Shared posts

24 Apr 16:01

Content Writer Awkwardly Shows Parents Around Website Where He Works

NEW YORK—Finally giving in to their requests to visit his place of employment, local content writer Adam Lundey awkwardly showed his parents around the website where he works, sources confirmed Thursday.

24 Apr 17:22

The Untouchable John Brennan

How did the candidate of hope and change turn into the president of secret kill lists, drone strikes hitting civilians, and immunity for torturers? The answer may lie in his relationship with the CIA director, a career bureaucrat turned quiet architect of a morally murky national security policy who isn’t going to let a little thing like getting caught spying on the Senate bring him down.
24 Apr 17:20

New Simulation Shows How The Pacific Islands May Have Been Colonized

by George Dvorsky

The 24 major island groups of the Pacific Ocean were settled by early Austronesians between 3,500 and 900 years ago, but little is known about how these isolated islands were colonized. Now, researchers have used epidemiological modeling to devise some compelling new ideas about how it was done.


24 Apr 13:47

Frank Ocean legally changes birth name

by djempirical

The man born Christopher Edwin Breaux has now legally become Frank Ocean.

Since his meteoric rise, we’ve always known Christopher Breaux by his musical moniker Frank Ocean. Now the singer has legally changed his name to Frank Ocean following delays that help up the proceedings since last year. Ocean followed all of the rules required for a legal name change including making announcements of it in local newspapers to ensure he is not attempting to commit fraud. According to TMZ the process was held up by “a driver’s license issue”.

In other news, Ocean, who just finished a tour with James Blake, will release his wildly anticipated new album this summer.

Original Source

24 Apr 09:00

Free Python In Education E-Book From O’Reilly #piday #raspberrypi @Raspberry_Pi

by Rebecca Houlihan


Get a free “Python In Education” e-book download via

This week PyCon is going on in Montreal – it’s the big worldwide Python conference – and for the occasion, O’Reilly asked our friend Nicholas Tollervey to write a free short book on Python in Education.

The book tells the story of Python, why Python is a good language for learning, how its community gives great support, and covers Raspberry Pi as a case study.

“You’ve probably heard about the computing revolution in schools, and perhaps you’ve even heard of the Raspberry Pi. The Python programming language is at the center of these fundamental changes in computing education. Whether you’re a programmer, teacher, student, or parent, this report arms you with the facts and information you need to understand where Python sits within this context.”

“Author Nicholas Tollervey takes you through the features that make Python appropriate for education, and explains how an active Python community supports educational outreach. You’ll also learn how Raspberry Pi is inspiring a new generation of programmers – with Python’s help.”

Nicholas visited Pi Towers in February to speak to Carrie Anne, Eben and me about why we think Python is suited to education. He asked Eben how the idea for the Raspberry Pi hardware came about and why there was a need for an affordable hackable device. He asked us about the Python libraries those in the community provided (particularly RPi.GPIO and picamera) that we consider part of our infrastructure for education and hobbyist users alike; and about the sorts of projects that engage, empower and inspire young learners – and of course the way they learn and progress. We discussed Minecraft Pi, hardware projects, Astro Pi, PyPy, teacher training and more.

Read more on teaching with Python from Nicholas and download the book for free from O’Reilly.

Read more

998Each Friday is PiDay here at Adafruit! Be sure to check out our posts, tutorials and new Raspberry Pi related products. Adafruit has the largest and best selection of Raspberry Pi accessories and all the code & tutorials to get you up and running in no time!

24 Apr 13:30

Scientists are testing MDMA as a PTSD treatment for veterans

by Thor Benson

About three years after his discharge from the US Marine Corps, Nicholas Blackston is in an unfamiliar office, starting to feel the effects of an unfamiliar drug: as he watches, an old-fashioned banker’s lamp in the office suddenly bursts into kaleidoscope fractals. While the MDMA Blackston’s been dosed with is usually more associated with raves, glow sticks, and rap lyrics, the chemical also has a second life as a medication used to heal psychological wounds.

An ideal patient In some ways, Blackston is an ideal patient for MDMA. He wasn’t responding to the drugs that are typically prescribed for PTSD, and he has an open mind when it comes to alternative treatments. Blackston is part of a study that’s revived interest in the original use of MDMA: therapy.

