Shared posts

18 Aug 15:56

1 Aerospike server X 1 Amazon EC2 instance = 1 Million TPS for just $1.68/hour

by Todd Hoff

This is a scary amount of computational power for < $2 / hr.

This a guest post by Anshu Prateek, Tech Lead, DevOps at Aerospike and Rajkumar Iyer, Member of the Technical Staff at Aerospike.

Cloud infrastructure services like Amazon EC2 have proven their worth with wild success. The ease of scaling up resources, spinning them up as and when needed and paying by unit of time has unleashed developer creativity, but virtualized environments are not widely considered as the place to run high performance applications and databases.

Cloud providers however have come a long way in their offerings and need a second review of their performance capabilities. After showing 1 Million TPS on Aerospike on bare metal servers, we decided to investigate cloud performance and in the process, bust the myth that cloud != high performance.

We examined a variety of Amazon instances and just discovered the recipe for processing 1 Million TPS in RAM on 1 Aerospike server on a single C3.8xlarge instance - for just $1.68/hr !!!

According to, there are 7.5k new tweets per second, 45k google searches per second and 2.3 Million emails sent per second. What would you build if you could process 1 Million database transactions per second for just $1.68/hr?

18 Aug 16:41

49ers’ ubiquitous stadium Wi-Fi network delivers to full house in NFL debut

by Jon Brodkin

The 49ers has GREAT WIFI freely accessible to all! And the team lost the game 34-0. The 49ers really are adjusting well to their new home in Silicon Valley.

Levi's Stadium crowd on August 17, 2014.

The San Francisco 49ers' massive Wi-Fi network delivered to its first NFL crowd yesterday when the home team took on the Denver Broncos in a preseason game at the just-opened Levi's Stadium.

Mobile Sports Report Editor Paul Kapustka tested the network in person during the game and detailed his findings extensively.

"In its first 'real' test with an almost-full house on Sunday the Levi’s Wi-Fi and cellular networks seemed to work well throughout the game, delivering solid speed test results from almost every part of the new 68,500-seat facility," Kapustka wrote. In an outside concourse, Kapustka got speeds of 57.92Mbps down and 41Mbps up. He still got more than 20Mbps in both directions inside near the concession stands, while Mbps dropped to the teens in the seats, still plenty fast enough to qualify as broadband.

Read 11 remaining paragraphs | Comments

18 Aug 18:36

Against Editors

by John Gruber

Hamilton Nolan, writing for Gawker:

In the writing world, there is a hierarchy. The writers are on the bottom. Above them are editors, who tell the writers what to change. This is backwards. […]

Good editors are valuable. They are also rare. If we simply kept the good ones and dismissed the bad ones, the ranks of editors would immediately shrink to saner levels. Editors are an important part of writing — a subordinate part. Their role in the industry should be equally subordinate. It is absurd that most writers must choose between a career spent writing and a career that offers raises and promotions. The “new” online media, happily, tends to be less editor-heavy than the big legacy media outlets that have sprouted entire ecosystems of editors and sub-editors over the course of decades. This is partly because the stark economics of online journalism make clear just how wasteful all those extra editors are. To hire a new editor instead of a new writer is to give up actual stories in favor of… some marginal improvements, somewhere, or perhaps nothing at all.

I’m reminded of a 2005 essay by Paul Graham:

My experience of writing for magazines suggests an explanation. Editors. They control the topics you can write about, and they can generally rewrite whatever you produce. The result is to damp extremes. Editing yields 95th percentile writing — 95% of articles are improved by it, but 5% are dragged down. 5% of the time you get “throngs of geeks.”

On the web, people can publish whatever they want. Nearly all of it falls short of the editor-damped writing in print publications. But the pool of writers is very, very large. If it’s large enough, the lack of damping means the best writing online should surpass the best in print. And now that the web has evolved mechanisms for selecting good stuff, the web wins net. Selection beats damping, for the same reason market economies beat centrally planned ones.

