Spectre is here to stay

As a result of our work on Spectre, we now know that information leaks may affect all processors that perform speculation…. Since the initial disclosure of three classes of speculative vulnerabilities, all major [CPU] vendors have reported affected products…. This class of flaws are deeper and more widely distributed than perhaps any security flaw in history, affecting billions of CPUs in production across all device classes.

From Ross Mcilroy, Jaroslav Sevcik, Tobias Tebbi, Ben L. Titzer, and Toon Verwaest (all of Google) in Spectre is here to stay; An analysis of side-channels and speculative execution. They continue:

» about 300 words

Transcend WiFi SD card hacking links


As a 400 MHz Linux system with 32 MB of RAM, using only ~100 mA @ 3.3 V, the possibilities are endless!


This post is written with the intention of exposing not only the exploits which will allow you to root (or jailbreak) the device, but also the process of discovering and exploiting bugs, some of which are a dead end, while others lead to the holy root B-)


As he suspected that some kind of Linux was running on it, he began to see if he could get a root access on it… and succeeded.

ADS-B: the internet of things in the sky

ADS-B is a civil aircraft tracking and telemetry standard that the FAA has ruled will replace transponders by 2020. Like a transponder, it’s used to identify air traffic, but with far more more information, such as altitude, heading, speed, and GPS location. The protocol also supports delivery of weather, terrain, and notices to aircraft. The […] » about 300 words

Hacking WordPress Login and Password Reset Processes For My University Environment

Any university worth the title is likely to have a very mixed identity environment. At Plymouth State University we’ve been pursuing a strategy of unifying identity and offering single sign-on to web services, but an inventory last year still revealed a great number of systems not integrated with either our single sign-on (AuthN) or authorization […] » about 1700 words

WordPress Hacks: Nested Paths For WPMU Blogs

Situation: you’ve got WordPress Multi-User setup to host one or more domains in sub-directory mode (as in site.org/blogname), but you want a deeper directory structure than WPMU allows…something like the following examples, perhaps: site.org/blogname1 site.org/departments/blogname2 site.org/departments/blogname3 site.org/services/blogname3 The association between blog IDs and sub-directory paths is determined in wpmu-settings.php, but the code there knows nothing […] » about 900 words

WordPress Hacks: Serving Multiple Domains

Situation: using WordPress MU (possibly including BuddyPress) on multiple domains or sub-domains of a large organization with lots of users. WordPress MU is a solid CMS to support a large organization. Each individual blog has its own place in the organization’s URL scheme (www.site.org/blogname), and each blog can have its own administrators and other users. […] » about 1400 words

Martin Belam’s Advice To Hackers At The Guardian’s July 2009 Hack Day

An amusing hacks-conference lightning talk-turned-blog post on web development: “Graceful Hacks” – UX, IA and interaction design tips for hack daysMartin Belam‘s talk at The Guardian’s July 2009 Hack Day must have been both funny and useful:

  • Funny: “However, I am given to understand that this is now deprecated and has gone out of fashion.”
  • Useful: “the Yahoo! Design Pattern Library is your friend.”

More NEASIS&T Buy Hack or Build Followup

First, Josh Porter, the first speaker of the day has a blog where he’s posted his presentation notes and some key points. Josh spoke about Web 2.0, and ended with the conclusion that successful online technologies are those that best model user behavior. “I think Web 2.0 is about modeling something that already exists in our offline worlds, mostly in the spoken words and minds of humankind.”

Interestingly, in findability terms, it was Josh’s post that clued me in that the event podcast was online because he linked to my blog in his post. Lesson: links make things findable.

Like Josh, I found my voice a little unfamiliar, but you can listen here (51MB) if that’s your thing.

Also, I demoed some features I’d like to see in a future OPAC, but to help people visualize them, I finally put together a graphical mockup of them here.

NEASIS&T Buy, Hack or Build Followup

I was tempted to speak without slides yesterday, and I must offer my apologies to anybody trying to read them now, as I’m not sure how the slides make sense without the context of my speech. On that point, it’s worth knowing that Lichen did an outstanding job liveblogging the event, despite struggling with a […] » about 600 words

NEASIS&T Buy, Hack or Build

I’m here at the NEASIS&T Buy, Hack or Build event today at MIT’s Media Lab. On the list are Joshua Porter, Director of Web Development for User Interface Engineering, Pete Bell [corrected], co-founder of Endeca Solutions, and me.

I’m posting my slides here now, but I’m told we’ll see a podcast of the proceedings soon after the conclusion. Be aware that the slides are full of links. I won’t be able to explore them all during the presentation, but they might add value later.