Flash player not detected. Click here to install flash.
« 1 2 3 4 5 »

Are you going to phish or cut clickbait?

Subject: General Tech | February 4, 2016 - 02:08 PM |
Tagged: security, google

Remember the thrill of finding the actual download button for the software you need, hidden on a webpage featuring at least four other large download buttons leading to unrelated and generally nasty software?  Well those horrible people at Google want to take that joy away from you!  Instead of practicing your skills at slapping the monkey, shooting the duck or pretending you are on an online version of Let's Make a Deal trying to pick the right download button to reveal the prize you want, they will present you with a bright red warning screen. 

For some reason those hacks over at The Inquirer think it is a good idea to take away the hours of time spent with your family, and all the interesting things that "just appeared" on their machines.

index.png

"Google is still chipping away at creating a secure online experience and has just unearthed a new element for safe browsing that stops click-happy idiots doing click-stupid things."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer

A friendly reminder about your OneDrive storage amount

Subject: General Tech | February 5, 2016 - 05:06 PM |
Tagged: onedrive, microsoft, cloud storage

Remember the good old days when OneDrive moved from offering you 1TB of storage to an unlimited amount?  That did not last too long, they changed their minds and dropped the paid service back to 1TB and the free version from 15GB to 5GB, with a chance to grandfather in the additional storage if you followed up with them.

A viewer recently encountered this for the first time and it seems appropriate to remind everyone about the change.  If you have the paid service and are storing over 1TB you may have already heard from Microsoft but if not then consider this the warning that you have better trim down the amount of data you store on OneDrive as the changes are going to happen in the latter half of this year.  The same goes for free users who have 15GB, or 30GB if you opted into the camera roll service, get the amount of files you have stored on OneDrive under 5GB or risk losing data you would rather keep.  The standalone 100GB and 200GB plans will be reduced to 50GB, the price will remain at $1.99 per month.

The whole situation is reminiscent of a teacher in a classroom full of kids choosing to punish the entire class for the actions of a few individuals; in this case the tiny percentage which exceeded 75TB of usage.  Make sure to clean up your OneDrive as soon as possible, this is not something you want to wait until the last minute to do.

OneDrive-Logo_large.png

"If you are using more than 5 GB of free storage, you will continue to have access to all files for at least 12 months after these changes go into effect in early 2016. In addition, you can redeem a free one-year Office 365 Personal subscription (credit card required), which includes 1 TB of OneDrive storage."

Here is some more Tech News from around the web:

Tech Talk

Source: OneDrive

Swiftech's H320 X2, bigger, better and ready for your personal touches

Subject: Cases and Cooling | February 5, 2016 - 06:44 PM |
Tagged: swiftech, H320 X2, AIO, watercooling

The Swiftech H320 X2 is obviously designed for those who like to show off the insides of their system, parts of both the reservoir and waterblock are clear as is the piping and there are indeed LEDs on the cooler.  It is larger than the previous generation, the radiator is 127 x 375 x 28mm with a 109ml reservoir, three Swiftech Helix 120mm PWM fans are installed to pull heat from the radiator.  Modders Inc loved the fact that while this is an AiO cooler, it is designed with modding in mind as you can add in or switch out components which is a rarity in AiO watercoolers.  The performance was also impressive, you can read about that and more in their full review.

DSC_7910.jpg

"All-in-one (AIO) water cooling units have brought the performance and silence of water cooling to the masses with the simplicity of installing an air cooler. AIOs offer simple installation without the need to bleed the loop. Simply attach the hardware and power cables and you are all set."

Here are some more Cases & Cooling reviews from around the web:

CASES & COOLING

 

Source: Modders Inc

Java Browser Plug-in Soon Killed Off by Oracle

Subject: General Tech | January 30, 2016 - 07:05 PM |
Tagged: web browser, web, shockwave flash, shockwave director, oracle, Java

After decades of semi-ubiquitous usage, Oracle has announced plans to stop providing the Java plug-in for web browsers. It will still be available in the upcoming Java 9 platform, but classified as a deprecated feature.

ie-wheeee-dead.jpg

This has nothing to do with JavaScript, which is a scripting language that web browsers use. JavaScript is not a plug-in, and it's very secure in terms of the machine the browsers run on. Pretty much all exploits that we see either trick the user to download and run a program, have them disclose sensitive information (passwords, identity, etc.) to the wrong people, try to make the browser impossible to use until it is shut down and restarted, or launch a plug-in that is the actual problem. The joke is “Java is to JavaScript as Car is to Carpet” -- but that's not true: cars often have carpets.

Java, Shockwave Director, and Shockwave Flash filled in a huge gap in Web standards during the late 90s and early 2000s. Plug-ins were about the only way to access files, per-pixel 2D animation functions, and even access to 3D graphics hardware. Web browsers can do almost all of that now, albeit file input and output is limited to individual files, because you don't want every website to be able to read and write files (and site-specific data lockers with APIs like IndexedDB and Web Storage) on the user's hard drive without the user's explicit control.

