Archive

Posts Tagged ‘ssl’

DayZ Standalone Early Access Review

DayZ Standalone Early Access Review

Price: £19.99
Developer: Bohemia Interactive
Publisher: Bohemia Interactive
Date Tested: 26/03/2014

DayZ Standalone Early Access Review DayZ Early Access Review

Note: Early Access Reviews are critical appraisals of games still in development which are charging money for player access to their alpha and beta stages. This review is intended to give you an idea of whether the game is currently worth investing in, but without offering a final verdict.

Take a cursory glance at DayZ and it appears little has changed in the four months since release. The major content Bohemia are planning for the mod; namely vehicles, craftable bases, and broader communication channels such as radios, are still a long way from being added. Investigate a little further, however, and you’ll discover that significant changes have been made, but they’re many and small rather than large and few.

For example, rain was added about a month ago, and now players can catch the water droplets in their canteens, making it ever so slightly easier to acquire this vital resource. In addition, players can aim their guns while sat down, enabling them to sit around a campfire with friends without completely compromising their safety, or keep watch over player prisoners in a more casual, more disturbing manner.

DayZ Standalone Early Access Review DayZ Early Access Review

There are lots of different little channels that feed into DayZ’s remarkable success since it debuted on Steam Early Access at the end of last year. But one of them is this detailed way in which players can interact with their environment and the other players they encounter in post-apocalypse Chernarus. It’s this granularity of experience which Bohemia have been chasing since the Standalone release.

To understand the importance of this, it’s necessary to grasp the basis of what DayZ is, and the developer’s intent behind it. For all its layers of complexity, your ultimate goal when playing DayZ is the most basic possible. Stay alive. Do not die. See that bucket? Avoid kicking it. This is done by seeing to your needs, avoiding the zombies scattered around the environment like organic litter, and performing the delicate and potentially deadly social dance with fellow survivors you’ll inevitably encounter during your travels.

Your objective may be simple, but achieving it is anything but. Resources are scarce, and you require lots of food and water just to keep your body functional. The first hour or so of a DayZ life are a half-terrifying, half-gleeful rush as you frantically scour thenearest village for supplies, interspersed with moments of bravely running away from the prowling zombies.

DayZ Standalone Early Access Review DayZ Early Access Review

If you’re very lucky you might find enough food and water to keep you healthy. More typically you’ll either bleed to death after being attacked by your first zombie, or find nothing but rotten food, eat that in desperation, become sick, and spend the next half hour hopelessly searching for the right medication before ultimately collapsing. This is of course an entirely hypothetical scenario and definitely not what happened to me in my first and second lives.

Learning how to cope in this extremely harsh environment is a big factor in what makes DayZ so compelling. So is learning how to navigate it. Modern games are obsessed with keeping the player oriented, ensuring they always know where they are and where they are going, and there’s something about the challenge of being lost in a wilderness that is paradoxically liberating. The moment you first find a map in an abandoned car or inside a petrol station is breathlessly exciting. Then comes the puzzle of figuring out where you are on it, googling the Russian alphabet so you can translate the town signs written in Cyrillic to match them with the map names scribed in English.

DayZ Standalone Early Access Review DayZ Early Access Review

It helps that Chernarus is an incredible foundation for a game like this. Its sweeping vistas, highly realistic terrain, foreboding climate and dilapidated Baltic settlements all contribute to the sense that this is a world where nature has wrested control back from humanity, but also as a place where hope still lingers. Trekking through one of DayZ’s many forests, watching the sunlight shaft through the canopy, listening to your plodding footfall and the twittering birds in the trees is an oddly relaxing experience, providing relief between frantic zombie combat and tense encounters with other survivors.

Article source: http://feedproxy.google.com/~r/bit-tech/gaming/~3/ScyHHkwf6n8/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/qt_HB7xmNlk/

NSA denies prior knowledge of Heartbleed vuln

NSA denies prior knowledge of Heartbleed vuln

The US National Security Agency has denied any knowledge of the OpenSSL Heartbleed vulnerability prior to it going public, stating it is biased towards responsible disclosure.


