Shared posts

29 Jun 15:17

This Week in Security: IoT In the Hot Tub, App Double Fail, and FreeBSD BadBeacon

by Jonathan Bennett

[Eaton Zveare] purchased a Jacuzzi hot tub, and splurged for the SmartTub add-on, which connects the whirlpool to the internet so you can control temperature, lights, etc from afar. He didn’t realize he was about to discover a nightmare of security problems. Because as we all know, in IoT, the S stands for security. In this case, the registration email came from smarttub.io, so it was natural to pull up that URL in a web browser to see what was there. The page presented a login prompt, so [Eaton] punched in the credentials he had just generated. “Unauthorized” Well that’s not surprising, but what was very odd was the flash of a dashboard that appeared just before the authorization complaint. Could that have been real data that was unintentionally sent? A screen recorder answered that question, revealing that there was indeed a table loaded up with valid-looking data.

Digging around in the page’s JavaScript comes up with the login flow. The page uses the Auth0 service to handle logins, and that service sends back an access token. The page sends that access token right back to the Auth0 service to get user privileges. If the logged in user isn’t an admin, the redirect happens. However, we already know that some real data gets loaded. It appears that the limitations to data is all implemented on the client side, and the backend only requires a valid access token for data requests. What would happen if the response from Auth0 were modified? There are a few approaches to accomplish this, but he opted to use Fiddler. Rewrite the response so the front-end believes you’re an admin, and you’re in.

This approach seems to gain admin access to all of the SmartTub admin controls, though [Eaton] didn’t try actually making changes to see if he had write access, too. This was enough to demonstrate the flaw, and making changes would be flirting with that dangerous line that separates research from computer crime. The real problem started when he tried to disclose the vulnerability. SmartTub didn’t have a security contact, but an email to their support email address did elicit a reply asking for details. And after details were supplied, complete radio silence. Exasperated, he finally turned to Auth0, asking them to intervene. Their solution was to pull the plug on one of the two URL endpoints. Finally, after six months of trying to inform Jacuzzi and SmartTub of their severe security issues, both admin portals were secured.

Jogging Away from Security

There are two layers of fail in this story about the Strava exercise app. Strava lets its users track their running, cycling, and hiking. Due to privacy concerns, there’s an option to hide the user’s location, but it turns out that a clever use of the heatmap and segment functions can defeat that protection. Upload runs from a fake user, and the app helpfully compares your run to other users in the area, hidden or not. That list of users would allow a dedicated investigator to map out where individuals have spent their time. The emphasis of this research was on tracking military members, which revealed some predictably interesting results.

And that’s the second security fail. The Israeli military allow their soldiers, even special forces members, to use an app that is phoning home with GPS locations. Even if there were no easily-exploitable security weakness in the app, it’s still a terrible operation security problem. The research was disclosed to Strava, who removed the fake user used in research. It’s unclear if the app makers actually addressed the problem in a real way. The Israeli military states that they are rolling out procedures to try to prevent this sort of data leakage in the future.

OpenSSL AVX512 Bug

There’s a bug in OpenSSL 3.0.4, and may be a particularly nasty one, but it only occurs on CPUs with the AVX512 extensions. The problem is triggered in ossl_rsaz_mod_exp_avx512_x2(), which makes a call off to bn_reduce_once_in_place(). The call includes the value factor_size, which is supposed to be the number of words to process, but the old code was instead sending the bit size. This worked most of the time, but in certain cases, resulted in a heap buffer overflow. The spooky part of this is that it can be triggered by a TLS handshake, and other potentially attacker-controlled inputs. The only thing lacking to call this a 10.0 CVSS CVE is an actual demonstration of exploitation. As it is, it’s easy to demonstrate a crash. A 3.0.5 release will be made soon, containing the fix, but it’s unclear when that will happen. Most distros seem to be delaying shipping the 3.0.4 release, waiting for the fix for this potentially serious issue.

FreeBSD BadBeacon

I’ve taken the liberty of choosing the obvious name for this vulnerability, BadBeacon. Discovered by [m00nbsd], it’s a simple heap overflow, but this one gives the attacker control over exactly how many bytes to write, and the contents of those bytes. It’s a problem in FreeBSD’s handling of WiFi Beacon frames. A frame is essentially a WiFi packet, and a Beacon is the packet that announces the details of a WiFi network. There are many possible fields in a beacon, and many of those require dedicated code-paths to process them.