Blackston joined the Marine Corps when he graduated from high school in 2004 — as the war in Iraq was steadily intensifying. On December 20th, 2006, during his second deployment, Blackston was in the passenger seat of a Humvee in Ramadi, acting as the machine gunner. The Humvee was struck by a rocket-propelled grenade fired by an insurgent. New armor was installed on the driver’s side of the truck, but the RPG caused a piece of metal to shoot underneath the driver’s window and through the driver’s lap. The shrapnel pierced ammo cans at Blackston’s feet and caused an explosion. "I took shrapnel to my butt, legs, and left testicle," says Blackston. "My driver was killed."

Blackston remembers he had been laughing at some joke when everything became a "black void." The world around him seemed to be moving in slow motion; he felt no fear at the time. "I was really outside of myself," he says. The fear would come later.

blackston self-portrait

blackston self-portrait

A self-portrait entitled "Reflections of Mortality." (Blackston)

About six months after leaving Iraq — but while still in the military — Blackston discovered he didn’t feel like himself. He went to a military clinic in Camp Lejeune, North Carolina, where a computerized test flagged him for post traumatic stress disorder (PTSD). Blackston received the same treatment the majority of veterans with PTSD receive. The military doctors put him on Seroquel, an antipsychotic, and Zoloft, an antidepressant. The talk therapy he received was minimal; he says he had to wait six weeks between hour-long therapy sessions. "There was just so much time in between that the therapy sessions were pointless, and the medication just makes you feel like a zombie," he says.

"The medication just makes you feel like a zombie."

He finished his four years with the Marines in 2008; back home, he began studying at Trident Technical Community College in South Carolina. But the drugs made it harder to focus on his schoolwork — so he stopped taking them. He tried using marijuana and psychedelic mushrooms instead, which he describes as Band-Aids on his wounds. He had experienced suicidal thoughts. And that was when Blackston came across a study designed to treat PTSD with MDMA. "I was at the end of my rope. I was ready to try anything," he says.

Before becoming a participant in the study, which was conducted by the Multidisciplinary Association for Psychedelic Studies (MAPS), applicants have to do psychological tests to confirm they have PTSD and show that they’ve been taking prescription drugs that haven’t worked. Everything checked out for Blackston.

mdma pills

mdma pills

MDMA pills. (MAPS)

Patients like him have three 90-minute meetings with Dr. Michael Mithoefer and his wife Annie to get them oriented, Mithoefer tells The Verge. After that, they begin the MDMA-assisted psychotherapy sessions. The patients come into the office in the morning and take their pill. The therapists stay with the patients for eight hours, during which the session focuses on discussing the experiences that caused patients’ PTSD. Each MDMA-assisted session is one month apart; the therapists and patient discuss symptoms and general mental health regularly in between sessions over the phone or in person.

In the study, participants receive either low-, medium-, or full-dose MDMA — 30mg, 75mg, or 125mg, respectively. Patients who were in groups with lower doses have the option to receive three full doses one month after their second session; Mithoefer says everyone gets three full-dose sessions. Two months after the final session, an independent psychologist measures where the patient is on the Clinician-Administered PTSD Scale (CAPS). The test is conducted again a year later.

It's not clear how MDMA may help patients recover

It’s not clear how MDMA may help patients recover from PTSD. Imaging studies of PTSD have shown increased activity in the amygdala, the fear center of the brain, and decreased activity in the prefrontal cortex and in the hippocampus. Essentially, three parts of the brain are operating irregularly, which prevents people with PTSD from processing everyday experiences normally. However, once people take MDMA, there’s increased activity in the prefrontal cortex, and decreased activity in the amygdala — it basically evens out the scale so proper therapy can be done, Mithoefer says.

PTSD patients are often "too aroused or mostly numb" during therapy without MDMA; the drug helps therapy happen for them "meaningfully, without being overwhelmed by the fear," Mithoefer says.

sketch of blackston's trip

sketch of blackston's trip

Drawing by Blackston, based on what he saw during his MDMA trip. (Blackston)

Whatever the explanation, the results in small trials look promising. A previous study found 10 of 12 patients no longer registered PTSD on their CAPS scores after receiving MDMA-assisted psychotherapy. Mithoefer says his group hasn’t fully analyzed the results for the study Blackston participated in. He says the outcomes look similar to the first study so far; analysis will be released in May.