The US National Security Agency (NSA) has denied claims that it knew about the Heartbleed vulnerability in OpenSSL before it was made public, claiming that it is biased towards seeing such flaws fixed for the greater good than keeping its knowledge a secret to further its intelligence gathering programmes.

The NSA has been in the limelight of late thanks to revelations by former contractor turned whistleblower Edward Snowden, the source of evidence showing the NSA has been overreaching its charter with massive surveillance programmes against both US and foreign nationals. Documents leaked by Snowden included claims that the NSA works closely with major companies to gain back-door access to code and data, and even works to weaken commercial security products by recommending known-weak ciphers and random number generators.

When news of the Heartbleed vulnerability in popular cryptography library OpenSSL broke last week, many wondered if the NSA was aware of the flaw. Present in the OpenSSL codebase since 2011 and in the wild since 2012, the Heartbleed vulnerability has been proven to leak private keys – allowing the decryption of encrypted traffic, something the NSA captures and stores for several years as part of its intelligence activities.

Many in the industry had wondered why the NSA captured and stored encrypted traffic with no known way to decrypt it, but the Heartbleed bug means that the NSA – or any other attacker – could easily retrieve the private keys required to unlock the encrypted traffic. Suddenly, the NSA’s trove of scrambled data made a lot of sense – leading many to claim on sites like Bloomberg that the NSA knew of Heartbleed and had been exploiting the vulnerability for years.

The NSA has, naturally, denied this. ‘Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong,‘ the Office of the Director of National Intelligence has stated. The denial has been followed by claims made to The New York Times that the NSA and other US intelligence agencies follow a process ‘biased toward responsibly disclosing such vulnerabilities.

The same article, however, quotes officials as admitting that while President Barack Obama has instructed the NSA and other agencies to follow responsible disclosure practices when flaws are found, there exists a loophole which allows vulnerabilities to be withheld for future exploitation if there is a ‘clear national security or law enforcement need‘ – something critics claim could well have applied to knowledge of the Heartbleed vulnerability, given the NSA’s corpus of encrypted data.

The Heartbleed vulnerability is still being patched, with sites affected by the flaw having to upgrade to a newer release of OpenSSL and revoke and replace their certificates before users can safely change their passwords and, where available, enable two-factor authentication.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/vStbHfTAYD0/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/NrGoWjecbiU/

Do case manufacturers really understand water cooling?

After a couple of years of mediocre progress, we’re seeing some genuine innovation with cases that are leaning ever more towards water cooling. Pretty much every medium to large case that’s released these days – even smaller mini-ITX ones on occasion – sports double, triple or even quadruple fan mounts, and though these of course boost air cooling potential too, they also allow for larger radiators to be installed.

Manufacturers such as Corsair and NZXT are now in the habit of listing radiator compatibility in their case instruction manuals too – they’re clearly taking it seriously and rightly so. Water cooling is one area of the PC industry that has certainly been growing over the last few years with all-in-one liquid coolers and full-on custom water cooling topping cooler graphs and featuring in many eye candy-filled systems – both modding projects and standard builds alike.

However, there is one small issue with many cases – specifically their radiator mounts. They’re usually designed only for half-height radiators, which lack surface area and thus cooling potential compared to their full-height siblings, and many cases also seem to be listing radiator and water cooling compatibility as little more than tick-box features.

Do case manufacturers really understand water cooling?
My point here is that when you try to install a water cooling system in one, there’s so little space that tube kinks become a real issue and there’s also little thought as to where to put pumps and reservoirs. One big factor here is that case manufacturers aren’t actually that concerned with custom water cooling loops (as in separate components connected together at home) and rather more with all-in-one systems such as a Corsair H80i.

It’s not just Corsair and NZXT, who incidentally make some of the best all-in-one liquid coolers out there, that are doing this. After all, you can forgive them for promoting a combination of their own case and cooler, but plenty of other manufacturers are doing it too.

Do case manufacturers really understand water cooling?
For instance, I’ve recently borrowed the Lian Li PC-V360 we looked at recently to see how well it can cope with a water cooling system, seeing as it has a dedicated dual 120mm-fan radiator mount in the side panel and is too slim to fit large air coolers.