One such field is the Mesh ID value. It contains a length and value, and the FreeBSD kernel takes those as the inputs for a memcpy() call into a fixed-size buffer. The way data is laid out in the containing struct, overflowing this buffer also overwrites another data structure, which ends in a data pointer and length value. That data pointer is then used as the target location of another memcpy() call. It’s a “Write-What-Where” primitive, AKA an easy technique to write nearly arbitrary data anywhere.

The direction they chose to take next was to set up a kernel backdoor in unused memory segment, then hook that code into part of the frame processing code. It works as a one-way kernel backdoor. Their Proof-of-Concept code simply prints a message to the kernel log, but would be fairly easily weaponized. FreeBSD patched the flaw in April. It’s unclear when or if pfSense has released an update with the fix, though it’s likely it has happened, and just didn’t advertise the CVE fixed, CVE-2022-23088.

The Linux Syslogk Rootkit

There’s a particularly stealthy kernel rootkit, Syslogk, lurking in the wild. The version of the rootkit that researchers at Avast examined seemed to be targeted at Centos 6 and similar era kernels. It goes to great lengths to disappear, hiding its files, and even erasing itself from the list of loaded kernel modules. There is a hidden feature, writing a 1 to /proc/syslogk, that turns off the stealth features. So if you have an older server that may have been compromised, try poking that location to see if anything happens.

iOS Infection Via The DCP

If you can’t crack the security of the main processor, maybe you can go through a co-processor backdoor? That’s exactly what a fake Vodaphone app does on the iPhone. The Display Co-Processor (DCP) is a new section of the M1 SoC, and this malicious app uses it in one of its bundled exploits. The write-up is detailed and in-depth, as is usually the case with Google Project Zero posts. Rather than dig into the details, I’ll just leave you with [Hector Martin]’s thoughts on it, as probably the foremost expert on the M1 chip outside a handful of Apple engineers:

30 Mar 20:16

Coat hanger radio

by David Pescovitz

Back in the day, coat hangers weren't just used for popping open a car door when you locked your keys inside. They also served as makeshift antennae to improve TV and radio reception. That DIY RF engineering inspired John Jerome Spina to patent an integrated coat hanger/radio. — Read the rest

23 Aug 11:49

Make IKEA's iconic meatballs at home

by Matt Maranian

I had a friend who was so obsessed with Ikea's Swedish meatballs that he bought them frozen, in bulk, from the IKEA Food Market, and kept a bomb shelter ration's worth in his garage freezer. And this was years before anyone heard of Covid-19, or thought to hoard hand sanitizer or toilet paper.

My friend has since passed on (his death was not meatball-related), but it would have given him great peace of mind to know that IKEA has released its closely-guarded meatball recipe (including their singular cream sauce, which may, in fact, have had something to do with my friend's death) so that anyone can reproduce the IKEA cafeteria experience in the privacy of their own home.

18 Aug 20:54

The mystery behind the "lost colony" of Roanoke has finally been answered, disappointingly.

by Thom Dunn

The first attempts to form a permanent English settlement on modern-day North America began in the late 1500s. Here's the Wikipedia summary of events:

The English, led by Humphrey Gilbert, had claimed St. John's, Newfoundland, in 1583 as the first North American English colony by royal prerogative of Queen Elizabeth I. Roanoke was second. The first Roanoke colony was established by governor Ralph Lane in 1585 on Roanoke Island in what is now Dare CountyNorth CarolinaUnited States. Following the failure of the 1585 settlement, a second colony led by John White landed on the same island in 1587, and became known as the Lost Colony due to the unexplained disappearance of its population.

The spooooooky mystery began when White returned to England for supplies in 1588; got delayed by the Anglo-Spanish War; and didn't make it back to Roanoke Island until 1590, at which point … no one was there. The entire settlement — 100-plus people, and their belongings — were just gone without a trace. Except for one telling detail: the word "CROATOAN" carved into a palisade.

Cue Roanoke-inspired horror stories in the work of writers like Stephen King and Harlan Ellison, and in media such as American Horror Story and even Batman and X-Men comics.

But now the truth has finally been revealed, thanks to the relentless efforts of an archaeologist named Scott Dawson. After excavating soil throughout the islands in and around Roanoke, Dawson and his team have gathered sufficient evidence to show that those lost inhabitants … shacked up with the Indigenous people on nearby Croatoan Island. Just like they fucking said they did.

From The Virginian Pilot:

Records from Jamestown also helped Dawson understand more about the tribes' political structure.

The evidence shows the colony left Roanoke Island with the friendly Croatoans to settle on Hatteras Island. They thrived, ate well, had mixed families and endured for generations. More than a century later, explorer John Lawson found natives with blue eyes who recounted they had ancestors who could "speak out of a book," Lawson wrote.

