Researchers at Google and a private security firm Codenomicon have a revealed a new vulnerability in the OpenSSL security used by Apache and nginx Web servers. These technologies are so popular, that this issue – dubbed the Heartbleed Bug – has potentially compromised up to 66% of web servers. Noting that these vulnerabilities have been gaping open for nearly two years, as of the 1.0.1g release of OpenSSL. This has left many websites vulnerable, with no way of knowing whether their private keys were compromised during this window.
The Heartbleed bug is not a man-in-the-middle attack. It exploit’s OpenSSL’s handling of TLS’s heartbeat, which is an encrypted portion of the connection. The reason it leaves no traces is not because it can’t be detected, but because it’s just not logged by OpenSSL. Theoretically it could be logged, though there may be too many false positives that diminish any usefulness logging would have.
Attackers apparently also have control (or at least influence) over what 64KB of memory they can capture, and can keep requesting more memory with each heartbeat (so the 64KB limit isn’t that limiting).
Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication. -Codenomicon
Heartbeat can be disabled in OpenSSL, but only via a recompile – in which case you might as well apply the new patch anyways.
This is an off-beat post, and has nothing to do with websites or the digital world for that matter. I’ll be going through the steps I used to fix a broken pocket scale that was gifted to me – I get a lot of, “If you can fix, it it’s yours” gifts.
This 50.00g digital scale stopped working for an unknown reason, and the top suggestion for fixing these scales is a re-calibration. Unfortunately, this digital scale could not be calibrated – likely a result of the problems it was already having. After further inspection I realized the scale still accurately measured negative values. At this point the, “if it’s broken and destined for the garbage, I had might as well see how it works.” Was running through the back of my head.
Check the video out for a quick little tutorial and walkthrough of how I got my scale back in mostly working order. Step-by-step below.
Remove the top plate of your scale to gain access to the mounting points of the weight surface.
In my case there were two Phillips screws
Flip the scale and remove the battery cover to reveal the second mount point
Remove that pair of screws and set them aside as well
Under where the weigh platform was, flip the sensor bar
Re-attach all components
The kicker is, now when I lift the weighing platform, it shows me a proper positive number – reversing the fix brings the problems back. Does anyone with more knowledge of digital circuitry have an explanation for this rogue resistor?
I have never understood carpet bombing applications, why not go talk to managers and see what thy want to hear before applying? I’ve always had much better success when I go out of my way to see the needs of a company and tailor my applications/resume to their needs.
Fortunately I haven’t had to do this since my teenage years.
Once you have enough industry work under your belt, and a few good connections – you can typically traverse an industry with a good word and strong portfolio.
UPDATE: Unfortunately, this doesn’t quite work anymore.
So you’re sick and tired of Youtube’s popup asking, “Do you want to use your real name with your Youtube channel?” No? How about the part where when you check ‘no’ and are greeted with, “Okay, we’ll ask you again later.”
Here’s my quick tip to keeping your Google account separate from your otherwise anonymous Youtube account.
For this you will need a modern browser like Chrome, Firefox, Safari, etc. (which you should have anyways… please?) and the Ad-Block Plus Extension. It’s simple as far as implementation and will only take a minute after you’ve installed the extension.
Going into your Ad Block Plus settings by right clicking on icon will open a dialog.
Go to the custom filter list in the options panel and select, “Manually edit filters” and add the line: ||s.ytimg.com/yts/jsbin/www-linkgplusdialog*
Don’t forget to add the “||” as they act as a catch all for http://, https://, and www prefix, which saves you from making three or four rules for one blocking.
Bonus: Block Video Annotations
Adding the line above to your custom filters will hide annotations in all Youtube videos, even while logged out.
I was contracted to do a logo design job for a company I signed to keep quite about while it is still building itself up. This was my first logo design job (typically I do painting) and the gentleman ended up using one of his own designs. I have another logo job prospect in the works and I have some questions because I feel as though I was stooped last time.
