News Article | April 20, 2017
Life on the internet can be tough. It's easy to feel alone and adrift in this troll-infested digital hellscape. And that's exactly why you need the Electric Love Potato in your life. Inspired by virtual assistants like Microsoft Word's Clippy (only with more purpose and utility), this high tech Potato lives on your desktop and keeps you company through a constant stream of compliments, over-sharing of its rich Potato culture in the form of Potato poetry and ASCII art. And—like any overly co-dependent companionship—it also has a never-ending need for your attention. Creator Nathalie Lawhead, AKA alienmelon, calls the Electric Love Potato a "screenmate" because unlike Clippy, it's much more akin to a virtual pet that needs nurturing in the tradition of Tamagotchi or Nintendogs. You can "pet," "hug," "brush," "water," or, if you're a sick bastard fueled by hate and the suffering of innocents, even "shame" it. Having released the original digitized vegetable friend two years ago, Lawhead updated the Electric Love Potato (Two Point OH!) with some new features. Among them is the option to take up less screen space in SMALLtato mode (which also enables the Potato's adorably squeakier voice). While the Electric Love Potato is supposedly engineered to provide "cutting edge virtual companionship" in the background while you go about your regular online activities, its cuteness will inevitably take precedent over anything else you've got going on (bug or a feature? You decide). Also, considering that you must save Gerald the Potato from a constant threat of an invasive malware species, it gets tough to keep your potato friend alive while, say, also writing a Motherboard article.
News Article | April 20, 2017
STERLING, Va., April 20, 2017 /PRNewswire/ -- Mvix, a leading provider of content-rich digital signage solutions, is proud to announce their sponsorship of The ASCII Group's IT Success Summit Series. Mvix will exhibit and speak at the third event of the series in Boston which will be...
News Article | April 20, 2017
Homograph attacks, which involve substituting Unicode with regular ASCII letters to fake a domain name, have been around since the early 2000s. Modern web browsers are built to detect homograph attacks, but software engineer Xudong Zheng figured out a way to beat the filters. The problem is a serious one, but thankfully is only a problem in Google Chrome, Firefox, and Opera. Want to know if you're vulnerable? Head over to this website Head over to Zheng's blog and check out his proof of concept link to a fake Apple domain. What you would see if you were protected would be the real domain name: Because it's named with Unicode substitutions for a, p, l, and e it displays as a completely legitimate domain name—it's even secured with HTTPS. Zheng discovered that when a domain is named with a set of Unicode letters from a single language (typically Russian) it bypasses the filters in Chrome, Firefox, and Opera. If you're reading this you speak the native language of the internet: English. Since its inception internet domain names have used the English alphabet, which is a problem for those who don't speak or use a computer in English. See: Cybersecurity in 2017: A roundup of predictions (Tech Pro Research) Enter Punycode, a method of representing Unicode characters using ASCII letters. The domain xn—80ak6aa92e is Punycode for Apple, for example, all without needing to type the U+XXXX format of Unicode letters. The most common way to fool a web browser is to replace English letters with homographs from a different alphabet. Russian Cyrillic is the most commonly used because there are several Unicode letters that are identical to their english counterparts. Check out the Go app that Zheng created to illustrate the concept: Just hit Run at the top and look at the output below the code. All a cybercriminal needs to do is register the Punycode homograph domain, replicate the look of Apple's website, and wait for an unsuspecting user to click on a link in an email that looks completely legitimate. Windows users should be encouraged to use Internet Explorer with one caveat: Be sure Russian and other Cyrillic alphabet languages are turned off in active system languages. Google released a hotfix to Chrome yesterday that fixes the issue—check your browser to see what the current version is. If it isn't 58.0.3029.81 update it right away. See: There's a new Gmail phishing attack going around, and it's fooling everyone (TechRepublic) Firefox users need to do a bit of manual work to protect themselves, but it is possible by following these steps: Opera users are, unfortunately, out of luck: There's currently no known fix. Hacking and phishing attempts are getting more sophisticated all the time, and it's safe to assume that if someone with good intentions reveals a flaw, someone with malicious intent has probably figured it out as well.
