Darren Kitchen is on the show to help us understand why we shouldn’t freak out about the OAuth flaw, and what Apple, Google and Facebook are really doing to protect their users from government data requests.

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes

Today’s guest: Darren Kitchen, hak5.org

Headlines

Our top story on the subreddit was submitted by Beatmaster80 and tekkyn00b. Apple, Microsoft, Facebook and Google are all updating their policies to expand the notification they give users when a government agency requests their personal data. Yahoo announced a similar policy in July, and Twitter has always done so. Users would not be notified if a court order prevents it or if there is imminent risk of physical harm to a potential crime victim. The policies will have no effect on NSA data collection or National Security Letters both of which are required to remain secret by law.

bmorales submitted a CNET story about Nanyang Technolohical University student Wang Jing uncovering a flaw in OAuth and OpenID that could be used to steal a login token from services like Facebook or Google, when using those services to login to a third party site. The token could then be used to retrieve data from Google or Facebook. Mashable’s Christina Warren has an excellent writeup of the issue. It’s not a weakness in OAuth at all but caused by a weak implementation on the third-party website’s side, which could be mitigated by certain practices on the side of Facebook or Google. Also, the attack requires you to click a suspicious link AND choose to then login with a service. So no. This is not another Heartbleed.

The Next Web reports Microsoft’s Windows Phone manager, Joe Belfiore held a Reddit AMA today where he said Windows Phone will get a file manager by the end of the month, hopefully. The app will let you create new folders, move files from one folder to another, and search within folders.

Ars Technica reports on a system called Large Emergency Event Digital Information Repository, meant to let citizens upload videos and photos to help police investigations and disaster response. Amazon Web Services has teamed with the Los Angeles Sheriff’s Department on the project. Santa Barbara, CA authorities are the first to use the system and are calling on the public to upload images taken of a riot last month at the Isla Vista community near the University of California at Santa Barbara. Apps for LEEDIR are available for iOS and Android. 

The Verge reports the next Call of Duty game, Advanced Warfare, will launch on November 4th, and star Kevin Spacey as head of a private military corporation that has launched an attack on the US. The first trailer showed up on the official Call of Duty YouTube page late last night. 

Macrumors reports Apple is expanding its iTunes Match service to Japan. The service, which costs ¥3,980 per year, lets iTunes users match their library with cloud versions of the songs for quick storage, which can then be accessed from any Apple device.  

News From You

KAPT_Kipper posted a GigaOm story that a class action complaint has been filed against Google, alleging secret deals force Samsung and others to use the Google search engine on mobile devices, creating a search monopoly, which in turn makes devices cost more. The crux of the complaint is that Google offers Mobile Application Distribution Agreements, which require device makers to make Google the default search engine if they want to include Google’s other mobile apps like YouTube and the Google Play app store. Google told GigaOm by email “Anyone can use Android without Google and anyone can use Google without Android. 

metalfreak sent in the PC World story about the Attorney General for the US state of Washington filing a lawsuit against a company that raised $25,000 on Kickstarter but failed to deliver its product, a retro-horror playing-card deck called Asylum. The project funded in October 2012 and has yet to deliver any rewards. Kickstarter’s terms of use requires creators to fulfill all rewards of their projects or refund backers. The complaint, filed in King County Superior Court, seeks restitution for consumers and as much as $2,000 per violation of the state’s Consumer Protection Act.

Beatmaster80 pointed us to the Record story that Lila Tretikov has been named Executive Director of Wikimedia Foundation, the nonprofit organization that runs Wikipedia among other projects. Outgoing director Sue Gardner will end her term on June 1. Tretikov was previously chief product officer at SugarCRM. Tretikov’s personal background growing up in the Soviet Union and her experience with open-source engineering seem to be the main reasons she got the job.

KAPT_Kipper posted an ITWorld story that Sony has developed magnetic tape that stores data at 148 gigabits per square inch, 74 times the density of standard tapes. That could mean 185 TB tape cartridges. Current LTO-6 cartridges can handle up to 2.5 TB. Tape is still used for long-term data storage. The Tape Storage Council industry group reports tape capacity shipments grew by 13 percent in 2012 and were projected to grow by 26 percent last year.