In short, it wasn’t easy at all and I had to use anti-kinking springs on the tubing for everything to fit inside – and that’s using the skinniest radiator I could find. Also, this turned out to be only just capable of cooling my overclocked Core i5-3570K and GeForce 660 Ti with the fans on full blast, which for me half defeats the point of water cooling, which is noise reduction.

Do case manufacturers really understand water cooling?
Even with an all-in-one liquid cooler things would be tricky, but as we speak I’m in the process of dismantling the system to go back to my trusted BitFenix Prodigy, which is much more water cooling friendly. Of course, that’s my point; some cases do work well with water cooling, the Prodigy being one of them. It’s also far from being a large case – the PC-V360 is taller and deeper but can’t quite decide whether to jump off the fence on the air cooling side or water cooling side.

A lot of the issues, then, revolve around radiator depth, and at the moment, many case manufacturers are content to leave their cases with the bare minimum. You probably can’t blame them to some extent as the vast majority of all-in-one liquid coolers use skinny radiators – one reason why a custom kit with a full-height double or triple 120mm-fan radiator will likely perform much better and quieter with an overclocked CPU.

So, what would I like to see? Better consideration for water cooling enthusiasts for one, but this could just as easily be brought about by all-in-one liquid cooler manufacturers beefing up their radiators too, especially where double fan radiators are concerned. That way, we don’t only get better cooling from their own coolers, but you won’t have to opt for enormous cases or go through the hassle of having to use multiple radiators too. It wouldn’t require massive changes either – a few small modifications to existing case designs could make a world of difference.

How do you think current cases could be improved for water cooling purposes? Let us know in the forum.

Article source: http://feedproxy.google.com/~r/bit-tech/hardware/~3/AT2-rLb3igI/


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/HX46YxM0sdY/

Web hit by OpenSSL ‘Heartbleed’ vulnerability

Web hit by OpenSSL 'Heartbleed' vulnerability

Versions of cryptographic library OpenSSL since 2012 are vulnerable to the ‘Heartbleed Bug,’ which allows an attacker to silently steal the contents of system memory.


Security researchers have released details of a serious vulnerability in the popular OpenSSL cryptographic library which exposes encrypted internet services to information disclosure attacks.

Continuing a terrible year for information security, what with the verification flaw in GnuTLS and Apple’s infamous goto fail bug, the OpenSSL project has confirmed that versions of its software since 2011 have held a serious vulnerability which has been dubbed the ‘Heartbleed Bug,’ and which can be used to read a system’s memory remotely – gathering secret keys which can then be used to decrypt previously-transmitted information.

It’s a serious flaw; OpenSSL is the standard library for driving SSL and TLS encryption in a variety of software packages and information appliances; Apache and nginx, two of the most popular server packages around accounting for an estimated 66 per cent of all web servers, use OpenSSL; the library is also commonly used in other encrypted systems such as virtual private network (VPN) appliances, point-of-sale (PoS) systems and messaging servers.

The Heartbleed Bug works by exploiting the heartbeat extension of the Transport Security Layer (TLS) protocol; attackers are able to read unlimited system memory in 64KB chunks, with exploitation leaving no trace on the system. These memory chunks can be reassembled and analysed to gather usernames, passwords, encryption keys, and other privileged information which should not be exposed to the public.

The OpenSSL project has confirmed that the code responsible for the flaw has been present in its software since 2011 and available to the public since the release of OpenSSL 1.0.1 in March 2012. Since then, the 1.0.1 branch has become widespread, shipping by default with numerous operating systems including Ubuntu Linux and OpenBSD. While the project has released a fixed version, OpenSSL 1.0.1g, this will take time to distribute – leaving servers with less proactive admins vulnerable to attack.

Ironically, those who have not upgraded in a while may be protected against the flaw: the older OpenSSL 1.0.0 and 0.9.8 branches are unaffected, having been frozen before the bug was introduced.

More details of the flaw are available at Heartbleed.com.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/KQOOD9J4GU0/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/r9yrmPjlo-0/

LG G Pro vs. iPhone 5S? Alternative brackets to March Madness

Star Wars tournament

I think Yoda will handle this one.


