Skip navigation
Help

Casey Johnston

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.
Original author: 
Casey Johnston

Few Internet frustrations are so familiar as the password restriction. After creating a few (dozen) logins for all our Web presences, the use of symbols, mixed cases, and numbers seems less like a security measure and more like a torture device when it comes to remembering a complex password on a little-used site. But at least that variety of characters keeps you safe, right? As it turns out, there is some contrary research that supports both how frustrating these restrictions are and suggests it’s possible that the positive effect of complexity rules on security may not be as great as long length requirements.

Let's preface this with a reminder: the conventional wisdom is that complexity trumps length every time, and this notion is overwhelmingly true. Every security expert will tell you that “Supercalifragilistic” is less secure than “gj7B!!!bhrdc.” Few password creation schemes will render any password uncrackable, but in general, length does less to guard against crackability than complexity.

A password is not immune from cracking simply by virtue of being long—44,991 passwords recovered from a dump of LinkedIn hashes last year were 16 characters or more. The research we describe below refers specifically to the effects of restrictions placed by administrators on password construction on their crackability. By no means does it suggest that a long password is, by default, more secure than a complex one.

Read 13 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Casey Johnston

Casey Johnston

Aereo, a service that streams over-the-air channels to its subscribers, has now spent more than a year serving residents of New York City. The service officially expands to Boston tomorrow and is coming to many more cities over the next few months, including Atlanta and Washington, DC. Aereo seems like a net-add for consumers, and the opposition has, so far, failed to mount a defense that sticks.

But the simple idea behind Aereo is so brilliant and precariously positioned that it seems like we need to simultaneously enjoy it as hard as we can and not at all. We have to appreciate it for exactly what it is, when it is, and expect nothing more. It seems so good that it cannot last. And tragically, there are more than a few reasons why it may not.

A little about how Aereo works: as a resident of the United States, you have access to a handful of TV channels broadcast over the air that you can watch for free with an antenna (or, two antennas, but we’ll get to that). A subscription to Aereo gets you, literally, your very own tiny antenna offsite in Aereo’s warehouse. The company streams this to you and attaches it to a DVR service, allowing you both live- and time-shifted viewing experiences.

Read 14 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Casey Johnston


Pichai seems open to Android meaning lots of different things to lots of people and companies.

It Came from China

An interview with Sundar Pichai over at Wired has settled some questions about suspected Google plans, rivalries, and alliances. Pichai was recently announced as Andy Rubin’s replacement as head of Android, and he expressed cool confidence ahead of Google I/O about the company’s relationships with both Facebook and Samsung. He even felt good about the future of the spotty Android OS update situation.

Tensions between Google and Samsung, the overwhelmingly dominant Android handset manufacturer, are reportedly rising. But Pichai expressed nothing but goodwill toward the company. “We work with them on pretty much almost all our important products,” Pichai said while brandishing his own Samsung Galaxy S 4. “Samsung plays a critical role in helping Android be successful.”

Pichai noted in particular the need for companies that make “innovation in displays [and] in batteries” a priority. His attitude toward Motorola, which Google bought almost two years ago, was more nonchalant: “For the purposes of the Android ecosystem, Motorola is [just another] partner.”

Read 5 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Casey Johnston


Why are there so many password restrictions to navigate? Characters want to be free.

Daremoshiranai

The password creation process on different websites can be a bit like visiting foreign countries with unfamiliar social customs. This one requires eight characters; that one lets you have up to 64. This one allows letters and numbers only; that one allows hyphens. This one allows underscores; that one allows @#$&%, but not ^*()[]!—and heaven forbid you try to put a period in there. Sometimes passwords must have a number and at least one capital letter, but no, don’t start the password with the number—what do you think this is, Lord of the Flies?

You can’t get very far on any site today without making a password-protected account for it. Using the same password for everything is bad practice, so new emphasis has emerged on passwords that are easy to remember. Sentences or phrases of even very simple words have surfaced as a practical approach to this problem. As Thomas Baekdal wrote back in 2007, a password that’s just a series of words can be “both highly secure and user-friendly.” But this scheme, as well as other password design tropes like using symbols for complexity, does not pass muster at many sites that specify an upper limit for password length.

Most sites seem to have their own particular password bugaboos, but it’s rarely, if ever, clear why we can’t create passwords as long or short or as varied or simple as we want. (Well, the argument against short and simple is concrete, but the others are not immediately clear). Regardless of the password generation scheme, there can be a problem with it: a multi-word passphrase is too long and has no symbols; a gibberish password is too short, and what’s the % doing in there?

Read 12 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Casey Johnston


All the bits and pieces that go into a pair of virtual reality goggles.

iFixit

iFixit posted a teardown of the Oculus Rift headset Wednesday to see what, exactly, the virtual reality headset is made of. The teardown reveals the types of screens and controllers the Oculus Rift uses, and though the score is preliminary, iFixit gave it a 9 out of 10 user repairability score—unusual in the glue, tape, and Torx screw times we now live in.

The Oculus Rift uses one 1280×800 LCD that is split down the middle to show one image each to the right and left eye to create a 3D image. The display is an Innolux HJ070IA-02D 7-inch LCD panel, provided by the same distributor rumored to be Apple’s source for replacement iPad mini screens. A custom-designed Oculus Tracker V2 board pings to track the headset's motion at a 1000Hz refresh rate.