16 Aug 19:24


by John Gruber

I’m not sure who should be more upset. Apple, because this is such a preposterously shameless ripoff of iOS. Or Samsung, because Xiaomi is so much better at ripping off Apple than they are.

Update: Keep in mind, too, that Xiaomi VP Hugo Barra keeps insisting they don’t copy designs from Apple. Even Thom Holwerda agrees that this is just shameless.

13 Aug 17:06

US must ‘destroy’ Islamic State, say religious conservatives

by David Gibson

It seems to me that ISIS is gleefully playing the game of Crusader-baiting, and these dudes are taking the bait.

(RNS) A coalition of religious leaders, led by mostly conservative Catholic, evangelical and Jewish activists, is calling on President Obama to sharply escalate military action against Islamic extremists in Iraq.

The post US must ‘destroy’ Islamic State, say religious conservatives appeared first on Religion News Service.

14 Aug 16:03

T-Mobile to throttle P2P traffic and excessive tethering, leaked memo shows

by Jon Brodkin

An internal T-Mobile memo published by TmoNews says the company will begin enforcing rules against peer-to-peer (P2P) file sharing and unauthorized tethering from August 17 onward.

The terms and conditions of T-Mobile US have contained restrictions on P2P and tethering since 2008, but enforcement appears to be new. The memo says that "only customers with Unlimited High-Speed Data" will be affected, and they will be given warnings before their data speeds are reduced.

“T-mobile has identified customers who are heavy data users and are engaged in peer-to-peer file sharing, and tethering outside of T-Mobile’s Terms and Conditions (T&C)," the leaked memo states. "This results in a negative data network experience for T-Mobile customers. Beginning August 17, T-Mobile will begin to address customers who are conducting activities outside of T-Mobile’s T&Cs.”

Read 10 remaining paragraphs | Comments

13 Aug 22:48

Man uses skateboard to interrupt stabbing on bus

by Emilie Raguso


Photo: Paul Sullivan

Photo: Paul Sullivan

The Berkeley Police Department arrested a Berkeley man Monday night in connection with the random stabbing of a young woman on a bus, authorities said Wednesday.

Police credited a bystander with fighting off the assailant with a skateboard.

Police arrested Eric Scott Palmer, 24, shortly before 11 p.m. Monday on suspicion of attempted homicide.

According to police, Palmer had been riding an AC Transit bus on San Pablo Avenue when “for no apparent reason, he attacked another passenger,” police said in a prepared statement.

Witnesses said Palmer had walked down the aisle on the bus and took out a knife.

He “said ‘watch this,’ and suddenly stabbed at a 21-year-old woman seated nearby,” according to police.(...)

Read the rest of Man uses skateboard to interrupt stabbing on bus (154 words)

By emilie. | Permalink | 17 comments |
Post tags: AC Transit, Attempted homicide, Berkeley crime, Berkeley Police, Berkeley stabbing, San Pablo Avenue

13 Aug 21:49

Behold: Longitude, Oakland’s new tropical cocktail bar

by Ethan Fletcher
Longitude Interior (32 of 32)

All photos by Gabriel Hurley

The East Bay’s newest tiki-style tropical cocktail bar is opening for Mai Tais this Friday at 4 p.m. in downtown Oakland. From exotic drink expert and former bar manager at Alameda’s Forbidden Island, Suzanne Long, Longitude takes over the former Disco Volante location at 347 14th Street.

And it’s quite a spot.

Longitude Interior (6 of 32)

In the seven or so months since Long took over the building, she’s completely transformed the space into a lush slice of paradise. Interior elements include a small seated area with a covered thatch hut, a 28-foot bar made from two slabs of Monkey Pod wood imported from Hawaii, an upstairs mezzanine that overlooks the rest of the bar, lush foliage and colorful orchids, and a custom audio system that plays ambient bird calls over the speakers.