(Credit:
Screenshot by Amanda Kooser/CNET)

March Madness doesn’t have to be just about basketball. You can get a tournament fix without ever setting eyes on a round orange bouncy object or the extremely tall humans who use it.

Instead, you can bask in a much nerdier alternative tournament where you get to do things like root for Neil deGrasse Tyson versus the Dowager Countess from “Downton Abbey” or cheer on the
iPhone 5S in a pitched battle against the LG G Pro 2.

Welcome to the world of alternative brackets. Here are five to feed your competitive fire, and they have pretty much nothing to do with basketball.

PBS vs. NPR
Who will reign supreme? Philadelphia public media provider WHYY is setting the stars of NPR against the luminaries of PBS. Happy-clouds painter Bob Ross handily defeated voice-of-nature David Attenborough in the first round, but took it on the chin against the Dowager Countess. It’s all about who garners the most fan votes. Round 3 is currently under way. I’m betting it all comes down to deGrasse Tyson taking on Ira Glass in a grudge match for the ages. I give this one to the “Cosmos” host, but just barely.


Highlander DVD cover

“Highlander” already lopped the head off “Conan the Barbarian.” (Click to enlarge.)


(Credit:
Lionsgate)

Science fiction vs. fantasy

Break out the swords, magic, phasers, aliens, zombies, Cthulhu, and Mel Gibson as Mad Max. Geek site io9 is hosting a tournament pitting sci-fi and fantasy franchises against each other — until, like in “Highlander,” there can be only one. This is anybody’s game. We could very well end up with a bloody final match featuring “Star Trek” taking on “Game of Thrones.” Spock versus a direwolf, anyone?

Metrics mania
If you’ve ever wondered how the different colleges in the NCAA basketball tournament would fare against each other using institutional research rather than sports prowess, then the Metrics Mania bracket is for you. You have until the 21st to fill out your bracket and guess which schools will rack up the most scientific and scholarly research paper citations during the tournament. (That’s the simplified version of how this works.) The data comes from Thomson Reuters’ InCites Web-based research analytics platform. Power to the nerds!

Smartphone madness
Laptop Magazine prefers to spend its time arranging fights between smartphones. In a surprise upset, the LG G Pro 2 took out the Apple iPhone 5S early on. The 5C, however, is still in the smartphone tournament, though it must make it past the YotaPhone to advance. Once again, this is all about fan votes. The eventual champion will get a virtual pat on the back, along with a “You done good, smartphone.”

‘Star Wars’
The “Star Wars” version of March Madness features 100 percent more Yoda than the NCAA tournament. The little green guy was triumphant in last year’s This is Madness character tournament. Up for a repeat, is he? Right now, Boba Fett is totally blasting Greedo out of the galaxy, though Liam Neeson is at least putting up a fight against Yoda. I’m sticking with Darth Vader as my dark-horse winner this year.

PBS vs. NPR

This is going to be a close one.


(Credit:
Screenshot by Amanda Kooser/CNET)

Article source: http://feedproxy.google.com/~r/cnet/pRza/~3/-QJz3HDYarg/

Corsair Raptor M45 Review

Corsair Raptor M45 Review – Introduction and Features

Manufacturer: Corsair
UK Price: £44.99
US Price: $59.99

The Corsair Raptor M45 is an upgrade to the Corsair Raptor M40, with an improved 5,000dpi sensor. It could also be considered a cut-price variant of the company’s Vengeance M65 model that uses an optical rather than laser sensor. However, while cheaper than that model it still boasts plenty of other features that mark it out from entry level models – this is still a true gaming peripheral.

Corsair Raptor M45 Review Corsair Raptor M45 Review - Introduction and Features
When we say this is a low cost version of the M65 we really mean it. The M45 sports essentially exactly the same physical design as that model but rather than the metal base of the M65 here it’s all plastic. This doesn’t detract at all from the mouse’s overall look or feel though. On the desk you’d be hard pushed to tell it apart from its more luxurious sibling and all the surfaces of the mouse that you touch feel solid and have nice finishes. The top has a soft-touch coating while the sides have a textured moulded finish to them, which theoretically aids grip and reduces overall sweaty finger-syndrome.