The two cultures adapted English earrings into fishhooks and gun barrels into sharp-ended tubes to tap tar from trees.

Sure, this was two centuries before America officially became "America." But it's a depressingly perfect microcosm of colonialist attitudes: the leader of a European settler expedition who cannot fathom the idea of other white people consensually intermingling with Native Americans, and thus creates a skewed historical narrative that gets passed down for centuries when he could have just looked at the god damn facts in front of him.

'The mystery is over': Researchers say they know what happened to 'Lost Colony' [Jeff Hampton / The Virginian Pilot]

Image: Public Domain via Wikimedia Commons

15 Apr 23:13

Disney just released the secret recipe for its grilled three-cheese sandwich

by Mark Frauenfelder
27 Jan 23:55

Listen: loudspeakers broadcast corona virus closure messages to the empty streets of Shanghai Disneyland

by Cory Doctorow

Deutsche Welle's footage of the empty entrance plaza of Shanghai Disneyland as the PA system broadcasts a message that the park is "temporarily closed" for "prevention and control of the disease outbreak" is indeed "straight out of a Hollywood horror movie," as the caption says.

(Image: Breathe Healthy, modified; Jeremy Thompson, CC BY, modified)

19 Dec 15:13

Wakanda removed from official U.S. list of trade partners

by Rob Beschizza

Someone is going to get a bollocking at the U.S. State Department, because they added Wakanda—the fictional high-tech African kingdom from the marvel Black Panther movie—to an official list of trade partners.

The fictional country was removed soon from the list after US media first queried it, prompting jokes that the countries had started a trade war.

Wakanda first appeared in the Fantastic Four comic in 1966, and made a reappearance when Black Panther was adapted into an Oscar-winning film last year.

The unusual listing was spotted by Francis Tseng, a New York-based software engineer who was looking up agricultural tariffs for a fellowship he was applying for.

More furtive associations with Anglo-American imperialism from Wakanda's corrupt, complicit ruling elite! Killmonger was right.

26 Jul 14:39

Paul McCartney moseys back and forth across Abbey Road

by Rusty Blazenhoff

In 1969, The Beatles released Abbey Road. Its iconic cover showing all four Beatles strolling cross the real Abbey Road's crosswalk in London has been mimicked by tourists many times over the years. This time Paul McCartney did the honors of crossing the street, this time in shoes, some 49 years later. https://www.instagram.com/p/BlkvFK3ATBr/?utm_source=ig_embed His daughter Mary captured this video as he walked back across. She captioned it, "Why did the Beatle cross the Abbey Road": https://www.instagram.com/p/BlkxxU3j5cI/?utm_source=ig_embed

The answer: to perform a "secret show" at Abbey Road Studios of four new songs from his upcoming solo album Egypt Station (September 7). ----

Also of interest, check out these "before" photos and these outtakes from the album cover's photo shoot.

Previously: Paul McCartney takes James Corden on a tour through Liverpool

(TIME)

08 Feb 16:22

Battle for Azeroth system requirements get another bump

by Matthew Rossi
We’ve talked before about upcoming system requirements for Battle for Azeroth when the configuration warning was first datamined, but now we know exactly what they will be — and they are significantly higher than Legion. The minimum requirements for Battle for Azeroth might well require you to upgrade if you’ve been playing WoW on an older PC. Comparing the System...
30 Dec 18:21

Animatronic Trump more life like than the real thing

by Jason Weisberger

Twitter user @bornmiserable is putting their photoshopping skills to good use.

12 Dec 23:59

Stray Cat Interrupts Imam in a Mosque And His Reaction Will Melt Your Heart

Watch The Heartwarming Reaction Of This Imam in a Syrian Mosque. 


Submitted by: (via Ahmad Al-fahad on youtube)

28 Nov 21:43

Melania Trump is Getting Mercilessly Trolled On Twitter For Her Post-Apocalyptic Taste In Christmas Decorations

Melania Trump is Getting Mercilessly Trolled On Twitter For Her Post-Apocalyptic Taste In Christmas Decorations

Twitter has been having a field day with the First Lady's choice in Christmas decor following its reveal in an official video yesterday. 

The theme 'Time Honored Tradition', which we're SURE had no political motivation, ironically deviates from traditional warm-toned holiday decoration themes. Instead, the theme boasts decorations that Narnia's White Witch would be proud to have in her home. 

This especially nightmarish hallway has inspired some serious spice and trolling from Twitter.