Pootinky pointed to a a slashdot posting about a Vanderbilt University graduate student, working at Oak Ridge National Laboratory, who has discovered a way to create three-atom-thick nanowires capable of linking transistors and other components. It’s a step toward devices that could be as thin as paper.

Discussion Section Links:  New Security Flaw discovered

http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/

http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html

http://mashable.com/2014/05/02/oauth-openid-not-new-heartbleed

http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-08#section-4.1.5

http://www.washingtonpost.com/business/technology/apple-facebook-others-defy-authorities-increasingly-notify-users-of-secret-data-demands-after-snowden-revelations/2014/05/01/b41539c6-cfd1-11e3-b812-0c92213941f4_story.html?hpid=z1

Pick of the Day:  Dogeforsale.com via Luke Olsen

Looking to get into some Dogecoins before the DogeCar takes the track at Talladega this weekend. Not sure how to how to navigate crypto exchanges? Have no fear dogeforsale.com is here. Its a site where users can buy and sell Dogecoins with paypal, google wallet, debit cards, etc. The site is a basic escrow service, it holds the coins during the transaction. Get Dogecoins fast and securely. much speed very secure. DISCLAIMER: I’m a seller on the site “SkyJedi” 

Good cause of the day: Podcamp Nashville

PodCamp Nashville happening May 17 in Nashville, TN is one of the last and largest Podcamps in the country. They are in need of sponsors and patrons or will have to cut out major parts of the event or cancel. For as little at $100 you can become of friend of this event the has been so vital to the Nashville creative community. This Friday is a deadline that they need to make a $2500 payment for the event. If you or a company you many know would like to help out Podcamp Nashville please visit: http://bit.ly/pcn14friend

Len Peralta was on assignment today So Jennie did some 8th grade-level fear-based art: What’s A Poor Normal To Do

Monday’s guest: Jon Strickland

Denise Howell is on the show today and we’ll touch on Foursquare splitting, what Hulu’s model should be, and how you can tell the FCC what you think of their net neutrality stance.

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes
Today’s guest: Denise Howell, of This Week in Law

Headlines

TechCrunch reports Foursquare will split its app into two. The original FourSquare app will no longer have a check-in function but focus on discovery, exploration and recommendations. It will use geolocation to track where you go and how long you stay. The other app, called Swarm, will have the traditional check-in feature with a heat-map and the ability to see nearby friends. Swarm will also have a messaging feature. 

Boy Genius Report, which seems to have a never-ending supply of Amazon smartphone leaks, has another Amazon smartphone leak. This time it’s a picture of the phone, NOT hidden in a case. Instead multiple sources have verified to BGR that they have a real image of the design of the front and back of the yet-to-be-officially-acknowledged phone. Amazon is widely expected to launch the phone in Q3.

TechCrunch reports snapchat added two new features today. A traditional chat like interface lets you talk in text in realtime. You know like text messaging. The other feature lets you make a video call from that text chat screen. You’ll have to keep your finger on the screen to keep the video active, although the call will stay live. When you leave a call or chat and swipe back to the main screen your chat history disappears in typical snapchat fashion. The update should arrive for iOS and Android later today.

Microsoft has released patches for all supported version of Internet Explorer to fix a nasty zero-day vulnerability that could allow attackers to get full user permissions over a PC. In a surprise move, Microsoft issued patches for users of Windows XP. Microsoft officially stopped supporting the 12-year-old XP in April. 

