Posts by happygeek

And, of course, be on top of your broader security posture as many successful FB account breaches will come by way of keylogging malware, social engineering etc etc.

Bugs are, and always have been, a fact of life for the software developer. However, if Microsoft researcher Andrew Begel has his way, they could be a thing of the past. Last month a paper entitled 'Using Psycho-Physiological Measures to Assess Task Difficulty in Software Development' was published which Begel co-authored. This week, Begel spoke at the annual Microsoft Research Faculty Summit on the subject.

Basically what Begel and his research colleagues are saying is that the existing work looking at dealing with programming errors tends to focus on the "post hoc identification of correlations between bug fixes and code" and this isn't working. Instead, his team suggests, a new approach is needed to address the very real and very costly problem of code bugs. The new approach in question being to try and "detect when software developers are experiencing difficulty while they work on their programming tasks" and then, of course, stop them before they can go on to introduce bugs into their code.

This makes sense, as far as addressing the reasons why errors are introduced in the first place. Think about it, as a developer you are often asked to work very long hours with an unmovable deadline to be met. Your work involves staring at a screen for hours on end, producing something that is part of a finished product which can contain millions of lines of code. Combine the physical and mental stress and it's hardly surprising that errors are made, and then …

I always thought you were odd, now there is proof ;-)

Two pairs dedicated for home use? Is that one for upstairs and one down, or one formal and one casual? When do you wear the slippers if you also have shoes? Are the shoes for moving around in and the slippers for when you have sat down?

ROFL

The title of this post is: how to SEO a news website. Maybe there's a small clue in there?

shoes to wear in the house..

Also known as slippers :-)

That said, I wear by steel toecap para boots everywhere (indoors and out) and only take them off when I go to bed. Hate households where I am expected to remove my shoes before entering, so always wear totally minging socks just in case...

Welcome aboard

No, please do not share them here. These type of lists end up as a huge spam-fest and we are in the process of deleting them at the moment...

Thread closed.

I'm around, but it's hard to talk to someone who's making little sense. What has your Karl Marx post got to do with the price of fish?

Working day, however, I'll bite. I have been self-employed for the past 20+ years and when I started I would regularly work 12 or even 14 hour days. Now I start at 5.30am most days and I'm out of the office by 11.30am. So what's that, six hours total - take off half an hour for drinking coffee and using the toilet and I'm left with 5.5 hours of solid working time. Of course, it's not quite that straightforward as I also take my work with me and will find myself doing odd bits and bobs at home or in the coffee shop etc. I guess if you added it all up then I would probably put in an eight hour day all told.

The important thing is that it doesn't feel like an eight hour day, it feels like I work mornings only. That means I don't get as fatigued as I used to when I never left the office. Technology has made this possible. Not robots, but it's a start...

And to get back to the point of the OP, by only spending the morning at my desk I find myself out and about doing things (not sitting down) for much of the afternoon.

@deceptikon

James, suggesting a journalist could be disingenuous as in "pretending that one knows less about something than one really does" is scandalous. I have never heard such a thing ;-)

Why not just concentrate on providing a site with content that people will want to consume long term, rather than gaming Google?

If the site allows guest posting then the answer would be yes.

If the site does not allow guest posting then the answer would be no.

Next...

I have shaved my head (either totally or partly - I had a long dreadlocked mohawk for some years) for the best part of 20 years now, but have had a beard for most of that time. The beard has varied from a soul patch through to mutton chops and the current 'just let the bugger grow wild' hobo/unix beard look :)

I have contributed to the 'Real World Computing' section of PC Pro magazine here in the UK for, come the next edition, what will be 20 years. During all of the time contributors to the section, consisting of coders and IT consultants, have been affectionately known as beardies. This despite only a handful of us actually sporting the same.

Which got me to thinking, how many beardies are there on DaniWeb? More to the point, do beards and coders/developers/techies/geeks still get thought of as inseperable?

So, go on then, do you have a beard?*

*Ladies need not respond unless they really want to...

According to research commissioned by security vendor Bit9 + Carbon Black, nearly half (49%) of the organisations questioned admitted they simply didn't know if their businesses had been compromised or not. This uncertainty regarding cyber-attack detection ability comes in stark contrast to the 32% who confirmed they had been attacked during the previous 12 months and the 64% expecting to be targeted in the next 12 months.