This isn't the first time Twitter has had a go at Melania, and it surely won't be the last

Submitted by:

30 Oct 17:02

J.K. Rowling Completely Shuts Down Trump Rant With 1 Perfect Tweet

by Chelsea Hassler

Image Source: Getty / Dan Kitwood

If there's one thing we can all agree on, it's that President Donald Trump does not react well to pressure - despite the fact that being POTUS is, effectively, taking on the most stressful job in the world. So on Oct. 29, as the world prepared itself for the expected announcement of the first indictment in Special Counsel Robert Mueller's Russia probe, Trump did the most Trump-like thing imaginable: he tried to deflect public attention toward the former opponent whom he has not been in competition with for nearly a year.

Thankfully, Twitter hero and all-around superstar J.K. Rowling had the perfect response to what can only be read as a total and complete meltdown on behalf of our nation's leader.

On Oct. 30, the indictment was made public and it was announced that two men who played pivotal roles in the Trump campaign - Paul Manafort and Rick Gates - were charged with 12 counts, including conspiracy against the US. And it was revealed that a third individual, former Trump foreign policy adviser George Papadopoulos, had already pleaded guilty to making false statements.

In light of the fact that a mere announcement set off Trump in such a way, we can only imagine what will happen as these charges and the associated trials and public reporting unfold. Suffice it to say, we're going to see a whole lot more "calm confidence" in days to come - and we can only hope that Rowling will provide such spot-on commentary throughout.




11 Oct 16:50

It's No Better to Be Safe Than Sorry

by Melissa Kirsch

There’s something so exquisite about a slowed-down, moody cover of an upbeat song you know by heart (see: Antony and the Johnsons covering Beyoncé’s “Crazy in Love”). But it can be particularly transporting when a band gives the MTV Unplugged treatment to one of their own songs. Take a-ha’s recently released acoustic…

Read more...

09 Aug 10:50

42 Random Inspirational Pictures

Collection of random inspirational pictures.

Submitted by:

17 Jul 16:10

Linux Mint 18.2 "Red" Sonya - Distro the Destroyer

by Rianne Schestowitz

Let us a-go distro-testing! Today, we focus on Linux Mint 18.2 Sonya, freshly released with a nice sprinkling of Cinnamon on the proverbial distro pudding. For years, this was one of the best performing distributions, offering a complete experience to the Linux user. Lately though, the experience has been slightly less amazing. Serena was just ok.

But then, this spring testing season - slowly moving into the summer, cue Vivaldi music - has been pretty good overall. The Ubuntu flock seems to be behaving reasonably, with the Flagship Ubuntu and in particular the KDE-flavored Kubuntu offering a splendid revival of hope and quality. Armed with this foreknowledge, we commence.

Read more

read more

02 Jul 15:29

The Mark Twain, June 1958

by Major Pepperidge
Well, you guys know the drill by now - Sunday is not "fun day" here on GDB. Instead it is the equivalent of your weekly dose of castor oil. 

I'm curious, have any of you ever seen a photo of the Mark Twain? If the answer is "yes", please leave a 1000-word comment below. 

Anyway, there it is, looking very blue. The world was just bluer then, OK? I'd explain why, but it's very technical and stuff. 

The Twain is splooshing past the bandstand that used to jut out into the River, with most of the cool people standing on the top deck. It's a little bit strange to see that area just in front of the sternwheeler, just trees and nothing much else.


Here's another photo taken mere seconds later. In addition to the steamboat, you can see a landing for one of the rafts to Tom Sawyer Island, and (to our right) the fishing dock.


05 May 14:25

An Imitation Futur but the Real Deal?

by Doug Hansford
I acquired a Ming Shi 2000S adjustable razor this week. It is one of the highly-touted Chinese-manufactured imitators of the Merkur Futur (by the way, pronounced MARE-koor foo-TOOR).The Futur is, of course, the unique German adjustable, whose patent has expired and thus allowed these completely legal, ethical imitators to exist.  I don't call the 2000S a Futur clone because it isn't an exact copy; there are some subtle differences.



I ordered my Ming Shi 2000S from Maggard Razors (maggardrazors.com) for the following reasons:

  • Good reputation for prompt order fulfillment
  • Shorter transit time from a distributor within the USA
  • From Maggard one will receive the product advertised, so I don't have to worry about communication and bait-and-switch issues that sometimes muck up purchases from off-shore sellers.
  • Good reputation for customer service

Physical Observations

I've never used nor held a genuine Merkur Futur, but let me give you my observations about the Ming Shi 2000S imitation Futur:
  • I don't use the word imitation as a pejorative. It is actually a compliment of sorts.
  • The 2000S, visually, is a nice-looking, apparently high quality instrument, with a satin-chrome finish.
  • As is frequently reported, the 2000S is a heavy weight, but not quite as heavy as the Futur. With blade it weighs 3.5 ounces (99g).
  • The overall physical dimensions of the 2000S are similar but not necessarily identical to the Futur: 
    • Overall length: ~4.25 inches (~108 mm)
    • Handle length: ~ 3.5 inches ( ~89 mm)
    • Handle diameter: ~ 3/8 inch (~9.5 mm) and ~1/2 inch (~12.7 mm)
  • The numbers that indicate the adjustment settings are applied on  rather than  inset in the handle, so it's possible that they might eventually disappear if subjected to abrasion. Only time will tell....