Longitude Interior (8 of 32)

Unlike a traditional tiki bar, the interior design is not strictly Polynesian but rather evokes a general tropical theme, aided by the mostly east African art.

“I figured, why just limit yourself to one place when there’s a whole world out there to explore,” Long says. “I sort of look at Longitude as a ticket to adventure.”

Longitude Interior (30 of 32)

Helping customers on that adventure will be the menu of tropical drinks ($9–$13). Those include everything from a classic Trader Vic’s–style Mai Tai to the Shrunken Skull with house made grenadine, two rums, and cinnamon to the Black Orchid, house-flambeéd rum cordial with Angostura 7 rum and citrus topped by an edible orchid with a real pearl (that you can keep). In addition to rum, the bar also carries a large selection of rare whiskeys, including several from Japan.

Longitude Interior (22 of 32)

The food menu, meanwhile, mixes classic tiki fare such as crab rangoon and coconut shrimp with pub-style comfort dishes such as bangers and mash and shepherd’s pie.

Longitude adds to a robust tiki–style bar scene in the East Bay, which includes Forbidden Island, Emeryville’s Trader Vic’s, the Conga Lounge and Kona Club in Oakland, and Tiki Tom’s in Walnut Creek.

Hours: Tuesday–Thursday and Sunday, 4 p.m.–midnight, and Friday–Saturday, 4 p.m.–1:30 a.m.

Longitude: 347 14th Street, Oakland,

Longitude Interior (1 of 32)

Longitude Interior (17 of 32)

Longitude Interior (21 of 32)

13 Aug 19:03

Internet routers hitting 512K limit, some become unreliable

by Robert Lemos

From performance issues at hosting provider Liquid Web to outages at eBay and LastPass, large networks and websites suffered a series of disruptions and outages on Tuesday. Some Internet engineers are blaming the disruptions on a novel technical issue that impacts older Internet routers.

At the heart of the issue, the growth of routable networks on the Internet overwhelmed the amount of memory set aside in infrastructure hardware, typically routers and switches, that determines the appropriate way to route data through the Internet. For the first time, the lists of routable networks—also called border gateway protocol (BGP) tables—surpassed a significant power of two (two to the 19th power or 512K). Many older routers limit their use of a specialized, and expensive, type of memory known as ternary content-addressable memory (TCAM) to 512K by default.

When the tables outgrew the space allotted for them, the routers shut down or slowed.

Read 10 remaining paragraphs | Comments

12 Aug 21:50

Pan-CJK Font Development Details

by Dr. Ken Lunde

Unless you have been living in a cave or under a rock, you’ve no doubt heard of Source Han Sans or Noto San CJK through the initial announcements from Adobe or Google who jointly developed them, or elsewhere. These two Pan-CJK typeface families, which are joined at the hip because they differ only in name, were released to the world at large, as open source fonts, on the afternoon of July 15, 2014 in the US, which was the morning of July 16, 2014 in East Asia, their target audience. Click on the preview below to view a single-page PDF that shows all 65,535 glyphs from one of these fonts:

Over the next several months I plan to publish a series of articles on this blog that will detail various aspects of the development process that I employed for building these two typeface families. Although the subsequent articles will mention only Source Han Sans by name, they also pertain to its twin, Noto Sans CJK.

One of the more important themes that will ripple through all of the articles will be the extent to which Unicode played a role in the development process, and which made the entire development cycle smoother than if Unicode had not been leveraged. Unicode played an important role in determining the scope of the glyph set, and related to that, every glyph has a unique Unicode-based working name that drove several processes, such as CMap resource generation and OpenType feature building.

My current focus is to issue the first major update for these fonts, hopefully before the end of this month, and shortly after that I plan to kick off this series of technical articles.

I will close this article by stating what I feel is the obvious, particularly for open source fonts around which a community has formed: If any issues, however minor, are found while using the fonts, please take the time to review the Source Han Sans and Noto Sans CJK repositories to check whether it has already been reported, and if not, please do so.

