ng One

Andrew Tarantola
1.4M
12311
For as ubiquitous as connectivity has become and how reliant we've grown on it, the Internet is still a digital jungle where hackers easily steal sensitive information from the ill-equipped and where the iron-fisted tactics of totalitarian regimes bent on controlling what their subjects can access are common. So instead of mucking around in public networks, just avoid them. Use a VPN instead.
Between Wi-Fi spoofing, Honeypot attacks, and Firesheep, public networks really are cesspools. But if you're working remotely and need to access sensitive data on your company's private servers, doing so from an unsecured public network like a coffee shop Wi-Fi hotspot could put that data, your company's business, and your job at stake.
Recent Video from Gizmodo
 
02:22
Can Gene Drives Save Our Planet?
12/20/2017
VPNs, or Virtual Private Networks, allow users to securely access a private network and share data remotely through public networks. Much like a firewall protects your data on your computer, VPNs protect it online. And while a VPN is technically a WAN (Wide Area Network), the front end retains the same functionality, security, and appearance as it would on the private network.

For this reason, VPNs are hugely popular with corporations as a means of securing sensitive data when connecting remote data centers. These networks are also becoming increasingly common among individual users—and not just torrenters. Because VPNs use a combination of dedicated connections and encryption protocols to generate virtual P2P connections, even if snoopers did manage to siphon off some of the transmitted data, they'd be unable to access it on account of the encryption. What's more, VPNs allow individuals to spoof their physical location—the user's actual IP address is replaced by VPN provider—allowing them to bypass content filters. So, you may live in Tehran but appear to live in Texas, enabling you to slip past the government filters and commit the treasonous act of watching a YouTube videoThe horror.
Establishing one of these secure connections—say you want to log into your private corporate network remotely—is surprisingly easy. The user first connects to the public internet through an ISP, then initiates a VPN connection with the company VPN server using client software. And that's it! The client software on the server establishes the secure connection, grants the remote user access to the internal network and—bing, bang, boom—you're up to your elbows in TPS reports. The horror.
ADVERTISEMENT
Many security protocols have been developed as VPNs, each offering differing levels of security and features. Among the more common are:
  • IP security (IPSec): IPSec is often used to secure Internet communications and can operate in two modes. Transport mode only encrypts the data packet message itself while Tunneling mode encrypts the entire data packet. This protocol can also be used in tandem with other protocols to increase their combined level of security.
  • Layer 2 Tunneling Protocol (L2TP)/IPsec: The L2TP and IPsec protocols combine their best individual features to create a highly secure VPN client. Since L2TP isn't capable of encryption, it instead generates the tunnel while the IPSec protocol handles encryption, channel security, and data integrity checks to ensure all of the packets have arrived and that the channel has not been compromised.
  • Secure Sockets Layer (SSL) and Transport Layer Security (TLS): SSL and TLS are used extensively in the security of online retailers and service providers. These protocols operate using a handshake method. As IBM explains, "A HTTP-based SSL connection is always initiated by the client using a URL starting with https:// instead of with http://. At the beginning of an SSL session, an SSL handshake is performed. This handshake produces the cryptographic parameters of the session." These parameters, typically digital certificates, are the means by which the two systems exchange encryption keys, authenticate the session, and create the secure connection.
  • Point-to-Point Tunneling Protocol (PPTP): PPTP is a ubiquitous VPN protocol used since the mid 1990s and can be installed on a huge variety of operating systems has been around since the days of Windows 95. But, like L2TP, PPTP doesn't do encryption, it simply tunnels and encapsulates the data packet. Instead, a secondary protocol such as GRE or TCP has to be used as well to handle the encryption. And while the level of security PPTP provides has been eclipsed by new methods, the protocol remains a strong one, albeit not the most secure.
  • Secure Shell (SSH): SSH creates both the VPN tunnel and the encryption that protects it. This allows users to transfer information unsecured data by routing the traffic from remote fileservers through an encrypted channel. The data itself isn't encrypted but the channel its moving through is. SSH connections are created by the SSH client, which forwards traffic from a local port one on the remote server. All data between the two ends of the tunnel flow through these specified ports.
These SSH tunnels are the primary means of subverting the government content filters described earlier. For example, if the filter prohibits access to TCP port 80, which handles HTTP, all user access to the Internet is cut off. However, by using SSH, the user can forward traffic from port 80 to another on the local machine which will still connect to the remote server's port 80. So as long as the remote server allows outgoing connections, the bypass will work. SSH also allows protocols that would otherwise be blocked by the firewall, say those for torrenting, to get past the wall by "wrapping" themselves in the skin of a protocol that the firewall does allow.
To actually create the VPN tunnel, the local machine needs to be running a VPN client. Open VPN is a popular—and free—multi-platform application, as is LogMeIn Hamachi. Windows users also have the option of using the native OS VPN client.
So whether you're a cubicle monkey, file pirate, or just don't want The Man getting all grabby with your personal data, virtual private networks are the best means of securing traffic short of copying it to a flash drive and driving there yourself.
ADVERTISEMENT
[Wikipedia 12 - What is My IP - Life Hacker - About - What is My IP Address - Lifehacker - How Stuff Works - Image: alexskopje / Shutterstock, Diagram:Ludovic.ferre ]

