Tech News

Facebook Like Gates Are Dead

fake-like-page-hero

Ever had an offer to get something for free if all you did was click ‘Like’ on the companies Facebook page? The gravy train for consumers that willingly traded their marketing information in exchange for free tacos and car washes are coming to an end. Read more

Filed under Tech News, Technology

How Google’s I/O Announcements Will Impact Future Product Development

bw-hero

Google’s message is clear: Android isn’t just for phones and tablets anymore

We learned a lot about what will excite developers and product managers at our Google IO Extended event – and what it all means for your app development plans. We had a room full of developers, product managers, and user experience designers in the audience. Their collective claps, murmurs of delight, and excited chatter helped to highlight some of the most exciting announcements.

“Let’s look at all of the places we are putting the Android brand and where you can work with it… On your walk, in your work, in your car, and on your TV, or in your living room. It’s a push for Android to become the focus of what Google is talking about.” – Ben Dolmar

Read more

Filed under Events, Tech News

Chrome Cube Lab marks Rubik’s@40 – and today’s Google doodle

RubiksIn an awesome act of creative collaboration (and a lot of sweat), The Nerdery helped Google this morning to launch Chrome Cube Lab to honor the 40th anniversary of the Rubik’s Cube (see today’s timely Google doodle). Originally created by Ernő Rubik, the Rubik’s Cube is a logic puzzle that has been a favorite of engineers and mathematical types since its debut.

Written in Google Go, Chrome Cube Lab provides a showcase for a fantastic rebuild of this puzzle inside of the web browser.  It leverages JavaScript, CSS3 and a whole host of awesome technologies to provide a real-time interactive spinning cube. Even cooler? It’s open to spin-offs and new interpretations of the cube. Read more

For security’s sake update WordPress to version 3.8.2

On April 8, 2014 WordPress released a security update to version 3.8.2. The announcement that accompanied the release states “this is an important security release for all previous versions and we strongly encourage you to update your sites immediately.”

WP 3.8.2 addresses two potentially serious security vulnerabilities, includes three security hardening changes, and addresses nine “other bugs.” Most notably the following security issues are addressed:

  • Potential authentication cookie forgery. CVE-2014-0166. (Very serious vulnerability!)
  • Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.

  • Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.

  • Fix a low-impact SQL injection by trusted users.

  • Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.

Additionally: JetPack – the wordpress.com feature-rich plugin suite – was updated to version 2.9.3 to address similar issues.

If your site is currently operating a WordPress version below 3.8.2 or Jetpack version below 2.9.3, you may be at risk and should consider upgrading as soon as possible. 

Filed under Tech News, Technology

Heartbleed bug security alert: Your web server/data may be vulnerable – test your domains

On Monday evening, a security firm announced a new vulnerability in a key internet technology that can result in the disclosure of user passwords. This vulnerability is widespread and affects more than two-thirds of the web servers on the planet including top-tier sites like Yahoo and Amazon. If you have a secure (https) website hosted on a Linux/Unix servers using Apache or Nginx or any other service using OpenSSL, you are likely vulnerable.

For a detailed breakdown of this vulnerability, please see this site. This security vulnerability may affect up to two-thirds of all web servers. We urge you to assess your vulnerability immediately, and reach out for help.

How can I get help to fix this problem?

How can I see if my servers are vulnerable?

You can use this site to test your domains for the vulnerability. Enter the domain of your HTTPS web site. If you get a red positive result, you are vulnerable.

In addition, you can execute the following command on your servers to see if they are running a vulnerable version of OpenSSL: openssl version -a

If the version returned is 1.0.1, and its build date is before April 7th, 2014, you are vulnerable.

How can I fix it if I am vulnerable?

You will need to obtain a patched version of OpenSSL and install it on all vulnerable servers. Updated packages should be available for Debian, RedHat, Ubuntu, and CentOS via their package managers. If a package is not available for your platform, you can recompile the OpenSSL package (version 1.0.1g) with the NO_HEARTBEAT flag, which will disable this vulnerability. After updating, restart any services that are using SSL and re-test your domain using the link above (http://filippo.io/Heartbleed/).

For information on your specific Linux distribution see:

Additionally, you should strongly consider changing passwords and/or resetting SSL certificates, but only after OpenSSL has been updated.

What is the vulnerability?

With the vulnerability, called Heartbleed, attackers can obtain sensitive information from servers running certain versions of OpenSSL. Examples of sensitive information include private encryption keys for SSL certificates, usernames/passwords, SSH private keys on those servers and more. Attackers which obtain the keys to your SSL certificates can then set up a man-in-the-middle attack between you and your customers and obtain secure information, such as credit card numbers and authentication credentials. The vulnerability was publicly disclosed Monday, 4/7/2014.