News From You

Spsheridan submitted our top story on the subreddit. BGR passed along a WSJ story that big tech companies like Google, Netflix and Yahoo, “say they are considering mobilizing a grass-roots campaign to rally public opinion around the idea that the Internet’s pipes should be equally open for all.” Last week FCC Chairman Tom Wheeler admitted he will propose Open Internet rules that would allow for “commercially reasonable” prioritization of certain Internet traffic.

tekkyn00b posted all the T-Mobile stories from Android Central today. For one T-Mobile USA has acquired 700 MHz spectrum from Verizon, which will help improve LTE coverage. T-Mobile also published its Q1 earnings reports. The good news, is the company added 2.4 million customers, bringing it close to third place Sprint. The bad news, it lost $20 million because of the costs of acquiring all those new customers. Still long-term that bet should pay off. IN adition Recode reports T-Mobile CFO Braxton Carter and marketing chief Mike Sievert say a potential merger with Sprint would only allow them to become more disruptive. Like an un-carrier on steroids, Carter’s words. 

habichuelacondulce submitted the CNET story that AT&T has raised the possibility of acquiring DirecTV according to sources talking to the Wall Street Journal. Apparently AT&T started flirting with DirecTV in February in response to the potential Comcast TimeWarner Cable merger. Of course AT&T has allegedly flirted with Dish Network before as well. Are they serious or just a tease? They’ll never tell. Until they file with the SEC then they’ll be legally required to tell. 

Spsheridan spotted the Ars Technica story about Google Now for Android helping you remember where you parked, automatically. You don’t even have to yell “remember where we parked!” or anything. Using Android’s Activity Recognition System to detect when you go from driving to stopping then walking, Google Now notes the GPS location of the stopping part. Of course if you’re in a multi-level garage you still need to remember what floor you’re on. 

MikePKennedy submitted the Verge story that Amazon has admitted it has been offering same-day delivery service to San Francisco, Dallas, since earlier this year. Don’t you feel better not hiding that anymore Amazon? Other same-day markets also got their deadlines pushed a little later in the day. So you folks in Indianapolis now have until 11:30 AM not that ungodly 7 AM deadline you’ve suffered under up until now. Although there’s bad news fro Las Vegas which is losing its same day service. Sometimes you win sometimes you lose your same-day service, Vegas. And New Yorkers now have to make their orders 30 minutes earlier to qualify. Stop yer whining New Yorkers just get up earlier and order!

Beatmaster80 pointed us at the Ars Technica story about Zenimax Media, the parent company of Id Software and John Carmack’s old employer, alleging that Carmack is a thieving little thief. Actually Zenimax alleges that technology Carmack developed while he was still at Zenimax was the genesis of what would eventually become the Oculus Rift development kit. Carmack left Zenimax-owned id in November. Carmack tweeted, “No work I have ever done has been patented. Zenimax owns the code that I wrote, but they don’t own VR.”

Discussion Section Links:  Net Neutrality

http://arstechnica.com/business/2014/04/state-laws-that-ban-municipal-internet-will-be-invalidated-fcc-chair-says/

http://bgr.com/2014/04/30/google-netflix-fcc-net-neutrality/
http://www.theverge.com/2014/4/30/5666628/your-corporate-internet-nightmare-starts-now

http://www.fcc.gov/comments 

Pick of the Day:  Waze

Friday’s guest: Darren Kitchen of hak5.org

Brian Brushwood joins the show to chat about Facebook getting all privacy-friendly and Hulu allowing free full episodes on your phone. The FCC even says it will fight for municipal broadband. It’s the nicest day on the Internet ever!

MP3

Multiple versions (ogg, video etc.) from Archive.org.
Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes

Today’s guest:  Brian Brushwood of the Night Attack  e

Headlines

Facebook had a few big announcement at the F8 developer’s conference Wednesday morning. Using Facebook to login on another service is now entirely under the user’s control. Users can choose line by line what they will and will not share with another service. Up to and including the ability to log in entirely anonymously. The company also promises to fix bugs within 48 hours, support all APIs for two years, and open source a system called AppLink that makes it easy for mobile apps to link directly to each other without going to a browser. Finally Facebook announced their “Audience Network,” a way to buy ads on non-Facebook sites that benefit from Facebook’s data. Facebook Audience Network is open for registration today.

Hulu CEO Mike Hopkins announced in a blog post today that this summer Hulu’s mobile apps will get a selection of full episodes for free, without needing a Hulu Plus subscription. Hulu added clips from shows to the Hulu app for non-subscribers in October. The feature will come first to its Android apps. The post also mentioned a redesigned iOS app coming later this summer as well as new ad units, including one that would allow a viewer to order something like a Pizza without leaving the Hulu experience.