Blade Insertion/Removal

After reading on-line reviews on this razor design, I can confirm a few recommendations and suggest a few other things:

Like all double-edge razors, this one may be best oriented inverted when inserting or removing a blade
  • When inserting a blade, the usual method applies:
    • On a cushioning cloth, set the top cap with prongs pointing upward.
    • Lay the blade into the inverted top cap.
    • Press the baseplate-handle assembly onto the inverted top cap until the parts snap together
  • When removing a blade:
    • Lay a cushioning cloth on the counter.
    • Invert the razor (handle up) over the cloth -- close but not touching.
    • With a thumb, gently push one end of the top cap down and away from the baseplate-handle assembly.
    • The top cap will (should) fall away onto the cushioning cloth. The blade may stay in the top cap, or it may separate from the top cap and fall separately onto the cloth.
    • If the blade remains in the top cap, carefully remove it taking care not to damage the edge if you will be reusing the blade for another shave. This is not a big deal and should not be a problem for competent grown ups. ;-)

Grip

The handle has no knurling or other significant texture to aid with the grip. Some complain about this, and it's a valid complaint. Futur users have noted this as have users of Futur imitations.

I speculate that makers of imitation Futur razors did not add knurling for reasons of credibility. I suspect that if the 2000S design visually deviated from the Futur with improved knurling, its acceptance in the market place may have been slowed. From a functional perspective, however, the complaints about slipperiness are on target.

Therefore, when I have used the razor I take care to keep my razor hand dry -- certainly lather free. This has not been a big problem, but, frankly, it is the only knock that I can make about the razor to this point.

Shaves to this Point

I've used the razor for two shaves. Because the Futur has a reputation for being an aggressively-shaving razor -- even on its most mild setting -- I was cautious in my use of this 2000S. So I did shave number one with the razor set on one. I used a Personna blue blade that already had four shaves on it. I just kept my blade rotation unchanged despite the new razor. I didn't start out with any special, fresh, new-razor blade.

I did my usual process and got a good first shave. I had no wounds but a bit of irritation. I may have been pressing a bit because the razor on one was not really aggressive at all. The outcome was a good shave, not great, and I resolved that I needed to dial up the razor for the next shave.

So for the second shave, I began with the razor on 1.5. (One can do this because the settings -- like the Parker Variant and unlike Gillette adjustables -- don't have fixed detents, so there are essentially infinite settings between the highest and the lowest.) I quickly realized this wasn't sufficiently different from the maiden shave of yesterday, so I re-lathered and started again on a setting of two.

By the way, when changing the settings of the 2000S (and the Futur and other imitators) when a blade is installed -- especially mid shave with damp fingers -- it's best and highly recommended to hold the razor head by its sides using a cloth to aid one's grip and as protection against cuts from unintended slippage. 

Again for this second shave I used my usual process, the same blade, and the outcome was better than yesterday. My shave was closer, less irritation (as little as I normally get), and wound free. Today's shave was actually very good, and I must say, I'm impressed with this razor.

The Under-Nose Shave

A common complaint about the Futur and imitators is the size of the razor head. When measuring from blade edge to edge or safety bar to safety bar, this design is pretty normal. However, its long dimension (from blade tab to blade tab) is longer, obviously, because the top-cap design completely encloses the blade tabs rather than leaving them exposed as do most double-edge razors. 

This tab-covering top-cap design has its advantage, which is that you never have to worry about nicks caused by exposed blade tabs. The obvious drawback, of course, is that the wider top cap makes it slightly more difficult to get the top wiskers of the upper lip, which are right under the nose.

This isn't a big problem, and I question the motives of some who complain. Anyway, this wasn't anywhere near a show stopper for me.

The Current Verdict

I really like this razor. I would say love, except the smooth handle takes away just a bit of the joy of the shave.

