Google retiring Google Reader - where to now?

Google today announced that they’re retiring Google Reader, as of July 1st this year, as part of their spring cleaning. While the reason given for the closure is that “over the years usage has declined”, this move leaves the (few?) die-hard Google Reader users out in the cold. So, where can we go from here?

As a fairly heavy Reader user (Since April 15, 2009 I have read a total of 80,084 items), Reader had become central to my web browsing habits. The keys features, for me, that Reader provided were:

  • Handling many hundreds of feeds
  • Syncing read status across multiple clients
  • Supporting grouping of multiple feeds into categories

So keeping these in mind, I’ve found the following potential alternatives.

»

Reed Kraft-Murphy

Downgrading postgresql-libs behind pure-ftpd's back

Nothing important, just a note to myself on downgrading (should also work with upgrading) postgresql-libs with to a different version.

    service pure-ftpd stop && \
    rpm --erase postgresql9-libs --nodeps && \
    yum install -y postgresql8-libs && \
    service pure-ftpd start

»

Reed Kraft-Murphy

How Syria Turned Off the Internet

The CloudFlare blog has an excellent post about the Syrian Internet shut off today:

To begin, all connectivity to Syria, not just some regions, has been cut. The exclusive provider of Internet access in Syria is the state-run Syrian Telecommunications Establishment. Their network AS number is AS29386. The following network providers typically provide connectivity from Syria to the rest of the Internet: PCCW and Turk Telekom as the primary providers with Telecom Italia, TATA for additional capacity. When the outage happened, the BGP routes to Syrian IP space were all simultaneously withdrawn from all of Syria’s upstream providers. The effect of this is that networks were unable to route traffic to Syrian IP space, effectively cutting the country off the Internet.

»

Reed Kraft-Murphy

Sharing Secrets and Distributing Passwords -- Data Genetics Blog

The DataGenetics Blog has posted Sharing Secrets and Distributing Passwords, an excellent break down of Shamir’s Algorithm, an algorithm implementing several ideal properties for distributing a secret as a number of parts:

  • Knowledge of any non-complete combination of sub-passwords gives an attacker no additional information on how to solve the problem. Even if you have knowledge of n-1 passwords, there are still an infinite number of curves that fit through these points, and thus an infinite number of possible intercepts.
  • As we can clearly see, it’s very easy to generate new sub-passwords as needed. If we need to generate and distribute a new sub-password, we simply pull off another coordinate from the curve and give that out! None of the existing passwords need to change.
  • If some of the sub-passwords are compromised (and you know which ones) and you want to regenerate new ones, but keep the uncompromised ones the same, you can generate a new curve that passes through the points you wish to keep. [Edit - Only if the the number of uncompromised points is two (or more) less than the minimum number needed to reconstruct the secret. Thanks for the correction @N1DQ]
  • To weight passwords (such as giving The President a nuclear launch password with three times the power of a regular password), we simply give out multiple coordinates to that person. Thus, for the nuclear launch example requiring requiring five votes, we generate an order-4 polynomial, give The President three coordinates from the curve, The Secretary of Defence two coordinates off the curve, and the rest of the troops one coordinate each.

»

Reed Kraft-Murphy

Microsoft Issues Security Advisory, Workaround for moh2012.swf Exploit

Just a quick followup to yesterday’s post, Microsoft have issued security advisory 2757760, “Vulnerability in Internet Explorer Could Allow Remote Code Execution”. While a patch is yet to be released, the advisory contains instructions to prevent the vulnerability being exploited by installing and configuring the Enhanced Mitigation Experience Toolkit, or EMET. »

Reed Kraft-Murphy

"Moh2010.swf" Internet Explorer 0-day - now on Metasploit

ArsTechnica reports today that the “Moh2010.swf” exploit targeting Internet Explorer versions 7 and 8 on Windows XP has been spotted in the wild:

The exploits circulating in the wild may be relying on other methods to override the more limited defenses included in the Service Pack 3 version of Windows XP. According to Eric Romang, the researcher who disclosed the IE attacks over the weekend, they require the victim to be running Adobe’s Flash Player, possibly to carry out what’s known as a “heap spray” (another technique for bypassing ASLR). The attacks are being carried out by the same gang that waged the recent stealth attacks against critical vulnerabilities in Java. The files used in the latest wave of attacks (cataloged here, here, here, and here) had little or no detection by the 34 most widely used antivirus programs, at least at the time Romang published his blog post. It wouldn’t be surprising for detection to ramp up quickly in the next few hours.

»

Reed Kraft-Murphy

Unorthodox *nix command (ab)use

Legendary sysadmin Tom Limoncelli has a post on making use of Unix commands in unorthodox ways – the more * | cat example for listing file contents with the filename as a header in between each looks especially useful:

Even smarter is that when less is emulating more instead of producing "the big mess" it acts like cat but outputs little headers for each file.

$ more * | cat 
::::::::::::::
jack.txt
::::::::::::::
Once upon a time
there was a fellow named Jack.

::::::::::::::
lyingryan.txt
::::::::::::::
Now that "trickle down economics" has been
tested for 30 years and the data shows it
has been a total failure, candidates
still claim that cutting taxes for
billionaires will help the economy.
::::::::::::::
market.txt
:::::::::::::::
Jack went to market to sell the family
cow.

He came back with a handful of magic beans.
$

Isn't that pretty?

The sure is pretty.

Via Hacker News.

»

Reed Kraft-Murphy