Wednesday, December 4, 2013

Excellent TEDTalk | Conrad Wolfram: Teaching kids real math with computers




Transcript for those that prefer speed of reading (like me), or have bandwidth issues:  
Really good presentation.

He clearly articulates several thoughts I have had about this issue myself, as well as providing some additional insights.

Neat tool: Wolfram Alpha Integral Calculator

http://integrals.wolfram.com/index.jsp

Really slick.

I'll have to play with this some, though I am sure many already know about it, I just discovered it today.


Tuesday, November 12, 2013

Random Wikipedia of the Day (RWotD): Church Committee

A lot of people concerned about NSA because of Edward Snowden may not be familiar with the Church Committee, http://en.wikipedia.org/wiki/Church_Committee.

The Church Committee was a US Senate Committee that looked into illeagal spying by the NSA, FBI, & CIA back in 1975.

I was reminded of it when I read this Gawker article http://gawker.com/after-30-years-of-silence-the-original-nsa-whistleblow-1454865018 on Perry Fellwock (aka Winslow Peck), a former NSA employee turned Whistleblower back in 1971 http://en.wikipedia.org/wiki/Perry_Fellwock.

To see more post like this, just click on the Random Wikipedia of the Day RWotD label, more labels can be found in cloud at left side of blog and at bottom left of every post.






Nerd News: TorGuard VPN with Chutzpah


Amusing and interesting article on Ars (though 4chan party van meme is used incorrectly) http://arstechnica.com/security/2013/11/how-one-site-beat-back-botnets-spammers-and-the-4chan-party-van/ about TorGuard, a VPN provider, http://torguard.net/.

Full disclosure:  I have not received any monetary or other compensation from TorGuard, though I am certainly interested in such, since I really admire their Chutzpah!

http://en.wikipedia.org/wiki/Chutzpah

Thursday, November 7, 2013

Blizzcon 2013 Streams, Schedule, Directions, Time

Blizzcon Event Info http://us.battle.net/blizzcon/en/event-info/

Streams:

Schedule:

Directions:

Also like to point out I have World Clocks at top of Blog to help with time zone conversions.

The clocks start with Korean time [KST], moves towards EU, UK, then to US, ends with Anaheim's timezone [PST/PDT].

Comments, questions, & information welcome!

GL HF!

Cliff

PSA: TwitchTV & Xsplit password reset Alert

Links:
http://blog.twitch.tv/2013/11/xsplit-password-protecting-your-twitch-account/
http://www.xsplit.com/posts/410

Short version, if you have streamed using Xsplit you should reset your passwords for both TwitchTV & Xsplit.


Tuesday, November 5, 2013

Nerd News: Anandtech Live Stream

Link:  http://www.anandtech.com/show/7487/the-anandtech-mobile-show-live-tonight-at-7pm-et


Will be on Anandtech Youtube Channel http://www.youtube.com/blogs/anandtech, after live stream, and Andand said will be on Audio Podcast later

List of Topics to be covered:
The iPad Air
Investigations into Apple's A7 and Cyclone CPU Architecture
ASUS Transformer Book T100 & Retail Bay Trail
A Discussion of 64-bit in Mobile
The Haswell MacBook Pros
HTC's One Max
Brian's Initial Thoughts on Google's Nexus 5

Thursday, October 24, 2013

Security & Hacking: Xavier de Carné's "How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries"

Good paper https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/ by Xavier de Carné (Twitter @xavier2dc or https://twitter.com/xavier2dc).

If your unfamiliar with the concerns about TrueCrypt, Xavier's "Challenges and implications" section concisely outlines those concerns.

Including the IsTrueCryptAuditedYet? project http://istruecryptauditedyet.com/ which I have blogged http://cliffsesportcorner.blogspot.com/2013/10/psa-truecrypt-audit-project.html

To see all my post on TrueCrypt, or to bookmark to easily check for new posts, click on the Truecrypt label.

Labels can be found at bottom left of every blog post and in Label cloud at left side of Blog.

Additional links from Xavier de Carné's paper:

Nerd News: Minecraft 1.7 update Friday Oct 25, 2013

Tweet from Jeb (Jens Bergensten) on Minecraft Update, https://twitter.com/jeb_/status/393400494405980160
"In case you were wondering, Minecraft 1.7 (1.7.1), "The Update that Changed the World", will be released tomorrow, at around 15:00 CEST"

Looking forward to the fishing update, you can catch "junk" (including enchanted items), plus additional types of fish.

Monday, October 14, 2013

Cella streaming SC2

Streamhttp://www.twitch.tv/slayerscella

I always like watching Cella play, today he is providing some commentary and advice on playing SC2 in English, more between games than during.

Wednesday, October 9, 2013

PSA TrueCrypt Audit project

What an interesting day!

Started with comments about Bruce Schneier's article at Wired http://www.wired.com/opinion/2013/10/149481/ where he mentions some concerns about TrueCrypt:
No, I don’t have any inside knowledge about TrueCrypt, and there’s a lot about it that makes me suspicious. But for Windows full-disk encryption it’s that, Microsoft’s BitLocker, or Symantec’s PGPDisk — and I am more worried about large U.S. corporations being pressured by the NSA than I am about TrueCrypt.

Eventually Matthew Green made the following tweet:
. and I are working on a 'Kickstarter' for a proper review of Truecrypt. The terms are a work in progress.

Fundfill link from Tweet above http://www.fundfill.com/fund/4-spzFJdDQk211KJDAUfcOw==#

Draft at http://istruecryptauditedyet.com/

You can follow Kenn White & Matthew Green on Twitter:

I am still very much a noob when it comes to Crypto, but Matthew Green is one of the people I follow to learn.