I like mild- to moderate-shaving razors -- not uber aggressive -- and so I would say that reports of this razor being too aggressive on its lowest settings are exaggerated. With an appropriately light touch, this razor can likely be happily used by most shavers, whether newbies or old hands, with peach-fuzz or copper-wire hair.

I suspect that my ideal setting may ultimately be in the vicinity of two and a half or three. We'll see, but in any case, this razor, to my taste, is a keeper and a very good value. I truly do like it a lot so far. For the price and the shave, if you can deal with the smooth handle, this may be one of the best values around for an adjustable razor.



Razor Garage Sale Continues w/ New Additions & ** Price Reductions ** !!!

I'm continuing to reduce my inventory of razors, seeking a win-win solution. I win because I simplify my shaving gear, and you win because you get a good razor at a reduced cost.

Many have already taken advantage of the offerings. Don't wait or you may miss a good bargain.

Keep in mind that there is about $4 of packaging and mailing costs embedded in the prices of my DE garage-sale razors (the straight is a little less expensive to mail because it's flatter), and there really isn't a lemon in the bunch.

Happy shaving!




02 Jan 16:16

Is That How You Use a Selfie Stick?

literalism,selfie,image

Submitted by: (via pleatedjeans)

Tagged: literalism , selfie , image
01 Dec 18:13

A Drunk Lin-Manuel Miranda Tells the Sordid Story of Alexander Hamilton's Affair

Submitted by: (via Comedy Central)

Tagged: Drunk History , Video
08 Jun 11:00

FAA Warns of GPS Outages This Month During Mysterious Tests on the West Coast

by Matt Novak on Gizmodo, shared by Adam Clark Estes to io9
FAA Warns of GPS Outages This Month During Mysterious Tests on the West Coast
An aerial view of the Naval Air Weapons Station China Lake (Wikipedia)

Starting today, it appears the US military will be testing a device or devices that will potentially jam GPS signals for six hours each day. We say “appears” because officially the tests were announced by the FAA but are centered near the US Navy’s largest installation in the Mojave Desert. And the Navy won’t tell us much about what’s going on.

The FAA issued an advisory warning pilots on Saturday that global positioning systems (GPS) could be unreliable during six different days this month, primarily in the Southwestern United States. On June 7, 9, 21, 23, 28, and 30th the GPS interference testing will be taking place between 9:30am and 3:30pm Pacific time. But if you’re on the ground, you probably won’t notice interference.

The testing will be centered on China Lake, California—home to the Navy’s 1.1 million acre Naval Air Weapons Center in the Mojave Desert. The potentially lost signals will stretch hundreds of miles in each direction and will affect various types of GPS, reaching the furthest at higher altitudes. But the jamming will only affect aircraft above 50 feet. As you can see from the FAA map below, the jamming will almost reach the California-Oregon border at 4o,000 feet above sea level and 505 nautical miles at its greatest range.

FAA Warns of GPS Outages This Month During Mysterious Tests on the West Coast
Map released by the FAA showing the GPS jamming that will occur at different altitudes this month (FAA)

I gave the Naval Air Warfare Center Weapons Division a call yesterday, but they couldn’t tell me much.

“We’re aware of the flight advisory,” Deidre Patin, Public Affairs specialist for Naval Air Warfare Center Weapons Division told me over the phone. But she couldn’t give me any details about whether there was indeed GPS “jamming,” nor whether it had happened before. Patin added, “I can’t go into the details of the testing, it’s general testing for our ranges.”

As AVWeb points out, Embraer Phenom 300 business jets are being told to avoid the area completely during the tests. The FAA claims that the jamming test could interfere with the business jet’s “aircraft flight stability controls.”

GPS technology has become so ubiquitous that cheap jamming technology has become a real concern for both military and civilian aircraft. And if we had to speculate we’d say that these tests are probably pulling double duty for both offensive and defensive military capabilities. But honestly, that’s just a guess.

http://paleofuture.gizmodo.com/the-us-militar...

These tests are naturally going to fuel plenty of conspiracy theories about mind control, weather modification, and aliens—especially with China Lake’s proximity to both large population centers like LA and Las Vegas, and the fact that Area 51 is practically just down the road. But it doesn’t take a conspiracy theorist to tell us we’re fucked if terrorists or shitty teenagers make it a habit of jamming GPS signals for everybody.

If you experience any significant GPS interference this month or know the “real” reason behind these test (aliens, right?) please let us know in the comments.

Correction 11:24am: This post originally misstated that one level of interference would occur at 4,000 feet. It’s 40,000 feet above sea level, and has been corrected. I regret the error.

