If you have a Facebook account, you’ve probably seen, or shared, at least one urban myth. Maybe it’s this image:

Or this:

Today, 12/01/2014 in response to the Facebook guidelines and under articles L.111, 112 and 113 of the code of intellectual property, I declare that my rights are attached to all my personal songs, lyrics, literary excerpts, data, drawings, paintings, photos, texts etc… published on my profile. For commercial use of the foregoing my written consent is required at all times……

Or even this:

I just found out that should you ever be forced to withdraw monies from an ATM machine, you can notify the police by entering your Pin # in reverse. The machine will still give you the monies you requested, but unknown to the robber, etc, the police will be immediately dispatched to help you.
The broadcast stated that this method of calling the police is very seldom used because people don’t know it exist, and it might mean the difference between life and death. Hopefully, none of you will have to use this, but I wanted to pass it along just in case you hadn’t heard of it. Please pass it along to everyone possible.

There is no validity to any of these posts, and none of them are new.  In fact, the third one started circulating in an email as early as 2006, before migrating to Facebook. The first one has been circulating since at least 2010. The Facebook privacy one surfaces in a new form every time Facebook announces changes to its privacy policy. These are just a sample of the many myths that are out there. All of these have been discredited, and the validity can be easily checked. The next time you see a Facebook status like that, stop and think about it. How will sharing a picture 100 times provide a free heart transplant? If entering a PIN backwards would summon police, don’t you think that information might actually be shared by your bank? Who decided stating your rights in a Facebook status would provide any legal protection whatsoever? (For the record, you agree to Facebook’s Terms and Conditions when you create an account. Stating otherwise publicly doesn’t change anything).

While it’s not possible to completely stop these things from circulating, you can become part of the solution. Don’t blindly share or post anything just because everyone else is. It’s possible to quickly check whether a post is valid or not. I use Snopes.com to check these items out. For example, here’s the Snopes link debunking the backwards ATM  PIN myth. If the story isn’t true, don’t spread it. While there’s not necessarily anything malicious about these myths, there’s no point in perpetuating them. Your friends will probably thank you for having a little less clutter in their feed, too.

Robots are fact and no longer science fiction. Robotics technology we have in development NOW is going to greatly impact our jobs and economy. This issue is creeping up on us quickly, but experts are split on their opinions about how it will affect jobs. Historically, new technology created new jobs to replace those it displaced, but this time it might be very different. All the rules go out the window when technological acceleration reaches a certain point.

If you haven’t seen this video, it’s worth 15 minutes of your time:

And if you’re really interested, here’s a longer read from the Pew Research Institute: AI, Robotics, and the Future of Jobs [pdf]

Can robots and artificial intelligence replace your job?

 

What Is It?

By now I’m certain you’ve heard of the Heartbleed bug. If you haven’t, then you should know that it is a flaw found in one of the most common open source SSL implementations on the internet that COULD allow an attacker to get sensitive information from the web server. A successful attack could expose the server’s SSL private keys that would allow the attacker to decrypt the data traveling to the site, such as usernames and passwords.

As of now there have been no confirmed attacks using this bug, but an exploit of the bug is completely untraceable so there’s no way to be certain if a site has been targeted.

Places to learn more:
General information
LastPass and the Heartbleed Bug
How Heartbleed Works: The Code Behind the Internet’s Security Nightmare

How can you tell if a site is affected?

First, you need to figure out how vulnerable your data might be. There are several  lists of vulnerable sites that you can manually search through and several online tools that can be used to check specific sites (lastpass and SSL Labs have two particularly useful tools, linked below). There is a Chrome extension that can help identify vulnerable sites as you visit them. The folks at www.Mashable.com have a “hit list” of sorts that lists several sites that they have had direct communication with and recommendations as to what you should do to protect yourself on those sites.

Since Google’s Android operating system is built on open source principles, it is heavily integrated with OpenSSL so any Android device may be vulnerable to this bug as well. Lookout Security has developed a tool to check your device for vulnerability (linked below). If your device is vulnerable you will have to wait for an update for the device.

How can you protect yourself now and in the future?

Once you’ve identified what sites you’ve used that contain sensitive information, you need to change your passwords. You should make sure that they have patched their systems before you change your password for good but many experts are saying that you should change the passwords now just to be sure that any data captured in the last 2 years is safe.

Many systems online were not affected at all because they run on server platforms that don’t use OpenSSL (like Microsoft IIS). These sites have not been compromised by this bug and you should make your own judgment as to whether or not you should change your passwords. If you have used the same username and password combination on an unaffected site as you have on an affected site, you should change your password on both, and make sure they’re different this time.