12 Aug 14:28

Lyft: Uber scheduled, canceled 5,000 rides to hassle us [Updated]

by Casey Johnston
The Uber smartphone app.

CNN reports that people associated with car-on-demand service Uber have been attempting to sabotage an Uber competitor, Lyft, by ordering and canceling as many as 5,000 rides since October 2013. Lyft drivers have also complained that Uber employees will call them to take "short, low-profit rides largely devoted to luring them to work for Uber."

Uber reportedly used the ride request-and-cancellation tactic earlier this year on another competitor, Gett, to the tune of around 100 rides. Those ride calls were placed by employees as high in the company as Uber's New York general manager, Josh Mohrer. The calls serve a number of purposes: frustrating drivers, wasting their time and gas approaching a fare that won't come through, and occupying them to artificially limit driver availability, if only temporarily.

Lyft claims to have sussed out the fake requests using phone numbers used by "known Uber recruiters." Lyft claims that one Uber recruiter requested and canceled 300 rides from May 26 to June 10, and it said that recruiter's phone number was associated with 21 more accounts with 1,524 canceled rides between them. However, in this instance, there's no evidence that the cancellations were suggested by Uber corporate, according to CNN.

Read 2 remaining paragraphs | Comments

12 Aug 17:02

Kronnerburger sets target date for new Oakland restaurant

by Ethan Fletcher

KronnerburgerIt’s been nearly two years that Chris Kronner has been searching for a permanent Oakland location for his popular San Francisco–founded pop-up, Kronnerburger. And it looks like there is finally a light at the end of the tunnel, as he’s set a target opening date of mid-October to launch his own restaurant—in his very own non-shared space—on Piedmont Avenue.

“It’ll be a very welcome change,” he says, “not to have to drag everything around with me everywhere I go. That gets a little old.”

As previously reported, Kronner is taking over the former J’s Mexican-American restaurant, a unique triangular building and former train depot located on the heart of Piedmont Avenue at 41st Street. It’s a fairly small space, about 1,200 square feet, half of which is devoted to the prep kitchen. But that feels like a “luxurious” amount of room, Kronner says, after the motley array of spaces in which he’s made food over the last few years. The prep space will also allow him to experiment with in-house butchery and dry aging.

Screen Shot 2014-08-12 at 5.26.43 AM

Sample Bistro Ordinaire menu

As for the menu, that’s still a work in progress. Kronner will, of course, be serving his signature burger. But the planned open wood hearth grill should lend itself to using different cuts of meat and grilled vegetables. He also plans to utilize plenty raw seafood. He’ll be open for lunch through dinner until 10 p.m. most days, and until midnight on Fridays and Saturdays (and there is a full bar).

Anyone who wants a sneak peek at the fare should act quick: He’s continuing his periodic Bistro Ordinaire evening pop-ups at Ordinaire Wine Bar on Oakland’s Grand Avenue on Thursday and Friday evenings, but only through the end of August. He’ll also be catering tonight (Tuesday) at Japanese barware store Umami Mart’s two-year anniversary in Old Oakland.

Kronnerburger: 4063 Piedmont Ave., Oakland,

10 Aug 17:00

GUN Linux: On the range with TrackingPoint’s new AR-15s

by Lee Hutchinson
A near-production model of TrackingPoint's AR 556, the 5.56mm NATO precision guided firearm.
Lee Hutchinson

Since first running into TrackingPoint at CES 2013, we’ve kept tabs on the Austin-based company and its Linux-powered rifles, which it collectively calls "Precision Guided Firearms," or PGFs. We got to spend a few hours on the range with TrackingPoint’s first round of near-production bolt-action weapons last March, when my photojournalist buddy Steven Michael nailed a target at 1,008 yards—about 0.91 kilometers—on his first try, in spite of never having fired a rifle before.