If your not into Crypto you probably haven't heard of him, this Ars article would be one place to start http://arstechnica.com/security/2013/09/crypto-prof-asked-to-remove-nsa-related-blog-post/

I am sorry to say I don't know much about Kenn White currently, I'd welcome comments or links that correct my ignorance.

Saturday, October 5, 2013

Minecraft PSA AutCraft Server (Invitation Only)




Youtube link to embedded VOD http://youtu.be/MF2CEDiIIcU

Info about AutCraft:

AutCraft is dedicated to providing a safe, fun and learning environment for children on the autism spectrum and their families. Access is by invitation only. Visit http://www.autcraft.com for more info.

Thanks to:
TerasHD: http://www.youtube.com/ImTerasHD
AutismFather: http://www.youtube.com/StuartD2

Friday, October 4, 2013

Nerd News: Anandtechs's "They're (Almost) All Dirty: The State of Cheating in Android Benchmarks"

Really great article at Anandtech http://www.anandtech.com/show/7384/state-of-cheating-in-android-benchmarks about the "cheating" going on in Android benchmarks.

Covers the details of this mess, and as Anand has said repeatedly this has happened before, he has seen it before.

But the key aspect, IMVHO, was not directly stated in the article, though it is in the comments by Geekfool & Anand's response source:

geekfool - Wednesday, October 02, 2013 - link

It seems like these cheats are an admission that that frequency scale-up under load happens too slowly, and that users will never get the speed they paid for because the battery / thermal dissipation can't support it. I would like a follow up that checks if the governor differences are noticeable to users as lag, dropped frames, etc.
The article touched on this slightly when mentioning the difference between the Nexus 4 and its LG branded equivalent. It seems especially likely to be noticeable with the A7 / A15 split on the Exynos

Anand Lal Shimpi - Wednesday, October 02, 2013 - link

Bingo! I had a whole section about the embarrassment that is software DVFS before culling it to keep the whole thing manageable.

I think that comment and response covers the meat of the issue, also explains why iOS with lower spec hardware tends to equal or exceed performance of stock skinned Android devices with twice the cores. 

For more on this issue comparing Moto X (dual core Android) to Samsung S4 (Quad Core Android) see http://www.anandtech.com/show/7235/moto-x-review/7

Anand & Brian cover this article and more in podcast that just came out few minutes before I started writing this blog post.

Podcasthttp://www.anandtech.com/show/7393/the-anandtech-podcast-episode-26

Wednesday, October 2, 2013

Tor blogs on Silk Road Takedown

https://blog.torproject.org/blog/tor-and-silk-road-takedown

TL:DR They don't know much, but are watching news.

There are several useful links at the end of their blog post I suggest reading and bookmarking.

PC Perspective Podcast is live

Well as alive as they ever get.

Streamhttp://www.pcper.com/live/

PC Perspective is very good source for Hardware reviews and information.

Their website is http://www.pcper.com/ or you can just Google pcper.

Steve Gibson's Secure Login (SQRL) Concept

Documentation https://www.grc.com/sqrl/sqrl.htm

Security Now Episode 424:  Steve Gibson introduces the idea (Video & Audio Podcast, or streaming) http://twit.tv/show/security-now/424

This looks very very interesting, I am looking forward to seeing how this works out.

SQRL is pronounced "Squirrel" ^_^

I lack the expertise to vet this idea, but it sounds very good to me, would solve a lot of problems for average users, while providing very strong security that would be difficult to compromise.

Looking forward to the development of SQRL, and hats off to Steve for making it public domain!!

From Practical Considerations section of first page of documentation:
"Did I invent anything? I don't care. Even if some aspects of this system are novel, and might be subject to intellectual property protection, this is too important and much bigger than me. It should be made free for the world to use without encumbrance. With this publication of every detail, I hereby release and disclaim any and all proprietary rights to any new ideas developed and presented herein. This work is thereby added to the public domain."

Google Chrome Solution: How do I delete the apps bookmark in my bookmark bar

Solutions:

If your annoyed by Google adding the App Bookmark to the Chrome Bookmark bar your not the only one.

You can see that by the 1k+ posts here http://productforums.google.com/forum/#!topic/chrome/KSa1CJ9aoEc%5B1-25-false%5D

Since it seems pretty clear no one really want it there, I am guessing Google is doing this to generate more revenue with Chrome, either directly or with metrics or both.


Monday, September 23, 2013

Sunday, September 22, 2013

Security & Hacking: "Chaos Computer Club breaks Apple TouchID"



URL for Youtube above is http://youtu.be/HM8b8d8kSNQ

Link to the Chaos Computer Club's article (in English) about the hack is http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid

Their article links to earlier one about making fake fingerprints http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren?language=en

I would like to see more detail about how many failed attempts they had, because it is supposed to require passcode after 5 failed attempts, phone restart, or 48 hours without unlocking.

Passcode is also required to setup/enable or edit fingerprint reader.

For more on Apple's Touch ID see:

Wednesday, September 18, 2013

Dinnerbone visits Minecrack!




Vechz gets a pleasant terrifying surprise!

For more of Vechz's VOD's see his Youtube Channel http://www.youtube.com/user/Vechz?feature=watch

For more on Mindcrack https://www.youtube.com/user/MindCrackNetwork/about and http://www.reddit.com/r/mindcrack/ are good places to start!

Dinnerbone can be found at http://dinnerbone.com/blog/, or @Dinnerbone  , or
https://twitter.com/Dinnerbone when he isn't terrifying helpless Vechz ^_^


Tuesday, September 10, 2013

Microsoft Windows Patch Tuesday again!