Corsair Raptor M45 Review Corsair Raptor M45 Review - Introduction and Features
Another nice addition is the aluminium scroll wheel. The metal construction doesn’t serve a purpose in terms of adding extra weight for inertial scrolling but it looks the part. The edge is finished with a nice thick and grippy rubber band and the scrolling action has an accurate lightweight feel – perfect for precise weapon selection in FPS games for instance.

Another key feature of this mouse is that it includes a weights system. Three screw-off metal bolts on the underside reveal three tiny metal discs. Each of the bolts weighs 3g and the weights weigh 4g, making for a total possible extra weight of 21g.

Corsair Raptor M45 Review Corsair Raptor M45 Review - Introduction and Features
We aren’t generally fans of weights in mice as we tend to find the lighter the better. As such we ended up removing both the weights and the bolts. However one area where we did see some benefit was in photoshop work where the extra stability provided by the higher weight made tracing round fine objects a little easier. Also, some people like extra weight generally and as far as weight systems go this one seems to do the trick nicely.

One area where the M45 actually trumps the M65 is that it has more lights! As well as the indicator bars for the DPI setting, which sit below the scroll wheel in between the two DPI adjusting buttons, the Corsair logo is also backlit. The lighting is single colour but good quality and we like the choice of red and black – it’s the perfect partner to the matching Corsair Raptor K40 keyboard at the very least.

Corsair Raptor M45 Review Corsair Raptor M45 Review - Introduction and Features
An interesting little quirk of this mouse is that the cable comes from the left side of the front edge, rather than the middle. This doesn’t seem to serve any purpose for the user but simply is a result of the design and construction of the mouse. The cable itself is 1.2m long, which is plenty, and is fully braided, terminating in a matching red USB plug.

Corsair Raptor M45 Review Corsair Raptor M45 Review - Introduction and Features
The base of the Corsair Raptor M45 has five very large PTFE glide pads which provide a wonderfully smooth mousing action. It glided effortlessly over every conventional mousing surface we tried and the sheer area of padding means the pads should last a while. A nice touch too is that each pad has a little notch next to it for easy insertion of a screwdriver or such for prizing off and replacing the pads. How easy it will be to get hold of replacements is a different matter, of course.

Article source: http://feedproxy.google.com/~r/bit-tech/hardware/~3/tTz8VbGAUkw/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/eXRSkQ1XJag/

MIT’s super-speedy robot fish makes flashy escape

Robot fish

MIT’s Andrew Marchese and Daniela Rus put the soft silicone rubber outer skin on their robotic fish. The rubber was cast in a 3D-printed mold.


(Credit:
M. Scott Brauer)

Some robot fish we’ve seen wouldn’t be able to escape a predator if their fins depended on it.

Enter the new fish-shaped “soft robot” developed by Andrew Marchese, a graduate student in MIT’s Department of Electrical Engineering and Computer Science. It can execute an escape maneuver called a “C-turn” in about 100 milliseconds, matching the speed of fish in the wild. Such swiftness is one of the things that most sets this robofish apart.

Soft robots are machines that have gushy exteriors and move around through the use of fluids or gases pumping through vein-like internal tubes. They’re of interest because they don’t hurt when they bump into people (nor do they scratch the furniture). “We’re excited about soft robots for a variety of reasons,” Daniela Rus, one of the researchers who designed and built the fish, said in a statement. “As robots penetrate the physical world and start interacting with people more and more, it’s much easier to make robots safe if their bodies are so wonderfully soft that there’s no danger if they whack you.”


Like a robot fish to water…


(Credit:
Video screenshot/CNET)

The fact that the fish can perform an escape maneuver “is really important for the field of soft robotics,” Marchese said in the below MIT video about the invention. “It shows that soft robots can be both self-contained and capable of high performance. The maneuver is so fast and it’s got such high body curvature that it shows soft robots might be more capable than hard robots in some tasks.”

