Andrew Zarian is on the show and we’ll kick around some Heartbleed news to scare the SSL out of you, plus what the governments doing to help patch software. And Jessica Dolcourt helps us decide if Windows Phone’s Cortana will inspire us to ditch Siri or Google Now.

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes
Today’s guest:  Andrew Zarian of the GFQ Network and Jessica Dolcourt of cnet.com

Headlines

TechCrunch reports Windows Phone 8.1 arrived today for developers as a developer preview. While the OS is not finished, pretty much anybody can get it by signing up for a free Microsoft developer account and starting a project. Of course you voice your warranty and you can’t roll back to Windows Phone 8, so it may not be for everyone. Reviews of the OS came out today too with many people raving about Microsoft’s voice-activated assistant Cortana. That feature is only available in the US.

Engadget posted Google has agreed to buy Titan Aerospace, makers of solar powered drones. You may recall Facebook was in talk with Titan Aerospace a few months ago. Facebook bought a different company called Ascenta. The WSJ says Google intends to use the drones as part of its Project Loon attempt to broadcast the Internet from floating weather balloons.

Mozilla’s Mitchell Baker announced the appointment of Chris Beard to the Mozilla Board and the position of interim CEO. Beard has worked at Mozilla since 2004. He has an MBA from the University of Edibnburgh and worked in senior product and marketing roles at HP and Sun as well as founding the Puffin Group which was acquired by Linuxcare. Beard joined VC firm Greylock in July 2013.

Heart Monitor

Friday we told you Cloudflare had opened a server to be hacked, to see if private keys really could be extracted from a server by exploiting the Heartbleed vulnerability. It took 9 hours for someone to do so. Ars Technica reports software engineer Fedor Indutny and Ilkka Mattila at NCSC-FI obtained the keys. As of Saturday, CloudFlare had confirmed four “winners”, the other two being Rubin Xu, a PhD student in the Security group of Cambridge University and security researcher Ben Murphy.

A more worrisome exploitation of Heartbleed came from the Canada Revenue Agency which reported 900 Social Insurance Numbers stolen by someone taking advantage of Heartbleed. The CBC reports the theft was discovered by admins who were patching the CRA’s servers. The agency is still examining the breach to see if data related to businesses had been removed as well. The agency did not describe how the attackers used Heartbleed to gather the numbers. Anyone affected will be provided with free credit protection.

Of course patching the bug is not simple as Akamai has learned the hard way. PC World reports Akamai is reissuing all SSL certificates and security keys used to encrypt connections between its customers websites and visitors. Akamai THOUGHT its customers were less vulnerable to Heartbleed because of custom code related to how the keys were stored. Akamai released that code Friday to help out other researchers. As if to demonstrate the value of open source, researcher Willem Pinckaers found defects in the code Sunday. Akamai’s code left three of six critical values of an RSA key unprotected allowing an attacker to calculate the rest of the key.

Of course maybe all this could have been fixed years ago if the US NSA had let companies know about Heartbleed. Bloomberg reported Friday that two sources told them the NSA knew about Heartbleed for two years. A statement from the Office of the Director of National Intelligence said, “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong.”

Of course that doesn’t mean the US government agencies don’t find out about flaws and keep it to themselves sometimes. The New York Times reports the White House response to allegations the NSA knew about Heartbleed was to issue a statement saying there is now a “bias toward responsibly disclosing such vulnerabilities.” The exception of course is when there is “a clear national security or law enforcement need.”

News From You

AllanAV sent in the Ars Technica republication of the Wired UK article on a glow-in-the-dark road that debuted in the Netherlands on a 500 meter stretch of the N329 highway, replacing streetlights. The markings are not merely reflective, but created with photo-luminescent powder integrated into the road paint, developed in conjunction with road construction company Heijmans.

tekkyn00b posted the MacRumors article passing along the StreetInsider story that Jefferies analyst Peter Misek claims Apple wants to raise the price of the iPhone 6 $100 if they can get the carriers to agree. No carrier will likely WANT to raise the price in this world of bargain smartphones but Misek argues “Carriers realize that the iPhone 6 will likely be the only headline-worthy high-end phone launched this year and that they will lose subs if they do not offer it.”

And melchizedek74 pointed us to The Verge article that noticed Comcast’s Netflix speeds have improved dramatically since the two companies agreed to an interconnect contract. Comcast is the 5th fastest streamer at an 2.5Gbps for Netflix streams in March, vs. the average 1.15 Mbps it reported in January.