Discussion

Sort by:
NEWS

Movie Theater Chain Kills Uber-Style Surge Pricing After Internet Backlash

Sidney Fussell
5.4K
7
Screenshot: YouTube/Village Cinemas
An Australian movie theater chain said it has ended “dynamic pricing” trials on Wednesday after Redditors complained of “price gouging.” Last week, an anonymous user uploaded an internal memo from Village Cinemas describing concession stand increases during busy periods. After images of the memo circulated online, Village Cinemas announced that all pricing trials had been stopped—weeks before the scheduled end of the test period.
Essentially, dynamic pricing raised concession stand prices between 50 cents and a dollar after 5:00pm on Fridays and Saturdays, usually the theaters’ busiest nights. Redditors lambasted the practice, pointing out that this would only encourage more people to opt for a night-in streaming rather than a visit to a Village theater.
From: Imgur
In addition to being annoying, Redditors noted there’s really nothing “dynamic” about the new pricing model. As one user wrote, “I don’t think this is even ‘surge pricing,’ it’s just a predetermined uplift in prices and not driven by demand. What if it’s a quiet night? It’s a bit cheeky to call this dynamic.”
ADVERTISEMENT
Village Cinemas provided the following statement to Gizmodo, weirdly doubting the authenticity of the leaked memo while also acknowledging that an earlier “dynamic pricing” experiment was a failure:
Village Cinemas acknowledges that some documents that appear to contain internal pricing information for cinema tickets have been posted on social media and in turn via the press. We are currently investigating the authenticity of these documents. Village Cinemas confirms that we were running pricing variation trials over the summer period which we appreciate may have caused angst and concern to our customers, we can now confirm that all pricing variation trials have been stopped effective immediately. There are still plenty of great deals to enjoy during this time like family passes which offers generous savings. We’ve also recently introduced a variety of exciting concept cinemas around Victoria, including Vjunior and 4DX, so pricing will vary depending on the experience. Village Cinemas is committed to providing customers with value via a range of attainable prices and promotions for the variety of experiences and concepts available. We are constantly working on improving and optimizing this model. Our goal is to ensure movie going remains as an affordable entertainment choice for our guests.
One Reddit user, writing in a thread after the pricing ended, summed it up best: “Your business is facing challenges from disruptive technology everywhere, so your solution is to put UP prices.....WOW.”

RECOMMENDED STORIES

A Running List of Uber's (Predictably Lukewarm) Apologies [Updated]
The Dystopian Surveillance State Will Be Extremely Convenient 
Olympic Planners Want to Scan the Faces of Hundreds of Thousands at the 2020 Tokyo Games