The robofish consists of a hard control module that stores the electronics and a carbon dioxide canister in its head and abdomen. From here, two inflatable tubes travel down each side of the fish to its tail. These tubes have nozzles that feed them carbon dioxide. The opening of the nozzle controls how fast the fish moves, while the amount of tube inflation controls the angle at which the fish changes direction. The electronics module also contains a receiver that allows it to be controlled wirelessly, and the entire robot is covered in soft, waterproof silicone rubber made from a 3D-printed mold.

The novel gas-though-tube-controlled movement differs from other robotic fish we’ve seen, like the one invented at the U.K’s University of Bath, which moved thanks to an undulating fin on its underside.

Rus, director of MIT’s Computer Science and Artificial Intelligence Laboratory, said a normal robot with hinged joints couldn’t possibly move so fast and that the unique propelling mechanism of the robofish — inflating and deflating internal tubes with carbon dioxide — gives it a distinct advantage over its land-dwelling clunky cousins. “The fact that the body deforms continuously gives these machines an infinite range of configurations, and this is not achievable with machines that are hinged,” she said.

Currently, the robofish can only swim for a few minutes before it runs out of gas. The researchers are working on a new version that should last up to a half-hour and will use water to pump through the tubing in the fish’s body to propel it.

Of course, the MIT crew didn’t build their robot with the thought of lazy fish-tank owners in mind. In addition to pushing along the science of soft robotics, Rus believes the invention can also help wildlife scientists conduct research, by having it swim along with schools of fish while collecting data about their movements and habits like this robofish invented by an engineering professor at the Polytechnic Institute of New York University.

Additionally, “we also view this research as a first step toward creating soft robots that can operate in human-centered environments,” Marchese told Crave. “We are especially interested in developing a new kind of soft hand and manipulator that embodies the materials and principles demonstrated by the soft robot fish.”

Article source: http://feedproxy.google.com/~r/cnet/pRza/~3/D8B78xV1Iio/

HDMI vs. optical: Which digital-audio connection to use?

HDMI vs Optical
(Credit:
Monoprice/HDMI.org)

When it comes time to connect your shiny new sound bar or AV receiver, your two main choices are HDMI or optical digital audio.

The simplest advice is to go with HDMI when you can. But if you can’t it’s not the end of the world.

Here are the pros and cons of each.

The basics
Both HDMI and optical pass digital audio from one device to another. Both are better than analog (the red and white cables). Both can pass multi-channel audio, like Dolby Digital. Both cables can be had pretty cheap.

The biggest difference is that HDMI can pass higher-resolution audio, including the formats found on Blu-ray: Dolby TrueHD and DTS HD Master Audio. These formats can’t get transmitted across optical.

In terms of simplicity, HDMI also passes video signals. So if you want just a single cable between two devices, HDMI is your pick.

However…
Depending on your gear, you might not have the option for HDMI. Maybe you have an older receiver. Maybe you have everything connected to your TV, and you just want to get the audio out to a sound bar (and the only option is optical).

In that case, optical is fine. Don’t sweat not being able to connect with HDMI. For most setups, the sound will be just as good with optical as with HDMI.

One complication is if you have a sound bar, like the Sonos Playbar or Vizio S4251w-B4, that benefits from a surround sound signal and you connect it to one of the many TVs that can’t pass such a signal via its optical outputs. Neither of those sound bars have HDMI inputs anyway, so the best way to connect them is directly from the source to the bar via optical, skipping the TV. That, or get a new TV.

Better, a little…
Regardless of the gear you use, as mentioned there’s also no way to get Dolby TrueHD or DTS HD Master Audio with an optical connection. However, that’s not a huge deal.

While there is a difference between Dolby Digital and those high-res lossless formats, the difference isn’t as pronounced as you might expect. On a decent system, with decent speakers, you might notice that the high-res formats are a little more open, a little smoother sounding.

On lesser gear, it’s a lot less likely you’ll hear a difference. Most sound bars, for example, lack the fidelity to do anything with the additional resolution. Many don’t accept those formats at all.