That time again, if your interested in key points to this update, see Brian Krebs summary of this Patch Tuesday http://krebsonsecurity.com/2013/09/adobe-microsoft-push-critical-security-fixes-2/

NSA News: "Declassified court documents highlight NSA violations"

Sourcehttp://apps.washingtonpost.com/g/page/world/declassified-fisa-court-documents-on-intelligence-collection/447/

Storyhttp://www.washingtonpost.com/world/national-security/declassified-court-documents-highlight-nsa-violations/2013/09/10/60b5822c-1a4b-11e3-a628-7e6dde8f889d_story.html

Snippet from story above:
"“The court finds that the government’s failure to ensure that responsible officials adequately understood the NSA’s alert list process, and to accurately report its implementation to the court, has prevented for more than two years both the government and the FISC from taking steps to remedy daily violations,” Walton wrote. "

Really disturbing, and shows how blatantly NSA officials, Senator Feinstein, and President Obama have been lying when they claim no serious or intentional violations.

Direct quote from President Obama:
"And if you look at the reports, even the disclosures that Mr. Snowden's put forward, all the stories that have been written, what you're not reading about is the government actually abusing these programs and, you know, listening in on people's phone calls or inappropriately reading people's emails." ~http://www.washingtonpost.com/politics/transcript-president-obamas-august-9-2013-news-conference-at-the-white-house/2013/08/09/5a6c21e8-011c-11e3-9a3e-916de805f65d_story_4.html
Then consider this tweet, https://twitter.com/csoghoian/status/377440206284406785:
"Ex-FBI general counsel Valerie Caproni, fan of surveillance backdoors, confirmed by Senate to be federal judge in NY. "
Note that Valerie Caproni was nominated by President Barack Obama, based on her excellent record in the FBI I assume, from Wikipedia
House Judiciary Committee Chair John Conyers, Jr's statement:  "Today’s hearing showed that the FBI broke the law on telephone records privacy and the General Counsel’s Office, headed by Valerie Caproni, sanctioned it and must face consequences.  I call upon FBI Director Mueller to take immediate action to punish those who violated the rules, including firing them from the agency. This must include the FBI Office of General Counsel, headed by Valerie Caproni, which the IG testified today had approved [the] continued use of exigent letters and provided legal advice that was inconsistent with federal law. Between 2003 and 2006, the FBI improperly obtained personal telephone record information from U.S. telephone companies for more than 5,500 phone numbers, including private details protected by federal law. "

I am seeing a pretty consistent pattern here, and it certainly isn't a positive one.


Sources & Additional information:




Update on John Hopkins University and NSA blog posts

"I just received a very kind formal apology from the Interim Dean of JHU Whiting School of Engineering."  Matthew Green ~https://twitter.com/matthew_d_green/status/377491743870291968

Andrew Douglas, the interim Dean involved, wrote a very manner (to use a SC2/Korean phrase) apology, he also released a copy to the press.

A copy of the apology can be read at http://arstechnica.com/security/2013/09/university-apologizes-for-censoring-crypto-prof-over-anti-nsa-post/.

I know from personal experience how hard it is to admit your wrong about something serious and apologize.

Andrew Douglas, Ph.D. has earned my respect by the way he dealt with this issue, once he realized a mistake had been made.

As I have stated before, everyone makes mistakes, only foolish people fail to learn from them.

I like to think wise people learn from the mistakes of others, so they have opportunity to make their own original mistakes.

Nerd News: iPhone 5S Good, Bad, & Big Brother

Full details at Ars live blog of Apple's event http://live.arstechnica.com/apple-september-10-event/

Apple has updated their website as well, details about iPhone 5S at http://www.apple.com/pr/library/2013/09/10Apple-Announces-iPhone-5s-The-Most-Forward-Thinking-Smartphone-in-the-World.html and front splash page comparing all the iPhones http://www.apple.com/iphone/compare/

I like the fingerprint reader, I just hope it is executed securely!

Apple says fingerprint data stays on device, never leaves it.

They have added a chip that tracks all motion of the phone even when asleep though, "Every iPhone 5s includes the new M7 motion coprocessor that gathers data from the accelerometer, gyroscope and compass..." source

"The M7 motion coprocessor continuously measures your motion data, even when the device is asleep, and saves battery life for pedometer or other fitness apps that use the accelerometer all day.source

Though Apple says that is for fitness apps & such, it makes me think of http://en.wikipedia.org/wiki/Inertial_navigation_system.

Which would let them map your house, office, and everywhere else you hang out, if the sensors were accurate enough, and I bet that data does go to Apple's servers.

I know Google and Apple have both been working on mapping inside of buildings already.

See http://www.ecommercetimes.com/story/77635.html for more on that.

Thursday, September 5, 2013

Nerd News: Paypal likes to freeze accounts it seems

Article today at Ars about Paypal freezing Mailpile's account http://arstechnica.com/business/2013/09/paypal-freezes-45000-of-mailpiles-crowdfunded-dollars/

Paypal has frozen Notch's, the Master of Minecraft, Paypal account at least twice before, according to his blog posts: (15 Jun 2009) I wonder why I used paypal.. & (10 Sep 2010) Working on a Friday update, crying over paypal.

If you live in US or Australia you can buy Minecraft Prepaid cards from many stores, I blogged details at http://cliffsesportcorner.blogspot.com/2013/08/minecraft-prepaid-pc-mac-cards-in-usa.html

I am not a fan of Paypal, I have blogged about the reasons before, see Paypal Make It Right!

Just click on Paypal or Minecraft labels to see all my posts on those topics, labels can also be found in cloud at left side of blog, or at bottom left of every post.

Wednesday, September 4, 2013

Nerd News: Samsung September 4, 2013 Event & Live Stream


[Note: if you start embedded live stream before event, it will display a countdown timer]

Live Stream link https://www.youtube.com/user/SAMSUNGmobile

If rumors are correct we will get to see new Galaxy Note 3!