"I saw my whole past completely differently."

As for Blackston, he says MDMA and therapy cured him. He did three 75mg sessions and three full dose sessions, finishing in 2012 — and no longer registers on the PTSD scale. He views the trial positively. "I had a profound moment, I guess it felt like a bird’s-eye view of how everything went down [in Iraq] and why it happened," he says. "I was a machine gunner. I was supposed to take anyone out before they take us out, and getting hit was my responsibility, and my driver dying weighed a lot on me. I had that guilt for the longest time," he says. In therapy, he had a moment where he finally saw the big picture. "I saw my whole past completely differently," he says. "It no longer became something that was haunting me."

Blackston says he still has normal anxieties, but he turns to making art to stay relaxed. "I was so young to have life and death in my hands," he says. When he was still suffering from PTSD, he says he feared his own right hand, because that was his shooting hand. Now, he says he uses it to paint.

24 Apr 14:13

Ubuntu 15.04 Released, First Version To Feature systemd

by Soulskill
jones_supa writes: The final release of Ubuntu 15.04 is now available. A modest set of improvements are rolling out with this spring's Ubuntu. While this means the OS can't rival the heavy changelogs of releases past, the adage "don't fix what isn't broken" is clearly one 15.04 plays to. The headline change is systemd being featured first time in a stable Ubuntu release, which replaces the inhouse UpStart init system. The Unity desktop version 7.3 receives a handful of small refinements, most of which aim to either fix bugs or correct earlier missteps (for example, application menus can now be set to be always visible). The Linux version is 3.19.3 further patched by Canonical. As usual, the distro comes with fresh versions of various familiar applications.

Share on Google+

Read more of this story at Slashdot.

24 Apr 14:51

iFixit: Replacing the Apple Watch’s battery is easy, replacing the S1 is hard

by Andrew Cunningham

For as much as we've heard about the Apple Watch in the last month, we've heard almost nothing about the stuff that makes it (figuratively) tick. Apple mentioned the S1 "System in Package" back in September when it unveiled the watch, but the company has said almost nothing about it since, and we didn't know anything about battery capacity or the other components. Today, the teardown mages at iFixit have answered at least a few questions in their teardown of a 38 mm Apple Watch Sport, though concrete information about the S1's inner workings continues to elude us.

Some components were actually fairly easy to remove and replace. Though it's difficult to disconnect the display cable, the watch's screen comes off easily once you've heated the glue that holds it in place. The 205 mAh battery (around two-thirds to one-half the size of the batteries in Android Wear watches, which tend to run between 300 and 400 mAh) is easily lifted out and disconnected, since it's only held in place with light adhesive. The 42 mm model will have a slightly larger battery, but we don't know its exact capacity just yet.

Those components are the ones that will need to be replaced the most often, so it's good that they're pretty easy to get at. Unfortunately, the rest of the watch is harder to crack. The various cables, Taptic Engine, speaker, and buttons aren't too hard to remove aside from being tiny (and the fact that they're held in with minuscule tri-wing screws), but the S1 is a glued-in octopus of cables that's hard to remove without breaking stuff. Even once it was out, iFixit couldn't get a closer look at it—the silver cap isn't a heat spreader, but a "solid block of plasticky resin."

Read 1 remaining paragraphs | Comments

23 Apr 12:02

Except For Millennials, Most Americans Dislike Snowden

by samzenpus writes: Newsmax reports that according to according to KRC Research about 64 percent of Americans familiar with Snowden hold a negative opinion of him. However 56 percent of Americans between the ages of 18 and 34 have a positive opinion of Snowden which contrasts sharply with older age cohorts. Among those aged 35-44, some 34 percent have positive attitudes toward him. For the 45-54 age cohort, the figure is 28 percent, and it drops to 26 percent among Americans over age 55, U.S. News reported. Americans overall say by plurality that Snowden has done "more to hurt" U.S. national security (43 percent) than help it (20 percent). A similar breakdown was seen with views on whether Snowden helped or hurt efforts to combat terrorism, though the numbers flip on whether his actions will lead to greater privacy protections. "The broad support for Edward Snowden among Millennials around the world should be a message to democratic countries that change is coming," says Anthony D. Romero, executive director of the American Civil Liberties Union. "They are a generation of digital natives who don't want government agencies tracking them online or collecting data about their phone calls." Opinions of millennials are particularly significant in light of January 2015 findings by the U.S. Census Bureau that they are projected to surpass the baby-boom generation as the United States' largest living generation this year.