Bottom Line
Use HDMI when you can. The cables are cheap, and having just one wire simplifies setup. If you can’t, optical is fine. If your gear doesn’t have HDMI, it can’t take advantage of the high-resolution audio formats from Blu-ray anyway (unless you connect with analog, and decode from your Blu-ray player). On the other hand Dolby Digital is surprisingly good, and unless you have decent gear, you probably won’t hear much (if any) improvement with Dolby TrueHD and DTS HD MA.


Got a question for Geoff? First, check out all the other articles he’s written on topics like why all HDMI cables are the same, LED LCD vs. plasma, active versus passive 3D, and more. Still have a question? Send him an e-mail! He won’t tell you what TV to buy, but he might use your letter in a future article. You can also send him a message on Twitter @TechWriterGeoff or Google+.

Article source: http://feedproxy.google.com/~r/cnet/pRza/~3/I9a9yCSu3yA/

Linux hit by GnuTLS security flaw

Linux hit by GnuTLS security flaw

Linux users are at risk of snooping unless they install the latest GnuTLS library, which has been discovered to have a flaw eerily similar to that which befell Apple last month.


The free-software GNU Project has been hit by a serious security flaw in its TLS implementation, GnuTLS, potentially putting Linux users at risk of man-in-the-middle attacks when communicating with supposedly secure systems.

The GNU Project provides a collection of free software utilities which form the heart of many modern operating systems, most noteably Linux – more correctly termed GNU/Linux for its merging of the Linux kernel and the GNU utilities. One such utility is GnuTLS, a communications library which implements SSL, TLS and DTLS – three common protocols for encrypted communications, typically used in a web browser when sending usernames, passwords, credit card numbers or other sensitive information.

Sadly, it appears that GnuTLS has something of a flaw which allows a ne’er-do-well to implement a man-in-the-middle attack, presenting an invalid security certificate forged to seem as though it belongs to the site being visited which is then accepted without question by GnuTLS and, by extension, any software that relies on the library.

The flaw, a simple coding error resulting in sections of the program not being executed correctly, was discovered by Red Hat security specialist Nikos Mavrogiannopoulos during an audit, but is believed to have been present in the code for a number of years. ‘A vulnerability was discovered that affects the certificate verification functions of all GnuTLS versions,‘ the project maintainers have warned. ‘A specially crafted certificate could bypass certificate validation checks.

If the flaw sounds familiar, it should: late last month Apple was hit by a near-identical issue which caused certificate validation to pass even when certificates were forged. Both Apple’s TLS library and GnuTLS are open source, which led to fixes being developed rapidly once the flaw was known.

For Linux users, as well as other operating systems which use the GNU utilities, the message from the project maintainers is clear: ‘Upgrade to the latest GnuTLS version.‘ A patch has also been made available to GnuTLS 2.12, allowing those running embedded systems based on the older branch of the software to secure against the bug.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/bHc1eXMNGNE/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/2jlUxOSNdn4/

This ‘Back to the Future’ hoverboard will blow your mind

Tony Hawk pulling a “360 Hoverboard Hoax McTwist” for the well-produced, but ultimately phony, HUVr product teaser.


(Credit:
Screenshot by Nick Statt/CNET)

A hoverboard, like the wondrously 1980s pink variety Marty McFly cruises on in “Back to the Future Part II,” is universally accepted as the most awesome thing we don’t yet have. The wheel-less skateboard that floats above the ground and travels as if by magic has even become a bit of a pop culture trope recently for semi-sarcastically lamenting the slowness of technological innovation, of wanting the future right now. Sure, we have cell phone computers,
car-sized roving science labs on Mars, and gigantic particle accelerators capable of recreating miniature versions of the Big Bang, but a hoverboard? Now that will be the day.

Unfortunately, anyone who stumbled onto a quickly-going-viral video Tuesday from a mysterious company called HUVr were probably devastatingly disappointed to learn, almost immediately depending on your incredulousness, that it was too good to be true. The hoverboards in the video don’t just surpass the most advanced superconducting research of as little as three years ago, but blow it completely out of the water.