News Article | May 5, 2017
To readers who rarely or never use the terminal, a command line can read like an alien language. The interface—lines of stark white text on a black background–looks hostile and forbidding, as though you're dissecting the innards of your computer while it's still alive. For those users, myself among them, the idea of a site where users share screencasts of their terminal sessions—a kind of YouTube for coders—might seem strange. That such a site would be creative, and interesting, and consummately weird and wonderful, might seem stranger still. Asciinema (pronounced " as-kee-nuh-muh") is a portmanteau of ASCII, the text format, and the Greek "κίνημα," meaning movement. The site was created by Marcin Kulik, a developer based in Poland, in 2011. Free and open source, it was intended as a place to share terminal sessions privately or publicly, with a "featured" section where Kulik posts some of his favorite clips. "It's definitely niche," Kulik told me over Skype. "It's mostly developers and sysadmins, ops people, people who use [the terminal] daily. But I'm happy to see it getting more popular." A Linux user since he was a teenager, Kulik noticed a lack of options for sharing terminal sessions online. Clips would appear on YouTube, but the platform isn't optimized for text, so the letters on-screen were never crisp enough to be legible. Kulik wanted to create a web player similar to YouTube, but specifically designed for terminal sessions. "Normally when you record a video of your screen, the file has a recording of the pixels and colors and it's compressed. But with Asciinema it's all text. I wanted to capture the text not as pixels but as everything that gets printed. That allows Asciinema to create recordings which are very small–you could be working in the terminal for an hour and the recording would only be one megabyte." Uploads are private by default, with the option to make them public. Most people use Asciinema for work-related purposes: "People build terminal applications to resolve specific problems, and then use the site to promote it. There are people who make tutorials, and people who just need to do something quickly and share it with friends and co-workers as one-time thing." But then you get the creative, colorful and delightfully weird stuff. The people who have made their screen go up in digital flames, or who have made their screen into a ski jump game where you evade a text-based yeti. ("You fell on the ground!" the terminal admonishes. "You now have a broken rib.") "There are so many tools and games and little programs for terminal which are eye-candy," Kulik says. "They're cool to watch, but they stay pretty obscure, because people haven't really been recording their screens and putting them on YouTube. It's easier to do that now." The site keeps alive a hidden tradition of text-based art, a visual history interwoven with that of social media. ASCII art—images constructed from the ninety-five printable characters of the ASCII (American Standard for Information Interchange) character encoding standard—can be traced back to the work of 1960s graphics pioneer Kenneth Knowlton, through to typewriter art, experimental late-19th century printing and concrete poetry before them. ASCII was once the stuff of game-building (some Asciinema clips pay homage to these games—witness this user's recreation of Astral Software's 1987 ZX Spectrum title Xor). The entire source code of a program could be written as ASCII art—Wikipedia citesthis number adding program as an example. For a while it was a creative curiosity. Beck, as an example, used it to create the video for 2005 single Black Tambourine. ASCII art was also central to the history of trolling:the "Meow Wars" of the 90s saw Usenet boards invaded with elaborate cat-themed copypasta spam, designed to amuse and annoy and to use up as much of their precious bandwidth as possible. Today ASCII art still shows up as cybertwee or in ASCII comics, and occasionally in YouTube comments and forum threads, but by and large it has taken a backseat to more accessible forms of online expression. Browse Asciinema, however, and ASCII art is alive and kicking. There are detailed ASCII maps of cities. There's a literal ghost in the shell. There are dancing animated parrots, homemade "crappy bowling games" and simulations of "cyclic 2D cellular automata" (I have no idea what this means, but it looks beautiful and vaguely trippy). There are things rich and strange and hallucinatory, contained within the utterly mundane medium of the terminal screen and text. While Asciinema is a part-time project for Kulik, who works as a consultant, he has plans to add to Asciinema in the near future. The day before I spoke to him he completed work on a tool to convert videos into animated gifs, making the clips more shareable in Github readme files and on social platforms (due to the format, Asciinema uploads cannot be embedded on Twitter and Facebook). He's also working on a live-streaming option so that users can broadcast their terminal sessions in real time. The site isn't a social network in the conventional sense, but there's a communal aspect to how it functions. Kulik plans to add comments to the site (they were there years ago, but he took the option away as back then there weren't enough people to actually use them). "Initially it was just an experiment, but it's a nice opportunity for me to try out new technologies without being constrained by a budget or a manager. People are really enjoying it, and I get comments everyday that keep me going." These include messages from professors teaching university courses, using Asciinema as an educational resource. There's a voyeuristic appeal to watching other people's screens, even if it's not through a direct video. We're seeing something that's normally closed off, and likely personal. We're seeing Linux users in their element, sharing their habits and talents and weird hokey humour. The site is as much as recruitment tool for Unix as it is an educational resource: it makes the system seem less intimidating. To the uninitiated (this writer among them), Linux—and terminal use in general—appear very serious and "tech-y" compared to the glossy corporate workings of Apple's OS. But it turns out Linux is full of little ASCII Easter eggs, hacks you can add to turn images into ASCII art or create a talking cow to live in a corner of your screen. You can make your terminal greet you when you open it. You can make your laptop insult you when you spell things incorrectly. You can cultivate a world of in-jokes between yourself and your screen, to make you feel at home in the terminal. It might be some time before I wipe the Mac OS from my laptop and make the switch over, but Asciinema is a window onto this world.