We might also see a new Smartwatch.

As I blogged about a year ago http://cliffsesportcorner.blogspot.com/2012/09/nerd-news-samsung-october-24-2012-event.html I was really interested in the Note 2, unfortunately I couldn't fit that into my budget until a few months ago, so I decided to wait for Note 3, got a cheap Nokia Lumia 521 (WP8) to tide me over, since my Blackberry was failing.

Of course Google dropped price on the Nexus 4 week after I went with the Lumia 521, seems like the way it always goes for me T_T

I am hoping we see a Google Play edition of the Note 3, really really want that.

Monday, August 26, 2013

Minecraft Prepaid PC & Mac cards in USA & AUS

Problems buying Minecraft with Credit Card in USA or Australia?

Or wanting to gift the game in those countries?

Your far from the only person.

Girlfriend and I have been wanting to do Minecraft LAN, but only had copy on my machine, when I went to buy a copy for her, found out can't buy Minecraft (from USA) with credit card, and I refuse to use PayPal for several reasons (have more than one friend that has been really screwed by them & I don't mean over something little like a game or two).

I was looking for a solution for close to 2 weeks before I stumbled on this little tidbit on their site, accidentally via a Google search (full list of stores that carry them at link) http://minecraft.net/prepaid

You can buy Minecraft Prepaid Card at local chain stores, lets you pay cash so no need for credit card or PayPal account.

I had (foolishly?) been looking in store http://minecraft.net/store and thought the card was something like card game tie in (like Pokeman cards or something).

Think part of the issue might be it isn't written by native US English speaker?

If it was labeled as "Minecraft Prepaid Card" on the Store page, like it is when you click on the link from the store, it would have been clear from the beginning.


Important Note:  You MUST include the spaces in the CODE from the Prepaid card for it to work, returns error otherwise.

Additional Minecraft resources

I plan a post in the very near future setting up Mac to PC Minecraft LAN, which we are using, I have it working smoothly, but still doing some tests to make sure I don't include any redundant steps, or miss any common bugs.

I came close to giving up for a while, and using old Win 7 laptop instead of Mac, and my Google searches showed me I am not only person having problem.

Updated oclHashcat-plus v0.15

Main link:  http://hashcat.net/oclhashcat-plus/

oclHashcat-plus v0.15 "Added support for cracking passwords longer than 15 characters," lot of other improvements see https://hashcat.net/forum/thread-2543.html for full details.

I am still digging through the changes, and I have been sick, so it will probably take me a while, but it looks like some big improvements have been made.

They have also added support for several algorithms, including TrueCrypt 5.0+, Lastpass, & MacOSX v10.8 that are of particular interest to me.



Tuesday, August 13, 2013

Very interesting NYT article about Snowden, Laura Poitras, & Glenn Greenwald

Longer, more in depth article http://www.nytimes.com/2013/08/18/magazine/laura-poitras-snowden.html?pagewanted=all and a shorter one that is also used in longer article http://www.nytimes.com/2013/08/18/magazine/snowden-maass-transcript.html

Lot of people know who Snowden and Greenwald are now, I think fewer know who Laura Poitras is, sad to say I didn't before seeing this article.

For quick reference about these people see their Wikipedia links:
Lot of things of interest in above links.

Close reading of the NYT's article can provide some useful insights and tidbits to serious security.

I also want to note one comment by Snowden
"I was surprised to realize that there were people in news organizations who didn’t recognize any unencrypted message sent over the Internet is being delivered to every intelligence service in the world. In the wake of this year’s disclosures, it should be clear that unencrypted journalist-source communication is unforgivably reckless. "

Root Catz on Korean Ladder





Gratz Catz

You can find more Catz VOD's at http://www.youtube.com/user/WeAreCatZ?feature=watch

Thursday, August 8, 2013

VPN Guide by Steve Gibson

https://www.grc.com/vpn/overview.htm is link to Steve Gibson's guide to VPN, if your learning how to set up your own VPN like me, or if your just curious about VPN and want to learn, it is a great resource.

It also ties in with setting up your own server, I am looking at this neat ARM based machine, called Utilite, for low power server http://utilite-computer.com/web/home

Blurb about it on Ars http://arstechnica.com/information-technology/2013/07/99-arm-based-pc-runs-either-ubuntu-or-android/

Security & Hacking News: NYT "Two Providers of Encrypted E-Mail Shut Down"

http://bits.blogs.nytimes.com/2013/08/08/two-providers-of-encrypted-e-mail-shut-down/

Sounds like some secure email companies are shutting down to avoid being forced to betray their customers.

I have a lot of respect for them, if that is what is going on, just hope some other companies might follow suit, or at least be inspired to do something more than they have so far.

Lavabit was supposedly used by Snowden.

Though I am personally frustrated, since I had just recently started researching Silent Circle as possible secure option, and that certainly isn't possible now, based on this snipped from NYT link above:

"Mike Janke, Silent Circle’s chief executive, said in a telephone interview late Thursday that his company had destroyed its server. “Gone. Can’t get it back. Nobody can,” he said. “We thought it was better to take flak from customers than be forced to turn it over.” "

Additional links:

Lavabit (has statement from owner about situation):  http://lavabit.com/
Silent Circlehttps://silentcircle.com/
Silent Circle Twitter: https://twitter.com/Silent_Circle

Hardware Hacking with KeyMe iOS app



An app by https://www.keyme.net/ that will scan a key (picture) that you can then take to Kiosk https://www.keyme.net/kiosk or locksmith that will make a real key based on image on your smartphone.