(Credit:
HUVr)

The board not only sustains more weight than the 100kg limitation of “Mag Surf” — a hovering technique developed in 2011 that employs a liquid nitrogen-cooled superconductor and a magnetic track — but it can also be controlled by a smartphone, lift a person off the ground, travel at high speeds, and seemingly extend a electromagnetic field to curved objects like ramps. “The Future Has Arrived,” the company’s site reads, with a product launch this December. As far as hoaxes go, this one is well-produced and elaborate.

In an attempt to make it even more believable, demonstrations include Tony Hawk whirring in mid-air, Terrell Owens being vaulted four feet off the pavement from a flat-ground standstill, and Moby convincing us that even he, the tech noob that he is, can use HUVr.

There’s a good number of tip-offs throughout the video that we’re being hoodwinked, namely that ensemble cast of awestruck celebrities that also includes Los Angeles rapper Schoolboy Q, Best Coast’s Bethany Cosentino, and Back to the Future’s very own Dr. Emmett Brown (Christopher Lloyd). In fact, it’s likely that a good number of celebrities were roped into the stunt both because it’s hilarious and also because it acts as a solid point of distraction from the fact that no actual members of the supposedly real MIT-spawned company are identified.

Claiming to have developed it at MIT’s Physics Graduate Program in the summer of 2010, the team behind HUVr is showcased on the Web site stereotypically folding their arms. In an enjoyable and pointed skewering of a startup’s standard hyperbolic nonsense, they describe their hoverboard with enough buzzword runarounds to make even the most skeptical of Y Combinator diehards clap with joy.

They also look like Hollywood’s version of “nerdy startup folk,” like the people whose faces it actually put in front of the camera at Google headquarters for the filming of “The Internship” or the actors that made the cut to be in Amazon’s “Betas.”

This group of arm-folding smart people totally could have invented a hoverboard, Los Angeles producers think.


(Credit:
Screenshot by Nick Statt/CNET)

The contact page for HUVr has a company e-mail, though no one replied to my request for comment. Neither did MIT, which probably thought having to debunk a viral hoverboard hoax video ridiculous. Don’t worry, so did I.

There’s a few other, more telling hints. Ignoring of course the video’s opening disclaimer — “The following demonstrations are completely real” — one only has to wait until the last third of the video when things get really wild. With montage music playing, Owens is there catching a football, Moby is filming himself riding the board with his iPhone, and Hawk is doing his best re-creation of what his facial expressions looked like ten years ago at the peak of a halfpipe exit mid-900. All of the stunts look impossible, even if HUVr was remotely resembling modern hover technology, and the whole scene devolves into a self-aware parody.


Terrell Owens just invented a new sport.


(Credit:
Screenshot by Nick Statt)

So what’s actually going on here? Some postulate that it’s a “Back to the Future IV” teaser. That sounds plausible, though that film has never been officially announced, having been endlessly wrapped up in debunked rumors for years. However, with Lloyd’s involvement in the video, alongside the DeLorean he arrives in, there’s a chance a viral marketing operation of this magnitude really is proof the long-awaited film is on its way to production.

There’s another point of film history that also lends credence to the fact that this might be related to an official announcement of the fourth installment. Let’s recall that the Back to the Future series’ director Robert Zemeckis perpetuated a hoax after the release of the second film, claiming in a behind-the-scenes feature that hoverboards were real and not available to the public because of safety concerns. He kept that up, making sure it was featured in the “extras” section of the trilogy DVD box set.

Whatever the purpose of this, Internet debunkers were quick to suss out the source of the video’s production. On the online portfolio site of Lauren Biedenharn — a costume designer and an artist based in Los Angeles where, as well as being the home of Hawk, Schoolboy Q, and Consentino, the video was shot — the most recent line of her resume reads, “Commercial: Back to the Future HUVR BOARDS.” Her employer and the producer of said commercial: comedy video Web site Funny Or Die.

And so it goes. Another day, another wasted 24 hours without real hoverboard technology. Let’s hope that “Back to the Future IV” is the real deal, so that the time exhausted on HUVr at least results in a much-needed Dr. Emmett Brown reprising.

Article source: http://feedproxy.google.com/~r/cnet/pRza/~3/ogABSB-6LMo/