Hubris, In Unabashed Splendor

Okay, say you are running a website that allows subscriber logins over an non-encrypted page. Some of your subscribers notice and complain that Firefox is putting up a (now pretty standard) warning that the login page was not protected by an encrypted connection, and is therefore insecure.

Do you:

1) realize the error and quickly move to remedy it

2) dash off a snarky complaint to Mozilla's bug-reporting service and tout your impeccable security record

Yeah, option 2 is what we have here:
"Your notice of insecure password and/or log-in automatically appearing on the log-in for my website, Oil and Gas International, is not wanted and was put there without our permission," a person with the user name dgeorge wrote here (the link was made private shortly after this post went live). "Please remove it immediately. We have our own security system, and it has never been breached in more than 15 years. Your notice is causing concern by our subscribers and is detrimental to our business."
It gets better/worse, as the site was (perhaps unsurprisingly) allegedly hacked shortly thereafter, and apparently passwords were stored in plain text, too...




Justice League Trailer - My Two Cents Worth

The new Justice League trailer has dropped as expected, and it is not quite "blowing my skirt up", so to speak. Now, I am not a "Marvel is great and DC sucks" guy, and I actually liked Batman vs Superman (the extended cut in particular), but I know a lot of folk were disappointed by that movie.

This trailer looks a LOT like Batman v Superman to me, which concerns me as to the ultimate success of the movie. Most of the scenes in the trailer are in dark places or outside at night, and consequently has that kind of gloomy color palette of the earlier movie. Of course, the actual Justice League movie may not end up quite like that, but the trailer at least is presented that way.

The way the characters appear seems fine to me, I know almost nothing about either Cyborg or Aquaman, but I like the way the "guy who talks to fish" seems wild and unpredictable (and a bit menacing) - that could be fun. 

I did not get much sense of Cyborg from the trailer, although I am kind of hoping for a "good guy to have at your back" like Falcon in Marvel's Avengers. Please don't let him be tossed in there just to make up the numbers.

As this will be the sort of "Avengers assemble!" movie for the JL, the music was cornily appropriate (a cover of "Come Together"). The flashes of humor seemed fine too, but no Superman to be seen anywhere that I could notice, but a quick glimpse of Lois Lane. Cunning marketing ploy?

Overall, a "B-minus" from yours truly.


Hoping For No Baby Groot Overkill In Guardians 2

I very much enjoyed the first Guardians of the Galaxy movie; it was fun, silly and something a bit different. The teasers and trailers for volume 2 have me a bit worried so far -  specifically, I'm concerned that a little Baby Groot goes a long way, and that they don't overdo it with the character.

Now it may be just me, but helium-voiced characters in general rub give me the willies. I never liked Alvin and the Chipmunks or Southpark for that reason, and I was appalled a few years ago when every other Hip-Hop song seemed to feature some kind of "speeded up" voice on it.

I guess the best I can hope for is that Baby Groot grows into Teenage Groot and his voice changes by the end of the sequel....

Yeah, I know he looks adorable...


Another Lingering Linux Kernel Security Flaw

The laudable notion that open source software is eminently review-able and therefore safer than it's closed source alternatives received another dent when an 11-year-old flaw was discovered in the Linux kernel (with patches now being distributed). This has happened before with Linux, too - Heartbleed, Shellshock and Ghost come to mind in recent years.

I don't think it's untrue that the open source concept is a good one, but I also think proponents need to be a little less self-assured given the recent evidence.
While it cannot be exploited remotely, this sort of bug can be combined with other flaws that give remote hackers access to a lower privileged account on a system.
For the flaw to be exploitable, the kernel needs to be built with the CONFIG_IP_DCCP option. Many distributions use kernels built with this option, but some don’t.


iOS 11 May Blow Up 180k Apps Due To "App Rot"

Apples forthcoming iOS 11 is expected to render perhaps a couple of hundred thousand apps unusable, unless they are updated to run on the 64-bit OS. These 32-bit apps are ones that have lingered in the App Store without being updated yet; they represent around 8% of the total number of apps, or over 185,000 apps.
64-bit processors were first introduced by Cupertino with the iPhone 5s, but the company only started demanding 64-bit support from developers in June of 2015.
Phone Arena


Samsung Galaxy S8 With 6GB RAM In China?

The amount of RAM in smartphones is creeping up, as one might expect in the competitive technology world. My first (cheap) smartphone had 512MB, my second (cheap) one had 1GB and I thought I was just the cat's pajama's when my current (cheap) one came with 2GB of RAM - the more observant among you may notice a pattern in my spending habits there, too.

It looks like a version of the Samsung Galaxy S8 will be available with 6GB of RAM, but apparently only in China - at least according to current information, which indicates 4GB RAM for the "rest of the world" model. 

