by ·1 Comment

Kansas to Black Out “Cosmos” Show Over Controversies | National Report.

I don’t even know where to begin with this one.  Besides the obvious infraction to the First Amendment (“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”) let’s just take a look at some of their words.

Kansas State Senator Tom Edison reports that “Cosmos is a liberal brainwashing program, designed to force our children into questioning the existence of our lord and savior Jesus Christ” as reported by NationalReport. To which I say: Absolutely!  Cosmos is a program designed to help EVERYONE question the existence of EVERYTHING.  It is there to make EVERYONE understand the importance of critical, logical thinking instead of just blindly following a book that uses nothing but circular logic to promote itself and it’s narrow world view.

Tom Edison goes on to say “It’s a keystone of the liberal agenda that America’s youth be converted into following their so-called `logic,’ so conservatism dies out in a generation or two.  Well, we aren’t going to stand for this.  We aren’t going to let this TV show ruin our children.”  To which I almost also report: Yes, absolutely!  If logic and understanding of ideas in a critical fashion leads to the destruction of conservatism (thereby implying that conservatives are too stupid to use logic, reasoning, and critical thinking) then conservatism DESERVES to be killed off.  It is not fit enough to survive in a rational world.

Kinda gets you riled up, doesn’t it? Kind of frustrating beyond words level of stupid, right?

Well, good thing it’s a fake. 🙂

That being said, it sounds like something some religious nut would say, wouldn’t it?  Almost too good to be true. haha

by ·0 Comments

So it’s been a little over 24 hours since the Heartbleed Bug and associated fixes were announced.  If you haven’t checked your SSL enabled site yet, I highly recommend that you do so.  The test is available at SSL Lab’s site: Qualys SSL Labs SSL Tester.  I highly recommend you give it a shot.  If you don’t pass, the site will give you recommendations on how to fix it.  I’ve been testing our web-facing equipment at work all morning, and the results are largely decent, with a few minor exceptions.

That being said, the question of the hour becomes: how much damage was done?

The answer to this question is largely unknown.  If you haven’t been following the Heartbleed Bug I will try and explain it as much as I understand it.

Thanks to Nick, I understand that the bug allowed a remote attacker to remotely read data from server memory. This attack can be repeated many times, allowing an attacker to basically dump the webserver memory completely.  Things like passwords, usernames, and security keys could be seen.  Usernames and passwords are one thing: the user can change them almost at will (and a lot of people, including myself, will be changing ALL their passwords over the next few days) and is largely not the problem.

The real problems lay with the security keys for SSL certificates.  If the security key for a SSL certificate was compromised before the bug patch was deployed to that server, then the server must still be considered compromised until they regenerate their SSL certificates (which I will also be doing this week, once I get Apache upgraded from 2.2.22 to 2.4.x).  If the attacker has the security keys for the SSL certificates, than the encryption that the SSL certificate services provides are basically null and void: the attacker can decrypt data fairly easily.

So at the end of the day, the question becomes: how bad is this?

The answer is: REALLY, REALLY, REALLY (potentially) BAD

Recommendations:

  1. For the love of god, if you haven’t updated your SSL provider yet, please do so.  The attack information has been published for over 24 hours.  Attacks will start becoming prevalent VERY soon.
  2. If you do any sort of e-commerce now, or with the potential to do it any time soon (or if you even have users who login to your pages to post content, etc) then REGENERATE YOUR SSL CERTIFICATES WITH NEW KEYS.  Otherwise, your site integrity is basically useless.
  3. Change your passwords for critical sites.  Things like Google accounts, Bank accounts, Shopping accounts are all big targets.  Do you want unexpected purchases and charges on your cards?  I don’t think so.

I do not wish to seem alarmist or even crazy, but cyber security is a BIG DEAL and we need to pay attention to it.

Relevant sites for extra reading:

Heartbleed Bug
Matthew D Fuller’s Blog
Business Insider’s Article
Storify’s Article
Relevant XKCD

by ·0 Comments

Yikes!  Kind of scary.  Good thing the update is already available.  I highly recommend patching your OpenSSL if you’re running it.

For those unwilling to read the article, the long and short of it is that with vulnerable OpenSSL, a lot of traffic on the web that is ‘encrypted’ is capable of being decrypted.

