sábado, 21 de julho de 2012

20 Hilarious Programming Jargon Phrases You Should Use When Talking To Engineers

20 Hilarious Programming Jargon Phrases You Should Use When Talking To Engineers:
Jeff Atwood
Jeff Atwood, co-founder of question-and-answer site Stack Exchange, has a huge list of 30 new pieces of programming jargon that have emerged on the question-and-answer site.
Some of them are a bit obscure, but most of them are hilarious.
We've included some of the best ones below. You can check out the full list on his blog, Coding Horror.
  • Yoda Conditions: When a programmer writes the conditions for a piece of code in the opposite order for which you would expect to normally read them. (Instead of saying if(variable == constant), the code says if(constant == variable).)
  • Smug Report: A bug report submitted by a user who thinks he or she knows everything about a system, when he or she does not.
  • A duck: A feature added for the sole purpose of drawing attention to itself from management to be removed, avoiding unnecessary other changes in a product.
  • Refuctoring: Taking a well-designed piece of code and, through a small series of changes, making it completely unmaintainable for anyone other than yourself.
  • Heisenbug: A play on "Heisenberg," a principle in quantum mechanics, a Heisenbug is a bug that disappears or alters its characteristics when an attempt is made to study it.
  • Jimmy: A generalized name for a clueless or new developer.
  • Higgs Bugson: Another bug based on a physics phenomenon, a Higgs Bugson is a bug that's hypothetically predicted to exist based on other conditions, but is difficult to produce.
  • Unicorny: A feature so early in its planning stages that it might as well be imaginary.
  • hindenburgHindenbug: A catastrophic, data-destroying bug.
  • Fear-driven development: When project management adds more pressure, such as by firing engineers.
  • Hydra: A bug that, when an attempt to fix is made, introduces two new bugs. It's a bug that cannot be fixed.
  • Common Law Feature: A bug that has existed for so long that it is considered a feature.
  • Loch Ness Monster bug: A bug that has only been spotted by one person.
  • Rubberducking: Talking with other engineers to solve a problem. 
  • Banana banana banana: Placeholder text in code that hasn't been implemented yet.
  • Reality 101 failure: Creating a program that does exactly what was asked, but the problem it's trying to solve was misunderstood and the program is basically useless.
  • Mad girlfriend bug: When you see something strange is happening, but the software is telling you everything is fine.
  • Hooker code: Code that is problematic and causes application instability.
  • Jenga code: The whole program collapses once you alter a block of code.
Please follow SAI on Twitter and Facebook.
Join the conversation about this story »

domingo, 8 de julho de 2012

Você pode ficar sem internet nesta segunda-feira por causa de malware – eis como resolver isto

Você pode ficar sem internet nesta segunda-feira por causa de malware – eis como resolver isto:
À 1h da manhã (horário de Brasília), a internet vai ficar inacessível para cerca de 300.000 pessoas ao redor do mundo por causa do malware DNS Changer. Se seu computador estiver infectado, você não conseguirá entrar na internet a partir desta segunda-feira. Eis como verificar se você tem o malware – e como se livrar dele.
Estima-se que 300.000 pessoas serão afetadas. Vale notar que, apesar do número parecer alto, na verdade é um conjunto pequeno dos usuários de Internet (mais de 2 bilhões). Muito provavelmente, você não tem esse malware. Sério, não deve ter mesmo. Mas assim como todo malware, é melhor ter certeza.

O que é o DNS Changer?

Este malware redirecionava computadores para servidores DNS maliciosos, em vez dos servidores normais do seu provedor. Servidores DNS são como tradutores para a internet: eles convertem o endereço www.site.com.br em um endereço IP. Ele pega o nome do site que você digita, procura o servidor do site, e conecta você a ele. O malware DNS Changer, no entanto, manda os usuários para servidores diferentes sem você saber.
O FBI viu que isto estava acontecendo e decidiu intervir, prendendo a equipe por trás do DNS Changer e substituindo os servidores maliciosos por outros, limpos e seguros. Foi uma solução temporária que funcionou por enquanto, mas será desligada em 9 de julho, porque os servidores serão fechados – a ordem judicial para manter os servidores vale até amanhã.

Verifique seu computador

O DNS Changer afeta apenas computadores com Windows e Mac OS X. Ou seja, se você usa Linux ou dispositivos móveis (com iOS, Android etc.) fique tranquilo: eles estão limpos.
Saber se seu computador foi afetado pelo DNS Changer é extremamente fácil: basta visitar o DNS-ok.us, site mantido pelo FBI, para saber. Se aparecer uma imagem verde, tudo certo: você não tem o malware, nem nada a se preocupar. Simples assim.
No entanto, se aparecer a imagem vermelha e você estiver infectado, aí você tem que limpar seu computador.

