fnself-program1 – Page 12 – Tech Today w/ Ken May

Patreon was warned of serious website flaw 5 days before it was hacked

Enlarge / Results of a Shodan search performed on September 11 made it clear Patreon was vulnerable to code-execution attacks. (credit: Detectify) Five days before Patreon.com officials said their donations website was plundered by hackers, researchers at a third-party security firm notified them that a serious programming error could lead to disastrous results. The researchers now believe the vulnerability was the entry point for attackers who went on to publish almost 15 gigabytes’ worth of source code, user password data, and private messages . The error was nothing short of facepalm material. Patreon developers allowed a Web application tool known as the Werkzeug utility library to run on a public-facing subdomain. Specifically, according to researchers at Swedish security firm Detectify , one or more of Patreon’s live Web apps on zach.patreon.com was running Werkzeug debugging functions. A simple query on the Shodan search service brought the goof to the attention of Detectify researchers, who in turn notified Patreon officials on September 23. Adding to their concern, the same Shodan search shows thousands of other websites making the same game-over mistake. Remote code execution by design The reason for the alarm was clear. The Werkzeug debugger allows visitors to execute code of their choice from within the browser. Werkzeug developers have long been clear about this capability and the massive risks that stem from using it in production environments . But in case anyone missed the warning, an independent blogger called attention to the threat last December. Read 6 remaining paragraphs | Comments

Follow this link:
Patreon was warned of serious website flaw 5 days before it was hacked

Sprint continues decline, plans job cuts and cost cuts of $2.5 billion

(credit: Sprint) Sprint’s place among the big four US wireless carriers continues to be a precarious one, with news reports saying the company now aims to reduce its number of employees and cut between $2 billion and $2.5 billion in costs over the next six months. A memo from Sprint management to staff said there will be a hiring freeze and “job reductions,” according to The Wall Street Journal . Sprint announced days ago that it will skip a major auction of low-band spectrum, a decision that could push the company further behind its rivals. Sprint has licenses to more spectrum than any other carrier, but AT&T and Verizon control a large majority of low-band spectrum, which is ideal for providing coverage over long distances and indoors. T-Mobile says it intends to buy enough low-band spectrum to cover the entire nation; Sprint says it can improve coverage with its existing spectrum by increasing the number of cell towers. Read 4 remaining paragraphs | Comments

Read the article:
Sprint continues decline, plans job cuts and cost cuts of $2.5 billion

Finally, game cartridges you can plug in to your smart phone

Downloading games directly to your smartphone and playing them immediately is convenient, I suppose. But this ephemeral, bloodless process is missing a familiar tangibility gamers might remember warmly from the last millennium: that comforting, solid, life-affirming feeling of jamming a game cartridge into a console slot. Enter Pico Cassette , a Japanese outfit that says it’s bringing back “the next retro” with tiny game cartridges that plug in to a smartphone’s headphone jack. The tiny “cassettes” (the general Japanese term for cartridges) are built on PlugAir technology , which uses a specially designed iPhone or Android app to draw power from the headphone jack and send data using specially modulated sound waves. Those coded sound waves are then used to unlock access to content that’s stored in the cloud, according to a PlugAir explanation video . That would seem to remove one of the main conveniences of the physical cartridge format—namely, distributing and storing data permanently without an Internet connection—but there’s nothing technical preventing the actual game data from being stored on the cartridges as well. In any case, there’s something about the simplicity of being able to share a game with a friend simply by handing them a physical thing that plugs in to the phone (though the need for a special app is a bit of an impediment to immediate ad-hoc sharing). Read 3 remaining paragraphs | Comments

Songwriter tells US House he made $5,679 from 178 million Spotify streams

The songwriter who co-wrote Megan Trainor’s “All About That Bass” alleged on Tuesday that he only cleared $5,679 from over 178 million streams of the song on Spotify. (credit: YouTube ) A Tuesday copyright roundtable discussion, hosted by Nashville’s Belmont University and led by the House Judiciary Committee, opened with one of the past year’s most successful songwriters announcing just how little money he’d made from over 178 million streams of a song he co-wrote: $5,679. That means Nashville songwriter Kevin Kadine, the co-writer of the hit 2014 Megan Trainor song “All About That Bass,” made close to $31.90 for every million streams. According to a report by The Tenneseean , Kadine didn’t clarify to the roundtable’s five members of the House of Representatives exactly how the songwriting proceeds were split between himself and Trainor (who shared songwriting credits on “Bass”), but he did allege that the average streaming-service payout for a song’s songwriting team is roughly $90 per million streams. “That’s as big a song as a songwriter can have in their career, and number one in 78 countries,” Kadine said. “But you’re making $5,600. How do you feed your family?” Read 4 remaining paragraphs | Comments

Visit link:
Songwriter tells US House he made $5,679 from 178 million Spotify streams

Documentarian wipes out Warner’s $2M “Happy Birthday” copyright

(credit: From court records in Good Morning to You v. Warner/Chappell) More than two years after a documentary filmmaker challenged the copyright to the simple lyrics of the song “Happy Birthday,” a federal judge ruled Tuesday that the copyright is invalid . The result could undo Warner/Chappell’s lucrative licensing business around the song, once estimated to be $2 million per year. The company is likely to appeal the ruling to the US Court of Appeals for the 9th Circuit. US District Judge George King held that the two sisters who authored the song, Patty and Mildred Hill, gave the melody and piano arrangements to Summy Co., which was eventually acquired by Warner/Chappell. But King wrote that there’s no evidence they ever transferred a copyright on the words. Read 19 remaining paragraphs | Comments