News Article | April 19, 2017
Here’s a challenge for you: you click on a link in your email, and find yourself at the website https://аррӏе.com. Your browser shows the green padlock icon, confirming it’s a secure connection; and it says “Secure” next to it, for added reassurance. And yet, you’ve been phished. Do you know how? The answer is in that URL. It may look like it reads “apple”, but that’s actually a bunch of Cyrillic characters: A, Er, Er, Palochka, Ie. The security certificate is real enough, but all it confirms is that you have a secure connection to аррӏе.com – which tells you nothing about whether you’re connected to a legitimate site or not. The proof-of-concept domain was put together by Xudong Zheng, a security researcher who wanted to demonstrate the problem with the way domain names can be registered and displayed. For a long time, domain names could only be written in Latin characters without diacritics, but since 1998 it’s actually been possible to write them in other alphabets too. That’s useful if you want to register a domain name in Chinese or Arabic script, or even just correctly spelled French or German – anything that can be represented with the Unicode standard can be registered, even emoji – but it’s also opened up a whole new avenue of misdirection for malicious actors to take advantage of, by finding characters in other alphabets which look similar to Latin ones. “From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters,” Zheng writes. “It is possible to register domains such as ‘xn--pple-43d.com’, which is equivalent to ‘аpple.com’. It may not be obvious at first glance, but ‘аpple.com’ uses the Cyrillic ‘а’ (U+0430) rather than the ASCII “a” (U+0041). This is known as a homograph attack.” Some browsers will keep an eye out for such tricks, and display the underlying domain name if they sense mischief. A common approach is to reject any domain name containing multiple alphabets. But that doesn’t work if the whole thing is written in the same alphabet. Apple’s Safari and Microsoft’s Edge both still spot that Zheng’s spoof domain is a fraud, but Google Chrome and Mozilla Firefox don’t, instead displaying the Cyrillic domain name. And though it may be obvious in the Guardian’s font that something’s up, the sans serif typeface used as standard by those browsers leave the two indistinguishable. Zheng says: “This bug was reported to Chrome and Firefox on January 20, 2017…The Chrome team has since decided to include the fix in Chrome 58, which should be available around April 25.” Mozilla, however, declined to fix it, arguing that it’s Apple’s problem to solve: “it is sadly the responsibility of domain owners to check for whole-script homographs and register them”. Google didn’t comment beyond referring to Zheng’s blogpost, and Mozilla didn’t comment at publication time but a spokesperson later said: “We continue to investigate ways to further address visual spoofing attacks, which are complex to fix with technology just in the browser alone.” Itsik Mantin, director of security research at Imperva, said that common advice to web users falls down when such simple attacks work. “In order to protect website users, forcing them to use strong passwords and to replace them frequently is insufficient, since in this case it would be completely ineffective to prevent the attack. Instead, he said, a better approach begins by assuming that phishing attacks will succeed: “Site administrators should assume that the credentials of some of their users were stolen (which in almost 100% of the cases will be true), and take adequate measures to identify account takeover, like irregular device, irregular geo-location or abnormal activity in the account.” Zheng himself offers advice to users: use a password manager, and try and spot phishing attacks before you click on any links. “In general, users must be very careful and pay attention to the URL when entering personal information. Until this is fixed, users should manually type the URL or navigate to the site via a search engine when in doubt.”