Our current home PC only has 4GB, for cripes sake!
This time however, Samsung is definitely under greater pressure. Not just because of the Galaxy Note 7 fiasco, but also because smartphones with 8GB of RAM are expected to start showing up in China very soon. Asus announced the world’s first smartphone with 8GB of RAM at CES this year, which is expected to go on sale sometime in the second half of 2017.
Android Geeks

Firefox 52 For Linux Drops ALSA Sound Support

Time marches on and things change; in the tech world, even more so. The recent release of Firefox 52 for Linux rather quietly dropped ALSA sound in favor of Pulse Audio, which is now a "hard dependency". Oddly, this was not in the release notes - which seems like exactly the sort of thing that release notes are for. 

Mozilla seems to be a bit sniffy about the subject, too:
Responding to the criticism Mozilla engineer, Anthony Jones, says: “making trade offs is a necessary part of making a good product”. When asked to restore ALSA support in the the rep replies: “[that] isn’t going to happen. Sorry.”
‘Installing Pulse Audio fixes all the known issues with the ALSA backend’, he explains, and cites telemetry usage as having informed their decision.


Space And Sky Events For The Rest Of 2017 has a handy-dandy guide to space and sky events for the rest of the year, including launches, spacewalks, planetary alignments and meteor showers.

Their Space Calendar 2017 has it all on one (long) page, you don't have to click through a bunch of "jumps" to see everything - how refreshing.


Smart Electric Meters Giving Wonky Readings

You would think, naively perhaps, that a "smart" meter would do a more accurate job of reporting energy usage than someone manually reading the data and recording the numbers. Guess again, skippy.

At least in the country of Holland, the smart meters seem to have a hard time producing accurate readings and are sometimes wildly off, sometimes several hundred percent over the correct energy consumption levels.

Some of the blame seems to be pointed at energy-saving devices, which supposedly introduce more noise into the system and make accurate readings more difficult. 

With smart meters mandated in quite a few countries in the EU, it would appear that someone needs to get their finger out and make some fixes pretty quickly. There are already millions of these types of meters installed worldwide.


The Post Snowden Years - Few Seem To Even Care Anymore

Remember this (below)? It's from that old "Constitution" thing - you know, that archaic list prepared years ago by a bunch of dead white guys.

Few people seem to be aware of it, as the recent "Vault 7" release from Wikileaks does not really seem to have caused much angst. I fear we have wandered so far down the rabbit hole post-Snowden that the kind of things Alex Jones would have been ridiculed for just a few years ago now seem to go by the wayside. 

Conversely, we are told that our CIA is “specifically prohibited from collecting foreign intelligence concerning the domestic activities of US citizens”. It's telling that I find myself giving more credence to the hackers than our own government on this subject, something that saddens and troubles me.

I guess this is how we lose ourselves, a few document dumps at a time, meekly accepting the inevitable stripping away of Constitutional "guarantees". The reality is awful, but I don't really see it changing anytime soon - and I don't really know how to change it.

About Those Fast Radio Bursts From Space ...

Fast radio bursts from space may be an extraterrestrial calling card, or maybe a form of distress call, according to Professor Avi Loeg of the Harvard-Smithsonian Center for Astrophysics (so not some lugnut writing for certain weekly tabloids).

These fast radio burst have been known for a while, but remain largely unexplained, which is where Prof Leob comes in to theorize:
"Fast radio bursts are exceedingly bright given their short duration and origin at great distances, and we haven't identified a possible natural source with any confidence"
He reasons that an artificial source may be at work, possibly a giant signaling devices of some sort, which although massively powerful, would be theoretically possible to build and operate.

Why? Well that's not something the professor and his team speculate on - they are just trying to fit the facts to a possible theory. 


Bruce Schneier Calls Out IoT's Miserable Security

At the recent RSA conference, Bruce Schneier kicked ass and took names over the miserable (non) security evident in the whole Internet of Things landscape. I'm glad someone of his stature is standing up and laying it out in a public way, as we appear to be rapidly heading towards a world of (largely self-inflicted) hurt.


Fukushima Daiichi Killing Robots, Too

The Fukushima Daiichi nuclear power plant disaster continues to fester away, even after 6 years. The continuing radiation leakage is hindering further attempts at mitigation and cleanup, even robots sent in to monitor and observe are keeling over faster than expected.
Gamma rays will turn wiring brittle, which is a real issue when attempting to build a mobile robot. It can also damage electronic circuits (again, this depends on the type of radiation and the materials used to construct the necessary components).
Extreme Tech

Amazon Looks To Rooftop Solar Panels To Green Up Their Warehouses

Amazon is looking to reach a goal of using 50% renewable energy by the end of this year. They already use some solar and wind energy, but are now concentrating on using solar panels at their giant warehouse facilities to green things up more dramatically.

Google is already at around 100% renewable energy used, so Amazon is a little behind the curve, but I'm sure their current efforts will please a lot of people.
Depending on the weather conditions and installation specifics, the solar panels could produce up to 80% of the annual energy for a site. This free energy will go towards powering the countless little sorting robots that make each fulfillment center work.