Visit site:
Documentarian wipes out Warner’s $2M “Happy Birthday” copyright

Samsung’s 950 Pro M.2 SSD pairs NVMe with V-NAND for eye-popping performance

The Samsung 950 Pro SSD—the follow up to the legendary Samsung 850 Pro SSD—has been unveiled by the company at its annual SSD summit in Seoul, Korea. The 950 Pro will be available at retail in October, with MSRPs of $199.99 (probably ~£150) for the 256GB version, and $349.99 (~£280) for the 512GB version. UK pricing is yet to be confirmed. Based on Samsung’s V-NAND technology and available in 512GB and 256GB capacities, the 950 Pro shuns the common 2.5-inch form factor and SATA interface for cutting-edge M.2 2280 and PCIe 3.0 x4. It also makes use of the Non-Volatile Memory Host Controller Interface, better known as NVMe. Most SSDs still make use of the AHCI (Advanced Host Controller Interface) architecture, which was originally developed for spinning platter SATA hard drives back in 2004. While AHCI works fine for traditional hard drives, it was never designed for low latency NAND chips. As flash speeds have increased, AHCI has become a performance bottleneck. NVMe exploits both the PCIe bus and NAND flash memory to offer higher performance and lower latency. Read 4 remaining paragraphs | Comments

France tells Google to remove search results globally, or face big fines

Public domain. Google’s informal appeal against a French order to apply the so-called “right to be forgotten” to all of its global Internet services and domains, not just those in Europe, has been rejected. The president of the Commission Nationale de l’Informatique et des Libertés (CNIL), France’s data protection authority, gave a number of reasons for the rejection , including the fact that European orders to de-list information from search results could be easily circumvented if links were still available on Google’s other domains. CNIL’s president also claimed that “this decision does not show any willingness on the part of the CNIL to apply French law extraterritorially. It simply requests full observance of European legislation by non European players offering their services in Europe.” As you’ve probably gathered, Google disagrees with CNIL’s stance. In a July blog post regarding the case, the company’s global privacy chief, Peter Fleischer, wrote: “If the CNIL’s proposed approach were to be embraced as the standard for Internet regulation, we would find ourselves in a race to the bottom. In the end, the Internet would only be as free as the world’s least free place. We believe that no one country should have the authority to control what content someone in a second country can access.” Read 3 remaining paragraphs | Comments

Continue reading here:
France tells Google to remove search results globally, or face big fines

Valve hits a Linux landmark—1,500 games available on Steam

A few months after Valve officially launched Steam for Linux in 2013, Gabe Newell gave his LinuxCon keynote crowd a bit of music for their ears. “It feels a little bit funny coming here and telling you guys that Linux and open source are the future of gaming,” the Valve head-man said. “It’s sort of like going to Rome and teaching Catholicism to the pope.” Linux gaming was by no means a new endeavor, but 2013 stands as a major year for the open-source platform’s gaming prospects with Valve announcing Linux-based Steam Machines and the arrival of SteamOS . When we looked at the state of Linux gaming after its 12-month Valve anniversary, we found nearly 1,000 professional, commercially distributed games available as of February 2015. But this weekend there’s an even bigger numeric milestone to celebrate according to the Linux site Phoronix —1,500 Linux titles are currently available through Steam. Phoronix notes Steam has been adding roughly 100 Linux titles per month throughout the summer. And while the total number of Steam Linux offerings still pales in comparison to competing platforms—Phoronix cites Windows at 6,464 games and OS X at 2,323—the statistical growth in such a short period of time is undeniable. Anecdotal evidence supporting Steam’s Linux gaming growth looks rosy as well. The five most popular Linux titles for Steam include major developer offerings like Counter-Strike: Global Offensive and Middle-earth: Shadow of Mordo r (the rest of the top five according to Phoronix includes ARK: Survival Evolved , Team Fortress 2 , and Dota 2). And this summer, a small indie game called Don’t Be Patchman even became the first Linux-exclusive launch on Steam. Read 2 remaining paragraphs | Comments

Computer systems outage grounds American Airlines at major hubs

American Airlines’ information systems outage is affecting its website as well as flights. An information systems outage at Chicago’s O’Hare International has grounded many American Airlines flights today. As the company tries to restore service, flights from at least three major hub airports—O’Hare, Dallas-Fort Worth, and Miami—are on a “ground stop” because of the problem. At 1:32pm Eastern Time, the Federal Aviation Administration announced that American had requested a ground stop for flights out of the three airports: FAA Air Traffic Alert: @AmericanAir requested a ground stop for all of their traffic in and out of DFW/ORD/MIA due to their computer issue. — The FAA (@FAANews) September 17, 2015 During the issue, American’s Twitter feed was filling up with responses to customers: “We’re working to resolve technical issues and apologize for the inconvenience.” Some of the complaints had nothing to do specifically with the grounded flights, however—it appears the outage has also affected parts of American’s website, blocking access to frequent flyer accounts and other customer data. Read 1 remaining paragraphs | Comments

More:
Computer systems outage grounds American Airlines at major hubs

Google sues SEO company over harassing calls selling “Front Page Domination”

Getting companies’ names to show up higher in search engine results is the field of the lucrative business known as search engine optimization, or SEO. There’s a range of SEO practices, from “white hat” ones that are endorsed by search engines, to “black hat” practices that, while they may not be illegal, violate search engine rules. Now Google is taking a rare legal action against one Southern California SEO company it says went too far and broke the law. In its complaint (PDF) , Google says that Tustin, California-based Local Lighthouse has bombarded consumers with “incessant, unsolicited automated telephone calls” since mid-2014, making “false guarantees of first-page placement in Google search results.” Read 5 remaining paragraphs | Comments

See more here:
Google sues SEO company over harassing calls selling “Front Page Domination”