News Article | April 17, 2017
New Pulse Train Hat for the Raspberry PI computer CNC Design Limited launch a new Add-on Hat for the Raspberry PI computer that will make motor control easy, fast and accurate. The Pulse Train Hat is an add-on board for the Rapsberry PI computer and allows clean, fast and accurate pulses to be created using simple ASCII commands. There are many hardware designs where a variable frequency pulse is needed, but one that is the most popular is for driving stepper/servo motors that use pulse and direction lines. Motors like this are found in machines such as 3D Printers, CNC machines, Robot Arms and not to mention the other endless motion control and automation machines. Controlling motors may seem simple, but when you get down to detailedcontrol, it can all become very confusing and a big learning curve. With the new Pulse Train Hat (PTHAT) add-on for the Raspberry PI and a newdedicated support site http://www.pthat.com , we plan to make that task very simple and allow everyone to easily create their automation product. Name of Media Contact: Sean Hegarty Title of Media: Contact: Director Company Name: CNC Design Limited Contact Phone: Number +44 (0)1637 881520 Contact E-mail: firstname.lastname@example.org Product Website URL: http://www.pthat.com Company Website URL: http://www.ukcnc.net
News Article | May 1, 2017
Browser manufacturers are always releasing updates intended to improve usability and security. Most changes are benign but some can produce havoc, even if well-intentioned (like blocking java applets when accessing critical internal sites). The latest version of Google Chrome (58), released on April 20, includes a new checking mechanism for secured websites (which are accessed using https). This check analyzes the SSL certificate used by the site to encrypt traffic, and will produce a warning if the certificate does not include the common name of the website (e.g. website.company.com) as a subjective alternative name (SAN), which is a fancy word for alias. This check can be suppressed on Windows systems (for a temporary basis at least), and I'll explain how to do so below. The warning appears as follows: Users must then click "Advanced" to be able to continue to access the website: Clicking the Proceed to... link will permit access to the site. Certificates issued by a Trusted Certificate Authority such as Entrust or Verisign (and which are generally applied to public-facing websites) should be fine, but expect to start seeing this error if you use Chrome with internal websites that utilize self-signed certificates or certificates issued from an internal certificate authority. What is a subject alternative name? As I said, a subjective alternative name (SAN) is like an alias which can permit the use of multiple server or host names by a single certificate. Let's say you have a website with a common name of website.company.com. The website can direct traffic to one of two sites you run; a primary site in Boston (boston.company.com) and a secondary site in Los Angeles (la.company.com). You'd like each site to be able to handle traffic if the other one is unavailable, so you issue an SSL certificate for company.com with two SANs: boston.company.com and la.company.com. In this scenario, however, Chrome will issue the above error if your SSL certificate doesn't include a SAN of website.company.com as that is the common name to which you are connecting. Why did Google make this change? At first glance this may seem illogical. If Google is trying to protect users against spoofed websites, couldn't malicious website operators just add the common name as a SAN and circumvent the issue? Well, they could, but in this case it's not going to work. In the first place, they can't add someone else's common name to their certificate because no public certificate authority will allow that. Chrome 58 doesn't even check the common name of the site when accessing it, but focuses exclusively on the certificate by looking at the ASCII code involved and not the actual characters. You see, different character sets in different languages can appear similar but are actually viewed as separate entities by a computer. This can allow fake domains to be registered using another name or set of characters to fool visitors. Chrome 58 mitigates this issue by requiring a SAN matching the common name, which won't match those look alike characters. How can this be resolved? For a single user this is probably a manageable, but annoying, issue. Once I proceeded to a site I did not get the prompt again, although I saw a red security warning associated with the certificate when I returned to the site. For an entire company, however, a fix should be put in place or else the IT department is going to get a LOT of calls (which is probably better than users blithely ignoring security warnings, if you think about it logically). If you're a system administrator, you could always downgrade Chrome installations, but I don't recommend it. You