Discussion

Sort by:
  • mwatson2Sidney Fussell
    1/04/18 6:53pm
    It’s interstong to me that this is being framed as a profit scheme. Uber, hotels, car rentals, restaurants, auto shops (to name a few) all utilize some sort of dynamic “happy hour” system to increase utilization, not necessarily to raise prices. A $5(normally $10) movie ticket and a $2 popcorn (normally $4) is still $7 more than that theatre could have made with an empty seat...
    I bet if they had a pinned retail value with a dynamically adjusted discount they would’ve seen an actual benefit and avoided getting crucified by the internet.
    Reply
    • mallthusmwatson2
      1/04/18 7:03pm
      I agree. In the end, people tend to make minor economic decisions emotionally. I’d be willing to bet that in an experiment, more people would choose to buy a product for $10 if you labeled the product as “$15 NOW $10" than if you just labeled it $9.
      Reply
      • mrbofusmwatson2
        1/04/18 7:04pm
        “It’s interstong to me that this is being framed as a profit scheme. Uber, hotels, car rentals, restaurants, auto shops (to name a few) all utilize some sort of dynamic “happy hour” system to increase utilization, not necessarily to raise prices. A $5(normally $10) movie ticket and a $2 popcorn (normally $4) is still $7 more than that theatre could have made with an empty seat...
        I bet if they had a pinned retail value with a dynamically adjusted discount they would’ve seen an actual benefit and avoided getting crucified by the internet.”
        I think you’re missing one of the major points of the article: this isn’t dynamic/surge pricing at all. They are deciding to raise the price of concessions after 5pm on Fridays and Saturdays, irrespective of actual demand. That’s not dynamic.
        Neither are happy hours at restaurants. Restaurants have predetermined times and days where they lower the price of certain menu items. And that price remains the same from one day to the next. There’s nothing dynamic about it.
        Uber/Lyft, hotels, car rental companies do have some sort of dynamic pricing schedule, whereby the prices for rides/rooms/cars adjust dynamically based on demand, not solely based on a predetermined date/time.
        Reply
        • omnichadmwatson2
          1/04/18 7:27pm
          Lull pricing instead of surge pricing would universally be praised if it was shown as a discount. Even if they raised the base price first. They’re just really bad at marketing.
          Concession prices are too high for anyone to put up with even higher than base price - no matter what they set that base price to.
          Reply
        • SeanSidney Fussell
          1/04/18 7:32pm
          I worked for the Greater Union cinema chain here in Australia for 5 years as an Usher.
          There’s nothing to stop you from bringing in your own lollies (candy) from elsewhere into the cinema. We didnt get paid enough to give a damm if you did. Just don’t bring in hot food such as MacDonald’s etc because it stinks the place out and the dropped food gets wedged into cracks and rots making even more stink.
          The only reason why people buy at the cinema counter is because they’re lazy and didn’t plan ahead.
          Also, never buy the popcorn. We make it in bulk weeks ahead, there’s nothing but artificial chemicals in the ‘butter’ and the oil is rarely changed. It then has to be stored and the storeroom out the back is full of cockroach baits and mousetraps for a reason...
          Reply
          • IRS4Sidney Fussell
            1/04/18 7:10pm
            Or you know, just have enough staff on the weekends to sell as much stuff as your customers WANT to pay for.
            I’m always amazed when a business gets in its own way by making it difficult for willing customers to spend money with them. Like a restaurant that refuses to sell a side order of something. I’m here, IN YOUR SEAT, and I’ve expressed a desire to put MORE MONEY in your hand. Profit does not get any easier than that.
            Reply

                Strangely, These Atoms Seem to Have Different Masses Depending on How They're Measured