If you have two factor authentication in place (which you should on any service that supports it) you are at an advantage since even if someone has your username and password they don’t have your second authentication method (typically an app or a text to your mobile phone). You should probably still consider changing your passwords on these sites to be safe.

If you use a password manager (like LastPass or Keepass) then you should most likely regenerate new passwords for your important sites. If you’re using LastPass, they have updated their app to include a tool that will automatically alert you of the Heartbleed status of any sites that you have saved or generated passwords for and give you suggestions as to when you should change their respective passwords.

You should never use the same logon and password for two important sites (like your banking site and your email). If you are using the same information on multiple sites that are important to you, you should change them now so that they are different.

The best thing you can do is not panic and stay aware of the current status of this bug. Keep checking the status of your frequently visited SSL enabled websites and if any of your important sites aren’t patching their systems, find a different company to do business with.

Windows XP End of Support is on April 8th, 2014. Click Here to learn more.

Don’t show this message again

Microsoft is ending support for Windows XP, and it’s about to let every XP user know. On Saturday March 8th, and then the 8th of every month after, XP users will see the popup window shown above (unless they tick don’t show again). Many users may mistake this warning for a fake security alert, often used to trick people into installing malware. But this one is legitimate. Any computer connecting to Windows Update will display it. Most enterprise computers won’t, as they don’t get updates directly from Windows Update.

There are two more patch Tuesday’s left for XP, and then Windows Update will no longer offer updates for what may be the most successful operating system of all time. Many experts are predicting a spike in XP related malware as vulnerabilities go unpatched. Amazingly, XP still has a 29% market share. Not sure if you have XP? There’s a website for that: http://amirunningxp.com/

There is no direct upgrade from XP to Windows 7 or 8. However, Laplink has a free migration tool called PCmover Express that will help transfer files, settings, and profiles. If you want to also transfer programs, there’s a special offer on the professional version ($23.95).

Are you still running Windows XP? Will you be upgrading? What are you going to upgrade to?

Phonebloks is a Thunderclap project started by Dutch Engineer David Hakken that might just be the next big thing in the mobile industry. A phone only lasts a couple of years before it breaks or becomes obsolete. Even if just a part of it failed us, we’ll have to make it an expensive paper weight.  Phonebloks is all about solving this problem, in an unusual, yet innovative and possibly viable way. Phonebloks is made of detachable bloks. The bloks are connected to the base which locks everything together into a solid phone. If a blok breaks you can easily replace it; if it’s getting old just upgrade. David Hakken has publicized this project as an attempt to reduce e-Waste.

And guess what it has a store all for itself. The Blokstore. It’s like an app store for hardware. In the store you buy your bloks, read reviews and sell old bloks.

Motorola has shown keen interest in Phonebloks. The company’s Advanced Technology and Projects (ATAP) team went public with its one-year-old Ara Project (it’s own version of upgradable smartphones) after agreeing earlier this month to partner with Phonebloks. Now with Hakken as its new face, Motorola’s Ara project aims to bring some substance to Hakken’s arguable pipe dream, and “do for hardware what the Android platform has done for software.”

Martin Cooper, the inventor of the cell phone, told CNN that while the Phonebloks concept is ‘well-meaning’ he suspects it will never become a reality: “the main reason that the Phonebloks will not hit the market as it will cost more, be bigger and heavier, and be less reliable. By the time it could be brought to market, the problem that engendered it will be gone.”

He might be right, but there’s always two sides to a coin.

Why I think it could work?

1. People love customizing their phones! The time of software upgrades, rooting & jailbreaking could be history.
2. If it’s physically possible, it might be bigger than the huge leap forward Capacitive touch screens were, when they first arrived.
3. As a student, we can get tight on the pocket, we could settle for the default and upgrade later!

Why I think it might not work?

1. The phone could get too bulky
2. It might succeed as a concept, but to surpass the impact that the iPhone or Galaxy’s have in day to day work might be too much of a task.
3. Google Play is a key factor to the success of Android. As for the Blokstore, a store with a very small number of bloks could lead its way to doom. I don’t think there could be bloks enough to satisfy consumer needs.
4. It will be as expensive as hell.

Let’s see where it goes from here.

Non-technical friends and relatives have two universal truths regarding computers. One, they have toolbars, background software, coupon offers, and/or search engine redirects. Two, they have no idea how they got there. Most likely, they installed them. Even if you are technically inclined, you’ve probably still been trapped by Dark User Interface Patters.

A Dark Pattern is a type of user interface that appears to have been carefully crafted to trick users into doing things, such as buying insurance with their purchase or signing up for recurring bills.

Downloading software and updates is a minefield of unwanted software. Scott Hanselman details the confusing experience offered by download wrappers.

