based player instantly launched, streaming a nice mix of music with apparently no commercials. Quite nice!
Continue reading
The recent LinkedIn password crisis got me looking for good book on hacking. Sadly, Kevin Mitnick’s book The Art of Deception is not that book. On the foreward page of the book, one reader scrawled a message that said:
WARNING! THIS BOOK COULD HAVE BEEN A MAGAZINE ARTICLE, FOR ALL ITS SUBSTANCE!
I got through about ten pages before I concluded that the previous reader was right. Mitnick’s a terrible writer, with many of his sentences tend to ramble and lack focus. It reads as if he was told by his editor to fill x pages and so he put little thought into what he is trying to say.
What’s more, much of what he says doesn’t rise beyond simple common sense. It’s not entirely Mitnick’s fault, as network security became far more sophisticated while he was serving time for his crimes. While he might have been a big fish when he was arrested in Raleigh in the early 90s, his hacking methods don’t compare to those used today. For instance, Mitnick recommends against writing down passwords, even though most security experts now agree that this policy encourages people to use simple, easy-to-remember passwords that can be easily cracked. Even if Mitnick was up on the latest techniques, though, it’s likely he can’t reveal these techniques due to terms of his parole.
What we’re left with is a book that is actually pretty boring. I’m a guy who enjoys learning about network security but even I can’t bear to finish this book.
In light of LinkedIn’s password disaster, I found this advice on choosing passwords to be very helpful:
Passwords are like housekeys for computer services. They are intended to be secrets that allow you to access resources, but deny access to others.
Here are some questions to ask yourself about passwords:
What are the passwords protecting?
If one password is breached how many other computer services become vulnerable?
Who else knows your passwords? How much do you trust them?
What services have your passwords? How much do you trust them?
How many passwords do you have to manage?
How do you manage your computer passwords?
via Computer Security Session 1: Passwords, Overview « KW FreeSkool.
I have tried using the Ubuntu Unity desktop and can say that in spite of a few week’s use, it has not grown on me one iota. In fact, it drives me nuts not being able to find a running application, or to start a new instance of a running application, or not to have things tucked into nicely hidden menus.
Ubuntu Unity is a horrible mess of a user interface, a colossal misstep by Canonical which sets Ubuntu back by years. The day that a sensible desktop is no longer available for Ubuntu and all that’s left is Unity is the day I’m leaving Ubuntu for good.
Update: This handy script will help downgrade Gnome3 to Gnome 2, which is what I need to do after flubbing the removal of Unity.
I felt compelled to read up on a recent email thread on the Triangle Linux User Group list that discussed the recent LinkedIn password fiasco. While the discussion didn’t really tell me anything I didn’t already know, it did get me thinking.
I decided that LinkedIn could be cut some slack for their outdated notions of what constituted password security, because the truth is that 99.9% of us also hold outdated notions of password security. That is, the vast majority of us still believe in password security when in fact there is no such thing!
Continue reading
I found this analysis from a fellow network security geek in the UK to be quite interesting:
…which lends a little weight to the theory that the file primarily contains hashes which some script kiddie could not crack with basic tools, and hence makes us wonder what he’s done with all the ones which he did crack – and how much of the LinkedIn corpus that would represent?
He’s got a point. So many tools exist to easily crack these password hashes. I just tried hashcat on them using the standard Ubuntu dictionary file and cracked 20,000 of them in seconds using just my lowly laptop. So why would the hacker pretend to need help cracking them? Why post to a hacker forum where one is certain to face ridicule?
This leads me to speculate that the hacker is either enormously clueless or (perhaps more likely) aiming to embarrass and/or blackmail LinkedIn. Was this a staged demonstration of a hacker group’s power to disrupt a high-profile site? A warning to others, like Facebook and Google?
Another amusing aside is that just yesterday I used LinkedIn to send a message to a stranger who might know an old friend of mine. I tried several times to leave my email address in LinkedIn’s contact message but finally gave up: LinkedIn’s anti-spam measures are quite clever and blocked every iterations of email address obfuscation that I tried.
It’s amusing that LinkedIn can be so good at blocking spam to its users while being so bad on keeping their accounts secure!
I did some hunting for the password hash list which reportedly includes the passwords of 6.5 million accounts. After downloading the file, I did a quick search on my password “tXrNNb706+” (which has since been changed, duh):
grep -n `echo -n tXrNNb706+ | shasum | cut -c6-40` hacked.txt
This spit out the following:
4096152:b0a6f8fba1a954de7d60bf4dbc3805d1056cf443
Boom! My hash appears on line 4,096,152. Yikes!! It’s a good thing I use unique, strong alphanumeric passwords for all of my accounts! That password was only used for LinkedIn, so I know the hash list was collected from LinkedIn.
But why is this file only 6.5 million hashes, if LinkedIn has over 161 million users? My guess is that an exploit was placed on the LinkedIn servers during a certain timeframe and during that time it collected the hashes of these 6.5 million users. My compromised LinkedIn password was last changed in December 2011, about six months ago.
The whole incident has given me reason to rethink the password problem, and the problem of authentication, to see what better methods exist for proving identity in a digital world.
Bonus link: read this detailed analysis on YCombinator (warning: heavy geek quotient).
Neuse Radio
That’s where the LoudCity service comes in. You select the level of listeners you expect, provide it your admin password to your icecast server, and boom – you’re broadcasting online! LoudCity pays the royalties and keeps me legal.
I only meant to prep my broadcast tonight but instead I wound up kicking off LoudCity’s free 7-day trial. Rather than let my free trial period vanish without being used, I decided to go ahead and open things up.
You can tune into Neuse Radio by clicking on the image above or via this link: NeuseRadio.Com. I’ll get around to putting an actual webpage up soon as well as adding Raleigh-specific content to the audio. In the meantime, I welcome any comments or feedback anyone might have. Thanks for listening!
Photo by David Selby
Then I remembered the NOVA program on dogs and how a dog’s senses are inferior or equal to humans in all aspects except one: the sense of smell. A dog’s sense of smell is its meal ticket and is a bazillion times more powerful than a human’s. What if a dog can smell an approaching storm? Of course, rain has a distinctive smell and definitely changes the way the environment smells.
But what if it went further than that? What if dogs can smell lightning? Lightning and other high-energy electric discharges ionize air, creating ozone. What if dogs can smell this ozone?
And … if my dog is at his most compliant in the midst of a storm (or the threat of a storm), could a small ozone generator attached to his collar make him safely and painlessly stop in his tracks should he decide to escape on an unauthorized jaunt through the neighborhood?