Como eu tiro o DNS Changer do meu computador?

De acordo com o DNS Changer Working Group (DCWG), você pode usar estas ferramentas para consertar seu computador. São ferramentas gratuitas, mas a maioria dos antivírus deve funcionar também. Faça um backup dos seus arquivos antes de usá-las:
O pessoal da Naked Security explica todo o problema e ainda fez um vídeo – é um bom lugar para procurar por dicas visuais para remover o DNS Changer do seu computador.
Depois que seu computador estiver limpo, é só voltar a aproveitar a internet que você conhece e ama. Vale repetir: o malware DNS Changer só afeta uma fração dos usuários da internet. Mas se ele lhe afetar, tire-o. Já. [DCWGNaked SecurityPCMag]

Foto por Stepan Kapl / Shutterstock




sábado, 19 de maio de 2012

Backpack Algorithms And Public-Key Cryptography Made Easy

Backpack Algorithms And Public-Key Cryptography Made Easy:



  
E-commerce runs on secrets. Those secrets let you update your blog, shop at Amazon and share code on GitHub. Computer security is all about keeping your secrets known only to you and the people you choose to share them with.
We’ve been sharing secrets for centuries, but the Internet runs on a special kind of secret sharing called public-key cryptography. Most secret messages depend on a shared secret—a key or password that everyone agrees on ahead of time. Public-key cryptography shares secret messages without a shared secret key and makes technologies like SSL possible.
Cryptography is a scary word: it conjures thoughts of complex equations and floating-point arithmetic. Cryptography does have a lot of math, but it’s more about keeping and sharing secrets.

A Simple Secret

Telling my best friends a secret is easy: I find a private place and whisper it in their ears. As long as no one is listening in, I’m totally secure. But the Internet is full of eavesdroppers, so we need codes.
We’ve all been inventing codes since we were children. I created this simple number code (actually a cipher) when I was 5:
a=1, b=2, c=3, d=4, e=5…
It fooled my friends, but not my parents. Simple substitution ciphers are based on a lack of knowledge. If you know how they work, then you can decode every message. The experts call this “security through obscurity.” Letter and number substitutions don’t work on the Internet, because anyone can look them up on Wikipedia. For computer security, we need codes that are still secure even if the bad guys, or your parents, know how they work.
The most secure code is still easy to use: a “one-time pad.” One-time pads have been used for centuries, so they don’t even need computers. They played a big part in World War II, when each pad of paper with the key numbers was used only once.
Let’s say I wanted to send you this secret message:
I love secrets
First, I’d turn the message into numbers using my simple cipher from when I was 5. (I’ve heard rumors that other people had this idea first, but I don’t believe it.)
One-time pad step 1
Then I’d mash my keyboard to generate a random key string for my one-time pad.
One-time pad step 2
Now I can add the two strings together. If my number is greater than 26, I would just wrap it around to the beginning. So, i(9) + e(5) = n(14), and o(15) + t(20) = i(35 - 16 = 9). The result is an encrypted string:
One-time pad diagram
Decrypting the string to get the secret back is easy. We just subtract the one-time pad: n(14) - e(5) = i(9). Follow that pattern through the entire message, and you can securely share a secret. You don’t even need a computer: just work it out with a pen and paper.
This function is called a symmetric-key algorithm, or a shared-key algorithm, since it uses the same key to encrypt and decrypt the message. Modern systems can safely use the pad more than once, but the basic idea is the same.
The one-time pad is totally secure because the bad guys don’t know how we got the encoded letter. The n could be i + e, j + d or any other combination. We can use our shared secret (the one-time pad) once to share another secret.
But there’s a fatal flaw. We need to share the one-time pad ahead of time before we can start sharing secrets. That’s a chicken-and-egg problem because we can’t share the pad without worrying that someone will snoop. If the bad guys get the one-time pad, then they would be able to read everything.
One-time pads help me share secrets with my best friends, but I can’t use them with strangers such as Amazon or Facebook. I need a way to share something publicly that doesn’t compromise my one-time pad. I need a public key.