As such, browsers are trying to kill off native plug-ins. This could be a problem for games like Battlefield 3 and 4, which (Update Jan 30th @ 7:51pm: Used to... it's apparently been a while. Thanks wileecyte in the comments.) require plug-ins to launch the native application, but the browser vendors have been expressing their desires for quite some time. Even companies that are heavily invested in plug-ins for their products, like Oracle, are finally giving up.

Source: Ars Technica

G.Skill Rolls Out Refreshed Mechanical Gaming Keyboards

Subject: General Tech | February 1, 2016 - 12:48 AM |
Tagged: ripjaws, RGB LED, mechanical keyboard, G.Skill, Cherry MX

Memory maker G.Skill recently announced a refresh of its mechanical keyboard line that tweaks the KM780 series and cuts $10 off of the MSRP pricing. The two new refreshed products are the Ripjaws KM780R RGB and KM780R MX.

GSkill KM780R-MX front.png

The new keyboards use an aluminum plate/base, Cherry MX switches, and a black anodized finish on the frame. The KM780R MX is backlit by red LEDs while the KM780R RGB can have custom per-key backlighting. Both feature a full QWERTY layout plus number pad as well as media playback keys, a LED volume level display, and six macro keys (three on-board key profiles). There is also USB and analog audio pass-through ports.

G.Skill is offering the new gaming keyboards in several models depending on your choice of key switch. Specifically, users can choose from Cherry MX blue, brown, or red switches. Connecting via USB, they employ anti-ghosting and full N-key rollover tech as well.

GSkill KM780R-RGB.png

The every so slightly cheaper KM780R series does away with its predecessors bundled extra gaming key caps and key removal tool. The KM780R MX has an MSRP of $120 while the KM780R RGB model has an MSRP of $159.99 (Note that the brown and red variants are actually $140 on Amazon right now, but the Cherry MX blue version is not on sale.)

While I have not used them, the original models from last year appear to have garnered quite a bit of praise in reviews (particularly from AnandTech). It seems like G.Skill has not changed much and the R variants are more of the same for a bit less, and that's probably a good thing. I'm looking forward to seeing full reviews though, of course.

Have you tried the memory giant's other products before?

Also read: Mechanical Keyboard Switches Explained and Compared by Scott Michaud @ PC Perspective

Source: G.Skill

Unreal Editor for Unreal Engine 4 in VR

Subject: General Tech, Shows and Expos | February 4, 2016 - 07:47 PM |
Tagged: GDC, gdc 2016, epic games, ue4, VR, vive vr

Epic Games released Unreal Engine 4 at GDC two years ago, and removed its subscription fee at the next year's show. This year, one of the things that they will show is Unreal Editor in VR with the HTC Vive. Using the system's motion controllers, you will be able to move objects and access UI panels in the virtual environment. They open the video declaring that this is not an experimental project.

epicgames-2016-tim-vr.jpg

Without using this technology, it's hard to comment on its usability. It definitely looks interesting, and might be useful for VR experiences. You can see what your experience will look like as you create it, and you probably even save a bit of time in rapid iteration by not continuously wearing and removing the equipment. I wonder how precise it will be though, since the laser pointers and objects seemed to snap and jitter a bit. That said, it might be just as precise and, even still, it only really matters how it looks and behaves, and it shouldn't even prevent minor tweaks after the fact anyway.

Epic Games expects to discuss the release plans at the show.

Source: Epic Games

Next on the list of companies which should know better is Malwarebytes, but it is not as bad as some say

Subject: General Tech | February 3, 2016 - 12:46 PM |
Tagged: security, Malwarebytes

Considering the business that Malwarebytes is in you can expect to see a lot of negative press about a gaping security hole in the near future and while there is a vulnerability it is not as bad as many will make it out to be.  The issue lies in that signature updates are done over HTTP and are unsigned, very bad practice but something which would be exploited on a single client connection as opposed to something you could use to create a wide spread infection.  The Register links to the Google Project Zero entry which was released today as the vulnerability was first reported to Malwarebytes 90 days ago and has not been addressed on the client side.

The actual concern you should have is that the original bug report also found vulnerabilities on the server side.  Malwarebytes did correct the server side issues almost immediately but neglected to follow through on the client side.  It is good of them to patch and offer bug bounties but a complete follow through is necessary if you are a security software peddler who wants their reputation to stay intact.

mb-logo.png

"The antivirus firm says it has addressed server-side vulnerabilities that were reported by Google Project Zero researcher Tavis Ormandy in November. However, security holes remain in the client-side software that runs on people's Windows PCs."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Microsoft Lets Anyone "Git" Their Deep Learning On With Open Source CNTK

Subject: General Tech | February 4, 2016 - 01:18 PM |
Tagged: open source, microsoft, machine learning, deep neural network, deep learning, cntk, azure

Microsoft has been using deep neural networks for awhile now to power its speech recognition technologies bundled into Windows and Skype to identify and follow commands and to translate speech respectively. This technology is part of Microsoft's Computational Network Toolkit. Last April, the company made this toolkit available to academic researchers on Codeplex, and it is now opening it up even more by moving the project to GitHub and placing it under an open source license.