Share on Google+

Read more of this story at Slashdot.

24 Apr 02:16

(via Kotaku)


Mario Kart 8 DLC basically designed for otters and saucie

(via Kotaku)

21 Apr 04:13


24 Apr 04:47

Warriors vs. Pelicans final score, NBA playoffs 2015: 3 things we learned from Golden State's 20-point comeback

by Tim Cato

golden state is now 1-357 or so when down 20 at the half

This was going to be Anthony Davis' playoff moment, but the Warriors miraculously came back thanks to Stephen Curry.

Even when the Pelicans took a 20-point lead into the fourth quarter, there was always a lingering fear that Golden State was a quick scoring burst away from erasing the deficit. At any moment, the Warriors have shown they can rattle off a ridiculous run. On Thursday, it was a 54-30 one in the final quarter and overtime to overcome the feisty Pelicans, 123-119, in Game 3 and take a 3-0 lead in the series.

The Warriors weren't having their best night, with Stephen Curry missing a few of the looks he usually nails and their bench failing to produce. Anthony Davis, one day slated to sit atop the NBA's hierarchy, had been fantastic in front of his home crowd. Ryan Anderson was making jump shots with ridiculous degrees of difficulties.

But Golden State crept back into the game anyway, first by cleaning up the glass for second chance points and then by allowing a huge three-pointer to Curry. Up two, Davis split a pair of free throws, leaving the door cracked for Warriors heroics. Curry missed the first chance, but an offensive rebound led to this magical moment.

Many first-time playoff squads would fall apart in the ensuing overtime, but the Pelicans showed poise. Anthony Davis hit a crucial jumper after a Harrison Barnes three-pointer and then Ryan Anderson nailed one for New Orleans that made it a two-point game.

Free throws were traded, including a bizarre off-the-ball foul that gave the Pelicans one free throw and the ball back. Still down two, Anthony Davis drove to the rim but his shot was strong against tight defense. On a night that could have been all about him, his final shot fell short.

Here's three things we learned from the game.

1. This is the NBA's best team

On a night that wasn't their best, against an emotionally charged squad on their electric home court led by Davis, the Warriors really ought to have lost this game. They didn't. That's terrifying.

It's way too soon to anoint Golden State as anything other than the NBA's best regular season team -- they won 67 games and earned that title. But games like this are a reminder just how special a season they're having and just how dangerous they are when firing at every cylinder. Against a playoff team, they only needed to play Warriors basketball for one quarter and an extra five minutes, and it was still enough.

2. Ryan Anderson's jump shot caught a fever

As he heated up especially early in the fourth quarter, Anderson was doing his best Dirk impersonation, hitting contested mid-range shots sometimes off of only one foot.

He finished with 26 points on 10-of-14 shooting, including a huge overtime three-pointer that gave the Pelicans one final chance that they failed to capitalize on. It's still good to see the big man come up with some crucial shots after another injury-plagued season, and nothing about the 20-point blown lead falls on his shoulders.

3. The Warriors' bench didn't have it

Despite being the best team, the Warriors were still outscored on the floor without Curry this regular season. The bench unit could still be dangerous without him, but it was the starting five who did most of the heavy lifting on Golden State's path to 67 wins.

On Thursday, Shaun Livingston was a bright spot, scoring 12 points on seven shots. But microwave scorer Marreese Speights failed to ignite, shooting 1-of-7 and playing just 10 minutes. Leandro Barbosa and Andre Iguodala missed every three-point shot they attempted on their way to 4-of-14 combined shooting. Not every player will have "it" every night, but the Warriors can't have three of their four key substitutes struggle all at once. It almost cost them on Thursday. It will cost them later in this playoff run if it happens again.

24 Apr 05:12

Vancouver’s mayor is dating a Chinese pop star—and her mother has been arrested on corruption charges

by Lily Kuo
Vancouver mayor Gregor Robertson (left) during the Canadian Federation of Municipalities "Big City Mayors" conference in Toronto in February.