Should I be copy writing or watermarking the designs I present? (sounds like a dumb question, but its serious)
Should I be compensated for the time and designs that I did come up with even though they weren’t chosen? (I put a lot of time into them and have nothing to show for it!)
I know how to factor pricing for my paintings, but I’m at a loss as how to price graphic work. Suggestions?
Here is my response:
I will bill regardless of my design being their final choice. Most clients we deal with in design industry aren’t art directors or designers themselves. Don’t feel rejected or put down when a Joe comes in and snuffs your hard work, they just don’t know the field. Ask a client about brand identity, target demographic, palette, etc. and chances are they’ll draw a blank.
“Should I be copy writing or watermarking the designs I present?”
No need to watermark, but never send out vector or hi-res work without payment. Working out a budget before-hand and receiving a down payment will let the client see you are serious about the project.
“Should I be compensated for the time and designs…”
You worked – you get paid, it’s how it goes. My down-payment ensure the meetings and prelim stages aren’t wasted on a client who doesn’t know what they want or need. If they bail we both walk away with something in our pockets.
“I know how to factor pricing for my paintings, but I’m at a loss as how to price graphic work.”
Graphic work is billed by the hour for myself and most of my peers. Most of the early billable hours comes in on research and identity for your client. Depending on budget, one could spend hours upon hours fitting a logo’s lines to the perfect ratio, sit into a golden curve, or drip with double entendre. A logo isn’t about creating a nice looking design, it’s about capturing and showing that brand’s identity in one fell swoop – I’m working on this myself. A good logo requires great client cooperation without being overbearing.
As an aside; Asking a client about their business’ traits, goals, and target market will get you further than asking to see logos and color palettes they like.
http://www.thelogofactory.com/ has been cranking out logos for years, not all of them are great but the blog posts on the site are phenomenal. They will make you see the error of your ways pretty damn quickly
update: The link in my article still works. Subtle Patterns has changed it’s format to a paid plugin, individual patterns are still available. Due to the pay to play nature of the photoshop plugin, they’ve removed links to the collection download.
I wanted to share a resource I’m completely infatuated with: Subtle Patterns. This website aggregates free to use subtle patterns, and shares user contributions to the rest of the community.
The best part of this website? They don’t make you jump through hoops to get their files! No sign-up, emails, or other crap no one really wants to deal with (why do you think my comments are registration free?). Even better, they have every pattern available for free, in a master pattern file. The default photoshop patterns suck (pardon me), and loading up this free subtle patterns download really gives you a great choice of patterns to integrate into your design work.
I had a user email me with some questions on installing subtle patterns into Photoshop. It’s really simple, just follow these steps:
Follow the link above and download the subtle-patterns SubtlePatterns.pat.zip file
Open the archive (zip) and extract (drag/drop) the SubtlePatterns.pat file into your file system
Note: C:\Program Files\Adobe\Adobe Photoshop CSX\Presets\Patterns is ideal
Open Photoshop and click ‘S’ to open your stamp tool
Switch to the pattern stamp tool if Clone Stamp is active by holding your mouse button down on the Stamp tool icon
Activate the pattern dropdown in the top ribbon, usually below the help menu
In the top right corner of the window, there is a gear icon – clicky clicky
Pressing load patterns will open one final dialog
Locate your pattern files and load them through this dialog
I just wanted to share this video with you guys. Design has so many mediums and this guy illustrated wonderfully how simple things can come together with the right type of planning. Note the type part, bad planning isn’t going to get you good results all too often. Cheers!
Jailbreaking iPhones is nothing new, nearly any and all handheld apple devices have had a crack of some sort available since 2007. Software based cracks started popping up in 2008, with a lot of the early work being done by George Hotz.
The actual jailbreak process is extremely straightforward. Only a few steps are required…
We’ve come a long way since the early days, with the ability to jailbreak in under five minutes, as well as with a one click solution through your iOS device’s browser. Despite the ease of use, the more recent iterations of the iPhone have closed the security breach that allowed for websites like www.jailbreakme.com to work. For that reason, I’ll be using the evasi0n – iOS 6.0-6.1.2 Jailbreak to free an iPhone 4 16gb running OS 6.0.1 baseband 01.59.00*. The phone is carrier locked and the owner will be leaving for Europe shortly, and they need an internationally functioning phone.
