Google is introducing a new Captcha, instead of trying to read a distorted word and write it down (because robots have troubles reading distorted words) you will just have to click on one button. Google will analyze small cues that prove that you are not a robot (like the movement of the cursor before clicking on the button). Some of those cues will only happen when the mouse will hover the widget, as google is not in control of the entire document when used outside of google's domain.
see more info on wired
edit: more info on google blog as well
someone on hackernews:
It's definitely not only relying on cursor movements. A simple $('iframe').contents().find('.recaptcha-checkbox-checkmark').click() proved that I'm not a robot, without me touching the mouse.
It seems to rely heavily on your cookies as well.
I'm overwhelmed with interviews those last days. I just spent more than 8 hours on one (remote location, late trains, low battery, no keys... long story).
And like this is not enough, Hack Summit just started
Right now Ed Roman is introducing the hack.summit(). talking about a lot of good stuff and giving some book recommendations.
EDIT: Some notes on what he just said:
- pair coding (when you code and someone is watching, or the inverse)
- pomodoro technique (I'm already doing this, even made this)
- remove distractions (mail, phone...)
- pretend to talk and explain what you're doing/coding (close to my theory about writing down stuff to organize your thoughts, and pretend to write stuff on the table with your fingers to memorize it)
- iterate quickly, fail quickly and often.
- personalize your IDE
- use git, use the command line...
Now Scott Hanselman is talking but I have to go to the Champs Elysées drink some Glühwein at the Marché de noël some pardon me ;)
Now Tom Chi
Crypt, already omitted by most linux distributions, is being retired as well by OpenBSD: http://www.tedunangst.com/flak/post/retiring-crypt
The crypt function is a unix classic. Unfortunately, its age is showing. It’s an interface from another time, out of place on modern systems, and it’s time for OpenBSD to move on.
It was already pretty amazing when Cloudflare introduced Universal SSL (and this blog uses cloudflare ssl by the way).
Today the EFF has launched Let's Encrypt that aims to simplify the setup of SSL. They claim it takes 20-30 seconds to deploy SSL to your server. And this for free.
I was reading some articles on the security blog of stackexchange. Ended up there reading articles/comments from Thomas Pornin who is one of the best answerer on stackoverflow.
I ran into this one intitled Is our entire password strategy flawed?
I wanted to bring my point of view on how to deal with multiple passwords. I don't necessarily do this because it's not practical but I'm trying more and more.
So if I were to be extremely paranoiac I would:
- use a password manager like 1Password for websites you don’t really care.
- use passwords you memorise for websites you care about.
- use multi-factor authentification for critical websites.
1. Password Manager
I've never used 1Password but it seems to generate passwords on the fly when you need to sign up on a new website. It's pretty cool! But a problem arises when you need to login on some website when you're not using your computer. If you don't know the passwords it created then you will always be dependent of this password manager.
2. Memorise
A good idea would be to hash the name of the website + some salt only you know, and use it as a password. All of that in your head. That's what one of the famous Blum proposes. More here. He appeared to have invented a hash you could compute mentally.
3. Two-Factor Authentification
I really like the yubikey (and own one). It's literally a secret key. Every time I need to log into gmail from a cybercafe I wish I had it configured with my yubikey.
Bonus
By the way, if you're scared there might be a keylogger but really have to enter some password you could prey on the fact that the keylogger is badly coded and, when entering your password, could move to another input field and write random words, then come back to the password input field and type some more letters of your password, etc.. .
Last year I also learned how to read dotsies (I completely forgot how to read it now though...) and I seldom switched all the fonts to dotsies so no one could look over my shoulder and read what I was reading/typing.
a topic on the math version of stackoverflow, filled with funny stories, anecdotes, urban legends about mathematicians. If you're like me you're gonna love every bit of it.
http://mathoverflow.net/questions/53122/mathematical-urban-legends
Although David Hilbert was one of the first to deal seriously with infinite-dimensional complete inner product spaces, the practice of calling them after him was begun by others, supposedly without his knowledge. The story goes that one day a visitor came to Göttingen and gave a seminar about some theorem on "Hilbert spaces". At the end of the lecture, Hilbert raised his hand and asked, "What is a Hilbert space?"
When the logician Carnap was immigrating to the US, he had the usual consular interview, where one of the questions was (and still is, I think): "Would you favor the overthrow of the US government by violence, or force of arms?". He thought for a while, and responded: "I would have to say force of arms..."
Just a few weeks after Silk Road 2.0 and its owner got seized, the US government posted this:
THIS SEALED BID AUCTION IS FOR A PORTION OF THE BITCOINS CONTAINED IN WALLET FILES THAT RESIDED ON CERTAIN COMPUTER HARDWARE BELONGING TO ROSS WILLIAM ULBRICHT, THAT WERE SEIZED ON OR ABOUT OCTOBER 24, 2013 (“COMPUTER HARDWARE BITCOINS”).
http://www.usmarshals.gov/assets/2014/dpr-bitcoins/
Apparently it's from the first Silk Road. Pretty comical.
Ever fiddled with your TI-8x or played LineRider? Well this guy combined both and it looks awesome!
the game is here: http://sineridergame.com/