Discussion Section Links: Windows Phone 8.1 & 

http://www.cnet.com/news/cortana-vs-siri-vs-google-now/

http://arstechnica.com/gadgets/2014/04/windows-phone-8-1-review-a-magnificent-smartphone-platform/

http://www.theverge.com/2014/4/14/5612322/windows-phone-8-1-download-features

 

 http://www.nytimes.com/2014/04/13/us/politics/obama-lets-nsa-exploit-some-internet-flaws-officials-say.html?_r=0

http://www.bloomberg.com/news/2014-04-14/president-s-security-flaw-guidance-seen-hard-to-implement.html 

When the see the lunar eclipse!

http://mashable.com/2014/04/14/what-time-is-the-lunar-eclipse/?utm_cid=mash-com-Tw-main-link

Pick of the Day: Hitbliss via Mike!

Tuesday’s guest: Nicole Lee, Engadget

We chat with students from Greenville High School in Illinois about tech topics on their mind like Internet sovereignty, piracy and Heartbleed.

MP3

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes

Today’s guests: The students of Greenville High (Go GHS Comets!)  

Headlines

The Verge reports CloudFlare has announced the Heartbleed vulnerability may not leak the private keys of servers after all, reducing the severity of the bug greatly. Theoretically an attacker could exploit the heartbleed problem to extract the keys to a servers security and then impersonate it. Cloudflare has been unable to do so in testing for two weeks leading them to suggest it may be very hard if not impossible. To further test the theory, Cloudfare set up an intentionally vulnerable server at https://www.cloudflarechallenge.com/heartbleed and invited all comers to try stealing its keys.

That’s good news for owners of certain network routers from Cisco and Juniper Networks as those routers have been identified as using the version of OPenSSL that contains the Heartbleed vulnerability. Both companies are investigating their product libraries and making lists of affected devices, as well as working on patches.

Tax day in the US will be a bit more fun for residents. On April 15 in the US, Google will allow anyone over the age of 18 the privilege of plunking down $1500 to purchase a pair of the Explorer edition of Google Glass for a limited time. To get in on the action you can sign up for a reminder at http://www.google.com/glass/start/how-to-get-one/

TechCrunch reports that in addition to 15 new ad units announced yesterday, Twitter is also adding Web notifications to desktop users. The feature was noticed by Michel Wester of Holland as a disabled option in one of his test accounts. Twitter users can real-time notifications from mobile apps for things like posts that mention your name and such, but on the desktop they need to use third-party software.

Reuters reports patent buyer or depending in your view of things, patent troll, Intellectual Ventures has convinced Microsoft and Sony to invest in its latest round of fundraising. Apple and Intel declined. Intellectual Ventures buys patents and then makes money re-licensing them.

News From You: 

MikePKennedy posted the story that Facebook has announced plans to penalize Facebook Page operators that try to bait users into liking their page and sharing content. Facebook says it will pull or demote these kinds of posts from commercial pages: Like-baiting posts that frequently beg for likes and Spammy posts that contain, “only ads or a combination of frequently circulated content and ads.”

habichuelacondulce submitted the CNET report that the Internet advertisng Bureau announced Thursday that Internet advertising generated $42.8 billion in revenue in 2013. That’s a 17% increase over 2012 but bigger news than that is the fact that broadcast TV advertising generated $40.1 billion. That means Internet advertising surpassed broadcast TV advertising for the first time. Though they have a ways to go to catch all TV advertising. And Internet advertising sells a combo of print-like as well as TV-like ads. In fact, search ads generated $18.4 billion, Display ads generated $12.8 billion, and digital video $2.8 billion.

SkyJedi and Galcyon both submitted this story. Engadget reports Amazon is purchasing popular digital comic book seller Comixology. The service has Web and mobile app access to libraries of digital comics from most major and many smaller publishers. It’s guided view technology attempts to make frame by frame reading of comics smooth and easy. Amazon currently sells single issues and graphic novels on Kindle. Amazon expects to find ways to make Comixology and Kindle work better together, but Amazon will retain the Comixology branding and continue to support existing apps.

And HobbitfromPA sent in the Ars Technica story about the Solar Impulse 2. Its a solar-powered plane with the wingspan of a 747 and a weight of 2300 kilograms, about that of an average automobile. It cruises at a maximum speed of 140 kilometers an hour and slows down at night when it runs off batteries. Team head Bertrand Piccard and engineer André Borschberg will start test flights in the next few weeks with the goal of a flight around the world next March.

Discussion Section Links: Thoughts from Greenville

Monday’s guest: Andrew Zarian

A technical error cut this amazing bit out of our News from You show Thursday. We give it to you now in it’s full Jon Strickland glory. Thanks Jon!

Listen here for Jon Strickland!)