Reading Materials – Issue 8

Disclaimer: These were all the links in my read later for this week. It doesn’t mean that I agree of approve any of the content. The longest ones will be included in hr to keep them separated from the rest of the content.

Notice: Some of the links may be either explicit or may disturb someone. It should be obvious (99% of the times it will) from the title if that’s the case or not . Proceed at your own risk.

Your Android unlock pattern sucks as much as your password did

77% of patterns start in one of the corners; 44% start in the top left corner; they average five nodes (many have four!); they generally move left-right/top-bottom. Young men pick the strongest patterns; left-handers have the same start-points as righties. Oh, and a lot of people just swipe a Roman alphabet letter.

How I came to find Linux

The anatomy of a DDoS extortion attempt

Subject: DDOS ATTACK!

Hello,

To introduce ourselves first:

http://bitcoinbountyhunter.com/bitalo.html

http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info

So, it’s your turn!

Your sites are going under attack unless you pay 40 Bitcoin.

Pay to [***]

Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400–500 Gbps, so don’t even bother. Or at least not with cheap protection like CloudFlare or Incapsula. But OK, you can try.

Right now we are running small demonstrative attack on one of your IPs.

Don’t worry, it will not be hard and will stop in 1 hour. It’s just to prove that we are serious.

We are aware that you probably don’t have 40 BTC at the moment, so we are giving you 24 hours to get it and pay us.

You can pay directly through exchanger to our BTC address, you don’t even need to have BTC wallet.

Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.

IMPORTANT: You don’t even have to reply. Just pay 40 BTC to the identifier provided – we will know it’s you and you will never hear from us again.

We say it because for big companies it’s usually the problem as they don’t want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: [***}

But if you ignore us, and don’t pay within 24 hours, long term attack will start, price to stop will go to 100 BTC and will keep increasing for every hour of attack.

IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!

We do bad things, but we keep our word.

Thank you.

[…]

“Basically, we activate Prolexic by routing our traffic through Akamai’s networks. They use BGP, or Border Gateway Protocol, to distribute our incoming data and check for signs of DDoS attacks. It’s pretty easy for them to tell which constitutes good traffic and which are just bogus packets, so they shut down the data streams from the illegitimate sources and allow only the valid data to reach our own networks. It’s a temporary measure only, since we don’t need them to scrub our traffic unless there’s an active issue,” Jeremy explained.

Akamai offers a DDoS Hotline for Emergency DDOoS Protection to get those shields up fast. Akamai claims they have “2.8 Tbps of DDoS protection capacity” and they block “40–50 DDoS attacks every week.” Jeremy’s company activated the service before the threatened deadline, then monitored their incoming network traffic to see if anything unusual occurred.

Yes, The Appeals Court Got Basically Everything Wrong In Deciding API’s Are Covered By Copyright

How projects actually ship

my phone is only 80% reversible – TAKE MY MONEY

Writing a Game Boy Advance Game

AppCode 3.2 RC2

The best lazy loading implementation available. – Images

Cross-platform UI in GitHub Desktop

Ashley Madison Hackers Speak Out: ‘Nobody Was Watching’

What was their security like?
Bad. Nobody was watching. No security. Only thing was segmented network. You could use Pass1234 from the internet to VPN to root on all servers.

When did you start hacking them? Years ago?
A long time ago. [Note: in a README file in the first data dump, the hackers wrote that they had been collecting information from the company “over the past few years.”]

Will The Impact Team be hacking any other sites in the future? If so, what targets or sort of targets do you have in mind?
Not just sites. Any companies that make 100s of millions profiting off pain of others, secrets, and lies. Maybe corrupt politicians. If we do, it will be a long time, but it will be total.

How to fix a bad user interface

An honest guide to the San Francisco startup life

Gluten-free people don’t eat glue, which is a stupid diet to be on because no rational person eats glue. Based on that logic, I am on a painten-free diet because I don’t eat paint.
People on paleo only eat foods available to paleolithic humans, like Mammoths and Megalodon sharks.
Juice detoxers eat other people’s neurons because they don’t shut up about being on juice detox.

[…]

Ignore the novella length signature; the brevity rule doesn’t apply to it. Put anything there — legalese, a call to save trees, a motivational quote. Not many people know that Twitter started out as an email service for Silicon Valley professionals but didn’t catch on because it allowed way too many characters.
We don’t have meetings; meetings are to startups what kryptonite is to Spiderman — out of place. So we have all-hands*, one-on-ones, stand-ups, and huddles. Same goes for calls — we don’t make phonecalls. We sync-up, touch-base, or simply, connect. Make sure you set up the right one, or you may give people the impression that you are wasting their vocabulary.
The most sacred psalm of the startup-bible, though, is —
“Do things that don’t scale.”