Those usernames, passwords, credit card details, your emails, all of it.

So I hope all you admins out there are keeping an eye open.

I’ll be updating today.

Heartbleed Bug original article

Crypto Bug in Open SSL Arstechnica article

by ·0 Comments

Microsoft Is Bringing the Start Menu Back to Windows 8.

Coming to us from the why-didn’t-you-just-listen-from-the-beginning department, we bring you common sense 101: you can’t tell your users how to use your software.  You have to listen to them tell you how they’d like to use it.

I like Metro, now that I’ve gotten used to it.  But seriously, there are times when I just want a goddamn start menu.  About time you brought it back!

Picard & Riker Facepalm!

Just listen next time, you dolts!

by ·0 Comments

SOPA, copyright voluntary agreements: Hollywood lobbyists are like exes who won’t give up..

From the they-just-don’t-get-it department, we bring you more copyright shenanigans from the big money holders in Congress and their best buddies: the media industry.

It’s just a lesson that we, the content consumers, must be ever vigilant if we wish to prevent people like them from destroying sites that we use.

They aren’t doing it directly right this time though, they’re taking a very circuitous route.  Instead of attacking Google or Reddit or your favorite social media platform, they are instead following the money (something they are VERY good at): making back room deals with payment processors and advertising companies.  Instead of having offending content removed from a site (which is what the DMCA originally allowed for) they are now trying to have sites completely shut down (which is what the original SOPA measures tried to do) by having their funding and revenue streams become wastelands. They are trying to have pages removed from search results, stripped of domain names, and have all their fund sources removed.  This would essentially (and effectively) kill off the site.

And it’s all being done voluntarily.

This is where things like cryptocurrency make a difference.  If we can start accepting different forms of payment that don’t necessarily need to pass through the hands of big banks and payment processors and credit card companies then we can prevent this sort of stuff from happening.  At least, that’s what I hope.  Fingers crossed.

I may not care that much if Facebook were to go up in flames, but if Reddit or Google were to disappear I think we could all agree that the internet would be a vastly different place.

I’ll keep updating with new posts as information comes in.  If I can find information on which companies are making these backroom deals I will let you know so we can all actively try to avoid them.

Until then, remain vigilant.

Protect one of our greatest inventions and resources: the open, free internet.

Cheers.

-M

by ·0 Comments

Yay for NJ state government regulating something it has no business regulating!

I’m not talking about cars in general, since government regulations regarding safety and security in vehicles is pretty important in my opinion.  I am, however, talking about the government regulating and controlling how I spend my money.  Once the money enters my wallet, no one, anywhere, anyhow, EXCEPT ME, has a right to tell me how I can or cannot spend MY money (with the exception of blatantly illegal things).

To tell me that I cannot go to Tesla Online and buy a car directly from them is insulting to me and a slap in the face of Tesla directly.

NJ, I am ashamed.  What possible reason could you have for this?  There’s NO logical reason for this.  The only thing I could potentially think of is that Tesla didn’t pay off the right people.  It’s absurd.

I don’t have any plans (nor really the finances) to be able to buy one of these any time soon.  That being said, I still don’t believe the government has ANY right to tell me that I can’t or regulate them to have to be sold through some dealer instead of directly.  Ugh.

New Jersey Becomes Third State To Ban Tesla’s Direct Sales Model | TechCrunch.

by ·0 Comments

Tales Of A Tech has recently undergone some major restructuring and changes.

You may notice that we are now https; https is a great thing for everyone involved here.  This is a Comodo PostiveSSL certificate that I will have for at least a year.  We are also no longer getting our DNS from GoDaddy – we have switched to Namecheap following the nastyness after the N Twitter fiasco.

You may also notice, that https://talesofatech.com no longer brings you directly to the blog.  That is by design!  I plan on doing a lot more than blogging with this website.  To go to the blog, you simply go to https://talesofatech.com/blog.  There are a few other things too!

The Tales Of A Tech store will be up soon (I mean, it’s up now; but there’s very little there at the moment) and you’ll be able to request services such as hardware repairs, troubleshooting, diagnostics, photography, etc along with payment processing for the above.

The Tales Of A Tech project management system is up now, but you won’t see it unless you request a service that requires it (such as web development or what not).

Things are moving forward! 😀