Preparing to Jailbreak
There are a few requirements before you can begin unlocking an iOS device with the Evasion Jailbreak.
You need a suitable machine to perform the jailbreak with, supported operating systems include: Windows, Linux, and Mac OS.
iTunes needs to be installed on your computer of choice.
Your iOS device needs to be updated to at least iOS 6.0
You need to have downloaded the Jailbreak executable, available here.
An extraction tool to get the files from the download, I suggest WinRAR by RARLAB.
You should back up any device before you jailbreak, should something go wrong.
The actual jailbreak process is extremely straightforward. Only a few steps are required to successfully jailbreak you iOS device using the evasi0n jailbreak.
Ensure you meet all of the requirements listed above. Install iTunes, backup your iOS device (iPhone 4 in this case), and download the jailbreak tool.
Connect your iPhone or other Apple iOS device to your computer via usb/proprietary connector. Ensure your computer recognizes that your device is plugged in.
From this point forward, we will not be touching iTunes or the iPhone until explicitly told to do so. Double click on the evasi0n icon that you’ve extracted and allow the program to run (if a dialog box appears). You will see the image above (less the bits about being jailbroken already), and if you read carefully – you’ll see that evasi0n is already scanning your phone’s software to see if it’s compatible. If everything is good, you can proceed with the one-click install of the jailbreak. Simply click on the button to the right and let the program do it’s thing.
In about five minutes you will be prompted to unlock and press a new icon on your apple device. After doing so, the device will power cycle several times. At this time, you can boot up Cydia App manager, which will again reboot your system. Cydia allows you to install third party applications on your Apple device, you are now free to download unapproved apps and tweaks not officially approved by Apple. This includes the tool we’ll be using to break our carrier sim-lock.
Carrier Sim Unlocking
Open Cydia and tap on the Search icon, and search for UltraSn0w – download and install this package. From here we will need to add an additional repository to our Cydia application. To do this we:
Open Cydia’s home page by closing and opening the app
Tap on the Manage icon found in the bottom bar
Tap on the Sources button in the middle of the screen
Tap on the Edit button found in the top right hand corner of your screen
Click on the Add button that appears in the top left of the screen
Type into the text box, “http://repo.iparelhos.com”
Tap the Add Source button
Once the operation completes, tap the Return to Cydia button found at the bottom of your screen (you may have to scroll)
Go back to your Cydia home screen and pull up the search function again by tapping the Search icon found in the bottom right corner of the screen. Search for Ultrasn0w Fixer for your OS version, and install this application. In my case, I’ll be using the Ultrasnow Fixer for 6.0.1.
So I know many people see the RSS feed logo on a daily basis and have no idea what it does, or why it exists. RSS stands for rich site summary, and does exactly what the name implies – provides a detailed summary of what is happening with a blog, news feed, or website in general. Most people use RSS because it can streamline a user’s daily news. Instead of visiting all of the blogs I enjoy to check for new content, or signing up for newsletters, I can have news and posts piped right into my RSS client. In this case I’ll be using Mozilla’s discontinued Thunderbird mail and feed client. I love the program as a free offline mail program, for it’s scheduling ability, and feed following, did I mention it was free? Get it here.
This is an RSS icon, you’ve undoubtedly seen it before.
Start by launching Mozilla Thunderbird
Press alt to bring up your menu bar
Navigate to File > New > Other Accounts…
Select ‘Blog & News Feeds”
Name your feed, I choose names based on how it will help me sort the feeds
Next and finish
In your left bar you should now see your new account, click on it
Center top of your screen, click on “manage subscriptions”
Paste or type in your feed URL
Finish by clicking add
Browse your new feed by clicking on it’s name in the left panel
Double click a post title in the center window to open it in Mozilla Thunderbird