Vancouver mayor Gregor Robertson’s love life just got a little more complicated: Qu Zhang Mingjie, the mother of his pop star girlfriend, Wanting Qu, has been arrested by Chinese authorities on corruption charges.

According to Chinese state media (link in Chinese), Qu was detained this week, after having been sacked from her position at the Harbin provincial government in November over allegations of corruption in the sale of state assets.

Wanting Qu, 31, social-media-loving singer, was born in Harbin and is now based in Vancouver. She met Robertson, 50, while serving as the city’s tourism ambassador to China, and he confirmed their relationship with a selfie posted to the Chinese microblog Weibo on Valentine’s Day.

The singer has not said anything about the arrest, and Robertson’s office declined to comment about the case.

Here’s Wanting Qu and her mom, posted on Mother’s Day last year:

Instagram Photo

And here’s the happy couple:

Instagram Photo

Instagram Photo

Robertson has been criticized for his stance on China in the past. On a trip in 2010, he responded to questions about working with an authoritarian government by saying, “You can question how worthwhile democracy is in a lot of countries right now” and went on to praise China’s environmental policies. Robertson later apologized for his “poor choice of words.”

24 Apr 02:07

Anthony Davis' left arm extended to heaven on this putback slam

by Mike Prada


The ball is never safe from Anthony Davis' arms. Look how high he is!

24 Apr 03:03

Shaq does a flawless impression of a Louisiana accent

by Bill Hanstock

He's an expert. He went to LSU!

Well, you didn't say "gumbo," but other than that, you're our generation's Rich Little. Or Jeff Dunham, or whatever. Either way, never change, Shaq.

23 Apr 18:32

caseworkproductions: eunnieboo: so a few days ago i sat down for dinner and my mom handed me the...


via bl00



so a few days ago i sat down for dinner and my mom handed me the camera with a strange look on her face. all she said was “you need to see this” and i was like ?? okay

but then


that is my dad with a pigeon on his head.

SO OF COURSE MY REACTION WAS JUST “WHAT?! HOW??? HOW” and APPARENTLY when my dad was outside gardening, he saw it land on the roof of our house. and then it just. flew down. and landed on his head



like the other morning i stepped outside to call my dad in for lunch and the pigeon was just sitting on the front porch watching him work


best friends forever


I feel like this is something that would happen to my dad. It is, essentially, how we ended up with a pet squirrel when I was a child…

24 Apr 01:38


24 Apr 01:27

My best day had to be the day after I wrapped Guardians of the...

Courtney shared this story from Super Opinionated.

My best day had to be the day after I wrapped Guardians of the Galaxy. I was very homesick and coming home to my wife, and to my home, and to my son, who was at the time 13 months old. My wife told me “Hey listen, there’s a chance he won’t recognize you, but that’s okay that happens all the time. He doesn’t know — he might be a little shy.” So I came in there, and he just sat right up and he had this big smile on his face. He said ‘Daddy, daddy, daddy!’ I just started to cry, and he looked at me and he saw the tears in my eyes and he just started smiling, and doing bits immediately, to try and make me laugh. He’d jump up and down. And that just made me cry more. And he touched the tears on my face and everything. It was the first real human moment that happened between the two of us. I think he recognized that I was sad and he was essentially forgiving me for being gone so long. That was my best day.
23 Apr 22:39

Coming Distractions: Johnny Depp chills as mobster Whitey Bulger in the trailer for Black Mass

by Mike Vanderbilt

Benedict Cumberbatch as Bill Bulger
Adam Scott as FBI agent Robert Fitzpatrick

Any ill will Johnny Depp brought upon himself with last year’s Austin Powers reboot (that is what it was, right?) Mortdecai just might disappear with the new trailer for Black Mass.

Depp leads an all-star cast—including a mustachioed Adam Scott—in this adaptation of the 2001 book Black Mass: The True Story Of An Unholy Alliance Between the FBI and the Irish Mob by Dick Lehr and Gerard O’Neill. In the film, Depp portrays Whitey Bulger, the organized crime kingpin who at one time was second only to Osama Bin Laden on the FBI’s Ten Most Wanted Fugitives list.

The two-minute clip plays up mob movie tropes as Depp’s Bulger and David Harbour’s John Morris enjoy a big meal and discuss secret family recipes while a period-appropriate rock tune plays in the background. Depp appears to be acting this time around and not letting ...

