by ·1 Comment

These are the pictures I got from the April 14th/15th Red Moon Lunar Eclipse.  Shot on a Canon Digital Rebel XSi (450d) with a Canon EF 75-300mm Lens on a Tripod with a Remote Shutter.  RAW available on request.

These photos haven’t been touched or edited in any way yet, and I haven’t tweaked the contrast or adjusted focus on them.  Nevertheless, I’m proud of a few of them, and I love the moon and space so whatever. 😀

—Updated— There is a bug with my gallery slider API, so until I can get it fixed here’s just a bunch of links.  Sorry! 🙁

IMG_3128 IMG_3129 IMG_3130 IMG_3131 IMG_3134 IMG_3135 IMG_3136 IMG_3137 IMG_3138 IMG_3144 IMG_3145 IMG_3146 IMG_3147 IMG_3148 IMG_3150 IMG_3151 IMG_3152 IMG_3153 IMG_3154 IMG_3155 IMG_3156 IMG_3158 IMG_3159 IMG_3160

 

by ·0 Comments

Hacker successfully uses Heartbleed to retrieve private security keys | The Verge.

Just update your goddamn security certificates already! Just do it!  It’s not difficult!  If your provider hesitates to cooperate then LEAVE and find someone who has the security of the internet in mind.

by ·1 Comment

Kansas to Black Out “Cosmos” Show Over Controversies | National Report.

I don’t even know where to begin with this one.  Besides the obvious infraction to the First Amendment (“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”) let’s just take a look at some of their words.

Kansas State Senator Tom Edison reports that “Cosmos is a liberal brainwashing program, designed to force our children into questioning the existence of our lord and savior Jesus Christ” as reported by NationalReport. To which I say: Absolutely!  Cosmos is a program designed to help EVERYONE question the existence of EVERYTHING.  It is there to make EVERYONE understand the importance of critical, logical thinking instead of just blindly following a book that uses nothing but circular logic to promote itself and it’s narrow world view.

Tom Edison goes on to say “It’s a keystone of the liberal agenda that America’s youth be converted into following their so-called `logic,’ so conservatism dies out in a generation or two.  Well, we aren’t going to stand for this.  We aren’t going to let this TV show ruin our children.”  To which I almost also report: Yes, absolutely!  If logic and understanding of ideas in a critical fashion leads to the destruction of conservatism (thereby implying that conservatives are too stupid to use logic, reasoning, and critical thinking) then conservatism DESERVES to be killed off.  It is not fit enough to survive in a rational world.

Kinda gets you riled up, doesn’t it? Kind of frustrating beyond words level of stupid, right?

Well, good thing it’s a fake. 🙂

That being said, it sounds like something some religious nut would say, wouldn’t it?  Almost too good to be true. haha

by ·0 Comments

So it’s been a little over 24 hours since the Heartbleed Bug and associated fixes were announced.  If you haven’t checked your SSL enabled site yet, I highly recommend that you do so.  The test is available at SSL Lab’s site: Qualys SSL Labs SSL Tester.  I highly recommend you give it a shot.  If you don’t pass, the site will give you recommendations on how to fix it.  I’ve been testing our web-facing equipment at work all morning, and the results are largely decent, with a few minor exceptions.

That being said, the question of the hour becomes: how much damage was done?

The answer to this question is largely unknown.  If you haven’t been following the Heartbleed Bug I will try and explain it as much as I understand it.

Thanks to Nick, I understand that the bug allowed a remote attacker to remotely read data from server memory. This attack can be repeated many times, allowing an attacker to basically dump the webserver memory completely.  Things like passwords, usernames, and security keys could be seen.  Usernames and passwords are one thing: the user can change them almost at will (and a lot of people, including myself, will be changing ALL their passwords over the next few days) and is largely not the problem.

The real problems lay with the security keys for SSL certificates.  If the security key for a SSL certificate was compromised before the bug patch was deployed to that server, then the server must still be considered compromised until they regenerate their SSL certificates (which I will also be doing this week, once I get Apache upgraded from 2.2.22 to 2.4.x).  If the attacker has the security keys for the SSL certificates, than the encryption that the SSL certificate services provides are basically null and void: the attacker can decrypt data fairly easily.

So at the end of the day, the question becomes: how bad is this?

The answer is: REALLY, REALLY, REALLY (potentially) BAD

Recommendations:

  1. For the love of god, if you haven’t updated your SSL provider yet, please do so.  The attack information has been published for over 24 hours.  Attacks will start becoming prevalent VERY soon.
  2. If you do any sort of e-commerce now, or with the potential to do it any time soon (or if you even have users who login to your pages to post content, etc) then REGENERATE YOUR SSL CERTIFICATES WITH NEW KEYS.  Otherwise, your site integrity is basically useless.
  3. Change your passwords for critical sites.  Things like Google accounts, Bank accounts, Shopping accounts are all big targets.  Do you want unexpected purchases and charges on your cards?  I don’t think so.

I do not wish to seem alarmist or even crazy, but cyber security is a BIG DEAL and we need to pay attention to it.

Relevant sites for extra reading:

Heartbleed Bug
Matthew D Fuller’s Blog
Business Insider’s Article
Storify’s Article
Relevant XKCD

by ·0 Comments

Yikes!  Kind of scary.  Good thing the update is already available.  I highly recommend patching your OpenSSL if you’re running it.

For those unwilling to read the article, the long and short of it is that with vulnerable OpenSSL, a lot of traffic on the web that is ‘encrypted’ is capable of being decrypted.

Those usernames, passwords, credit card details, your emails, all of it.

So I hope all you admins out there are keeping an eye open.

I’ll be updating today.

Heartbleed Bug original article

Crypto Bug in Open SSL Arstechnica article

by ·0 Comments

Microsoft Is Bringing the Start Menu Back to Windows 8.

Coming to us from the why-didn’t-you-just-listen-from-the-beginning department, we bring you common sense 101: you can’t tell your users how to use your software.  You have to listen to them tell you how they’d like to use it.

I like Metro, now that I’ve gotten used to it.  But seriously, there are times when I just want a goddamn start menu.  About time you brought it back!

Picard & Riker Facepalm!

Just listen next time, you dolts!