How to Wrap Your Head Around Online Multiplayer

I made an Introduction to Data Structures for Python series. It’s a good jumping off point for people new to Python and computer science in general.

What crimes has Russia/USSR committed against your country?

I’m now an Estonian e-resident, but I still don’t know what to do with it

Estonian ID cards use open source public key-private key encryption (upgraded in 2011 to 2048-bit RSA), which allows government agencies to perform various secure functions online connected with a citizen’s identity.
[…]
As a regular PGP user, I recognized the value of signing and encrypting documents sent back and forth. In basic terms, the process ensures documents aren’t tampered with and confirms they originated from the right person.
We digitally signed both documents, cryptographically proving that they originated from us. But the part that I didn’t realize until another Estonian pointed it out on Twitter was that this simple action had the full force of Estonian law behind it.

16 Startup Metrics

We can end police violence in america

Nestle Pays Only $524 to Extract 27,000,000 Gallons of California Drinking Water

What happens to baggage at airports?

Hackpad

Hackpad is a web-based realtime wiki.

Basic CPU Tutorial

Creating a kill-switched VPN on Mac OS X

Kitchen Tips

GoLang – Stupid Gopher Tricks

Fire the workaholics

Spotify on the new Privacy Policy

The Suicide Girls Story

Are Lawyers Getting Dumber?

For people who just spent three years studying the intricacies of the law, with the expectation that their $120,000 in tuition would translate into a bright white-collar future, failure can wreak emotional carnage. It can cost more than $800 to take the exam, and bombing the first time can mean losing a law firm job.

The end of walking

In Orwellian fashion, Americans have been stripped of the right to walk, challenging their humanity, freedom and health

In 2011, Raquel Nelson was convicted of vehicular homicide following the death of her four-year-old son. Nelson, it’s crucial to note, was not driving. She didn’t even own a car. She and her three children were crossing a busy four-lane road from a bus stop to their apartment building in suburban Atlanta, Georgia. She’d stopped on the median halfway across when her son let go of her hand and stepped into the second half of the road. Nelson tried to catch him but wasn’t fast enough; she and her two-year-old daughter were also injured.

The driver admitted to having alcohol and painkillers in his system (and to being legally blind in one eye) and pleaded guilty to the charge of hit-and-run. He served six months in prison. For the crime of walking three tired, hungry children home in the most efficient way possible, Nelson faced more jail time than the man who had killed her son.

All of this because she was jaywalking.

Hacker Tools of Mr Robot

Race and Gender

Designing And Building Stockfighter, Our Programming Game

This coconut oil melted during a heat wave and later re-solidified. Why did it form this honeycomb structure?

As coconut oil is composed of a mixture of different fatty acids, it’s highly unlikely that you would obtain a single crystal from it
[…]
So we have a different process directing the structure here. It should be noted that hexagonal packing in 2D is the most efficient, hence it tends to be a natural default. But first let’s look at why it’s not just a continuous solid…
[…]
The result of this process of cooling, contraction, and joint formation can actually be observed in nature in the form of columnar basalt (also referred to as “columnar jointing” of basalt). Examples such as Giant’s Causeway in Ireland or Devil’s Tower in Wyoming. You can read up a bit about columnar basalt in this post by the American Geophysical Union, or this good roundup from 2010 in Wired. Given the connection to columnar basalt, I think that we should actually get a specialist in geology to comment here…

The Future of Developing Firefox Add-ons

I agree with a few comments on the article:

I’m somewhat skeptical, though, of making it impossible for users not running a “developer edition” to opt out, and accept less-reviewed addons. Not trusting users to make informed “opt-in” decisions is a bit insulting.

This is a big problem for govt contractors. We cannot legally release our addons to a third party, and Mozilla isn’t on our list of approved hosts (unlike Google).

Maze Classification

Milion lines of code – Infographic

This is just great.

Global Warming – Infographic

How Zapier Went From Zero to 600,000+ Users in Just Three Years

Findation

We’re trying to build the biggest possible database of foundation shade matches.

About StackOverflow

This site is all about getting answers. It’s not a discussion forum. There’s no chit-chat.

Swift Pattern Matching in Detail.

Inspirations for Trello

Star Wars The Force Awakens “Review” [SPOILERS!]

This post contains A LOT OF SPOILERS: Don’t read it if you haven’t watched the movie yet.

Watched it? Good. First things first, the movie is decent. I got into the theater thinking that it would be a pretty terrible movie and I came out thinking that it’s mediocre, so thumbs up (sorta).

The good points:

  • The characters and actors are really good. They play well together and the acting is top notch.
  • It’s 100% designed from the ground up to have the feel of a classical Star Wars movie.

The subjective point [I personally liked the prequels, but for the people who didn’t like them this can be added to ‘the good points’]:
– It’s 100% designed not to be like the prequels.

