Domain: holdenkarau.com
Stories and comments across the archive that link to holdenkarau.com.
Stories · 16
-
Automatic Spelling Corrections On Github
An anonymous reader writes "Github projects may be seeing a different kind of contributor than normal: a small bot is now crawling through projects, contributing spelling corrections. It builds on top of the github API and existing documentation style-checking code. Future directions for the project look beyond spelling mistakes and at automated bug fixing on a large scale." -
AT&T Blocks Part of 4chan
holdenkarau writes "Several news sources (Mashable, The Inquistr, etc.) are reporting that AT&T is blocking img.4chan.org in the southern United States. That server is used for the infamous /b/ board (the home of anonymous). TechCrunch calls the decision to block 4chan 'stupid,' noting that they may have 'opened perhaps the most vindictive, messy can of worms.' The Inquisitr suggests that 'The global internet censorship debate landed in the home of the free.' moot (who runs 4chan) asks users to call AT&T, while some others suggest more drastic action (like cutting AT&T fiber)." Update: 07/27 09:23 GMT by T : Readers' comments below suggest that a) the purpose of the block was to curtail the effects of a serious DDoS attack and b) that the block has now been lifted, at least for some regions. -
Zimbra Desktop Vulnerable to Man-in-the-Middle Attack
tiffanydanica writes "For all the flack Mozilla gets about its new security warnings for https sites, at least it warns the user when a mismatch occurs. Sadly the new Yahoo! Zimbra Desktop (released in part to fix some security issues), doesn't bother validating the SSL certificate on the other side before sending along the username and password, making it vulnerable to a man-in-the-middle attack. This is certainly a step up from transmitting the information in the clear, since the attacker must switch from being passive to active, but with all of the DNS security problems, it would be fairly trivial for a malicious attacker to grab a large number of Yahoo! accounts (be it for phishing or spaming). Hopefully this issue will get fixed shortly, but for now Yahoo! Zimbra Desktop users may wish to use the webmail interface." -
Tapping the IPhone, Courtesy of Yahoo!
tdalek writes "You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing authentication information. It turns out that more Yahoo! applications are affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames and passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), now would be a good time to forward it elsewhere for the time being." -
Security Flaw In Yahoo Mail Exposes Plaintext Authentication Info
holdenkarau writes "Yahoo!'s acquisition of open source mail client Zimbra has apparently brought some baggage to the mail team. The new Yahoo! desktop program transmits the authentication information in plain text. The flaw was discovered during a Yahoo 'hacku' Day at the University of Waterloo (the only Canadian school part of the trip). Compared to the recent news about Gmail exposing the names associated with accounts, this seems downright scary. So, if you have friends or relatives who might have installed Yahoo! desktop and value their e-mail accounts, now would be a good time to get them to change the password and switch back to the web interface." -
Security Flaw In Yahoo Mail Exposes Plaintext Authentication Info
holdenkarau writes "Yahoo!'s acquisition of open source mail client Zimbra has apparently brought some baggage to the mail team. The new Yahoo! desktop program transmits the authentication information in plain text. The flaw was discovered during a Yahoo 'hacku' Day at the University of Waterloo (the only Canadian school part of the trip). Compared to the recent news about Gmail exposing the names associated with accounts, this seems downright scary. So, if you have friends or relatives who might have installed Yahoo! desktop and value their e-mail accounts, now would be a good time to get them to change the password and switch back to the web interface." -
Canadian Firms Get Behind OpenMoko/FreeRunner
mario writes "Now that the OpenMoko platform has stabilized enough to provide the OM2008 image (supporting the three major toolkits), things are starting to heat up. Linuxdevices is reporting on the start of a port of Devicescape's connect application. Koolu (another Canadian company) is also doing development for its W.E. phone (a branded FreeRunner). Which leads me to ask: Where are the American companies?" -
Gmail Reveals the Names of All Users