23 Apr 22:58

A Climactic Duel Between a Flamethrower and a Fire Hose

by E.D.W. Lynch

never follow firehose

A firefighter armed with a fire hose faces off against a flamethrower in this video depicting a climactic duel between fire and water. As this second video shows, the ill-advised duel occurred more than once, and the outcome was by no means certain. There’s no mention of the identity of the videos’ creator or the people involved in the duel.

via reddit, The Awesomer

23 Apr 18:30

Newswire: Orange Is The New Black to introduce new character based on Martha Stewart

by John Teti

Time reports that Orange Is The New Black will debut a character based on Martha Stewart in its third season, which premieres June 12 on Netflix. Stewart was convicted in 2004 of conspiracy and obstruction charges stemming from an insider trading scandal, and the lifestyle maven served a five-month sentence in a prison not unlike Orange’s. Indeed, in the book that inspired the show, author Piper Kerman mentions that her prison in Danbury, Connecticut was nearly Stewart’s landing spot as well. But the feds ultimately sent Stewart to West Virginia, claiming that the Connecticut facility would be too accessible to news media.

Orange showrunner Jenji Kohan said that the character won’t be a complete Martha lookalike: She’ll be Southern, for instance, perhaps giving her a dash of Paula Deen. (All it takes is a dash, really.) When Time shared the news with Stewart herself at Tuesday ...

24 Apr 01:58

Music Industry Argues Works Entering Public Domain Are Not In Public Interest

by samzenpus
An anonymous reader writes: With news that Canada intends to extend the term of copyright for sound recordings and performers, the recording industry is now pushing the change by arguing that works entering the public domain is not in the public interest. It is hard to see how anyone can credibly claim that works are "lost" to the public domain and that the public interest in not served by increased public access, but if anyone would make the claim, it would be the recording industry.

Share on Google+

Read more of this story at Slashdot.

24 Apr 01:02

Netflix begins streaming The X-Files in HD

by Elizabeth Lopatto

'Though it originally aired in 4:3, the HD version suggests it was shot in widescreen and cropped for broadcast.'

Streaming on Netflix now: HD versions of the first 13 episodes of the greatest TV show of all time. You know, The X-Files.

The baker's dozen is appropriate for the 90s paranoia-fest, which stars David Duchovny as Agent Fox Mulder and Gillian Anderson as Agent Dana Scully, the two detectives attached to the titular files — which concerned all things paranormal. Though it originally aired in 4:3, the HD version suggests it was shot in widescreen and cropped for broadcast. Scully's furrowed brow and Mulder's pouty lower lip never looked better.

The first two seasons of The X-Files were extremely low-budget; many of the special effects were essentially strobe lights and tarp. But the special effects were never the point — when you know you have to create scares on a bare-bones budget, you write tension into the script. Early episodes like "Ice" work precisely because of the financial constraints placed on the show.

It's not clear why only the first 13 episodes are being offered in HD, but I'll take what I can get. Just look at how amazing Scully's skeptical face is in the pilot:

ugh mulder

ugh mulder

I mean.

Thanks, Erin!

24 Apr 01:12

Man of color

by awesomeocalypse

Its kind of amazing how much difference removing the desaturation effect makes. Even as someone who enjoyed Man of Steel a decent amount and is still looking forward to Batman v Superman, I kinda wish they had chosen this palette for Man of Steel.
23 Apr 16:21



via Russian Sledges

23 Apr 22:58

Dropbox is getting ready to launch a collaborative notes service

by Nathan Ingraham

shit, they're actually doing something with Hackpad after all

The last few years have seen Dropbox expand from its core cloud-synced storage offering to tackle other key components of the online life with its Mailbox email apps and Carousel photo storage app. Now, it looks like the company is getting ready to add another new product to its roster — yesterday, Dropbox quietly opened up a beta test for Dropbox Notes, a collaborative note-taking service. A sign-up page for the beta went live but offers few details beyond the goal of building "a new way for teams to write together." A quick screenshot shows an interface that closely resembles Google Docs, with clear indicators showing multiple people working on editing a text document.

