I extracted the certificate from the SuperFish adware and cracked the password (”komodia”) that encrypted it. I discuss how down below. The consequence is that I can intercept the encrypted communications of SuperFish’s victims (people with Lenovo laptops) while hanging out near them at a cafe wifi hotspot. Note: this is probably trafficking in illegal access devices under the proposed revisions to the CFAA, so get it now before they change the law. ...
Other users are reporting that the adware actually installs its own self-signed certificate authority which effectively allows the software to snoop on secure connections, like banking websites as pictured in action below. This is a malicious technique commonly known as a man-in-the middle attack, where the certificate allows the software to decrypt secure requests, yet Lenovo appears to be shipping this software with some of its products out of the box. ...
The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba, and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world’s computers, according to cyber researchers and former operatives. » Joseph Menn | businessinsider.com
Enter Digital Rights Management in its most primitive forms: let’s call it DRM 0.96. They introduced physical indicia which the software checked for—deliberate damage, dongles, hidden sectors—and challenge-response protocols that required possession of large, unwieldy manuals that were difficult to copy. These failed for two reasons. First, they were commercially unpopular, because they reduced the usefulness of the software to the legitimate purchasers. Honest buyers resented the non-functionality of their backups, they hated the loss of scarce ports to the authentication dongles, and they chafed at the inconvenience of having to lug around large manuals when they wanted to run their software. Second, these didn’t stop pirates, who found it trivial to patch the software and bypass authentication. People who took the software without paying for it were untouched. ...
Originally, there was kSplice as a standalone project that implemented stop_machine()-based patching for the linux kernel. This project got later acquired, and the current owner is providing live patching as a proprietary service, without any intentions to have their implementation merged. Then, due to rising user/customer demand, both Red Hat and SUSE started working on their own implementation (not knowing about each other), and announced first versions roughly at the same time. ...
En 1972 se ponía en venta en las tiendas norteamericanas la Magnavox Odyssey, la primera videoconsola de la historia. Un año antes un estudiante de la Universidad de Stanford y su socio habían construido la primera máquina recreativa de la historia. A partir de estos dos acontecimientos clave los videojuegos comenzaron a popularizarse creando a día de hoy una gigantesca industria de ocio y entretenimiento capaz de competir en seguidores y volumen de ventas con el cine o la música. ...
The Python reference documentation explicitly documents this behavior in the section on for loops: The for-loop makes assignments to the variables(s) in the target list. […] Names in the target list are not deleted when the loop is finished, but if the sequence is empty, they will not have been assigned to at all by the loop. » Eli Bendersky | eli.thegreenplace.net
Quincy Larson was just a ”guy in a suit in an office” and decided he wanted to learn how to code. So he asked around. He started by picking up a bit of Ruby then found himself skimming through other languages like Scala, Clojure and Go. He learned Emacs then Vim and even the Dvorak keyboard layout. He picked up Linux, dabbled in Lisp and coded in Python while living on the command line for more than half a year. ...
What would ”nice looking”—or ”beautiful”, for that matter—actually mean when referring to source code? I asked some programmer friends what they thought that meant. Their answers were obvious, but still worth stating: Code should be locally coherent and single-functioned: One function should do exactly one thing. It should be clear about what it’s doing. Local code should explain, or at least hint at the overall system design. Code should be self-documenting. Comments should be avoided whenever possible. Comments duplicate work when both writing and reading code. If you need to comment something to make it understandable it should probably be rewritten. » Shawn McGrath | kotaku.com
Así, cabe preguntarse por qué el principal desarrollador de una pieza de software tan sensible y popular “va a la quiebra”. ¿Problemas de juego? ¿Derroche sin más? Porque un programador de ese calibre, en esa posición, debería cobrar lo suyo y más en Alemania, país de Koch. Pero la pregunta adecuada no es por qué va a la quiebra o cuánto cobra, sino de qué vive este hombre. ¿De qué vive -repetimos- el principal desarrollador de una pieza de software tan sensible y popular como GPG? La respuesta, desafortunadamente, es que nadie le pagaba por su trabajo: vivía de la caridad, de las donaciones. ¿Suena duro? Es aún peor. ...