But big, heavy, bolt-action rifles were only the beginning, with the underlying idea being that the company would scale its weapons both up and also down in size. And, last month, we day tripped back out to the Best of the West range just outside of Austin in Liberty Hill to lay hands on TrackingPoint’s newest set of PGFs, the TP AR 556 and TP AR 762. Unlike the big XS-series long rifles we fired last time, these newest PGFs are semiautomatic carbines—the type of weapon that the media usually (and incorrectly) refers to as "assault rifles."

But the smaller form factor wasn’t the only thing that TrackingPoint had on tap for our demo that day. Last trip out, the highlight was hitting targets at 1,000 yards; this time, we’d be aiming at targets a bit closer in… but aiming through a tiny wearable screen while looking backward, over the shoulder.

Read 38 remaining paragraphs | Comments

08 Aug 17:46

The Islamic State (Part 1) | VICE News

by overbey

I keep wondering what Slavoj Žižek would say about ISIS. They are like an Islamophobe’s dream come true.

VICE gets a huge scoop-- a reporter embedded with ISIS.
07 Aug 03:48

Not your stereotypical artist


A++ for the “literally.”

Unlike your stereotypical artist, who more than likely ended up killing themself due to the deep undertow of depression, Mondrian sang a different song and dance. Literally.

07 Aug 19:39

Taiwan Bento set to open in Uptown Oakland

by Ethan Fletcher


Taiwan Bento - Bowl 1The fast-casual Taiwanese lunch spot, Taiwan Bento, is set to debut in Uptown Oakland.

Owner Stacy Tang says the restaurant, located at 412 22nd Street near Ike’s Place and Umami Burger, has passed all its inspections and will open early next week.

And true to her word, Tang’s menu will be a small, specialized one, catering to the quick-serve downtown lunch crowd. Entrees include minced braised pork, roasted chicken thigh, and Taiwanese sausage, all served in Bento boxes with a soft-boiled egg, rice, and seasonal veggies, as well as a braised beef noodle soup. Click here for the full menu.

Tang—who takes over the space previously set for Taiwanese noodle house Pi Dan that was cancelled after the passing of the owner—is a first-time restaurateur. But the Taiwan native has been getting a crash course in the kitchen of Picán under the guidance of executive chef Sophina Uong.

Check for an official opening date.

Taiwan Bento: 412 22nd St, Oakland,

07 Aug 16:50

In major shift, Google boosts search rankings of HTTPS-protected sites

by Dan Goodin

In a shift aimed at fostering wider use of encryption on the Web, Google is tweaking its search engine to favor sites that use HTTPS to protect end users' privacy and security.

Sites that properly implement the transport layer security (TLS) protocol may be ranked higher in search results than those that transmit in plaintext, company officials said in a blog post published Wednesday. The move is designed to motivate sites to use HTTPS protections across a wider swath of pages rather than only on login pages or not at all. Sites that continue to deliver pages over unprotected HTTP could see their search ranking usurped by competitors that offer HTTPS. Facebook is also getting more serious about encryption, with plans to acquire PrivateCore, a company that develops encryption software to protect and validate data stored on servers.

In Wednesday's post, Google Webmaster Trends Analysts Zineb Ait Bahajji and Gary Illyes noted that Google was among the first sites to offer end-to-end HTTPS protection by default across virtually all of its properties. It has also offered a variety of tools to help sites detect and recover from security breaches. They went on to write:

Read 2 remaining paragraphs | Comments

06 Aug 22:43

California man sues Sony over Killzone’s 1080p graphics claims

by Kyle Orland

A serious lawsuit, by serious people, for a serious cause.

The latest generation of game consoles has led to a fair share of pixel-counting debates and complaints from gamers and developers. But they all pale in comparison to the proposed class action lawsuit just filed against Killzone: Shadow Fall maker Sony Computer Entertainment, which accuses the game of falsely advertising 1080p graphics it did not deliver.