There's no word yet on when this might launch or if it'll only be available to businesses who are signed up for Dropbox, but it's entirely possible this offering won't be consumer-focused. The beta signup page asks you to put in what company you work for, but Dropbox says that anyone is free to sign up for the beta, regardless of whether they work for a business that uses Dropbox.

Dropbox Notes

Dropbox Notes

This comes a few weeks after the first evidence of a new Dropbox note-taking platform came to light — as noted by TechCrunch, Dropbox Notes appears to be born out of the Hackpad service Dropbox purchased a year ago. Some users on Product Hunt found a way into a Dropbox-hosted tool called "Project Composer" but access was quickly closed down.

The latest new market Dropbox is going after

Regardless of its origin, expanding into collaborative notes makes a lot of sense for Dropbox — the company has long been trying to solve the problem of keeping Microsoft Office files shared between users in sync, with the most recent efforts involving a direct partnership between the two companies. Notes will certainly not be as robust as Word, but it could still be a good simple tool for collaborators to use without having to worry about version history.

Still, there are already a host of collaboration services out there, so whether or not Notes will take off remains to be seen. The last major, established market Dropbox tried to enter was photos with its Carousel app, but it remains a service that hasn't really got any major traction in the face of strong competition from Google, Facebook, Flickr, Apple, and a host of other players.

23 Apr 22:30

Your Password is Too Damn Short

by Jeff Atwood

'Stop requiring passwords altogether, and let people log in with Google, Facebook, Twitter, Yahoo, or any other valid form of Internet driver's license that you're comfortable supporting.'

go to hell

I'm a little tired of writing about passwords. But like taxes, email, and pinkeye, they're not going away any time soon. Here's what I know to be true, and backed up by plenty of empirical data:

  • No matter what you tell them, users will always choose simple passwords.

  • No matter what you tell them, users will re-use the same password over and over on multiple devices, apps, and websites. If you are lucky they might use a couple passwords instead of the same one.

What can we do about this as developers?

  • Stop requiring passwords altogether, and let people log in with Google, Facebook, Twitter, Yahoo, or any other valid form of Internet driver's license that you're comfortable supporting. The best password is one you don't have to store.

  • Urge browsers to support automatic, built-in password generation and management. Ideally supported by the OS as well, but this requires cloud storage and everyone on the same page, and that seems most likely to me per-browser. Chrome, at least, is moving in this direction.

  • Nag users at the time of signup when they enter passwords that are …

    • Too short: UY7dFd

    • Lack sufficient entropy: aaaaaaaaa

    • Match common dictionary words: anteaters1

This is commonly done with an ambient password strength meter, which provides real time feedback as you type.

If you can't avoid storing the password – the first two items I listed above are both about avoiding the need for the user to select a 'new' password altogether – then showing an estimation of password strength as the user types is about as good as it gets.

The easiest way to build a safe password is to make it long. All other things being equal, the law of exponential growth means a longer password is a better password. That's why I was always a fan of passphrases, though they are exceptionally painful to enter via touchscreen in our brave new world of mobile – and that is an increasingly critical flaw. But how short is too short?

When we built Discourse, I had to select an absolute minimum password length that we would accept. I chose a default of 8, based on what I knew from my speed hashing research. An eight character password isn't great, but as long as you use a reasonable variety of characters, it should be sufficiently resistant to attack.

By attack, I don't mean an attacker automating a web page or app to repeatedly enter passwords. There is some of this, for extremely common passwords, but that's unlikely to be a practical attack on many sites or apps, as they tend to have rate limits on how often and how rapidly you can try different passwords.

What I mean by attack is a high speed offline attack on the hash of your password, where an attacker gains access to a database of leaked user data. This kind of leak happens all the time. And it will continue to happen forever.

If you're really unlucky, the developers behind that app, service, or website stored the password in plain text. This thankfully doesn't happen too often any more, thanks to education efforts. Progress! But even if the developers did properly store a hash of your password instead of the actual password, you better pray they used a really slow, complex, memory hungry hash algorithm, like bcrypt. And that they selected a high number of iterations. Oops, sorry, that was written in the dark ages of 2010 and is now out of date. I meant to say scrypt. Yeah, scrypt, that's the ticket.

Then we're safe? Right? Let's see.