The Public-Key Backpack

Public-key encryption focuses on a single problem: how do I prove that I know something without saying what it is? An easy concept to help us understand this is a backpack full of weights.
Backpack algorithm
I want to prove that I know which weights are in my pack, but I don’t want to tell you what they are. Instead of showing you all of the weights separately, I’ll just tell you the total. Now you can weigh the pack and see if I’m right without ever opening it.
If the pack weighs 20 kilos, then you wouldn’t know if it has one 20-kilo weight, twenty 1-kilo weights or something in between. With a large number, you can be pretty confident that I know what’s in the pack if I know the total; you don’t have to see inside. The weight of the backpack is the public part, and the individual weights are the private part.
This basic backpack enables us to share a secret without really sharing it. If we each have a backpack, then we can both share secrets.
The backpack works well enough for smaller numbers, but it isn’t useful in the real world. Backpack algorithms were a mere curiosity for decades. Then RSA changed everything.

RSA

RSA was the first public-key encryption system that worked in the real world. Invented more than 30 years ago, it coincided with the introduction of the more powerful computers that were needed to run the big numbers. RSA is still the most popular public-key encryption system in the world.
The basic premise of RSA is that factoring large numbers is difficult. Let’s choose two prime numbers: 61 and 53. I’m using the numbers from Wikipedia’s article on “RSA” in case you want more details.
Multiply these two numbers and you get 3233:
61 × 53 = 3233
The security of RSA comes from the difficulty of getting back to 61 and 53 if you only know 3233. There’s no good way to get the factors of 3233 (i.e. the numbers that multiply to make the result) without just looking for all of them. To think of this another way, the weight of our backpack is 3233 kilos, and inside are 61 weights weighing 53 kilos each. If you make the resulting number large enough, then finding the numbers that produced it would be very difficult.

Public And Private Keys

Public-key encryption diagram

Unlike the one-time pad, RSA uses the public key to encrypt information and the private key to decrypt it. This works because of the special relationship between the public and private keys when they were generated, which allows you to encrypt with one and decrypt with the other.
You can share the public key with anyone and never reveal the private key. If you want to send me a secret message, just ask for my public key and use it to encrypt the message. You can then send it to anyone you want, and you’ll know that I’m the only one who can decrypt the message and read it.
I could send you a message in the same way. I would ask for your public key, encrypt the message using it and then send it to you to decrypt. The popular program Pretty Good Privacy (PGP) worked like that. We’re secure as long as we both keep our private keys private.
Exchanging keys is made even easier by special key servers that allow you to search for people and find their public keys.
Public-key encryption also works in reverse to provide digital signatures. Let’s say I want to write a message and prove that I wrote it. I just encrypt it with my private key and post it. Then anyone who wants to check can decrypt it with my public key. If the decryption works, then it means I have the private key and I wrote the message.
RSA is relatively simple: take two numbers (the private key), apply some math, and get a third number (the public key). You can write out all of the math in a few lines, and yet RSA changed the world. Business doesn’t work on the Internet without public-key encryption.

RSA And HTTPS

We use public-key encryption every day with HTTPS. When you access Facebook, Twitter or Amazon with HTTPS, you’re using a simple encryption mechanism like the one-time pad, but you’re creating the pad with public-key encryption. Without HTTPS, anyone else at Starbucks could read your credit-card number, Facebook password or private email while sipping a latte.
Amazon has a certificate from a company named VeriSign. The certificate certifies that Amazon is Amazon, and it contains its public key. Your browser creates a special key just for that session and encrypts it using Amazon’s public key. Then it sends it over the Internet, knowing that only Amazon can decrypt the session key. Once you’ve exchanged that secret key, you can use it as the one-time pad to protect your password and credit-card number.
SSL key exchange diagram
You could keep using public-key encryption for the whole session, but because of all the math, it’s much slower than the one-time pad.

RSA And GitHub

Another place many of us use RSA is GitHub. Every time you push a change to GitHub or pull from a master branch, GitHub has to make sure you have permission to make the change. It gets its security through a secure command shell using RSA.
Remember when you set up your GitHub account and followed some commands to generate keys?
GitHub key generation
You used the SSH-Keygen tool to generate a new RSA private/public key pair. Then you went to your GitHub account page and entered your public key.
Now, when GitHub needs to authenticate you, it asks your computer to sign something with your private key and return the signed data. With your public key, GitHub can confirm that the signature is authentic and could only have been produced by someone who has the corresponding private key—even though GitHub itself doesn’t have that private key.
That’s better than a simple password because nobody can snoop it. And if GitHub ever gets hacked, your private key won’t be in danger because only you have it.