In the complaint (PDF) filed yesterday in California's Northern District federal court, plaintiff Douglas Ladore notes that Sony promised 1080p single and multiplayer graphics in advertisements and interviews for Killzone: Shadow Fall before the game was released last November. The game's packaging also features a "1080p HD video output" logo on the back of the box.

But, as Digital Foundry pointed out in a March analysis, Killzone's multiplayer mode actually outputs natively in 960x1080 resolution, half of the 1920x1080 standard for "1080p." To output full 1080p graphics, this source image is fixed with a "temporal upscale" that fills in gaps with a horizontal interlace made up of pixels from the previous frame. The result is graphical performance that the lawsuit (and many reviews) call "blurry to the point of distraction."

Read 4 remaining paragraphs | Comments

06 Aug 13:15

Children's Books for Your Pro-Open Carry Family?

by Josh Marshall

Are there wholesome children's books that cater to your pro-open carry lifestyle? There are now. "My Parents Open Carry" has just debuted so we can make sure young children are more acquainted with ubiquitous gun ownership.

05 Aug 19:30

Animal rights activists smash Star Grocery windows

by Frances Dinkelspiel

“veganarchist lone wolf”

The window that was vandalized at Star Grocery on Claremont Avenue. Photo: Frances Dinkelspiel

The window that was vandalized at Star Grocery on Claremont Avenue. Photo: Frances Dinkelspiel

Two FBI agents visited Star Grocery on Claremont Avenue on Monday to investigate a broken window the government believes was smashed by animal rights activists.

The large plate glass window of the market, which has been run by the Pappas family since 1922, was smashed around 2 a.m. on Sunday, July 27, according to Nick Pappas, the store’s owner. He wasn’t aware of the animal rights connection until the FBI contacted him a few days later, he said.(...)

Read the rest of Animal rights activists smash Star Grocery windows (256 words)

By Frances Dinkelspiel. | Permalink | 38 comments |
Post tags: animal rights activists, Bite Back magazine, FBI, Nick Pappas, Pappas family, Star Grocery

04 Aug 02:10

EACS - European Association for Chinese Studies - Report: The Deletion of Pages from EACS Conference materials in Braga (July 2014)

by overbey
Will this finally wake scholars up to the fact that dealing with the Confucius Institute in any way will inevitably corrupt and distort the scholarly enterprise?
05 Aug 22:15

Groupon lost over $60 million in first half of 2014, stock tanks 15 percent

by Cyrus Farivar

Can’t wait to see this enterprise fold.

There was a reason that we wondered in early 2013 if Groupon would make it to 2014—the company is hemorrhaging cash, and the situation has just gotten a lot worse.

According to the company’s latest earnings report published on Tuesday, the online deals site sustained a net loss of $22.8 million in the second quarter of 2014—approximately triple the level of losses the company had during the same period a year ago. During the first half of 2014, Groupon lost over $60.6 million, or over five times what it lost during the first half of 2013. From 2009 through 2013, Groupon has incurred total net losses of over $820 million.

Unsurprisingly, the stock price took a hit today—as of this writing, Groupon has plummeted over 15 percent in after-hours trading, hovering just under $6 per share. By comparison, Groupon closed at just over $26 per share after its first day as a publicly traded company back in November 2011.

Read 2 remaining paragraphs | Comments

04 Aug 16:43

Curbside Creamery opens in Oakland’s Temescal Alley

by Ethan Fletcher
Curbside's Tori Wentworth and Matt Matt Badenhob

Curbside’s Tori Wentworth and Matt Badenhob

Curbside Creamery opened this weekend for business in Oakland’s Temescal Alley, just in time for First Friday. The highly anticipated ice cream parlor becomes the latest mobile food success story to make the transition to brick and mortar: Owner Tori Wentworth got her start last year selling her vegan ice cream sandwiches from a freezer-equipped tricycle.