Looking a little closer at the data, when it comes to who might be attacking them, hacktivists on 86% bizarrely came top of the list ahead of cyber-criminals with 77% and disgruntled employees on 61%. If those stats were a little odd, to say the least (hacktivists are the biggest threat to your business, really?) then the ones regarding XP were even more worrying.

Apparently some 74% of the 250 organisations queried were still running machines on Windows XP despite it having reached end-of-life status and the security implications that brings with it. In fact, only 29% of those still running XP had any plans to replace the OS.

One cannot help but wonder if the XP figures are in any way connected to the number of organisations running point-of-sale systems of which less than half were confident they could stop advanced threats or targeted attacks?

The average car is increasingly becoming a vehicle for the Internet; but does this also make it a vehicle for cybercrime? Security vendor Kaspersky Lab, in cahoots with Spanish digital media outfit IAB, reckons that software updates, in-car mobile apps and privacy are all areas which have ripe potential for the car crook to launch an attack.

Announcing the first 'Annual Connected Cars Study' which aims to provide an overview of the Internet car market, Kaspersky Lab and IAB hope that some unity can be provided to the pretty fragmented software ecosystem offered by car manufacturers currently.

In developing a proof of concept to analyse how safe it is to connect a car to the Internet, principal security researcher for Kaspersky Lab, Vicente Diaz, identified several likely attack vectors. The proof of concept, which was based on an analysis of the BMW ConnectedDrive system, revealed the following danger zones:

Stolen Credentials

Data needed to access BMW’s website could be stolen using traditional methods such as social engineering or keyloggers and could result in unauthorised third-party access to user information and, possibly, the vehicle itself by installing a mobile app to enable remote services before opening the car and driving off.

Mobile Applications

By activating mobile remote opening services on your phone a new set of virtual keys for your car are created which could give anyone who steals your smartphone instant access to your car. With the stolen smartphone it might then be possible to change database applications and bypass …

Which people? Seriously, I don't know anyone, not a single one, who still uses a directory site and I know a lot of people. This has been true for many years now. Search killed the directory model dead, as Dani says, as a doornail.

There is no doubt that SEO is an important part of the online marketing machine. Lest we forget, SEO stands for Search Engine Optimization and only a fool would imagine that they could do business online without being indexed by the Gods of Search (Google, Bing, Yahoo!) However, there is more to marketing your business than making it search engine friendly; and blowing your entire marketing budget on SEO could prove a costly mistake.

Traditionally, marketing your business (any business) has involved understanding who your customers are and how they think and feel. This is no different in the Internet age, but it is easier. Think of product marketing as participating in a conversation and the sale as a logical conclusion to your chat. The most obvious method of reading the market today, and engaging those potential customers, is social media. Forget 'conversation' as a marketing metaphor, with social media you can quite literally talk to the market. You need to think about Social Media Optimization, or SMO. So devote part of your budget to creating, and maintaining, a meaningful social media presence.

What do we mean by meaningful? Well anything other than token would be the glib answer, albeit pretty accurate. Don't just create an account because your competitors are on Facebook or Twitter, but create an account because you care about developing a relationship with the market. Create an account because you care about what that market thinks, and how it feels, about your product. Create an account …

The troublw ith adding +1 via anonymous voting is the ease with which it could, and would, be abused. Some folk have already 'gamed' the endorsement system by setting up multiple accounts to endorse them and others to try and gain rep (which didnt work, just saw every post upvoted many times for no good reason).

No books about SEO available? Really vinod1 - Amazon returns more than 11K results if you search for SEO in the books category.

Absolutely. If you don't know who the weak link is in the IT security chain, it's probably you. Back in the day, twenty years or so ago, we used to get a lot of help with with our 'unathorised network exploration activity' courtesy of searching skips and bins outside businesses for documents containing login data and the like; not much has really changed, apart from not needing to get your hands dirty in the dumpster of course.

I know what you mean about the 'working for yourself' thing. I often get told I have it easy, not least as I leave the office in the early afternoon. What people don't get is that I'm usually in the office at 5am while they are asleep, and that I work through until 1pm without breaks other than the odd five minutes to make a coffee or go to the loo. They don't see the juggling of deadlines and the pressure to get things done. They don't see that I do this seven days a week and, unless things are really bad, that includes when I am sick. They don't see the checking of emails and dealing with work stuff after I have left the office, right through to when I go to bed and until I fall asleep. They certainly don't see all the stress that accompanies being self-employed in a freelance capacity; the lack of security, uncertainty about if you will have a roof over your head next month, the certainty that you will never be able to afford to stop working...