03 Feb 15:36

This Site Will Turn Your Rescue Dog Into a Free Plush Toy, If You're Lucky

by Andrew Liszewski on Toyland, shared by Adam Clark Estes to Gizmodo

Like the Cuddle Clones website , the people behind a Toronto-based company called Pibborafi want to create a stuffed clone of your beloved pet dog. But unlike Cuddle Clones , only a select few pups will be chosen since the process is completely free, and they have to be rescue dogs to even be considered.

Read more...











20 Nov 18:11

Warlords of Draenor: Journey into Highmaul

Highmaul is the seat of power for the Gorian Empire, the ogre civilization that ruled Draenor for generations until the arrival of the draenei. A massive city that belies the ogre reputation for brutish stupidity, Highmaul is full of bustling markets, wealthy nobles, and the roar of the Coliseum crowd echoing through the streets of the slums. Visible from everywhere within the city’s walls, Imperator Mar’gok’s citadel casts a long shadow, a reminder of his watchful eye and iron grip.

Highmaul_EM017_WoW_Lightbox_CK_550x200.jpg

Highmaul_EM002_WoW_Lightbox_CK_550x200.jpg

Highmaul is an imposing stretch of ogre-controlled territory located within Nagrand. The Highmaul Raid contains seven bosses, three of which are optional: The Butcher, Tectus, and Brackenspore. Players will need a minimum Item Level of 615 to enter the ogres’ domain Raid Finder.

Highmaul_EM013_WoW_Lightbox_CK_550x200.jpg

Highmaul_EM014_WoW_Lightbox_CK_550x200.jpg

Here’s a brief breakdown of the bosses you’ll find in Highmaul. Additional information on abilities and role-specific tips can be found within the in-game Dungeon Journal.

Gear Reward Item Level Range:640-685

Kargath Bladefist

Warlord of the Shattered Hand, Kargath honed his combat skills as a slave in the ogres’ gladiatorial games. He slaughtered countless opponents for the promise of freedom, only to be ultimately rewarded by being locked away with the other retired “champions.” Fueled by rage, Kargath severed his own hand to escape and led a revolt that soaked Draenor in ogre blood. Now, he returns to the arena to teach you the true meaning of savagery.

Highmaul_Kargath_WoW_Lightbox_CK_550x200.jpg

The Butcher (Optional Boss)

Born in the fetid Underbelly of Highmaul, this ogre may have once had a proper name, but it’s since been long forgotten. Abused and beaten from his earliest days, the hardship only strengthened his body even as it broke his mind. Now there is not an ogre in Highmaul who will not give him a wide berth as he hacks away at slaughtered carcasses to pass his days.

Highmaul_Butcher_WoW_Lightbox_CK_550x200.jpg

Tectus (Optional Boss)

An ancient embodiment of the chaotic forces that shaped the terrain of Draenor, Tectus has been twisted and enslaved by the maddened Pale Orcs—who themselves barely maintain control over this imposing force of nature.

Highmaul_Tectus_WoW_Lightbox_CK_550x200.jpg

Brackenspore (Optional Boss)

The Iron Horde juggernaut moored in the waters beside Highmaul drew the attention of Brackenspore, ancient walker of the deep. This aquatic giant spreads fungal growth and moss in its wake, and is driven by primal instinct to eradicate any traces of civilization on Draenor.

Highmaul_Brakenspore_WoW_Lightbox_CK_550x200.jpg

Twin Ogron

Guarding the entrance to the Gorthenon atop Highmaul, Pol and Phemos are the personal guard of Imperator Mar’gok. Peerless in strength and determination, what these ogron brothers lack in intelligence, they make up for with sheer size and brute force.

Highmaul_TwinOgrons_WoW_Lightbox_CK_550x200.jpg

Ko’ragh

Ko’ragh was the only ogre to survive direct exposure to a mysterious relic unearthed by the Highmaul excavations of Nagrand, leaving him with a near-complete immunity to all magic. Rumors abound regarding his connection to the Imperator, with some wondering why Ko’ragh would remain subservient to a sorcerer despite his unique gifts.

Highmaul_Koraghl_WoW_Lightbox_CK_550x200.jpg

Imperator Mar’gok

As the grand Imperator of Highmaul, Mar’gok is descended from a long line of sorcerers who ruled the Gorian Empire. With cunning that matches his brutality, Mar’gok recognized the rising tide of the Iron Horde and what it would mean to oppose them. He has acquiesced to an alliance with Grommash, even as he continues to search for a way to tip the balance of power back into his favor.

Highmaul_ImperatorMargok_WoW_Lightbox_CK_550x200.jpg

Raid Unlock Schedule

To help you plan your escapades into the heart of this dangerous new place, we’ve broken down Highmaul’s unlock schedule for you.