Our top story on the Subreddit today, Ars Technica reports FCC Chairman Tom Wheeler, speaking at the Cable Show, said he intends “to preempt state laws that ban competition from community broadband.” 20 US states have laws limiting muncipalities ability to create their own broadband infrastructure. TechCrunch also reports Wheeler said “If someone acts to divide the Internet between “haves” and “have-nots,” we will use every power at our disposal to stop it,” including considering reclassifying ISP’s as telecommunications providers. Wheller also said “Prioritizing some traffic by forcing the rest of the traffic into a congested lane won’t be permitted under any proposed Open Internet rule”. State laws that ban municipal Internet will be invalidated, FCC chair says

The Verge reports Google launched standalone iOS and Android apps for Google Docs, its word processing program, Google Sheets, its spreadsheet program and Google Slides, its presentation program. The new apps are similar to their counterparts in the unified Google Drive app, but with a different color scheme.

Wired reports on Dark Wallet, a bitcoin application designed to protect its user’s identities in more ways than the bitcoin system does on its own. Chiefly the application encrypts and mixes together users payment infos, so its not easily traceable from the Bitcoin public ledger. Dark Wallet was conceived by Wilson and Amir Taaki. Wilson Taaki also created the first entirely 3D-printed gun. Dark Wallet is set for release on Thursday. 

News From You

MikePKennedy submitted the Engadget report of the WSJ story THAT Google has stopped scanning the 30 million email accounts registered under its apps for education program. Google scans email in order to display ads triggered by keywords. Ads were never used int he product, but the data was mined to inform targeted ads elsewhere. 

metalfreak submitted the Slashdot posting alerting readers to the fact that the Cybersecurity Information Sharing and Protection Act (CISPA), is being considered by the US Senate Intelligence Committee. This third version of the bill was written by committe chair Dianne Feinstein and is circulating but has not yet been introduced. Under the current draft of the bill, companies could not be sued for incorrectly sharing customer information with the federal government, and broad law enforcement sharing could allow for the creation of backdoor wiretaps.

tekkyn00b submitted the Verge story that the US Supreme Court made it easier to force the losing party in a patent suit to pay the legal fees of the winner. This is widely seen as a way to discourage frivolous patent lawsuits. The Patent Act stipulates a case must be exceptional in order for the legal fees to be shifted to the loser. Lower courts have used a high standard to determine when a case is exceptional, meaning it is rarely found to be so. Justice Sonia Sotomayor writing for the 9-0 majority, said judges should define an “exceptional” situation as “simply one that stands out from others.” 

Discussion Section Links:  

http://gigaom.com/2014/04/30/hulu-is-opening-up-free-video-streaming-to-mobile-devices/

http://blog.hulu.com/2014/04/30/today-at-the-hulu-upfront/

http://io9.com/dreamworks-predicts-that-in-the-future-well-buy-movies-1569787028

Pick of the Day:  http://owncloud.org/

I love using Dropbox for storing and sharing many of my personal files. However as I work in healthcare I have to be extra careful when it comes to storing and sharing Protected Health Information. I highly recommend ownCloud (owncloud.org) as a private cloud alternative. They have Mac, PC and Linux clients as well as iOS and Android apps. The data is securely stored on our company servers. And best of all it’s open source software.
Cheers, Dave (aka DaHa the rare times I get to visit the chat room)

Thursday’s guest: Denise Howell

Scott Johnson is on the show today, and we’ll try to explain what all these Netflix-ISP deals mean, plus decide how much we hate the change to Comixology’s in-app purchasing system.

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes
Today’s guest: Scott Johnson, of the frogs! With pants!    e

Headlines

Apple drops what?! CNET reports Apple made a minor spec upgrade to processors in its MacBook Air laptops, going from a 1.3GHZ chip to a 1.4GHz Core i5. However, Apple did something more unusual when it also dropped prices. The 11.6-inch MacBook Air dropped $100 dollars to $899 in the U.S. and £100 to £749 in the UK. The entry-level 13.3-inch Air dropped $100 to $999 in the U.S. and £849 in the UK.

Get walking, Lazy Bones: The Next Web reports on Acer’s latest product line announcement including the Liquid Leap smart band that tracks fitness and pairs with a smartphone. It’s 17mm wide and will come as a bundle with Acer’s Liquid Jade 5-inch smartphone. Both products are expected to launch in late July or early August, although not in the U.S. However, they might want to list on Amazon. That company just launched a new section of its site called Wearable Technology, covering smartwatches, wearable cameras such as the GoPro, healthcare devices and fitness trackers.

A lose-lose situation: Reuters reports Apple and Samsung both made their closing arguments in the titanic patent case going on in the U.S. District Court for the Northern District of California. Meanwhile, in the court of public opinion, TechCrunch reports Apple and Samsung are both losing. Strategy Analytics released smartphone market share figures for Q1. Samsung dropped a point to 31.2% of the market. Apple dropped two points to 15.3%. Huawei even stayed flat at 4.&%. The market as a whole grew 33%, so it’s smaller vendors like Lenovo who are making all the gains. 

Move over, Risto, there’s a new CEO in town: Chairman Risto Siilasmaa is done being Nokia’s interim CEO, according to Re/code. He can go back to his chairman role, as Rajeev Suri takes over as CEO of the new mobile-phoneless Nokia as of May 1st. Suri previously served as head of the company’s network infrastructure equipment business. He has been with Nokia since 1995.

Show me the … bitcoins: The Verge reports on the MIT Bitcoin Club’s program to give $100 worth of bitcoins to every MIT undergrad this autumn. The club raised a half million dollars from alumni and the bitcoin community in order to research what happens when an entire community has access to the currency. The club will work with the campus, local merchants and faculty for support in the project.

Twitter earnings

News From You

Our top story on the subreddit was submitted by spsheridan, pointing to a DSLReports post that the FCC has taken the unusual step of creating an email for feedback, regarding its open Internet guidelines, before the notice of proposed rulemaking has officially been approved in a meeting. You can send your thoughts about the proposed ‘net neutrality’ rules to openinternet@fcc.gov. The meeting to approve the notice happens May 15th, after which a period for public comment will open. 

gowlkick posted the CNET story about Firefox’s major interface refresh, the first big design change since 2011. Among the new features are a Firefox account to smooth cross-browser sync, a customizable graphic menu and rounded tabs that better emphasize what tab you’re looking at. You can now get to menu items from a triple-lined icon at the upper right, similar to Chrome and IE. Overall the changes attempt to unify the look across mobile and desktop. Firefox 29 is available at getfirefox.com

KAPT_Kipper sent in the Verge story that Netflix announced it has agreed to an interconnect agreement with Verizon, similar to the agreement it struck recently with Comcast. Netflix hopes the agreement will, “improve performance for our joint customers over the coming months.” After the Comcast agreement Verizon had indicated it was close to such an agreement itself. AT&T is said to be prusuing a similar deal.

ArokTheBourbonGuy submitted the Gizmodo story that University of California, Riverside Bourns College of Engineering found graphene oxide nanoparticles are very mobile in lakes or streams and therefore likely to cause negative environmental impacts if released. Graphene in groundwater was found to settle out or be removed by subsurface environments. The work makes it important to reduce the risk of spilling graphene into surface water.

Discussion Section Links:  

http://recode.net/2014/04/28/netflix-signs-comcast-like-web-traffic-deal-with-verizon/

http://www.dailymail.co.uk/sciencetech/article-2615431/Netflix-signs-deal-Verizon-boost-speeds-subscribers.html

http://arstechnica.com/features/2008/09/peering-and-transit/

http://comicbook.com/blog/2014/04/27/gerry-conway-the-comixology-outrage/

Pick of the Day:  Xboot via Justin “Chivalrybean” Lowmaster

XBoot is a program to create a bootable USB stick from various ISO files. I use mine to load SpinRite, MemCheck, Ubuntu Live and some others. I found it while looking for one by watching this review on Hak5:  Thanks for the show, Tom and Scott!  

Wednesday’s guest:  Brian Brushwood of the Night Attack