The bad points:

  • It has no soul. The movie doesn’t try anything new. I liked the prequels because they’re not an exact copy of the first trilogy, this movie is a perfect copy of episode 4 (+ a tiny bit of episode 5 and 6). If I’d want to watch Ep. 4 I’d go and watch that instead 😉 It would have been perfectly fine if it has 2/3 references to episode 4, but not this many and this obvious. And not as key foundations of the movie. This is my main complaint and the main reason why for me The Force Awakens is the worst Star Wars movie so far.

Annoying copies (in no particular order):

  • Droid gets an important message to deliver to the rebellion.
  • Droid wanders around on a desert planet.
  • “Death Star” destroys one (/ multiple) planet(/s).
  • “Death Star” targets the rebel base.
  • Rebels need to destroy the “Death Star” before it fires. How? They need to deactivate a shield generator and use their X/Y-wings torpedos to blow it up.
  • Han and Chewy surrender to an imperial platoon in the same exact way as Ep. 6.
  • When avoiding the Tie Fighters on Jakku, the tunnel (the inside of a broken Star Destroyer) is almost the same as the tunnel in the Death Star in Ep.6 + The way they exit such tunnel in The Force Awakens is basically the same as the way the Millennium Falcon exits the Death Star just before it blows up in Ep. 6.
  • A sith, wearing a black mask interrogates a rebel prisoner about the location of the droid with the plans (/ map).
  • A sith, wearing a black mask interrogates a rebel prisoner about the location of the secret rebel base.
  • The planet of the rebel base looks the same as the Yavin moon, hell even the base looks the same. This is not as bad as the others since it’s likely that different rebel bases may look similar and it’s not rare to find a planet with lot of trees in the Star Wars universe, but still they could have done something different easily.
  • Kylo Ren tells the officer on the Star Destroyer not to disappoint him, the same as Darth Vader (as before since Kylo Ren aspires to be like Vader this is not as bad as the previous ones, but pretty annoying nonetheless).
  • The Millenium Falcoon gets trapped by a tractor beam and pulled inside. The crew than smuggle themselves to avoid being detected. (Technically it’s not a compartment for smuggling in Ep.7, but it is basically the same thing.)
  • Imperial Commander (/Moff) feeling more powerful than the Sith that commands him (and showing it excplicitely, as with Darth Vader in Ep. 5).
  • One of the main characters dying from the hands of someone close to him (Ben / Han).

Not to talk about the plot inconsistencies:

  • Rey just touches a lightsaber for the first time and she’s a master at it (she used a stick before, but that’s nothing like a lightsaber. It would have been fine if it was a double bladed lightsaber, but it’s not). I would understand if we were talking about The Force, since it’s obvious that she’s way better than Kylo Ren at that.
  • Captain Phasma says that her Stormtroopers will be there in minutes to turn the shield back on. The room remains open and not guarded for 20+ mins and nothing happens.

PS. I understand that a lot of people loved the movie and that’s great. I just feel it could be so much better, if they didn’t try to just satisfy the fans at all cost – even going as far as sacrificing the plot for that.

You can let me know your opinion about the movie on Twitter.

The Best Content Blocker for iOS

People have been wondering which is the best Content Blocker for iOS since iOS9 came out supporting Content Blockers. 1Blocker is definitely the best one (the paid version) available on the App Store right now. But I went beyond that.

If you’re not interested in fancy animations and just want the quickest loading times without any ad crap or tracking just disable javascript everywhere, it’s that easy.

Settings -> Safari -> Advanced -> JavaScript -> Off.

And disable any content block since their job is done already for you.

You’re welcome.

NOTE: Of course this is an extreme solution and you will surely lose some rich content while doing so, but I feel like the compromise (on iOS) is acceptable. Of course I’d never do that on a Mac and I use a content blocker there (uBlock for Ads + Ghostery for Trackers).

ParseSWTableViewCell

I’ve always kept my close source projects (all of my apps and more) under source control on Bitbucket, but I’d never released an open source project until now.

It’s a swipeable Table Cell to use in conjunction with a PFTableViewController from Parse UI.

Just include the pod in your PodFile

pod 'ParseSWTableViewCell'

And make your TableViewCell class a subclass of “SWTableViewCell”.

You can find out more by reading the whole README here

Check if Anything in the app uses Advertiser Identifier

I had an app rightfully rejected for using an advertiser identifier while I stated that I didn’t. I was sure I didn’t have ads and I don’t track users using the Identifier so there was something out of place. Luckily a simple “grep” I found out that a framework was using it and promptly removed it.

  1. Move from the terminal to the folder of the project.

  2. Run:


grep -r ASIdentifierManager .
grep -r AdSupport.framework .
grep -r advertisingIdentifier .

[Having the . at the end is important, don’t delete that!]