You might read this and think that a massive cracking array is something that's hard to achieve. I regret to inform you that building an array of, say, 24 consumer grade GPUs that are optimized for speed hashing, is well within the reach of the average law enforcement agency and pretty much any small business that can afford a $40k equipment charge. No need to buy when you can rent – plenty of GPU equipped cloud servers these days. Beyond that, imagine what a motivated nation-state could bring to bear. The mind boggles.

Even if you don't believe me, but you should, the offline fast attack scenario, much easier to achieve, was hardly any better at 37 minutes.

Perhaps you're a skeptic. That's great, me too. What happens when we try a longer password on the massive cracking array?

9 characters 2 minutes
10 characters 2 hours
11 characters 6 days
12 characters 1 year
13 characters 64 years

The generator is "only" uppercase, lowercase, and number. What if we add special characters, to keep Q*Bert happy?

8 characters 1 minute
9 characters 2 hours
10 characters 1 week
11 characters 2 years
12 characters 2 centuries

That's a bit better, but you can't really feel safe until the 12 character mark even with a full complement of uppercase, lowercase, numbers, and special characters.

It's unlikely that massive cracking scenarios will get any slower. While there is definitely a password length where all cracking attempts fall off an exponential cliff that is effectively unsurmountable, these numbers will only get worse over time, not better.

So after all that, here's what I came to tell you, the poor, beleagured user:

Unless your password is at least 12 characters, you are vulnerable.

That should be the minimum password size you use on any service. Generate your password with some kind of offline generator, with diceware, or a passphrase approach – whatever it takes, but make sure your passwords are all at least 12 characters.

Now, to be fair, as I alluded to earlier all of this does depend heavily on the hashing algorithm that was selected. But you have to assume that every password you use will be hashed with the lamest, fastest hash out there. One that is easy for GPUs to calculate. There's a lot of old software and systems out there, and will be for a long, long time.

And for developers:

  1. Pick your new password hash algorithms carefully, and move all your old password hashing systems to much harder to calculate hashes. You need hashes that are specifically designed to be hard to calculate on GPUs, like scrypt.

  2. Even if you pick the "right" hash, you may be vulnerable if your work factor isn't high enough. Matsano recommends the following:

    • scrypt: N=2^14, r=8, p=1

    • bcrypt: cost=11

    • PBKDF2 with SHA256: iterations=86,000

    But those are just guidelines; you have to scale the hashing work to what's available and reasonable on your servers or devices. For example, we had a minor denial of service bug in Discourse where we allowed people to enter up to 20,000 character passwords in the login form, and calculating the hash on that took, uh … several seconds.

Now if you'll excuse me, I need to go change my PayPal password.

[advertisement] What's your next career move? Stack Overflow Careers has the best job listings from great companies, whether you're looking for opportunities at a startup or Fortune 500. You can search our job listings or create a profile and let employers find you.
24 Apr 00:15

Arizona sheriff acknowledges investigation into judge's wife - Yahoo News

by gguillotte

this fucking guy

Arizona Sheriff Joe Arpaio dropped a bombshell in court Thursday, acknowledging his former lawyer had hired a private investigator to look into the wife of the federal judge presiding over a racial profiling lawsuit against the sheriff.
24 Apr 00:18

Gawker Buys $100,000 Email Chain From Judd Apatow

by gguillotte

not actually, but still

For mere mortals, moving is already a pain in the ass. For Hollywood producers? You also have to contend with Judd Apatow blowing up your spot to Gawker, just because your assistant forgot to use BCC on an email. Nathan Kahane, the producer behind This Is The End, the Harold and Kumar trilogy, and Juno, among others recently moved his production company Good Universe from Santa Monica to the dealmaking epicenter of Beverly Hills. His assistant, while sending out an updated address to the A-listers in his boss' address book, accidentally cc'd all the recipients whose initials have an A or B. The 200-plus person recipient list included the email addresses of studio heads such as Disney's Sean Bailey and New Regency's Pam Abdy, as well as celebs Judd Apatow, Casey Affleck, and Warren Beatty.
21 Apr 00:59

spiralcris: Ikunimals CHUKYUGAUChuChu of UtenaPenguin Nº2 of...


via Russian Sledges


  • Ikunimals CHUKYUGAU

ChuChu of Utena
Penguin Nº2 of Mawaru PenguinDrum
Ginko of YuriKuma Arashi