Lead by chief speech and computer scientist Xuedong Huang, a team of Microsoft researchers built the Computational Network Toolkit (CNTK) to power all their speech related projects. The CNTK is a deep neural network for machine learning that is built to be fast and scalable across multiple systems, and more importantly, multiple GPUs which excel at these kinds of parallel processing workloads and algorithms. Microsoft heavily focused on scalability with CNTK and according to the company's own benchmarks (which is to say to be taken with a healthy dose of salt) while the major competing neural network tool kits offer similar performance running on a single GPU, when adding more than one graphics card CNTK is vastly more efficient with almost four times the performance of Google's TensorFlow and a bit more than 1.5-times Torch 7 and Caffe. Where CNTK gets a bit deep learning crazy is its ability to scale beyond a single system and easily tap into Microsoft's Azure GPU Lab to get access to numerous GPUs from their remote datacenters -- though its not free you don't need to purchase, store, and power the hardware locally and can ramp the number up and down based on how much GPU muscle you need. The example Microsoft provided showed two similarly spec'd Linux systems with four GPUs each running on Azure cloud hosting getting close to twice the performance of the 4 GPU system (75% increase). Microsoft claims that "CNTK can easily scale beyond 8 GPUs across multiple machines with superior distributed system performance."

cntk-speed-comparison.png

Using GPU-based Azure machines, Microsoft was able to increase the performance of Cortana's speech recognition by 10-times compared to the local systems they were previously using.

It is always cool to see GPU compute in practice and now that CNTK is available to everyone, I expect to see a lot of new uses for the toolkit beyond speech recognition. Moving to an open source license is certainly good PR, but I think it was actually done more for Microsoft's own benefit rather than users which isn't necessarily a bad thing since both get to benefit from it. I am really interested to see what researchers are able to do with a deep neural network that reportedly offers so much performance thanks to GPUs. I'm curious what new kinds of machine learning opportunities the extra speed will enable.

If you are interested, you can check out CNTK on GitHub!

Source: Microsoft

BitTorrent Talks Encryption, Improved Linux Support For Sync 2.3

Subject: General Tech | February 2, 2016 - 05:11 PM |
Tagged: file syncing, encryption, bittorrent sync, bittorrent

BitTorrent continues to support its file sharing and syncing application with the recent release of Sync 2.3.1. The 2.3.x update contains a number of bug fixes for stability, but the important news is the added support for encrypted folders and finally allowing selective file syncing on Linux systems. Additionally, the company put out a short brief on the information they collect and how they are securing your files synced by Sync which is available as a PDF.

BitTorrent Sync 2_3 Encrypted Folders.png

Sync 2.3 allows Windows users to run Sync as a service and Android users can move data to and from an SD card from within the app so long as they are running at least Android 5.0 or newer. Linux users also get a bit of love with support for selective file syncing (where you can choose which specific files to download locally and which to keep on the remote peers) though it appears that BitTorrent has limited this feature to its paid Sync Pro tier which is in line with other platforms. According to BitTorrent Inc. among the performance and bug fixes, the biggest UI change is a redesigned process for adding new folders.

On the security and privacy front, BitTorrent claims that it employs several security measures to keep your data safe. First though, the company allegedly only collects benign data including the program version, add folder errors, the amount of data transferred (directly and via relay server), number of peers, and share link and tracker statistics as well as few more things you can see in the brief linked above. All the data that they collect is reportedly sent in the clear so that users can verify what they are collecting on them.

To secure your files, BitTorrent uses SSL and AES-128 encryption to transfer files. In the case of Advanced folders, it generates a X.509 certificate (each folder is given it's own certificate) using a certificate authority and then uses a certificate chain to control user access and file modification permissions as well as a mechanism to revoke access. In the case of encrypted folders, Sync generates storage and session keys with the session keys complying with perfect forwards secrecy standards such that future session keys being cracked does not compromise past sessions. When using the encrypted folders option (which is useful when using a VPS as an off-site backup or to any machine that you do not fully own and control for that matter), data from your local machines is encrypted before being sent to the remote machine using AES 128 bit encryption (I wish they had gone with at least AES-256, but it's something). The data is then sent over SSL. Thus, the data on the remote machine is never in an unencrypted state which is a good thing for having a secure off-site backup. The encrypted folder can still be used as part of the mesh to speed up syncing among your machines, as well, while remaining secure.

I think the encrypted folders are a good addition to Sync, though the encryption bit-ness could be improved (a weak VPS' processor doesn't need to decrypt the data anyway so CPU time needed for the beefier algorithm should not matter...). In past coverage users have mentioned issues when syncing folders that they encrypted themselves before adding to Sync where the data could get corrupted when the peers became confused on changes made and what to sync. Hopefully this will help avoid that though they do still need to work on fixing user chosen pre-sync encryption. I am still using Sync to backup my photos and sync documents between my laptop and desktop and it works well for that sans the storage limits imposed by One Drive (and the uncertainty of my once-promised 25GB of free storage).

What do you think of the changes, and is their security good enough?

Source: BitTorrent