At the store she’ll be offering ice cream and ice cream sandwiches in both vegan (which she makes from hand-ground cashews) and traditional (which she makes from Staus Family dairy) options. Curbside will not feature a lot of exotic choices; rather it’ll focus on classic, family friendly flavors.

“I wanted to create a more nostalgic feel, something a little more old fashioned,” says Wentworth, who makes her ice cream out of a commercial kitchen in Uptown Oakland.

photo-10Flavors on the opening day menu included cinnamon, salted caramel, vanilla malt ball, and mint chip for dairy and Dutch chocolate, Earl Gray, and peanut butter fudge for vegan. Ice cream sandwiches include vanilla on gingersnap, chocolate-chocolate chip on peanut butter, and strawberry on vanilla shortbread (the last two are vegan). Eventually, once she can afford it, Wentworth also hopes to introduce soft serve (vegan and dairy).

The Curbside trike, meanwhile, has not been put into storage: it can still found on weekends at the Grand Lake and Temescal farmers markets.

Hours: Noon to 8 p.m., Tuesday through Sunday.

Curbside Creamery: 482 49th Street (in Temescal Alley), Oakland,

03 Aug 01:56

Finding Agreement

by Josh Marshall

“The only alternative to continuing the Israeli military operation is simply to follow Jesus Christ and turn the other cheek. I never agreed with Jesus Christ about the need to turn the other cheek to an enemy. Unlike European pacifists I never believed the ultimate evil in the world is war. In my view the ultimate evil in the world is aggression, and the only way to repel aggression is unfortunately by force. That is where the difference lies between a European pacifist and an Israeli peacenik like myself. And if I may add a little anecdote: A relative of mine who survived the Nazi Holocaust in Theresienstadt always reminded her children and her grandchildren that her life was saved in 1945 not by peace demonstrators with placards and flowers but by Soviet soldiers and submachine guns.”

Let me speak entirely for myself for a moment. The Israelis and Palestinians, under various names, have been in an unending battle for a century, arguably longer. There is so much history, such ingrained competing narratives, so much emotion, such a hate-drenched interlocking of two victimized peoples that I find it very hard to point to any one person and say: Yes, this person says what I would say. I agree with that. But for me here's that person: Amos Oz, speaking here in an interview with Deutsche Welle.

01 Aug 15:43

Buzzfeed Upset About Twitter Account That Spoils Their Clickbait Headlines

by John Gruber

File this one under “That’s rich.”

02 Aug 17:18

Thousands of Mozilla developers’ e-mail addresses, password hashes exposed

by Dan Goodin

E-mail addresses and cryptographically protected passwords for thousands of Mozilla developers were exposed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday.

About 76,000 e-mail addresses and 4,000 password hashes were left on a publicly accessible server for about 30 days beginning June 23, according to a blog post. There is no indication the data was accessed, but Mozilla officials investigating the disclosure can't rule out the possibility. Hackers who might have managed to crack the hashes wouldn't be able to use the passwords to access Mozilla Developer Network accounts, but they may be able to access other user accounts secured with the same cracked passcode. The glitch was touched off when a data "sanitization" process failed, causing the addresses and hashes to be dumped to a publicly accessible server.

"We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you," Stormy Peters, director of developer relations, and Joe Stevensen, operations security manager, wrote. They continued:

Read on Ars Technica | Comments

01 Aug 14:42

One of Google’s mystery barges has been sold and is shipping out

by Casey Johnston

One of Google's mysterious party/showroom barges has reportedly been sold and will be shipping out of its location in Portland, according to a report from the Portland Press Herald. The barge was transferred to a new terminal Wednesday, and the terminal's owner states that it's preparing to ship out to a new owner shortly.

When the four Google barges first turned up on both the East and West coasts, reports indicated that Google intended them to be a show floor for projects in work, such as Google Glass and the company's self-driving car technology. Onboard two of the barges were structures made of 40-foot shipping containers that could be put together, rearranged, and transported as needed. The structures also reportedly included a "party deck" and various amenities for receiving clients, business partners, and VIPs.