The chips inside the device include an STMicroelectronics 32F103C8 Cortex-M3 microcontroller with a 72MHz CPU and an Invensense MPU-6000 six-axis motion tracking controller that has both a gyroscope and accelerometer. There is also a chip named A983 2206, which iFixit suspects is a “three-axis magnetometer, used in conjunction with the accelerometer to correct for gyroscope drift.”

Read 2 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Casey Johnston


"I forgot how fun it was to read a school textbook."

j.lee43

There exists a textbook that will report back to your professors about whether you’ve been reading it, according to a report Tuesday from the New York Times. A startup named CourseSmart now offers an education package to schools that allows professors to, among other things, monitor what their students read in course textbooks as well as passages they highlight.

CourseSmart acts as a provider of digital textbooks working with publishers like McGraw-Hill, Pearson, and John Wiley and Sons. The NY Times describes books in use at Texas A&M University, which present an “engagement index” to professors that can be used to evaluate students’ performance in class.

The article cites a couple of examples where professors attribute students’ low grades to the CourseSmart-provided proof that the student never, or rarely, opened their books. The engagement index shows not only what, but when, students are reading, so if they opt not to peruse the textbook until the day or night before a test, the professor will know.

Read 2 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Casey Johnston


A demo of how to use the mirror API and its output during Timothy Jordan's talk.

If you’re looking for a taste of what it will be like to develop for Google Glass, the company posted a video demonstrating the hardware and a little bit of the API on Thursday. Timothy Jordan, a senior developer advocate at Google, gave a talk at SXSW in early March that lasted just shy of an hour and gave a look into the platform.

Google Glass bears more similarity to the Web than the Android mobile operating system, so developing for it is simpler than creating an Android application. During the talk, Jordan goes over some the functionality developers can get out of the Mirror API, which allows apps to pop Timeline Cards into a user’s view, as well as show new items from services the user might be subscribed to (weather, wire services, and so forth).

Jordan also shows how users can interact with items that crop up using the API. When the user sees something they like, for instance, they can re-share it with a button or “love” it.

Read 1 remaining paragraphs | Comments

0
Your rating: None


Samsung has built itself a Android dynasty with its Galaxy phones.

Casey Johnston

Over the last three years, Samsung has risen to become the unequivocal success story for the Android platform. Not only is it the only profitable manufacturer, but it has also spent the last couple of years striking more and more fear into the heart of its mobile arch nemesis, Apple.

As its competitors sprayed Android handsets over the retail scene like buckshot with micro-variations and diverse UI skins, Samsung quickly focused and put most of its effort into creating and promoting a flagship line of handsets. The company set aside support for increasingly niche features like hardware keyboards or confusing, subtle model tweaks in favor of focusing on one quality handset.

Now, the Samsung Galaxy line is unquestionably the most successful one in the history of Android. The most recent version, the Galaxy S III, even briefly displaced the iPhone as the top-selling smartphone for the third quarter of 2012, according to one source. Even Google is reportedly afraid of how successful Samsung has become with its mobile business.

Read 19 remaining paragraphs | Comments

0
Your rating: None


Google reached out to LG for the first time in making a partnership Android device last fall; is it trying to keep its distance from Samsung?

Google

Google is getting concerned about Samsung’s dominance in the Android handset scene, according to a report Monday from the Wall Street Journal. Google is allegedly meeting with other companies to work together and help them become more competitive against the runaway Samsung. Samsung currently owns Android phone sales in nearly every important metric, including unit shipments and profitability.

The WSJ noted that Google’s senior VP of mobile and digital content, Andy Rubin, stated last fall that Google and Samsung’s union had obviously been fruitful, but the company could become a concern if it gained much more footing in sales. Google’s specific concern, according to the WSJ, is that Samsung “has become so big… that it could flex its muscle to renegotiate their arrangement and eat into Google’s lucrative mobile ad business.”

A renegotiation could also afford Samsung perks like earlier access to new versions of Android. It could give Samsung more weight to throw around in creating partnership devices with Google, such that it doesn't feel the need to compromise and then later one-up itself, as happened with the Galaxy Nexus and then Galaxy S III.

Read 3 remaining paragraphs | Comments

0
Your rating: None


Researchers put a Galaxy Nexus on ice to demonstrate how low temperatures give access to data in the phone's memory.

Erlangen University

An Android phone’s passcode or pattern lock screen may be no match for a freezer, according to new research from scientists at Erlangen University in Germany released Thursday. After chilling a Galaxy Nexus in a freezer, the researchers were able to bypass security settings and read from the phone’s memory by using a "cold boot" attack.

Cold boot attacks, first demonstrated on PCs in 2008, rely on data remanence, wherein the RAM inside a computer retains some residual information after the computer is shut down for a short amount of time. If the computer is cold-booted (turned on and off quickly enough such that the shutdown isn’t complete), attackers can reboot with an alternate operating system (via a USB drive, for instance) that instructs the computer to dump the remnants of information still stored in the memory.

As it turns out, phones are vulnerable to the same kind of attack, but they require a different approach. Smartphones also retain information in memory after shutdown, but only for a second or two. It’s also more difficult to shortchange the shutdown process in a phone because it power-cycles too slowly by default for a two-second memory access window to be useful. The researchers in Germany found that if they chilled the phone down to freezing temperatures, information will linger in the memory for five or six seconds—long enough to pull data out with a computer.

Read 3 remaining paragraphs | Comments

0
Your rating: None