Sharing Passwords

When WordPress.org was “hacked”, it wasn’t really hacked. WordPress plugin developers, like everyone else, have accounts on other websites. They also reuse their passwords. When hackers cracked those other websites, they used the stolen passwords to log into WordPress.org and make malicious changes to plugins.
Most people use the same user name and password on multiple websites. That makes your website only as secure as everyone else’s. Public-key encryption changes that. Because you never have to share your private key, it doesn’t matter if other websites get hacked. If an attacker breaks into GitHub and gets your public key, they can’t use it to impersonate you or log in as you on other websites. Only someone with your private key can do that, which is why your private key remains safe on your computer. Using public-key cryptography makes GitHub much more secure.

GitHub Gets Hacked

GitHub was hacked recently, but not because the encryption failed. Real-world security breaches are caused by problems in implementation, not in math.
In this case, the hacker was able to exploit a hole and add his public key to the Ruby on Rails repository. Once the key was added, GitHub used it to verify the hacker’s identity and granted him access. We’re lucky this hacker was friendly and told GitHub about the issue.
Once the problem was fixed, you could keep using your private key because GitHub never had it to lose; it stayed on your machine. Public keys saved GitHub from serious problems.
The weakest link in GitHub’s security was in the mechanism that allowed clever users to add public keys to other projects without being authorized. The math was perfect, but the implementation wasn’t.

Public Keys In The Wild

Knowing the fundamentals is essential (you might say the key) to writing secure applications. The math is complex, but the basics are simple:
  • There are two main types of encryption: shared-key encryption, such as a one-time pad, and public-key encryption, which uses public and private keys.
  • Shared-key encryption is faster, but sharing the keys is difficult.
  • RSA is the most popular public-key encryption algorithm, but a few others are in general use, as well as some cool experimental systems.
  • Public-key cryptography works best in combination with other technologies.
  • Don’t ever share your private key with anyone.
When it comes time to implement public-key cryptography in your application, don’t. RSA and other algorithms are already implemented in all major languages. These libraries include extra security features such as padding and salts, and they have a lot of testing behind them.
Most security flaws come from poor implementations and misunderstanding about the libraries. You don’t have to write your own cryptography libraries, but you do have to know the fundamentals so that you can use the ones that are out there.
Illustrations in this article were provided by Robb Perry.
(al) (km)

© Zack Grossbart for Smashing Magazine, 2012.

sábado, 12 de maio de 2012

Summary for Week of May 11th

Summary for Week of May 11th: The key stories for the week were the elections in France and Greece, and JPMorgan’s $2 billion trading loss on a synthetic credit position. JPMorgan CEO Jamie Dimon said the losses were due to “egregious mistakes”, “sloppiness" and that the "portfolio still has risk”. This doesn’t appear to be a systemic risk, just poor risk management at JPMorgan.



The Greek political situation is unsettled, and the Europeans have said they support Greece through the next election on June 17th. After that … who knows? There is a strong possibility that Greece will leave the euro not long after the next election.



This was a light week for US economic data. The trade deficit was a little higher than expected, but most of the data improved slightly. The 4-week average of initial weekly unemployment claims declined, small business confidence improved, and consumer sentiment improved, and there were more job openings in March.



In an under reported story, both Fannie and Freddie reported improved performance due to “stabilization of house prices” in certain areas. The sharp decline in "for sale" inventory appears to be supporting house prices, and inventory and house prices continue to be key stories for 2012.



Here is a summary in graphs:



Trade Deficit increased in March to $51.8 Billion



U.S. Trade Exports ImportsThe trade deficit was above the consensus forecast of $49.5 billion.



The first graph shows the monthly U.S. exports and imports in dollars through March 2012.



Exports increased in March, and are at record levels. Imports increased even more. Exports are 13% above the pre-recession peak and up 7% compared to March 2011; imports are 3% above the pre-recession peak, and up about 8% compared to March 2011.



U.S. Trade Deficit The second graph shows the U.S. trade deficit, with and without petroleum, through March.



The blue line is the total deficit, and the black line is the petroleum deficit, and the red line is the trade deficit ex-petroleum products.



Oil averaged $107.95 per barrel in March, up from $103.63 in February. Import oil prices were probably a little higher in April too, but will probably decline in May. The increase in imports was a combination of more petroleum imports and more imports from China.



BLS: Job Openings increased in March



Job Openings and Labor Turnover Survey This graph shows job openings (yellow line), hires (dark blue), Layoff, Discharges and other (red column), and Quits (light blue column) from the JOLTS.



Jobs openings increased in March to 3.737 million, up from 3.565 million in February. The number of job openings (yellow) has generally been trending up, and openings are up about 17% year-over-year compared to March 2011. This is the highest level for job openings since July 2008.



