Hard to refute xkcd on Christmas music:
December 19, 2019
Repost – “An ‘American tradition’ is anything that happened to a baby boomer twice”
Comments Off on Repost – “An ‘American tradition’ is anything that happened to a baby boomer twice”
December 19, 2018
Repost – “An ‘American tradition’ is anything that happened to a baby boomer twice”
Hard to refute the latest xkcd take on Christmas music:
Comments Off on Repost – “An ‘American tradition’ is anything that happened to a baby boomer twice”
December 19, 2017
Repost – “An ‘American tradition’ is anything that happened to a baby boomer twice”
Hard to refute the latest xkcd take on Christmas music:
Comments Off on Repost – “An ‘American tradition’ is anything that happened to a baby boomer twice”
November 28, 2015
Time interviews Randall Munroe of xkcd
It’s an unusual interview, as Munroe responded to each question with a one-panel comic:
Click to see full interview at Time.com
Comments Off on Time interviews Randall Munroe of xkcd
January 29, 2015
April 9, 2014
XKCD on the impact of “Heartbleed”
Update: In case you’re not concerned about the seriousness of this issue, The Register‘s John Leyden would like you to think again.
The catastrophic crypto key password vulnerability in OpenSSL affects far more than web servers, with everything from routers to smartphones also affected.
The so-called “Heartbleed” vulnerability (CVE-2014-0160) can be exploited to extract information from the servers running vulnerable version of OpenSSL, and this includes email servers and Android smartphones as well as routers.
Hackers could potentially gain access to private encryption key before using this information to decipher the encrypted traffic to and from vulnerable websites.
Web sites including Yahoo!, Flickr and OpenSSL were among the many left vulnerable to the megabug that exposed encryption keys, passwords and other sensitive information.
Preliminary tests suggested 47 of the 1000 largest sites are vulnerable to Heartbleed and that’s only among the less than half that provide support for SSL or HTTPS at all. Many of the affected sites – including Yahoo! – have since patched the vulnerability. Even so, security experts – such as Graham Cluley – remain concerned.
OpenSSL is a widely used encryption library that is a key component of technology that enables secure (https) website connections.
The bug exists in the OpenSSL 1.0.1 source code and stems from coding flaws in a fairly new feature known as the TLS Heartbeat Extension. “TLS heartbeats are used as ‘keep alive’ packets so that the ends of an encrypted connection can agree to keep the session open even when they don’t have any official data to exchange,” explains security veteran Paul Ducklin in a post on Sophos’ Naked Security blog.
The Heartbleed vulnerability in the OpenSSL cryptographic library might be exploited to reveal contents of secured communication exchanges. The same flaw might also be used to lift SSL keys.
This means that sites could still be vulnerable to attacks after installing the patches in cases where a private key has been stolen. Sites therefore need to revoke exposed keys, reissue new keys, and invalidate all session keys and session cookies.
“Catastrophic” is the right word. On the scale of 1 to 10, this is an 11.
Half a million sites are vulnerable, including my own. Test your vulnerability here.
The bug has been patched. After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected.
At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.
Comments Off on XKCD on the impact of “Heartbleed”
November 12, 2013
Useful answer sheet for new technology effects
Every time a new technological gizmo comes along, there are some questions which immediately start to be asked (usually by non-tech-savvy journalists). Here’s the XKCD summary sheet of simple answers for technology questions:
Comments Off on Useful answer sheet for new technology effects
June 19, 2013
Nostalgia for an imaginary better past
I love this:
Comments Off on Nostalgia for an imaginary better past
March 6, 2012
Meme replacement for “… is my next band name”
(Remember to mouse-over for the rest of the joke, or click the image to see it on the xkcd site)
Comments Off on Meme replacement for “… is my next band name”
August 10, 2011
xkcd on the paradox of passwords
He’s absolutely right, you know . . .
Comments Off on xkcd on the paradox of passwords
June 30, 2011
xkcd: The first rule of model train layouts
Jon sent me a link to this xkcd strip, which still amuses me:
Comments Off on xkcd: The first rule of model train layouts
March 20, 2011
Visualizing radiation by xkcd
Note the warning at the bottom of the image:
If you’re basing radiation safety procedures on an internet PNG image and things go wrong, you have no one to blame but yourself.
Fuller explanation here.
Comments Off on Visualizing radiation by xkcd
March 5, 2011
October 21, 2010
October 14, 2010
Little Bobby Tables must speak Swedish
By way of Bruce Schneier an opportunity to show another xkcd comic:
So, what’s the Swedish tie-in?
As you may have heard, we’ve had a very close election here in Sweden. Today the Swedish Election Authority published the hand written votes. While scanning through them I happened to notice
R;13;Hallands län;80;Halmstad;01;Halmstads västra valkrets;0904;Söndrum 4;pwn DROP TABLE VALJ;1
The second to last field is the actual text on the ballot. Could it be that Little Bobby Tables is all grown up and has migrated to Sweden? Well, it’s probably just a joke but even so it brings questions since an SQL-injection on election data would be very serious.
Comments Off on Little Bobby Tables must speak Swedish