December 2, 2014

  • Highmaul opens with Normal and Heroic difficulties accessible.

December 9, 2014

  • Mythic difficulty and the first wing of Raid Finder (Kargath, Butcher, Brackenspore) unlock.

December 16, 2014

  • Raid Finder Wing 2 (Tectus, Twin Ogron, Ko’ragh) unlocks.

January 6, 2015

  • Raid Finder Wing 3 (Imperator Mar’gok) unlocks.

25 May 20:59

6 Open Online Photography Classes You Can Learn From At Your Own Pace

by Saikat Basu
Old-Camera

Take a few thousand bad photographs. The good ones will come in good time. This advice still holds good. We can hop, skip, and jump from the bad to the moderately good with some help. Just a Google Search gives us all the tips on digital photography. We can choose to drown ourselves in the many good photography blogs and websites that have mushroomed around this popular hobby. We can also go through the chaos of learning with some order – like an online course. These six open online photography classes could be just the thing if you like to...

Read the full article: 6 Open Online Photography Classes You Can Learn From At Your Own Pace

05 May 20:02

BlizzCon® 2014 Ticket Buying Tips

Reminder: The first batch of BlizzCon 2014 tickets goes on sale Wednesday, May 7 at 7 p.m. PDT. When the time comes, hit the link below for your chance to snag some.

Get BlizzCon 2014 Tickets Here

Tickets usually go fast, so if you want to attend this year’s show, it pays to be prepared. Ticket sales are being handled through Eventbrite this year, so a few things are different from 2013. It’s worth reading our BlizzCon Ticket Info page to learn more, and we’ve assembled a few key bits of information here to help you get ready:

The Important Stuff

  • During the checkout process, ticket purchasers will need to provide the full names and valid email addresses for each attendee (up to 4). You won’t be able to leave these blank, but you’ll have until June 6 to make changes, so don’t worry too much if you’re not sure who’s coming yet.

  • If you’re not yet sure who your guests will be, it’s best to enter your own name and email address for all of your tickets during the checkout process.

  • A couple of months before the show, the ticket purchaser will receive up to 4 emails (one for each ticket purchased), each containing a unique bar code and the name of one of your attendees. Attendees must print out and present this bar-code email along with matching photo ID at BlizzCon to receive their badge granting admission to the show.

Remember that all of these badge emails will be sent directly to the ticket purchaser, and it will be up to the purchaser to distribute them to their guests.

  • When ticket sales begin, make sure to select the correct quantity of tickets you want before you click Order Now. You will not have a chance to change the quantity after you’ve entered the checkout process, and if you try to go back, you’ll risk losing your place.

Other Handy Info

  • After clicking Order Now, you may find yourself in a “waiting room” before you enter the checkout process. Ticket buyers will be sent from the waiting room to checkout in the order they arrived, and there’s no need to refresh your browser. Keep in mind that being in the waiting room doesn’t necessarily mean you’re guaranteed tickets.

  • Once you’ve entered the checkout process, you’ll have 8 minutes to complete your order—a countdown will be displayed on-screen so you know how much time you have remaining. After 8 minutes, the tickets will be released for others to buy, drawing from those in the waiting room first.

  • Keep your browser window open until your ticket purchase is confirmed!

  • Keep in mind that tickets are only being sold online through Eventbrite. Customer support won't be able to place orders for you.

Check out the BlizzCon Ticket Info page for more details. Remember, tickets go on sale May 7 at 7 p.m. PT and May 10 at 10 a.m. at the link below. Good luck!

Get BlizzCon 2014 Tickets Here

04 Apr 15:11

BlizzCon tickets go on sale April 24 and 27

by (Adam Holisky)
BlizzCon 2013 tickets are $175 and will go on sale at the following times:
  • Wednesday, April 24 at 7 p.m. PDT
  • Saturday, April 27 at 10 a.m. PDT
BlizzCon takes place November 8 and 9 this year at the same place it's always been: the Anaheim Convention Center outside of LA. For those that cannot attend in person, a virtual ticket will be made available. And of course, we'll also have around the clock coverage on WoW Insider.

Tickets to BlizzCon have normally sold out in seconds (literally), so you'll need to be at your computer at the times above, be very quick, and have a lot of luck in order to get one.

Good luck! The full announcement is after the break.

Continue reading BlizzCon tickets go on sale April 24 and 27

Filed under: BlizzCon

BlizzCon tickets go on sale April 24 and 27 originally appeared on WoW Insider on Thu, 04 Apr 2013 10:10:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments