By timothy from Slashdot's beats-candles-6-ways-to-sunday department
Camille van Gestel and co-founder Maurits Groen started solar-centric manufacturer WakaWaka
with an explicit aim other than making money, though he's certainly not opposed to making some along the way. So it's not a non-profit, but van Gestel calls WakaWaka, which was named in a roundabout way after the Shakira song
, a "purpose-driven company," with that purpose being -- no exaggeration needed -- to cast light on the world. They're doing just that, with the aid of recycled materials, low-power LEDs, and efficient solar cells. As a result, one of the portable light products that the group has created has become one of the most valued possessions among people displaced by the war in Syria, and more are lighting up villages in Haiti and elsewhere. I talked with Van Gestel at this year's CES, where the company's picked up a pair of CES Innovation Awards, and he has some advice for people who'd like to turn their technical skills to philanthropic endeavors, especially ones that involve hardware or technical infrastructure. Some of it can be summed up as "Spread the wealth, but don't do it for free." Between ongoing feedback gathered from users, a buy-one-give-one style distribution system, and requiring participation by recipients, he says WakaWaka has been able to reach people with their solar lighting products in a way that's much more valuable than just dumping hardware on them, and along the way has gotten a lot of feedback from the buyers whose purchases subsidize the company's non-profit activities. (Alternate Video Link
.)Read Replies (0)
By timothy from Slashdot's threat-is-right department
writes with this excerpt from Threatpost Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North Korea and found more than a little weirdness. The Naenara browser is part of the Red Star operating system used in North Korea and it's a derivative of an outdated version of Mozilla Firefox. The country is known to tightly control the communications and activities of its citizens and that extends online, as well. Robert Hansen, vice president of WhiteHat Labs at WhiteHat Security, and an accomplished security researcher, recently got a copy of Naenara and began looking at its behavior, and he immediately realized that every time the browser loads, its first move is to make a request to a non-routable IP address, http://10.76.1.11./ That address is not reachable from networks outside the DPRK.
"Here's where things start to go off the rails: what this means is that all of the DPRK's national network is non-routable IP space. You heard me; they're treating their entire country like some small to medium business might treat their corporate office," Hansen wrote in a blog post detailing his findings. "The entire country of North Korea is sitting on one class A network (16,777,216 addresses). I was always under the impression they were just pretending that they owned large blocks of public IP space from a networking perspective, blocking everything and selectively turning on outbound traffic via access control lists."Read Replies (0)
By timothy from Slashdot's coming-from-inside-the-building department
An anonymous reader writes A currently unpatched bug in ASUS wireless routers has been discovered whereby
users inside a network can gain full administrative control, according to recent research conducted by security firm Accuvant. Although the flaw does not allow access to external hackers, anyone within the network can take administrative control and reroute users to malicious websites, as well as holding the ability to install malicious software. The vulnerability stems from a poorly coded service, infosvr, which is used by ASUS to facilitate router configuration by automatically monitoring the local area network (LAN) and identifying other connected routers. Infosvr runs with root privileges and contains an unauthenticated command execution vulnerability, in turn permitting anyone connected to the LAN to gain control by sending a user datagram protocol (UDP) package to the router.
In relevant part: The block starts off by excluding a couple of OpCode values, which presumably do not require authentication by design. Then, it calls the memcpy and suspiciously checks the return value against zero. This is highly indicative that the author intended to use memcmp instead. That said, even if this check was implemented properly, knowing the device’s MAC address is hardly sufficient authentication,” said Drake.
Here are the technical details at GitHub
.Read Replies (0)
By samzenpus from Slashdot's natives-getting-restless department
An anonymous reader writes HTTP/2 is back in the spotlight again. After drawing significant ire over a proposal for officially sanctioned snooping, the IETF is drawing criticism for plowing ahead with its plans for HTTP/2 on an unrealistically short schedule and with an insufficiently clear charter. A few days ago the IETF announced Last Call for comments on the HTTP/2 protocol.
Poul-Henning Kamp writes, "Some will expect a major update to the world's most popular protocol to be a technical masterpiece and textbook example for future students of protocol design. Some will expect that a protocol designed during the Snowden revelations will improve their privacy. Others will more cynically suspect the opposite. There may be a general assumption of 'faster.' Many will probably also assume it is 'greener.' And some of us are jaded enough to see the "2.0" and mutter 'Uh-oh, Second Systems Syndrome.' The cheat sheet answers are: no, no, probably not, maybe, no and yes."
"Given this rather mediocre grade-sheet, you may be wondering why HTTP/2.0 is even being considered as a standard in the first place. The Answer is Politics. Google came up with the SPDY protocol, and since they have their own browser, they could play around as they choose to, optimizing the protocol for their particular needs. SPDY was a very good prototype which showed clearly that there was potential for improvement in a new version of the HTTP protocol. Kudos to Google for that. But SPDY also started to smell a lot like a 'walled garden'."
< article continued at Slashdot
>Read Replies (0)