Author: coutinho

By (author unknown), Groklaw NewsPicks – February 26, 2013 at 06:26PM

The course offers a broad knowledge base to build on, as you can see from the description below:

“Topics include abstraction, algorithms, encapsulation, data structures, databases, memory management, security, software development, virtualization, and websites. Languages include C, PHP, and JavaScript plus SQL, CSS, and HTML. Problem sets inspired by real-world domains of biology, cryptography, finance, forensics, and gaming. Designed for concentrators and non-concentrators alike, with or without prior programming experience.”

Harvard has made this course available free to anyone-via YouTube, iTunes, and the course page-with a series of lectures filmed during the Fall 2011 semester. The class is led by David J. Malan, an enthusiastic young professor and Senior Lecturer on Computer Science at Harvard, and himself a product of Harvard’s Computer Science program….Professor Malan has become something of a hot shot at Harvard. His mission-to make computer science more accessible and far less daunting.

[PJ: He also has
one called ‘Understanding Computers and the Internet’. Congresscritters and judges would have to take these courses, in my perfect world.] – Open Culture

By Dan Eaton, Columbus Business News – Local Columbus News | Business First of Columbus – February 26, 2013 at 07:32PM

To many an outdoors enthusiast, Cabela’s Inc. is a magic kingdom. James Daugherty, general manager of the Cabela’s set to open March 7 at Polaris, talks of the “wow effect” of the destination stores.

“I tell people we’re the Disneyland of retail,” he told me. “People come in here smiling and they smile the whole time they’re here.”

The Columbus store will be the 41st in the Sidney, Neb.-based chain. With so few shops, the goal is to make the environment more than a mere store.

“We…

By Joel Lee, MakeUseOf – February 26, 2013 at 04:31PM

I have a lot of great things to say about WordPress. It’s an internationally popular piece of open source software that allows anyone to start their own blog or website. It’s powerful enough to be extensible by seasoned coders, yet simple enough that tech-illiterate people can still benefit from it. We even have a mini-guide for starting your own WordPress site.

However, as with all Internet-related software, there will always be security holes that need patching. Even when past holes are fixed, new features will inevitably introduce new holes, and then those holes need to be fixed. It’s a process that never ends, which is why it’s so important for you to update your WordPress regularly.

Updating WordPress is the best way to patch the latest WordPress security vulnerabilities. What sorts of security vulnerabilities? Here’s an overview of the most common ones you’ll encounter.

1. Default Admin Account

When you first install WordPress, your basic administrator account will be called “admin” with an equally simple password. Keeping security credentials at their default settings can be a big vulnerability because hackers and crackers will know what those default settings are and, thus, will exploit them with ease.

Actually, this isn’t a problem unique to WordPress. Anything that comes with product-wide default access credentials (such as router logins or phone unlock codes) will inherently have this WordPress vulnerability. But while routers and phones usually require your physical presence for mischief, anyone can potentially hack your WordPress site as long as they have the URL.

So what can you do? The easiest solution is to create a new administrator account on your WordPress site and delete the default “admin” account. This leaves no predictability in terms of administrator access.

2. Default Database Prefixes

When WordPress is first installed, the database tables are named with a default prefix of wp_. This is done so that all of the tables remain organized in your database in case you’re working with other software packages in the same database. The wp_ signifies that those specific tables are related to WordPress.

But here’s the catch – if a hacker is attempting to mess with your WordPress site, then this bit of predictability automatically makes him one step closer to tampering with your database tables. By knowing the names of your database tables, a hacker can manually poke at it until he gains access.

Think of it this way. Suppose a thief wants to steal something from your home but your home is equipped with special doors that have hidden keyholes until you call out the right “name” for that door. If the thief knows that your door’s name is “Sandy”,  then all he needs to do is pick the lock, but if the thief doesn’t know your door’s name, he needs to first figure that out somehow before he can even start to pick it.

So what can you do? Simple. WordPress allows you to install using a table prefix that is different from the default prefix.

3. Accessible Files & Directories

With any website, the number of files that you actually want users to access is far smaller than the number of files that are necessary to power that website. You may have a lot of function files, class files, template files, configuration files, and more – none of which should be publicly available. The same is true for directories.

Using CHMOD, you can set permissions on various files and directories to prevent unwanted users from accessing sensitive materials. If a user had access to your configuration file, for example, he could tamper with your WordPress settings and break your website. WordPress is vulnerable when your website’s files and directories aren’t secured behind proper permission settings.

So what can you do? I actually had to deal with this problem recently, and the fix isn’t too difficult. Make sure that your WordPress installation is in accordance to the WordPress permission scheme.

4. SQL Injections & Hijacking

SQL injections are not unique to WordPress; in fact, they are one of the most common (and destructive) forms of web server attacks in the world. Not familiar with the term? Give my introduction to SQL injections article a quick peek to give yourself a basic understanding of the problem.

In essence, WordPress has had a few SQL injection security holes in their code over the years. Some have been patched while others remain uncovered or undetected. If a hacker gains access to one of these holes, he can inject malicious SQL code into your database, which can be used to steal data or just delete it altogether.

So what can you do? Well, here’s the catch – if you aren’t well-equipped enough to know how to defeat SQL injections, then you probably don’t have the technical know-how for building up a protection in the first place. You can probably look around for WordPress plugins that might address potential injection holes, but most users will simply need to wait for the next WordPress security patch.