I am disappointed in us, Internet, that this is a business. Someone wrote this, for their job, directed by their middle manager, who was directed by their rich boss. There was a meeting (there’s always a meeting) where it was discussed on how we could most effectively fool non-technical relatives into installing crap.

These techniques are well-honed and tested. Even experienced users can install stuff they don’t want. So what’s the average user to do? Here are some applications that aim to help avoid unwanted installs.

• Ninite will automatically install popular apps. Great for setting up a new system. Pros: It won’t bother you with choices and options. It says no to all toolbars and junkware. To update, you simply run it again. Cons: If you add an application you need to rebuild the installer. Automatic updates require the paid version. Limited applications (some like CCleaner, and Adobe Flash have “opted-out)”.

Read the rest of this entry »

Bionic hands have been around for quite some time now. But I’m sure these pair of hands that can help one feel is going to be one of those breakthroughs in technology that can touch the hearts of millions, bringing tears of happiness to ones eyes. The world’s first bionic hand with the sense of touch is here. A team of researchers from Case Western University have made a new prosthetic bionic hand, designed to be capable of using measurements from 20 sensor points to control ones grip. Amazingly, the sensor data is linked directly to the sensory nerves in the patient’s forearm. The control for the grip is then extracted myoelectrically and returned to the muscles in the forearm. “Our dream is to have Luke Skywalker getting back his hand with normal function,” researcher Silvestro Micera told TechNewsDaily, referencing the hero in “Star Wars” who gets an artificial hand after his real one is cut off.

This was the first time that such a variant of the bionic hand was implanted into an amputee with high hopes that he would regain his sense of touch. The patient wore the bionic hand for some time over a month to see how his body adapts to the new presence. “When I held an object, I could feel if it was soft or hard, round or square,” said Dennis Aabo Sorenson, a 36-year-old man from Denmark who lost his left hand in a fireworks accident. “I could feel things that I hadn’t been able to feel in over nine years,” Sorensen said in another statement.

This is truly a miracle. An answered prayer. A dream come true for many.

 

A recent post by KrebsonSecurity reports that the attacks on Target were made possible using stolen credentials from a third-party vendor, specifically an HVAC contractor for the company. While that may seem unlikely to you – how could an HVAC contractor have access to Target’s network? – it’s not surprising that in this day and age, HVAC systems can be remotely accessed and monitored. After all, we live in a digital age. We think nothing of programming our DVRs while away from home, or logging into our home thermostat to program it, so it should be no surprise that large systems have advanced capabilities. The surprising part is that credentials for the HVAC system would also allow access to the rest of Target’s network. The investigation is still underway, so there are a lot of unknowns.  Did Target  require some form of two-factor authentication for access, and if not, why not? Was the HVAC network segmented from the rest of the network? How frequently were passwords changed, if at all? I would assume Target is taking a hard look at some of their security practices, and in the light of this and the recent announcement of the Neiman-Marcus breach, a lot of other companies that process millions of credit cards should also be reviewing their practices.

The Krebs article highlights another security issue, as well. The stolen data was transmitted using “drop” locations; compromised computers that stored the data, and that could be accessed by the hackers. While Target shoulders the brunt of the blame for this situation, it also underscores the importance of security at multiple levels, from home computers to small and medium businesses. An infected computer or server doesn’t just put the users of that system at risk; hackers can use that system for their own nefarious purposes, such as being an intermediate drop for stolen data.

The important thing to learn from this is the importance of protecting a network, regardless of where it is and what it’s doing. Even Fortune 500 companies and security professionals can be vulnerable. Limit access to your network. If 3rd parties need access, limit their access, monitor their use, and disable the access when not needed. Take security seriously, even at home. It’s not just your data that you might be protecting.

Image courtesy of chanpipat/FreeDigitalPhotos.net

Motorola though on shaky grounds have some cool products up their sleeve. For one here’s Motorola’s e-Tattoo. Google has always been at the pinnacle when it comes to innovative commercial products. First, it was Google Glass, now Motorola Mobility (now owned by Lenovo, work on the project started while at Google) appears to be aiming a few inches lower, working on a temporary electronic tattoo that would stick to the user’s throat. In other words, they have come up with an electronic tattoo that lets you communicate with your smartphone, gaming devices, tablets or any wearable tech. The idea is that wearer can communicate with their devices via voice commands without having to wear an earpiece or the Glass headset. Instead of actually speaking to Apple’s Siri or Google Now, you could merely think your voice command.

But hold on for a minute, as there is a bit more to the whole concept than might first appear. The tattoo they have in mind is actually one that will be emblazoned over your vocal cords to intercept subtle voice commands — perhaps even subvocal commands, or even the fully internal whisperings that fail to pluck the vocal cords when not given full cerebral approval. The patent even states, “the electronic tattoo can also be applied to an animal as well.” I still can’t figure out what Motorola has in mind.