                Ryan F. Mandelbaum
                3.6K
                5
                The KATRIN experiment (Image: KATRIN/Karlsruhe Institute of Technology)
                When it comes to understanding the universe, a crucial property of stuff, whatever that stuff might be, is its mass. The building blocks of our world, things like the elements or subatomic particles, have pretty consistent masses. One physics team continues to find a strange discrepancy in the masses of some basic particles you may have heard of.
                Researchers from Florida State University, Tallahassee have been measuring how the masses of a few species of hydrogen and helium stack up against one another. Their newest results don’t line up with values taken from scientific literature. And these measurements could have some implications for a different experiment, which is trying to figure out the mass of the another particle, the electron antineutrino.
                ADVERTISEMENT
                Physicists know that neutrinos and their antiparticles, called antineutrinos, have mass. They don’t know what those masses are. The KArlsruhe TRItium Neutrino (KATRIN) experiment in Germany is to attempting to measure the mass of a particle called the electron antineutrino by observing the radioactive decay of tritium, a hydrogen atom with two neutrons and a proton. Tritium loses an electron and an electron antineutrino through beta decay, turning into helium-3, an atom with one neutron and two protons.
                One useful piece of data to help check the results of the KATRIN experiment is the energy released by tritium during this decay, Edmund Myers, Research Professor and Distinguished University Scholar in the Department of Physics at Florida State University, Tallahassee, explained to Gizmodo. He and his team previously made measurements trying to determine the mass difference between tritium and helium-3, using a ratio of their behaviors in a kind of magnetic particle trap, called a Penning trap. It proved difficult to measure the difference directly, so they instead measured the mass of both against an intermediary: hydrogen-deuteride, or hydrogen with a single proton bonded to a deuteron, a nucleus containing a proton and a neutron.
                Soon after publishing their first results, another team at the University of Washington measured the mass of helium-3 and deuterium with a different method. There was an inconsistency between the results of Meyer’s team’s Penning trap approach and the individual values from the University of Washington team combined with those from other research. More precise measurements of the proton’s mass have also since been published from a German team with scientists affiliated with KATRIN. This reduced, but did not eliminate, the discrepancy.
                ADVERTISEMENT
                Is the discrepancy due to some underestimated error in Myers’ teams initial results, or due to issues with the measurements of the mass of the proton, the deuteron, and helium-3? His team performed the measurements once againafter making some tweaks to their apparatus. Their new result, published last week in Physical Review A, agrees with their first measurement, and is still inconsistent with the masses of the individual particles gathered from the University of Washington team and the German team.
                But what does this all mean, that masses of these particles, when calculated based on the ratio of their behaviors in an experiment, differ from their individual masses combined?
                Alan Poon, physicist at Lawrence Berkeley National Laboratory, told Gizmodo that these measurements help KATRIN’s sensitivity in measuring the neutrino mass and may go into their analysis, though other methods will be used to determine the mass difference between tritium and helium-3. Diana Parno, Carnegie Mellon physicist involved with maintenance, operation, and characterization of the main KATRIN detector system, agreed with Poon. She also said that, speaking as a non-expert in precision measurement, “these measurements are quite interesting for our understanding of nuclear structure, and I am watching this with interest.”
                ADVERTISEMENT
                Experts in the field of precision measurement are interested in these results as well. “The work is valuable for the redefinition of the SI units based on fundamental constants,” Jun Ye from the JILA at the National Institute of Standards and Technology in Colorado told Gizmodo. He did point out that the paper made one reasonable assumption based on the nature of hydrogen-deuteride, but that a direct check on that assumption “might be worthwhile.”
                Myers would not comment on any of the other teams’ results, and downplayed the importance of his results to the redefinition of SI units. He told Gizmodo in an email that “FSU has some confidence in FSU’s results because, as stated in the paper, major upgrades were made to the experiment and we got the same result in 2017 as in 2015.” There could always be some systematic issues that were overlooked, he said. People spend a lot of times checking and rechecking these careful measurements, “and even then we don’t know if we’re right!”

                RECOMMENDED STORIES

                Scientists Want to Update These Four Fundamental Constants 
                Scientists Just Built the Most Precise Clock Ever to Help Understand Our Crazy Universe
                America Is Breaking Ground on an Enormous Neutrino Experiment Today

                Discussion

                Sort by:
                PRIVACY AND SECURITY

                Amazon and Google Claim That Fixing Massive Security Vulnerability Won't Slow Things Down Too Much

                Kate Conger
                3.4K
                11
                Photo: Getty
                When news of major vulnerabilities impacting processors manufactured by Intel, AMD, and ARM broke this week, the Register warned that patches for the problems could slow processors down by up to 30 percent.
                However, Google and Amazon say that they haven’t hit any serious slowdowns after applying their patches.
                The vulnerabilities, nicknamed Meltdown and Spectre, can cause data to leak from kernel memory. This is a massive problem that’s been going on for 20 years and is basically the result of a tradeoff of speed and efficiency over security (which you can read all about here, but let’s move along for now since this blog is about other stuff).
                One of the fixes rolled out by Google is Kernel Page Table Isolation (KPTI). KPTI better protects that sensitive kernel memory, but because of the aforementioned tradeoff, people were worried that this solution would cause a noticeable slowdown, particularly for huge cloud providers like Google and Amazon.
                But Google says it has pushed KPTI to the servers that prop up Search, Gmail, YouTube, and its Cloud Platform, and everything is going just fine.
                “There has been speculation that the deployment of KPTI causes significant performance slowdowns,” Googlers Matt Linton and Pat Parseghian wrote in a blog post. “Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.”
                Amazon also noted that reports of major performance lags were overblown.
                “We don’t expect meaningful performance impact for most customer workloads,” Amazon told Business Insider. “There may end up being cases that are workload or OS specific that experience more of a performance impact. In those isolated cases, we will work with customers to mitigate any impact.”

                RECOMMENDED STORIES

                What We Know So Far About Meltdown and Spectre, the Devastating Vulnerabilities in Modern CPUs
                Report: All Intel Processors Made in the Last Decade Might Have a Massive Security Flaw [Updated]
                Check This List to See If You’re Still Vulnerable to Meltdown and Spectre

                No comments:

                Post a Comment

                Subscribe to: Post Comments (Atom)
                Copyright 2017, Tech news. All rights Reserved.
                | Designed by Colorlib