ihatespam writes "Have you ever wanted to know the name of admin@gmail.com? Now you can. Through a bug in Google calendars the names of all registered Gmail accounts are now readily available. All you need to find out the names of any gmail address is a Google calendar account yourself. Depending on your view this ranges from a harmless "feature" to a rather serious privacy violation. According to some reports, spammers are already exploiting this "feature"/bug to send personalized spam messages." -
First North American OpenMoko/FreeRunners Arrive
holdenkarau writes "The North American OpenMoko FreeRunners are starting to arrive. It would appear that the OpenMoko still has problems with some 3G networks, including AT&T. Although, in my own personal completely unscientific test, 2 out of 3 AT&T SIM cards worked. Check out the unboxing of a complete FreeRunner (along with debug board) and my experience getting the FreeRunner up and running. Or a direct link to the pictures for those of you bored with text. If you feel brave enough to take the plunge, you can buy your own FreeRunner from the OpenMoko store." -
First North American OpenMoko/FreeRunners Arrive
holdenkarau writes "The North American OpenMoko FreeRunners are starting to arrive. It would appear that the OpenMoko still has problems with some 3G networks, including AT&T. Although, in my own personal completely unscientific test, 2 out of 3 AT&T SIM cards worked. Check out the unboxing of a complete FreeRunner (along with debug board) and my experience getting the FreeRunner up and running. Or a direct link to the pictures for those of you bored with text. If you feel brave enough to take the plunge, you can buy your own FreeRunner from the OpenMoko store." -
Protecting IM From Big Brother
holden writes "Ian Goldberg, leading security researcher, professor at the University of Waterloo, and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk on protecting your IM conversations. He discusses OTR and its importance in today's world of warrant-less wire tapping. OTR users benefit from being able to have truly private conversations over IM by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An avi of the talk is available by http as well as by bittorrent and a bunch of other formats." -
The Future of C++ As Seen By Its Creator
holden writes "In a rare public talk, C++ creator Dr. Bjarne Stroustrup discusses his ideal in programming languages, as well how he sees the next version (and beyond) of C++ developing. He explains the general selection criteria used for adding new features, some of the legacy of C++, and many other interesting topics. Especially interesting is during the Q&A he explains his views of the embrace and extend mentality some implementations, such as VC++, have taken." -
Using AI To Filter RSS Feeds
holden writes "According to a blog post, AideRSS has moved from closed to open beta. I've been using AideRSS over the past few weeks to filter my RSS feeds (including Slashdot and Reddit) and I've been quite impressed. They talk a bit about how the filtering system works, which apparently tracks a mixture of things, from pick-up in other blogs, to some clustering technology." -
Richard Stallman Talks On Copyright Vs. the People
holden writes "Richard M. Stallman recently gave a talk entitled Copyright vs Community in the Age of Computer Networks to the University of Waterloo Computer Science Club. The talk looks at the origin of copyright, and how it has evolved over time from something that originally served the benefit of the people to a tool used against them. In keeping with his wishes to use open formats, the talk and QA are available in ogg theora only." -
Multi-Threaded Programming Without the Pain
holden karau writes "Gigahertz are out and cores are in. Programmers must begin to develop applications that take full advantage of the increasing number of cores present in modern computers. However, multi-threaded development has been notoriously hard to do. Researcher Stefanus Du Toit discusses and demonstrates RapidMind, a software system he co-authored, that takes the pain out of multi-threaded programming in C++. For his demo he created a program on the PlayStation 3 representing thousands of chickens, each independently tracked by a single processing core. The talk itself is interesting but the demo is golden." -
Review of New Xandros 4.1 Professional Linux
holden writes "OpenAddict has a review of the new Xandros 4.1 professional.Some of the big changes in professional include a newer kernel, AIGLX, and support for 3G wireless. One of the subtle, but still very important changes, is that Xandros has finally removed the registration requirement, and users can now access Xandros Networks without registering first. Techworld is one of many that is already looking at Xandros as a possible challenger to Windows Vista"