In images attached to the patent filing, the size of the tattoo appears to be between a postage stamp and a Band-Aid. Other possible uses include making both incoming and outgoing audio clearer. That could mean anything from making smartphone conversations clearer in a crowded room to being able to listen to music without earphones. Still, whether the e-tattoo becomes a reality for any consumer to buy is yet to be seen.

In GNU/Linux For Newbies of this guide, you saw some of the basic stuff and a little bit of history of what GNU/Linux is all about. Now, lets see some basic Linux terms you should know about.

1. Kernel

The kernel is a program that constitutes the central core of a computer operating system. The kernel provides basic services for all other parts of the operating system like memory management, process management, file management and I/O management. It has complete control over everything that occurs in the system. The user does not directly interact with the kernel. The user can interact with the kernel via a shell. The GNU/Linux systems use the Linux kernel.

2. GRUB

A bootloader is a computer program that loads the main operating system or runtime environment for the computer after completion of the self-tests. The GRUB is one of the many boot loaders available, it stands for Grand Unified Bootloader. It was developed as part of the GNU Project. GRUB works well for a wide variet of Operating System, even Windows. (though Windows Bootloader doesn’t allow other OS’es now)

3. File System

A file system can be thought of as similar to the index of a book containing the exact physical location of every piece of data on a hard drive. Without a file system, information placed in a storage area would be one large body of information with no way to tell where one piece of information stops and the next begins.

Some popular used file systems are FAT, NTFS, ReFS for Windows. HFS+file system for Mac and ext/2/3/4 for GNU/Linux.

4. Partitions

A hard drive can be split into different segments that act independently. Each such segment is called a partition. Partitions enable users to use multiple operating systems to run on the same drive in different partitions. Partition information is stored in the partition table (the classic Master Boot Record, and the modern GUID Partition Table – the better choice!)

 There are 3 types of partitions:

• Primary
• Extended
  • Logical

Primary partitions can be bootable and are limited to four per disk. If you require more than four partitions, an extended partition containing logical partitions is used. The extended partition is also counted as a primary partition so if the disk has an extended partition, only three additional primary partitions are possible. You can have any number of logical partitions within an extended partition. It is customary to create primary partitions sda1 through sda3 followed by an extended partition sda4. The logical partitions on sda4 are numbered sda5, sda6, etc.

5. Distros

A GNU/Linux distribution (or distro for short) is an operating system built on top of the Linux kernel and often includesa package management system. Unlike Windows or Mac OS X you do not need to choose an OS version that they are offering. In Linux world you could grab the source code for the Linux kernel, GNU shell utilities, Xorg X server (provides the GUI for the OS), and every other program on a Linux system and make an OS that suits your style. It might take a considerable amount of time and work to do that though.

Linux distributions do all that hard work for you, taking all the code from open-source projects and compiling it for you, combining it into a single operating system you can boot up and install. When you want to install new software or update to new versions of software with important security updates, your Linux distribution provides them in precompiled, packaged form. These packages are fast and easy to install, saving you from doing the hard work yourself. And you do need need to restart your computer after an update!

 6. Command Line Interface

A command-line interface (CLI) lets you control the computer using numerous commands in the form of successive lines of text (command lines). The CLI has no icons or pictures, and often is so simple that even a mouse will not work — it relies on the keyboard. Bash is the shell, or command language interpreter, for the GNU/Linux operating system.

7. Desktop Environment

A desktop environment provides a complete graphical user interface (GUI) for a system by bundling together a variety of X clients. The X Window System provides the foundation for a graphical user interface. Prior to installing a desktop environment, a functional X server installation is required. X provides the basic framework for a GUI environment like drawing and moving windows on the display device and interacting with a mouse and keyboard.

8. Window Manager

A window manager runs on top of the X Window System and controls the placement and appearance of windows in a graphical user interface. Most window managers are designed to help provide a desktop environment. They work in conjunction with the underlying graphical system that provides support for graphics hardware, pointing devices etc.

9. Su & Sudo

Superuser (su) is a special user account used for system administration. The equivalent name may be different in different operating systems, example; root, administrator etc. In operating systems that employ the concept of a superuser, it is recommended that most application work be done using an ordinary account or standard account which does not have the ability to make system-wide changes.

sudo is a program for Unix-like computer operating systems that allows users to run rograms with the security privileges of the superuser. Its name is a concatenation of su (super user) and “do”, or take action.

10. Repository

A repository is nothing but a storage location for all the verified packages (softwares) that are made available by a distro. All software can be downloaded and installed for its repository. This is a key reason why Linux is known to be “almost” virus free. Most major Linux distributions have their own official repositories and they are mirrorred all around the world.

<<Part 1