All that said, I love my job and wouldn't want to do anything else :)

As a rule, people tend to upvote more than they do leave rep. The reputation stuff is usually reserved for posts that members have found really helpful/interesting or really annoying/useless.

As a platform, Android is naturally very attractive to the criminal fraternity in terms of potential profitability. After all, it has the market share and that nearly always means it has large numbers of users for whom the word security may as well be written in the Cyrillic alphabet. My analogy assumes, of course, that those are users not familiar with this particular script and I used it for good reason: new worms coming out of Russia are posing a threat to Android users.

Denis Maslennikov, a security analyst with AdaptiveMobile, has discovered a previously unknown worm called Selfmite. This comes hot on the heels of another Android worm called Samsapo which uses the old monetization chestnut of premium rate SMS message sending.

The Selfmite loader spreads using SMS as a transport mechanism, and once the malicious app is installed the worm itself propagates by sending a text message to users in the address book of the phone that has been infected rather than by doing the premium rate thing as you might expect. So how does Selfmite realise a profit?

Well, the messages it sends encourage users to install a legitimate app by way of an advertising platform which pays the worm author a small commission for every app installation. According to Maslennikov the worm is out in the wild, and unlike Samsapo which was largely targeted at Russian users, it has already been seen to be active on North American operator networks.

"SMS worms …

Back in the day, when I used to do gadget reviews for the likes of Pocket Lint, I got to see a whole bunch of these type of devices. Bearing in mind they were the earliest attempts at the technology, and I would hope the newest ones have improved, here's what I thought:

More style than substance, in that they had the wow factor but were as good as useless if you wanted to actually do anything productive with them. How responsive they were depended upon the quality of the surface the keyboard was projected upon, along with ambient lighting etc. Fast typing was all but impossible, so very much a case of slow and careful prodding in order to avoid mistakes.

Overall, my conclusion was that if you were not worried about fast typing then you may as well stick to whatever virtual keyboard was supplied with your smartphone/tablet. If you wanted to be able to actually type properly and produce some work beyond SMS or tweet then invest in a folding or portable physical keyboard.

As I say, this was a few years ago. However, the tech looks very similar to the stuff I played with back then. Honestly I would recommend buying from somewhere that allows returns, or find a hight street supplier and go play with it first.

Agreed. Which is why I have deleted the post you refer to :)

Hi Glen, a belated welcome to DaniWeb :)

Looks like that even $10 was too much. He posted a link elsewhere to a pirate ebook download site stating that he didn't care if it broke DaniWeb rules, then when I infracted him for it he deleted his membership. Oh well, another kid with 'toys out of pram' syndrome bites the dust...

When a dentist says 'your tooth may be a little sore tomorrow' after root canal work what they really mean is 'your face will feel like it is falling off, muhahahaha'.

Just saying... :(

Amazon has, this week, revealed the first smartphone designed by the online retail giant in the shape of the Amazon Fire. Described by the company as featuring "two new breakthrough technologies that allow you to see and interact with the world through a whole new lens" and by some others as probably "the biggest single invasion of your privacy for commercial purposes ever."

The innovations that have led to these two rather different takes are Dynamic Perspective and the Firefly Button. The first, Amazons informs us, is a sensor system that will respond to the way the user holds, views and moves which in turn will enable an experience unlike any other smartphone. Amazon founder and CEO Jeff Bezos attempts to explain exactly what this means saying that the sensors will recognise where the user's head is relative to the device and that information can then be used to "offer customers a more immersive experience, one-handed navigation, and gestures that actually work." Sorry Jeff, but that explanation still fails to either explain what it can really do or why I'd want it to do that in the first place. Maybe that's why Amazon is also making a Dynamic Perspective SDK available to developers, along with the Firefly SDK, and Bezos says Amazon "can’t wait to see how developers surprise us." So it looks like Amazon doesn't really know what it's for either.

Unlike Firefly, which is much more cut and dried; although many people are not going to like the …

Ever thought about using a library? As a student, I'm sure your educational facility must have a well stocked one.

As a programmer, would you approve if people stole your commercial code and handed it around is someone who 'obviously couldn't afford it' wanted a copy? Probably not, so why should authors (of which I am one) be any different?