Interesting, but I see a lot of security and/or hacking issues with this, though it has been possible to make keys from high res pictures for some time now.

Technology like this defeats key access control easily, pretty much forces non physical key (ie a key card) for any real security.

Though most common key cards have many security issues as well.

Wednesday, August 7, 2013

Monday, August 5, 2013

Slick Nexus 4 Battery Case with removable battery

If you haven't heard of ZeroLemon before, they make extended batteries and such for phones.

They now have a battery case for Nexus 4 with a 2250 mAh battery that ~doubles runtime.

Additionally, the battery in the case can be swapped out, giving even more run time if you have another battery or two in a charger.

Full details at http://www.zerolemon.com/details.php/zerolemon-nexus-4-juicer-battery-case-2250mah-removable-battery-pack

Thanks to Android Police for heads up on this http://www.androidpolice.com/2013/08/05/zerolemon-takes-on-the-nexus-4-with-the-gigantic-juicer-case-40-for-a-swappable-2250mah-battery/

There is an Anandtech review of a 7500 mAh ZeroLemon extended battery for Samsung Galaxy S 4 http://www.anandtech.com/show/7163/zerolemon-7500-mah-samsung-galaxy-s-4-extended-battery-review

For the HTC One, there is a Mophie Juice pack with a 2500 mAh battery http://www.mophie.com/product-p/2370_jp-htc-one-blk.htm



Sunday, August 4, 2013

HwangSin Streaming SC2

Streamhttp://www.twitch.tv/hwangsin

TwitchTV is having some issues today, at least for some people, wasn't sure if followers were all getting notifications.

Chat and stream are very slow loading for some people , like minutes.

One workaround that worked for me, was watching stream on TL http://www.teamliquid.net/video/streams/QuanticHwangSin

Thursday, August 1, 2013

PSA: Blizzard says "WoW, SC2, & D3 on NA servers will be down for maintenance"

Sounds like Bnet is going down in NA today Thursday August 1, 2013 at 7:00 pm EST, see Tweets below:

"Maintenance is scheduled for tonight so & will be unavailable during this time. Start time for the maintenance is 7pm AEST."
~https://twitter.com/Blizzard_ANZ/status/362800725161545728

"Yes KR or any other server outside of NA will be fine."
~ https://twitter.com/Blizzard_ANZ/status/362809784774299648

Edited to add:  "NA servers, and it looks like a 6 hour maintenance window"
~https://twitter.com/Blizzard_ANZ/status/362803226396999682

Updates are welcome in comments section, I will probably not be able to update Blog if anything changes till late Thursday night (US time).

GL HF

Wednesday, July 31, 2013

Hardware Hacking: GTX 570 eGPU on a 2013 11" Macbook Air




From Larry Gadea https://twitter.com/lg/status/362750011655733248

Approx $250 in hardware (not counting Graphics card) instructions at http://forum.techinferno.com/diy-e-gpu-projects/4271-2013-11-macbook-air-win7-sonnet-echo-expresscard-pe4l-internal-lcd-%24250.html#post59391

I really like this idea, been waiting for Thunderbolt to provide external graphics card solution, makes a lot of sense to me, specially if you can fit external hardware in a convenient to transport case.

For those still in school, it might be hard to see the point, but if you have to travel for work, or fit a LAN party in around work schedule, being able to plug external GPU into a laptop or x86 Tablet (something like a Surface Pro/Razer Edge Pro) could make a significant difference to your gaming time.

It certainly isn't for everyone though.



Wednesday, July 24, 2013

Drewbie Streaming

Streamhttp://www.twitch.tv/rootdrewbie/new

Drewbie Fighting ^_^

PC Perspective Podcast live

Streamhttp://www.pcper.com/live/

Main site http://www.pcper.com/

Good hardware show & site!

Happy 2nd Anniversary at Brick House to TWiT!

Big fan of TWiT, about half the podcasts I listen to are produced by TWiT, appreciate the great work they do.

"On Wednesday, July 24th, TWiT will be celebrating the second anniversary of our move to the TWiT Brick House.  At 3PM, we will be recording a special episode of Triangulation with Leo Laporte as the guest, interviewed in-studio by Tom Merritt and Sarah Lane." ~http://inside.twit.tv/blog/2013/7/17/twit-brick-house-2nd-anniversary-72413.html

Wish I lived closer, so I could join their open house, see link above for information on the open house.

One NFC Ring to Rule Them All




NFC Ring by John McLear

I really hope this is successful, looks like a very practical solution to smartphone security for average people IMHO.

iPhone 4S and newer, and most Blackberry's (with correct settings for MicroSD card) have good device security if locked with strong password, but entering strong password on touchscreens is a major PITA!

I am thinking this would provide a way to use a very strong password, without having to manually enter it all the time, so if your smartphone was lost/stolen, your data would be secure.

Their Kickstarter link http://www.kickstarter.com/projects/mclear/nfc-ring

Their Blog is at http://blog.nfcring.com/
Their Webpage (future main site?) http://nfcring.com/

I like the Rackspace NFC ring Hacker challenge for DEFCON (can win $100 of  free hosting) see
http://developer.rackspace.com/blog/steal-my-nfc-ring-data-at-defcon-for-100-dollars-of-free-hosting-with-rackspace.html or http://blog.nfcring.com/uncategorized/rackspace-nfc-ring-challenge/

Thursday, July 18, 2013

Sacriel streaming DayZ

Stream http://www.twitch.tv/sacriel

Haven't had chance to watch Sacriel stream for some time, IRL getting in the way T_T

So NSA admits they listen to everyone?

http://m.guardiannews.com/world/2013/jul/17/nsa-surveillance-house-hearing:

"John C Inglis, the deputy director of the surveillance agency, told a member of the House judiciary committee that NSA analysts can perform "a second or third hop query" through its collections of telephone data and internet records in order to find connections to terrorist organizations. "


"A three-hop query means that the NSA can look at data not only from a suspected terrorist, but from everyone that suspect communicated with, and then from everyone those people communicated with, and then from everyone all of those people communicated with."