Recommended Plugins

• WP Security Scan – this plugin will scan your website setup and look for potential security vulnerabilities. It covers all sorts of areas from file permissions to database holes to password management and more.
• WordPress File Monitor Plus – in case someone has gained access to your site’s file structure, this plugin will let you know. It regularly monitors your system’s files and directories and makes note of any discrepancies.
• WordPress Firewall 2 – this plugin sets up a metaphorical wall around your site, scanning all inputted data and traffic for malicious intent. It’s pretty good at preventing attacks like SQL injections and other database attacks.
• Wordfence – Wordfence is something of an all-in-one security suite plugin that includes malicious attack protection, anti-virus scanning, a firewall, and more. Definitely worth a try.

Conclusion

While WordPress may be both open source and widely popular, that doesn’t mean it isn’t without its flaws. WordPress vulnerabilities pop up from time to time and when one is fixed, another one is usually right around the corner. With careful monitoring and preventative steps, you can minimize the risk that your WordPress site faces.

The post Why Update Your Blog: WordPress Vulnerabilities You Should Be Aware Of appeared first on MakeUseOf.

By Melanie Pinola, Lifehacker – February 19, 2013 at 12:00PM

Amazon’s Lending Library is a great treat for Kindle-owning Prime members: You get nearly 300,000 books to read for free. Browsing the selection on a Kindle is easy enough, but Amazon doesn’t offer a direct link to these titles on its site. To get to it, you need to jump through a little hoop. More »

By Jason Kottke, kottke.org – February 25, 2013 at 10:12PM

The On1on gathers news that seems like it should be from The Onion but isn’t. Like “Russian man busted for cheating on girlfriend when she spots him on the Russian version of google maps with the other woman”, “Accused of being gay, Spanish priest challenges Church to measure his anus”, and “China Bans Reincarnation Without Government Permission”. (via waxy)

Tags: journalism   The Onion

By Steve (Editor-In-Chief), The Firearm Blog – February 25, 2013 at 08:59PM

Wired Magazine has published an excellent long form article explaining what the AR-15 is and what it is not to Wired’s geek/tech audience. Jon Stokes, the author, is a gun enthusiast and friend who has published articles on TFB.

From the morning that ArmaLite opened its doors in 1954 to the present, most of the innovation that has gone into the AR-15 has been aimed at making the gun as accurate and pleasurable to shoot as possible. The result is a gun that really is an order of magnitude easier to use effectively than many of the traditional wood-stocked rifles that black-rifle-hating hunters grew up with. For someone who enjoys shooting a $2,500 AR-15 from a company like Lewis Machine and Tool, Black Rain Ordnance, Daniel Defense, or KAC, is like a driving enthusiast sitting behind the wheel of an Italian or German supercar. It’s a revelation, and the experience doesn’t wear off quickly.

Once you have SHOT a very high-end AR-15. It is hard to go back.

The AR-15 Is A Gadget originally appeared on The Firearm Blog on February 25, 2013.

By Dennis Crouch, Patent Law Blog (Patently-O) – February 25, 2013 at 07:07PM

Guest Post by Stuart Soffer, IPriori, Inc.

1. Finding prior art is a ‘degrees of separation problem’:
you are separated from your art by some number of people and connections.

2. Build a timeline

Timelines aid visualizing the evolution of technology and locating the sweet spot of your prior art. Build multiple timelines in parallel (looking like a sheet of music) each line tracking a separate aspect. Possible lines to include are: the prosecution history of each patent; an industry timeline, i.e., the sequence of releases of Microsoft Windows operating systems; corporate history and accused product development; and prior art as you assemble it.

3. Get on the phone

Don’t fear cold-calling. If the patent identifies people, or papers cited look promising, locate and contact the authors to see what materials they maintain, or if they can refer you to others. One search led me to the cell phone number of a CEO, was on a golf course when I called – he was very helpful pointing me to the right person.

4. Find the packrats and hoarders – those that build their own collections, either from their career, or interest. These folks exist, but they don’t publicize their collections, it isn’t indexed, and they may not appreciate visibility. Other sources are from estate sales and antique stores, but this is better for proactively building a collection for future use.

5. A by-product of the non-patent prior art search is identification of potential testifying experts. Sign ’em up.

6. Accused ‘infringers’ could have their own prior art

Long established companies, especially those with formal research groups and product evolution, will possibly have their own prior art to current products.

7. Days and weeks matter

Relevant prior art dated mere days or weeks after the effective filing date for a patent is frustrating. This is instructive for parties contemplating filing patent applications that the time you delay filing can come back to haunt later on with prior art dated a few days earlier. There are instances where the prior art is just a short time after the effective filing date. In one instance the relevant non-patent art was an article in a conference proceeding. Presumably publication date is the conference date. That date didn’t predate the priority date, however I researched the date submittals were due for peer review. That date was before the priority date and, under the right circumstances, that can count as prior art. 

8. Establish a company historian

One search some years ago led me to the AT&T Corporate Historian. This was an actual position.

9. Multiple path searchers and searchers; don’t rely on only one modality. Different searchers don’t get identical results. They come to the problem with different personality, background, preferences in search sources and search techniques. An important search will use more than one searcher or company to get better coverage.

10.Always be on the lookout for prior art

Some searchers continue a search under the understanding the likelihood of similar requests in the future. Be opportunistic: visit museums or antique stores as you travel. Have a camera to take pictures of artifacts you encounter to aid in recall (easy to do with smartphones.)

11.(Bonus) Be aware domain taxonomies, such as Library of Congress Subject Headings, Medical Subject Headings (MeSH), ACM Computing Reviews Categories. Build a vocabulary of synonyms with which to vary search queries. Here are some samples:

• Memory, storage, disk, array, RAM, DRAM, flash
  
• Signal, indicator, message, bit, semaphore, indicia, flag
  
• Display, window, CRT, VT100, terminal emulator
  
• Connected, attached, communicates with    
  
• Module, program, server, layer, client, abstraction, applet, application