For the record, our rules also state:

Do not ask about obtaining pirated software, nor link to it
Do not ask for help to pursue any illegal activity including, but not limited to, hacking and spamming

Both of which would fit here if you are trying to get a pirated commercial product, even if it is 'just a book'...

I must be old as I consider Skype to be the work of the devil. It's bad enough having to talk to people (including family) on the telephone, let alone enable them to see me and my reactions to what they say. Hmmm, are misanthropic tendencies another sign of aging?

The thing about disruptive technologies is that they tend to creep up on you without you actually realising it. The answer to the original question is, therefore, nobody knows...

According to newly published research from cloud-based social Wi-Fi software outfit Purple WiFi, of 2,540 consumer questioned vastly more were concerned about getting access to pornography than were worried about matters of data security.

The 'Using Wi-Fi in Public Places’ study revealed that 28 percent of those asked (711 people) don't use public Wi-Fi, and of that number 27 percent (192 people) didn't do so due to fears about security. Compare and contrast to the 56 percent (1422 people) who were so concerned about being able to access pornography via free Wi-Fi that they thought content filtering should be a legally enforced requirement. A further 26 percent (660 people) bizarrely thought that content filtering by law should depend upon the venue.

Continuing with the bizarre numbers, the apparent disregard for security matters becomes clear when you see that 87 percent (2210 people) were happy to access and check their email using free and unsecured public Wi-Fi, with an astonishing 17 percent (431 people) equally happy to perform online banking tasks this way. The mind, or mine at least, had to do some serious boggling at those percentages.

Gavin Wheeldon, CEO of Purple Wi-Fi, admits that he too is concerned by the results: "we suspected that people are struggling to get online with the often complex sign up procedures of traditional Wi-Fi, and once online we feared they are still unaware of the security risks" he says, continuing "we now have the data to confirm that Wi-Fi access is …

Cheapewebsitedesign indeed. I guess you get what you pay for, but I'd be very wary of a web design company which doesn't seem to know the basics of web design...

If the root of pang is ang, then that would also explain the derivation of angst. You learn something new everyday. Actually, I learn lots of new things everyday and it's what makes me get out of bed in the morning.

Back in the eighties, the Defense Advanced Research Projects Agency (DARPA) spent more than a billion dollars in an attempt to create what was, in effect, Skynet. You know, the self-aware artificial intelligence system that goes bad in The Terminator movie. DARPA called it the Strategic Computing Initiative, but it was Skynet alright. You only have to read this little bit of political persuasion in favour of the idea back then to get that: "...there will be unique new opportunities for military applications of computing. Instead of fielding simple guided missiles or remotely piloted vehicles, we might launch completely autonomous land, sea, and air vehicles capable of complex, far-ranging reconnaissance and attack missions." You may well think that the project succeeded, given that we now see the use of unmanned drones in combat, but you would be wrong. Unmanned and completely autonomous are not the same thing. The project failed so you can relax, right? Wrong. DARPA is trying again.

The tech research arm of the US military is launching a competition, or 'Cyber Grand Challenge' as it prefers to call it, which offers a couple of million dollars to anyone who can design a fully automated defense system. To be precise, a computer network capable of defending itself from attack without any human intervention at all.

"In 2016, DARPA will hold the world’s first all-computer Capture the Flag tournament live on stage co-located with the DEF CON Conference in Las Vegas where automated systems may take the …

What do I hate about TV shows? Pretty much EVERYTHING would be my answer for 99% of the dross that passes as suitable for broadcast, to be honest.

Morning :)

F8

Another day, another breach. The latest to disclose that there had been some 'unauthorised access' to systems and internal company data' is music streaming service Spotify. The disclosure itself was something of an odd one, claiming that investigation suggested only a single user's data had been compromised following an issue with the Android app.

Oskar Stal, CTO at Spotify, claims that the investigation suggests no password, financial or payment information was accessed. "Based on our findings, we are not aware of any increased risk to users as a result of this incident" Stal insists, continuing "...as a general precaution will be asking certain Spotify users to re-enter their username and password to log in over the coming days" and "as an extra safety step, we are going to guide Android app users to upgrade over the next few days. If Spotify prompts you for an upgrade, please follow the instructions."