If you have any questions, please contact us, or ping your own go-to Nerdery contact right away. We’ll help analyze your risk and protect your data. If The Nerdery can be a resource to you in any way, we will.

Filed under Tech News, Technology

What is Android Wear, and Why Should You Care?

google-android-wearGoogle rocked boats recently by announcing Android Wear. “What is Android Wear?” you ask? It’s a specialized version of Android designed to run on wearable computers. Right now, we’ve already seen two Android Wear devices slated for release in Q2 of 2014 – the square LG G Watch and the round Moto 360.  These watches will pair with any Android handset running Android 4.3 or greater. This is a refreshing change from smart watches such as the Galaxy Gear which restrict the owners to pairing with the few compatible Galaxy devices. Right now, both of the Android Wear devices publicly announced are currently considered “smart watches.” However, the name “Wear” means more product form factors will be explored in the near future according to the lead designer of Moto 360.

So, what is to know about these devices? Read more

Filed under Tech News, Technology

A Developers Perspective on The Whirlwind of Announcements From GDC 2014

Growing up with the game industry has truly been a great pleasure. One of the coolest things about my time with the industry has been the recent years of incredible growth and the industry’s emergence as a leader in the entertainment industry. In that growth, conferences like E3, PAX, and GDC have only gotten bigger and crazier. GDC (Game Developer Conference) has a couple of different iterations (such as GDC Europe, GDC Asia, and GDC Next), but GDC ‘Prime’ (Simply known as ‘GDC’) is where all stops are pulled and vendors show off their latest and greatest.

This year’s GDC just wrapped and it has been a whirlwind week. There is so much to talk about in the way of technology and game announcements, but the focus of this article is going to be around core game engines and virtual reality technology. So what all happened at this conference people should care about? Read more

Filed under Tech News, Technology

NerdCast #85: Targeted Cyber Crime – Discussing BlackPOS

NerdCast Album ArtOn this episode of the NerdCast we interview security experts Chris Wade and Jason Herbst from the Nerdery QA team. We look at the malware that was used to target high profile retail companies in a massive case of stolen data. The software called BlackPOS is a brilliant piece of software and in another context is genius in its design. Hear more about how the malware works, what it can reportedly do based on security research firms, and what Jason and Chris think of our current state of security.

Host: Ryan Carlson (Tech Evangelist)

Guests: Chris Wade and Jason Herbst (QA Department)

Listen Now: Running Time: 0:23:13 / Subscribe on iTunes

Play

Bitcoin Wallet Development Using Javascript and HTLM5 with Kyle Drake

Kyle Drake came to The Nerdery to share with our developers (and former co-workers) his next big venture into the world of Bitcoin development. Kyle tells the story about how the idea came about for Coin Punk (coinpunk.com), a new way of managing a Bitcoin wallet with browser-based Javascript and HTLM5 for handling crypto. He proposes this as a safer and more secure way of managing public and private Bitcoin keys after centralized Bitcoin wallet services suffered from millions of dollars in theft due to security breaches on the centralized servers.

So, who is ready to invest in Bitcoin?

Filed under Tech News, Tech Talk

iOS App Submissions After February 1st Will Require iOS 7 Compatibility

Building a new App for iOS or planning on submitting an update to your existing iOS App? The clock is ticking if you are not already fully iOS 7 compatible. According to Apple, starting February 1, new apps and app updates submitted to the App Store must be built with the latest version of Xcode 5 and must be optimized for iOS 7.

This could cause some waves for organizations with an App that requires included support legacy iOS devices. Rebuilding everything in Xcode 5 has it’s advantages with access to new APIs and code libraries. This shift in development environments may not be an option right now if your App has a substantial number of legacy iPhone 3 and iPhone 3S devices in circulation.

How do I know what version of the SDK was used to build my App?

ProTip: If your App has the option to enter text with the onscreen keyboard you can identify whether or not it is using the latest SDK based on the keyboard user interface.

Below is an image of the new keyboard-style:

image of the new keyboard compiled with the new SDK

Below is the keyboard compiled under the older versions of the iOS SDK:

image of the old iOS keyboard style

Why is upgrading to the latest SDK so important?

After February 1st Apps using the older versions of the iOS SDK will be unable to:

  • Make fixes to typos
  • Make bug fixes
  • React to 3rd party platforms like Facebook that makes a change to their API
  • Update an App that falls out of compliance for payment acceptance, accessibility, and other legal issues
Filed under Tech News, Tech Tips