Saturday, June 22, 2013

Home Story Cup VII (HSC) stream is up

Update:  Stream A is up on Twitch now http://www.twitch.tv/taketv

Update:  Stream B for HSC http://www.twitch.tv/TaKeTVBStream
also other streams on Twitch for HSC seem to be working and are listed on TL http://www.teamliquid.net/

Update:  stream crashed and is still down for me, but up for some of my friends

HSC Stream is up at http://taketv.net/

Via TLO's Tweet:  "you'll find the stream for on now! Sorry for the delay ;;" ~https://twitter.com/LiquidTLO/status/348429765365088257

TwitchTV Outage & HSC VII delay

Twitch was down for a while, now I believe it is up in limited ways/areas, many people getting 403 Forbidden error, official post about it from Twitch.TV here http://blog.twitch.tv/2013/06/site-outage-passwords-and-stream-keys-reset/

So far they are saying they were not hacked, rather their "web CDN made a requested change without obeying our caching ruleset," but they are forcing password reset because of issue.

If you read the comments, it sounds like they discovered more problems after they made that blog blog posts or initial tweets.

In addition to their blog site, you can follow Twitch's main Twitter at https://twitter.com/TwitchTV, or their support Twitter at https://twitter.com/TwitchTVSupport

They are working on getting things backup and running ASAP.

HSC (Home Story Cup) was delayed an hour from what I have seen on Twitter from Rotti:
"We were supposed to start at 13:00 CET but it might be 14:00, depends if Twitch tv is working fine or not, I'll keep you guys posted!"
~ https://twitter.com/RotterdaM08/status/348393076617797632

Note I have world clock at top of Blog, starting with Korean time, to make figuring out time zones at a glance easier.

I will post updates if possible when they become available.

Tags:  TwitchTV, HSC VII, streaming, PSA

Saturday, June 15, 2013

Minecraft Water Trap




Elegant Drowning Trap From http://www.youtube.com/user/AkifHD?feature=watch

Via http://www.minecraftwiki.net/wiki/Tutorials/Monster_Spawner_traps#Flow_Trap

Found this while waiting for Dreamhack, I will have to try it out, have a Zombie spawner on a map that I set up as a quick simple grinder, had river near spawner and just dug out enough for river to push Zombies to one wall were I can hack at their legs.

This would make it a lot more efficient, and wouldn't take much work to add.

Saturday, May 25, 2013

SC2 HSL Season 2 Playoffs Ro8

Come watch some High School League SC2 play.

Streamhttp://www.twitch.tv/hsstarleague/

Teamliquid link http://www.teamliquid.net/forum/viewmessage.php?topic_id=412391

Reddit thread http://www.reddit.com/r/starcraft/comments/1f1wx5/high_school_starleague_ro8_everestmenlo_hs_vs/


Ro8 Schedule:

7pm EST - TPHS vs E/MHS casted by Gemini
9pm EST - LMHS vs SHHS casted by TBD
9pm EST - YLHS vs CHS casted by TBD
11:30pm EST - HHS vs SMHS casted by TBD

Monday, May 13, 2013

Problems & Solutions for Apple ID 2 Step Verification (2 Factor Authentication)

Though I blogged about this when it first came out, http://cliffsesportcorner.blogspot.com/2013/03/apple-adds-2-step-verification-2-factor.html

I learned a couple of important tidbits today about it: 1) Verification does not follow when phone is replaced, 2) You need to type recovery key, not cut and paste it.

Thanks to Jeff Kibuule for tweeting about these issues https://twitter.com/jeffkibuule/status/333765576226914305

That is where I learned about these problems.

I agree with Jeff that Apple Store employees need to be aware of this issue when they suggest swapping phones for customers.

I hope this saves people from some headaches!

Also really suggest people that use this two step verification have more than one Trusted Device, and more than one hard copy of the Recovery Key securely stored, because even if you are trying to recover lost password, you will still need a minimum of two of the 3 following: 

  • Apple ID password
  • Trusted Device [ SMS capable phone OR iOS device with Find My iPhone enabled]
  • Recovery Key [14 digit Recovery Key Apple provides, they say print and keep in a safe place]


Reference Links:

Wednesday, April 17, 2013

ROOT Team House Fundraiser Marathon




When:  April 18, 2013 Thursday night after State of the Game and runs for 24 hours. [State of the Game starts at 22:00 EST on April 18th]

Stream: http://twitch.tv/rootgaming

ROOT Gaminghttp://root-gaming.com

Update on SWATting of Brian Krebs

http://krebsonsecurity.com/2013/04/swatting-incidents-tied-to-id-theft-sites/

Brian provides more details on his specific case, but most interesting part to me, was the fact that TTY are not supposed to keep records.

I probably should have realized that before, I thought main point was it made it easier for attacker to spoof phone number/location for SWATting.


Thursday, April 11, 2013

Security & Hacking: Remote Airplane Hacking

http://www.itworld.com/security/352014/vulnerabilities-aircraft-systems-allow-remote-airplane-hijacking-researcher-says

The article is based on a presentation by "Hugo Teso, a security consultant at consultancy firm N.runs in Germany, who has also had a commercial pilot license for the past 12 years..."

Teso has discovered a serious issue, and the firm he works with "N.runs has been in contact with the European Aviation Safety Agency (EASA)."

Teso says EASA is aiding the effort to test this on real aircraft, instead of simulators and some real hardware.