As of fall 2013, little work had been done on the two barges parked in Portland and San Francisco Bay, and the two others in San Francisco's Treasure Island and New London, CT didn't even have superstructures to support future development. Portland collected property taxes on the barge parked there to the tune of $400,000. In February, the San Francisco Bay Conservation and Development Commission told Google it needed to move its barge out.

Read 1 remaining paragraphs | Comments

31 Jul 20:41

Doughnut Dolly opening in Berkeley next Wednesday with new menu items

by Ethan Fletcher
Photo: Robert Birnbach

Photo: Robert Birnbach

Popular fried sweets purveyor Doughnut Dolly is set to debut its second location next week in Berkeley. According to owner Hannah Hoffman, her larger new shop has passed inspections and will be open for business at 7 a.m. Wednesday (August 6) morning. It’ll be located in a newly redeveloped section of West Berkeley at 1313 9th Street on Gilman Avenue, right next to a just-opened Philz Coffee location, and across the street from a planned new Whole Foods. The same property will also be home to new branch of small Southeast-based burger chain, Farm Burger, expected to open in a few months.

“I’m really excited to be a part of this neighborhood,” Hoffman says. “There’s going to be a lot to eat—I’m telling people to get those elastic pants ready!”

Similar to her Oakland location, which has been a hit since opening in Temescal Alley in 2012, the Berkeley shop will carry four versions of Hoffman’s yeast-raised doughnuts that are filled to order with various flavors—Naughty Cream, Inna strawberry jam, bourbon cream, and dark chocolate will be on the opening menu. But now, because she now has access to her own kitchen versus sharing a commercial space, Hoffman is planning some brand-new items.

While nothing will roll out for another few weeks or so, customers at both locations can expect additional doughnut-related offerings, such as a doughnut bread pudding. In addition, Hoffman is looking to offer her first savory items, starting with one daily-changing sandwich special, such as hangar steak, made with Acme bread. She’ll also be introducing espresso service.

Finally, one more sweet-savory hybrid treat in the pipeline to look forward to: a pulled pork doughnut.

Doughnut Dolly: 1313 9th Street, Berkeley,

29 Jul 15:09

Grover Norquist: He is going to Burning Man.

by overbey


29 Jul 11:00

Android crypto blunder exposes users to highly privileged malware

by Dan Goodin

“Adobe Flash in all but version 4.4, for instance, is permitted to act as a plugin for any other app installed on the phone, presumably to allow it to add animation and graphics support.” LOLLOLLLLLLL

A slide from next week's Black Hat talk titled Android Fake ID vulnerability.
Bluebox Security

The majority of devices running Google's Android operating system are susceptible to hacks that allow malicious apps to bypass a key security sandbox so they can steal user credentials, read e-mail, and access payment histories and other sensitive data, researchers have warned.

The high-impact vulnerability has existed in Android since the release of version 2.1 in early 2010, researchers from Bluebox Security said. They dubbed the bug Fake ID, because, like a fraudulent driver's license an underage person might use to sneak into a bar, it grants malicious apps special access to Android resources that are typically off-limits. Google developers have introduced changes that limit some of the damage that malicious apps can do in Android 4.4, but the underlying bug remains unpatched, even in the Android L preview.

The Fake ID vulnerability stems from the failure of Android to verify the validity of cryptographic certificates that accompany each app installed on a device. The OS relies on the credentials when allocating special privileges that allow a handful of apps to bypass Android sandboxing. Under normal conditions, the sandbox prevents programs from accessing data belonging to other apps or to sensitive parts of the OS. Select apps, however, are permitted to break out of the sandbox. Adobe Flash in all but version 4.4, for instance, is permitted to act as a plugin for any other app installed on the phone, presumably to allow it to add animation and graphics support. Similarly, Google Wallet is permitted to access Near Field Communication hardware that processes payment information.

Read 8 remaining paragraphs | Comments