Quits increased in March, and quits are now up about 8.5% year-over-year and quits are now at the highest level since 2008. These are voluntary separations and more quits might indicate some improvement in the labor market. (see light blue columns at bottom of graph for trend for "quits").





All current employment graphs


REO Inventory for Fannie, Freddie and the FHA



Fannie, Freddie, FHA REOThis graph shows the combined REO inventory for Fannie, Freddie and the FHA (FHA through Feb 2012).



The combined REO inventory is down to 203 thousand in Q1 2012, down about 18% from Q1 2011.



The pace of REO acquisitions will probably increase following the mortgage servicer settlement (signed off on April 5th); and dispositions will probably increase too.



CoreLogic: House Price Index increases in March, Down 0.6% Year-over-year



CoreLogic House Price IndexFrom CoreLogic: CoreLogic® March Home Price Index Shows Slight Year-Over-Year Decrease of Less Than One Percent

[CoreLogic March Home Price Index (HPI®) report] shows that nationally home prices, including distressed sales, declined on a year-over-year basis by 0.6 percent in March 2012 compared to March 2011. On a month-over-month basis, home prices, including distressed sales, increased by 0.6 percent in March 2012 compared to February 2012, the first month-over-month increase since July 2011.
This graph shows the national CoreLogic HPI data since 1976. January 2000 = 100.



The index was up 0.6% in March, and is down 0.6% over the last year.



The index is off 34% from the peak - and is just above the post-bubble low set last month.



Weekly Initial Unemployment Claims at 367,000



Here is a long term graph of weekly claims:



The dashed line on the graph is the current 4-week average. The four-week average of weekly unemployment claims decreased to 379,000.



This decline in the 4-week moving average followed for four consecutive increases.



This was close to the consensus of 366,000. This is two consecutive weeks with initial unemployment claims in the 360s, after averaging close to 390,000 over the previous 3 weeks.







All current Employment Graphs


NFIB: Small Business Optimism Index increases in April



Small Business Optimism IndexThis graph shows the small business optimism index since 1986. The index increased to 94.5 in April from 92.5 in March. This ties February 2011 as the highest level since December 2007.



Another positive sign is that the "single most important problem" was not "poor sales" in April - for the first time in years. In the best of times, small business owners complain about taxes and regulations, and that is starting to happen again.



This index remains low, but as housing continues to recover, I expect this index to increase (there is a high concentration of real estate related companies in this index).



Consumer Sentiment increases in May to 77.8



Consumer SentimentThe preliminary Reuters / University of Michigan consumer sentiment index for May increased to 77.8, up from the April reading of 76.4.



This was above the consensus forecast of 76.2 and the highest level since January 2008. Overall sentiment is still fairly weak - probably due to a combination of the high unemployment rate, high gasoline prices and the sluggish economy.



Other Economic Stories ...

LPS: House Price Index increased 0.2% in February

Lawler: Table of Short Sales and Foreclosures for Selected Cities

Sacramento: Percentage of Distressed House Sales increases slightly in April

Lawler: REO inventory of "the F's" and PLS

Fannie Mae reports $2.7 billion in income, REO inventory declines in Q1 2012

The economic impact of stabilizing house prices?

The Declining Participation Rate

Housing: Inventory declines 21% year-over-year in early May

domingo, 6 de maio de 2012

How Tech Is Changing College Life [INFOGRAPHIC]

How Tech Is Changing College Life [INFOGRAPHIC]:
College students today are more tech savvy than ever before. Just how important is technology to their academic lives?
More than 90% use email to communicate with professors and 73% say they cannot study without technology. Seven in 10 take notes on keyboards instead of paper, virtually all students who own an ereader and most use digital tools when preparing a presentation.
All that tech has caused something of a dependency too — 38% of students can’t go more than 10 minutes without checking their smartphone or other device. All told, students spent $13 billion on electronics in 2009.
Community college students are less digitally connected than students at four-year schools, but more and more people are making the Internet their education gateway. Twelve million students take at least one class online today — in five years, that number is projected to exceed 22 million. By 2014, analysts say, more than 3.5 million students will take all of their classes online.
This is all according to research compiled by Presta Electronics. Presta used material from the Pew Research Center, Chronicle of Higher Education, Mashable and other sources to put together the infographic below. Check it out for the full picture of how technology is changing college students’ lives.
Do you think technology is changing college for the better — or are there downsides?





More About: education, infographics, Social Media, Tech
For more Tech coverage:

Minha lista de blogs