I'm with Dwayne Melancon, CTO of security specialists Tripwire, who reckons that "someone demonstrated a proof-of-concept attack for the Spotify team and that constitutes the single known affected user." It would certainly make a lot of sense, as I cannot imagine that Spotify would have issued an all-user notification of a breach had it been just a single user over-sharing login credentials. "Given that Spotify claims that only one user’s data has been compromised" Melancon says "I suspect this was achieved via a re-usable, broadly applicable attack method perhaps affecting older versions of the Spotify app." Which would tie in …

Hehe. I also have:

More on lower left side of head, hands/fingers (double knuckle ink on both and thumbpads), wrists, full sleeves on both arms (extending into pits) chest work.

I am still a work in progress, after 30 years of inking. Going to get some coloured background behind the backpiece to lift it a little, both legs are bare canvas so really need to think about them, and am itching to go for a top of the head design at some point. Oh, and I have some free space both sides of the neck but my beard is getting quite long now and even with the beading in I'm not sure if it's worth inking there.

Had to sell the Fiat 500 and buy a van, hence the Bongo. Plus, I wanted a dayvan/camper project anyway - but don't tell the boys or my hold over them will be lost forever :)

A very small taster of some of my ink...

Part of my head work

My throat

Backpiece

Left hand

Right hand fingers, top set (more on lower knuckles)

My 13 year old twins have started a band, called 'The Nameless' and I now appear to be a roadie...

Although it took eBay itself an absolute age to disclose that a serious breach had taken place, and then completely screwed up the process of ensuring users change their passwords, this should come as no real surprise. Happygeeks' Law states: the larger the corporate, the longer it takes to admit anything and the bigger the chance it will handle it badly. What is surprising is that it has taken so long for the stolen database of user credentials to go up for sale on the dark market.

If you consider that the breach itself happened a couple of months ago, and eBay has known about it for a couple of weeks, why is it only now that the database has been put on the open market? The obvious answer is that the value of that database will increase once everyone knows about, all that free publicity etc. But the obvious answer is also the wrong one; this kind of information is most valuable before anyone knows that it has been compromised. It's like a zero day thing, if nobody knows it has been stolen then nobody is prepared for an attack. Now the news is out, now that eBay and eBay users alike are aware of the breach, passwords will (eventually) be changed and everyone will be watching for unusual activity. That devalues the data, not adds a premium to it.

So why put it up for sale now? Good question, although a better one would be 'is …

Following on from the news that an eBay password database has been compromised, and universal advice from security experts that users should now change their passwords, one thing has been loud clear: the total lack of that password change requirement from eBay. Sign into eBay and there is nothing to say stop, change your password. There has been no email sent to registered users urging them to make the change. In fact the only I've read of it have come from news stories in which they state that eBay are 'urging users to change their passwords' but truth be told it's a damn funny definition of urging if you ask me.

However, I have finally found the message that asks you change your password and the proof is right here in the screenshot below.

The only problem being that eBay has opted to put that message on the change your password page. That's right, to see it you have to sign into eBay, go into the My eBay section, navigate to the Account tab and then the Personal Information section, and finally scroll down and hit the edit password button.

Yep, the only people who will see the message 'urging' them to change their password are those people who have already made the decision to change their password. Hit the 'learn more' link after the password change request screen and you finally come to a page with "A Message From Devin Wenig" which says:

…

Without doubt my most painful was the throat, hour and a bit of agony was that - had to stop for a 10 minute break after 40. The armpit was pretty bad, spine as you say, and the head although that was also weord what with the vibrations through the skull and the odd sound that makes :)

When it comes to my own body then at a push I guess I would opt for my hands, especially since they have been fully decorated (upper and lower knuckle tats, back of hand tatas, thumbpad tats, wrist tats.) My hands are quite small for a big man (6'1" and 14 stone) but, thanks to having worked as a writer for the last 24 years, they are also very baby bum smooth without the usual hardness that a man of 50 might expect.

Alan, if you hated the inner bicep inking then don't get anything that goes up into your armpit, on your throat or your head for that matter. They are much, much worse. Nice ink!

Oh, and: wuss!!! :)

Plenty of us would love a mobile app (something that makes DaniWeb usable on Android would be very cool) but as Dani says, someone has to want it enough to actually code it. AIUI the numbers just are not there from the device access perspective to make it a priority (or even just make it for that matter) on the in-house todo list.