The EASA should be applauded for this enlightened approach IMO, many companies or even industries, take a far less productive or even antagonistic approach to White Hat discovery of vulnerabilities.




Friday, April 5, 2013

Nerd News: Twitch being Hacked?

Updatehttp://blog.twitch.tv/2013/04/regarding-todays-assorted-incidents/

Twitch is saying admin account was compromised via social engineering, I suspect that means a Spear Phishing attack http://us.norton.com/spear-phishing-scam-not-sport/article



*****

http://www.gamebreaker.tv/pc-games/breaking-news-twitch-hacked-like-right-now/

Sounds like Day9, Athene, among others can't even log in according to link above.

Snippet from link above:

At this point most of these have been already fixed. Twitch.TV is reacting as fast as they can and are unbanning streamers. - 3:32 p.m. EST

If you know of any other hacks, let us know here or tweet at us @GAMEBREAKER.TV and/or use #gbtips.

Thursday, April 4, 2013

Holiday Show Match 2013: Quantic HwangSin (P) vs compLexity qxc (T)

Nanman and myself are excited to bring you our first Holiday Show Match (HSM) of 2013.

HwangSin (P) vs qxc (T) in a Bo7 Showmatch

This time we are doing the Easter HSM live, previously cast from replays.

For more about compLexity see http://www.complexitygaming.com/ or Quantic see http://www.quanticgaming.com/index.php


TL Threadhttp://www.teamliquid.net/forum/viewmessage.php?topic_id=405808 

When: Sat April 6 09:00 KST/Sat 02:00 CEST/ Sat 01:00 BST/ Sat 00:00 (midnight) UTC || Fri April 05 21:00 BRT/20:00 (8pm) EDT/19:00 (7pm) CDT/17:00 (5pm) PDT

Stream: Nanman will be Live casting each show match at http://www.twitch.tv/therealnanman

Prizes: Winner $50 loser takes home $25

Format: Loser picks next map from Map Pool. Maps may only be used once. This is a Best of 7 series!

Map Pool:
  • Akilon Wastes 
  • Bel'Shir Vestige 
  • Whirlwind 
  • Cloud Kingdom 
  • Daybreak 
  • Newkirk City 
  • Star Station 
  • Neo Planet S 
  • Icarus


For previous events click HSM (Holiday Showmatch)

CNET "Apple's iMessage encryption trips up feds' surveillance"

http://news.cnet.com/8301-13578_3-57577887-38/apples-imessage-encryption-trips-up-feds-surveillance/

They cite a blog post from last August by Matthew Green http://blog.cryptographyengineering.com/2012/08/dear-apple-please-set-imessage-free.html

I follow Green's blog and can recommend it to anyone that is seriously interested in cryptography and/or data privacy.

Blackberry's BBM (Blackberry Messenger) http://en.wikipedia.org/wiki/BlackBerry_Messenger has long been secure as well, though I believe in recent years government pressure has forced some changes in that.

For more on BBM see http://computer.howstuffworks.com/e-mail-messaging/blackberry-messenger.htm

For general info on Blackberry security see http://www.berryreview.com/2010/08/06/faq-what-communication-is-encrypted-on-your-blackberry/

Note there are differences between BES (Enterprise Blackberry) and BIS (Consumer Blackberry), but (AFAIK) in general that doesn't matter for BBM.

According to  http://bgr.com/2013/02/27/blackberry-messenger-security-vulnerability-346634/ it seems that BBM on BIS lacks higher level security options just like email:

"“Although PIN-to-PIN messages are encrypted, they key used is a global cryptographic ‘key’ that is common to every BlackBerry device all over the world,” Public Safety Canada official stated in the memo. “Any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device.”"

and
"It should be noted that Public Safety Canada has failed to take into account the fact that organizations have the ability to change the encryption key to a unique one, ensuring that only BlackBerry devices using the same BES network can communicate with each other. There are also several ways to encode BBM messages such as S/MIME, which adds another layer of security."

Thursday, March 28, 2013

Anandtech review of Razer Edge

http://www.anandtech.com/show/6858/the-razer-edge-review

Good review by Vivek Gowri @vivg91

Vivek mentions that hardware wise the Edge is a "monster".

I totally agree with that, one point I would emphasis, is that this is only Windows 8 Tablet I can find that has 8 GB of RAM!

Twice as much as any other tablet.

All that RAM plus SSD mean the Edge should work very well for most mobile business use, unless you need a portable workstation.

I used work with business people that had to travel all the time, I can see people like that, that are into gaming, might well pick the Edge to replace laptop for travel.

Even if their not into gaming, if they need for more than 4 GB of RAM, this would be only tablet available.

Even if work picks up the bill for checked luggage, carry on luggage is only stuff you can count on making it to your destination.

And you can carry a Edge + ARM tablet for same weight as single laptop, while having redundancy for basics like email.


Monday, March 25, 2013

Has Yahoo been hacked again? Lot of users getting "Suspicious activity was detected on your account"

Update 2/26/2013

Found this news story today, http://www.channel4.com/news/yahoos-email-system-hacked-by-criminal-spammers

So it does sound like Yahoo having problems with hackers, but they don't want to admit it?

Yahoo's Twitter https://twitter.com/YahooCare doesn't seem to contain any useful information (nothing you can't find in under a minute with basic Google search).

***
Lot of Yahoo email users are getting "Suspicious activity was detected on your account" message when they try to send email.

I have Yahoo accounts, as well as Google accounts, and I have been seeing that message for two days now.

Some related recent complaints:


Funny thing is when I tried to send a report to Yahoo again today, like I did yesterday, the report failed, couldn't be sent.  LOL

Pretty sure that isn't because of problems on my machine, I am fully patched, use a long random password, run AV, test router security, etc.


