Commentary: April 2014 Archives

Books

| | Comments (0)

I've finished quite a few books recently that still haven't managed to get blogged.

The Earthsea Quartet, by Ursula LaGuin
Finished this earlier in the year.  Quite an enjoyable series.

The Delinquents, by Criena Rohan
Never saw the movie of this.  Book was ok.

Fatal Voyage, by Kathy Reichs
Devoured this book, finishing it quite quickly.  Started a bit like an Air Crash Investigations :)  Great read as always.

Animal Farm, by George Orwell
Yeah I'd never read this before either.  Short book, finished in two days.

Lego Movie

4.4.14

Went along with Neil to see The Lego Movie. 

Because it took until *APRIL* for it to be released here *grumblemutter*

But it was totally worth the wait! :)

Loved it :)

Even the whole "meta" thing I didn't mind so much.

Scarily I could find myself identifying with the bad guy.  Lego is not a kids toy dammit - kids lose pieces and break things!  However I do agree that the use of Kragle on Lego is sacriledge.

I liked that they got Billy Dee Williams and Anthony Daniels, but sadly it seems they weren't able to get Harrison Ford.

And I might have had "Everything is awesome!  Everything is cool when you're part of a team" in my head for the past couple of weeks ...

Working in a state office away from my team, and not following any news sites closely, I was out of the loop about Heartbleed until today.  Then I read about it.  And got scared.

xkcd summed it up - "Heartbleed must be the worst web security lapse ever.  .. Worst so far. Give us time."

Basically it's a vulnerability in SSL (used on https websites) which makes them essentially completely open to the web.  Any data you transmit to an affected site is NOT secure.  Anyone can read it.  And not only that, but if the affected server doesn't replace their SSL certificates/keys, they continue to be vulnerable, because the keys are out there.  And they never ever should be.  Yeah, really really messy.

Initial reports indicated that two thirds of SSL sites on the internet could be affected, but it seems to be smaller than that.  Big sites confirmed to be affected included Yahoo, Flickr, Imgur, ok cupid.  From what I've seen so far, local banking sites, ebay and paypal aren't currently affected, buy they may have been in the past, or even yesterday.  I haven't seen many .au sites come up, although I did see vic.gov.au come up.

General advice is: change all your passwords on affected sites that you've accessed recently (the vulnerability is two years old, but there doesn't seem to be any evidence that it was in the wild until the past couple of days.. although having said that, it doesn't show up in logs so it's possible people have been collecting stuff very quietly).  And then change them again after the certificate has been fixed.  

There's a couple of test sites around - eg http://filippo.io/Heartbleed/ and https://www.ssllabs.com/ssltest/index.html

Fortunately none of our public facing websites at work are affected, so that's a relief!

Kazza's "Boring Life Of a Geek" aka BLOG

IT geek, originally from Sydney, moved to Canberra in 2007. Married to "the sweetie", aka Stu. Prolific photographer, Lego junkie and tropical fish keeper.

Kazza the Blank One home