Month: May 2017

Node.js 8 brings sanity to native module dependencies

Node.js, the popular server-side JavaScript platform, has been upgraded with improvements related to the runtime, buffer security, URL parsing, and preserving dependencies on native modules across major Node.js upgrades.

On the module dependencies front, Node.js 8.0.0, released today by the Node.js Foundation, introduces the Node.js API, or N-API, albeit still behind an experimental flag. The N-API is designed to eliminate the breakage of dependencies on native modules that happens between release lines.

Although native modules are a small portion of the modular ecosystem, 30 percent of all JavaScript modules rely indirectly on native modules, which are written in C or C++ and are bound to the Chrome V8 JavaScript engine. “Every time Node.js has a major release update, package maintainers have to update these dependencies,” the foundation said.

To read this article in full or to leave a comment, please click here

Go to Source

Posted by amiller in Blog

Could Firmware Expiration Dates Fix The Internet Of Broken Things…Before People Get Hurt?

If you hadn’t noticed, the incredibly flimsy security in most Internet of Things devices has resulted in a security and privacy dumpster fire of epic proportions. And while recent, massive DDoS attacks like the one leveled against DNS provider DYN last year are just one symptom of this problem, most security analysts expect things to get significantly, dramatically worse before they get better. And by worse, most of them mean dramatically worse; as in these vulnerabilities are going to result in attacks on core infrastructure that will inevitably result in human deaths… at scale.

Estimates suggest that 21 billion to 50 billion IoT devices are expected to come online by 2020. That’s 21 to 50 billion new attack vectors on homes, businesses and governments. And many of these are products that are too large to replace every year (cars, refrigerators, ovens) but are being manufactured by companies for whom software — and more importantly firmware updates — aren’t a particular forte or priority.

To date, there are a number of solutions being proposed to tackle this explosion in poorly-secured devices, none of which seem to really solve the issue. Agencies like Homeland Security have issued a number of toothless standards the companies that are making these poorly-secured products are free to ignore. And efforts at regulating the space, assuming regulators could even craft sensible regulations without hindering the emerging sector in the first place, can similarly be ignored by overseas manufacturers.

In the wake of the Wannacry ransomware, University of Pennsylvania researcher Sandy Clark has proposed something along these lines: firmware expiration dates. Clark argues that we’ve already figured out how to standardize our relationships with automobiles, with mandated regular inspection, maintenance and repairs governed by manufacturer recalls, DOT highway maintenance, and annual owner-obligated inspections. As such, she suggests similar requirements be imposed on internet-connected devices:

  • A requirement that all IoT software be upgradeable throughout the expected lifetime of the product. Many IoT devices on the market right now contain software (firmware) that cannot be patched even against known vulnerabilities.
  • A minimum time limit by which manufacturers must issue patches or software upgrades to fix known vulnerabilities.
  • A minimum time limit for users to install patches or upgrades, perhaps this could be facilitated by insurance providers (perhaps discounts for automated patching, and different price points for different levels of risk).”
  • Of course, none of this would be easy, especially when you consider this is a global problem that needs coordinated, cross-government solutions in an era where agreement on much of anything is cumbersome. And like previous suggestions, there’s no guarantee that whoever crafted these requirements would do a particularly good job, that overseas companies would be consistently willing to comply, or that these mandated software upgrades would actually improve device security. And imagine being responsible for determining all of this for the 50 billion looming internet connected devices worldwide?

    That’s why many networking engineers aren’t looking so much at the devices as they are at the networks they run on. Network operators say they can design more intelligent networks that can quickly spot, de-prioritize, or quarantine infected devices before they contribute to the next Wannacry or historically-massive DDoS attack. But again, none of this is going to be easy, and it’s going to require multi-pronged, multi-country, ultra-flexible solutions. And while we take the time to hash out whatever solution we ultimately adopt, keep in mind that the 50 million IoT device count projected by 2020 — is expected to balloon to 82 billion by 2025.

    Permalink | Comments | Email This Story

    Go to Source

    Posted by amiller in Blog

    22% off APC Back-UPS 600VA 7-outlet Uninterruptible Power Supply (UPS) with USB Charging Port – Deal Alert

    The new APC Back-UPS BE600M1 provides instant battery power to your critical electronics when the power goes out, keeping you connected and available both personally and professionally. Designed specifically to enhance the features that matter most to you, including more runtime, more battery backup outlets, and a USB port for charging convenience, the BE600M1 is also smaller and lighter than the previous model. APC’s BE600M1 offers guaranteed surge and lightning protection for attached devices.  When the power goes out, the APC BE600M1 will power critical devices including home networking equipment; allowing you to maintain your internet connection. This allows you to work productively, avoid the loss of valuable data, and safely shut down equipment. It currently averages 4.5 out of 5 stars from over 4,400 people on Amazon (read reviews), where its list price of $74.99 has been reduced 22% to $58.73.

    To read this article in full or to leave a comment, please click here

    Go to Source

    Posted by amiller in Blog

    SoundCloud Launches on Xbox One

    The app lets you play and skip tracks with just your voice using Cortana, and you can pin your favorite playlists to easily find what you’re looking for.

    Go to Source

    Posted by amiller in Blog