Makes me think either they have been hacked, again, or they have some significant bug somewhere in their software.



Sunday, March 24, 2013

Rotterdam is streaming HOTS ladder

Stream http://www.twitch.tv/RotterdaM08

I don't know how much longer he will stream, probably at least couple more hours, he has been streaming for 5-6 hours already.

Noob Hacking "How I became a password cracker"

http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/

If you know nothing about Password cracking, or your trying to convince friends & family to use password manager + strong random passwords, this article is useful.


Friday, March 22, 2013

Apple adds 2 Step Verification (2 Factor Authentication) for Apple ID

This is big Security News, Apple has finally followed Google and others in having a Two Step (I think of it as 2 Factor) Security option.

Note, this appears to be true Two Factor, even if you are trying to recover lost password, you will still need a minimum of two of the 3 following: 
  • Apple ID password
  • Trusted Device [ SMS capable phone OR iOS device with Find My iPhone enabled]
  • Recovery Key [14 digit Recovery Key Apple provides, they say print and keep in a safe place]


This has both a Pro, since it will be very hard for someone to Hack if your using strong a password.

As well as a Con, if you forget or lose 2 of those 3 things, you will be locked out of your Apple account forever, and would have to get a new one.

You can have multiple Trusted Devices though, and there is no reason you can't have a couple of hard copies of the Recovery Key in safe deposit box and home or office safe.

And if you use a good Password Keeper, also known as Password Manager, like LastPass https://lastpass.com/ you only need to remember one good password.

Reference Links:




Thursday, March 21, 2013

Drewbie Streaming HOTS

Streamhttp://www.twitch.tv/rootdrewbie

Drewbie has started streaming again, but my schedule hasn't matched up until (finally) today.

Nerd News: "2012 Law Enforcement Requests Report"

Microsoft has released a Transparency Report about Law Enforcement requests for information, you can view the report at http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/

Microsoft introduces the reports with this blog post http://blogs.technet.com/b/microsoft_on_the_issues/archive/2013/03/21/microsoft-releases-2012-law-enforcement-requests-report.aspx, they also state that it will be updated every 6 months.

They also offer a few observations based on the data.

For easy comparison here is link to Google's Transparency Report http://www.google.com/transparencyreport/

Nerd News: SendGrid Response to Adria Richards situation & events at PyCon

Current response outlining SendGrid's thoughts behind their decision http://blog.sendgrid.com/a-difficult-situation/

This link contains SendGrid's initial announcement, http://blog.sendgrid.com/sendgrid-statement/, "SendGrid has terminated the employment of Adria Richards."

Personally I hope everyone involved really learns from this event, unfortunately, often in life the truly difficult lessons, have to be learned the hard way.






Wednesday, March 20, 2013

Security & Hacking: "Microsoft confirms compromise of “high-profile” Xbox Live accounts"

Source & full story at http://arstechnica.com/security/2013/03/hackers-that-took-over-xbox-live-accounts-may-be-behind-ddos-attack-on-ars/ :

"We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees," Microsoft officials said in a statement sent to Ars. "We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use."

This ties in with Brian Kreb's recent blog post, http://krebsonsecurity.com/2013/03/the-obscurest-epoch-is-today/ were he details what he has learned so far about person(s) that SWATted him.

Oddly those people appear to have been involved in the hack or social engineering attack against Mat Honan, which Honan wrote about http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard and a later more polished article (link is good, but you may need to refresh sometimes to get it to work) http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/.

To see all my posts about the Mat Honan Hack click this Mat Honan Label, additional Labels can be found at bottom left of every post, and in Label Cloud at left side of Blog.

Tuesday, March 19, 2013

Kim Dotcom Saga "NZ spies knew Kim Dotcom shouldn’t have been spied on, did it anyway"

http://arstechnica.com/tech-policy/2013/03/nz-spies-knew-kim-dotcom-shouldnt-have-been-spied-on-did-it-anyway/

Get the popcorn out.

More I learn about this story, the more I feel for Kim & his family, also the more I really wonder about the motivations behind the Government Agencies involved.



Security & Hacking (Facepalm edition): "Cisco switches to weaker hashing scheme, passwords cracked wide open"

http://arstechnica.com/security/2013/03/cisco-switches-to-weaker-hashing-scheme-passwords-cracked-wide-open/

TL:DR version:
"It turns out that Cisco's new method for converting passwords into one-way hashes uses a single iteration of the SHA256 function with no cryptographic salt. The revelation came as a shock to many security experts because the technique requires little time and computing resources."

Monday, March 18, 2013

"CatZ Talks About Home-Grown eSports" StarCraft 2 Vlog




This is from some time ago, but Catz & Totalbiscuit were tweeting about it recently.

For the record I agree with Catz on this topic.

Friday, March 15, 2013

Nerd News: "Gagging recipients of National Security Letters found unconstitutional"

http://arstechnica.com/tech-policy/2013/03/gagging-recipients-of-national-security-letters-found-unconstitutional/

A small step forward IMO.

As I have mentioned before, I have a lot in common with research librarians, have several friends that are professional librarians and some that are directors of libraries.

I know they all hate this part of the so called "Patriot Act," since they could be forced to reveal everything people were doing at library.

Fact is, many libraries changed their data collecting practices to limit amount/types of data they kept on patrons, students, and faculty because of the the Patriot Act.

Nerd News: Brian Krebs SWATting & DDoS

http://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/

http://arstechnica.com/security/2013/03/security-reporter-tells-ars-about-hacked-911-call-that-sent-swat-team-to-his-house/

Brian Krebs, from Krebs on Security, seems to be targeted by some criminal types.

Links above provide story.