will miss out on other security upgrades down the line. If you're getting this error when accessing internal sites, the best bet is to roll up your sleeves and update the SSL certificates for those sites to include the common name of the website as a SAN. You can buy yourself some time with Windows systems, at least. It's possible to implement or deploy a registry key to suppress this prompt (make sure you know what you're doing when editing a system registry!) Create a REG_DWORD subkey called EnableCommonNameFallbackForLocalAnchors and give it a value of 1: You can also create a custom registry (.reg) file and populate it with the data below: Double-clicking this file and answering yes will automatically add this information into the system registry. It's a bad idea to send such a file to users to ask them to run it (Outlook will likely block it anyhow) so push this out via Active Directory Group Policy, enact the setting via SCCM (if applicable) or arrange a script to install this. Please note it's necessary to restart Chrome for this change to take effect. However, this fix will only remain valid through version 65 of Chrome, so you should still plan to update any SSL certificates you have administrative authority over. Security controls of this nature can generate confusion and frustration, but it's important to keep in mind that for the most part they are well-thought-out and necessary. Google's intention here is to protect users, but probably some sort of advanced warning (such as a message prompt in Chrome 57 that Chrome 58 would include this feature) would make sense next time.
News Article | April 17, 2017
Google has confirmed that it’s working on an update for the Chrome web browser to fix a bug that leaves users open to phishing attacks. The vulnerability will be patched on all versions of Chrome, including those on iOS and macOS. Google will be a little late to the party considering the fact that this bug has already been patched in Apple’s Safari and Microsoft’s Internet Explorer and Edge. The bug in question takes advantage of Punycode which uses certain ASCII characters in URLs to output Unicode in a browser. This allows phishers to register fake domains in Chrome that actually look like legitimate domains.Such a domain can lure visitors into divulging their personal information, including but not limited to names, addresses, emails, passwords, PIN numbers, and more. Software engineer Xudong Zheng created a safe proof-of-concept which appears to direct visitors to apple.com but in reality, takes them to www.xn--80ak6aa92e.com.Google was notified about this vulnerability in Chrome on Ja This phishing technique is more interesting than dangerous There’s no shortage of ways adversaries will employ to get you to click through to a malicious website, some technical, some psychological. This one is interesting because it leverages ... Google has confirmed that it’s working on an update for the Chrome web browser to fix a bug that leaves users open to phishing attacks. The vulnerability will be patched on all versions ... If you're using Google's Chrome browser as your primary vehicle to surf the web, you may want to think about temporarily parking it and puttering around in something else. That's because the ... As we've seen in the past, a strong password doesn't automatically make people safe online. Often, a specially-crafted email is all that it takes for someone to hand over ... Sneaky Exploit Allows Phishing Attacks From Sites That Look Secure When a phishing attack can impersonate a trusted site it's even harder to know that it's happening. The post Sneaky Exploit Allows Phishing Attacks From Sites That Look Secure appeared first ...
News Article | April 20, 2017
Mvix announces their sponsorship of The ASCII Group's IT Success Summit Series and their keynote and exhibit at the Boston event. Mvix, a leading provider of content-rich digital signage solutions, is proud to announce their sponsorship of The ASCII Group’s IT Success Summit Series. Mvix will exhibit and speak at the third event of the series in Boston which will be hosted at the DoubleTree by Hilton Boston North Shore from April 26th to the 27th. Mvix will be showcasing their content-rich digital signage software, XhibitSignage, which won the 2017 DIGI Award for Best Digital Signage Software. Attendees who stop by the booth will be able to demo the latest release and see how IT service providers can leverage it to easily display and manage dynamic content on their clients’ touchscreen displays, digital signs, video walls, and 4K displays. XhibitSignage, which is subscription-free, has been very effective for digital signage networks with limited resources for content creation. The software includes dozens of content apps and widgets that improve the profitability of digital signage networks by allowing users to easily create, update and manage live content that’ll enrich the customer experience. It’s cloud-based platform, ease of adoption & integration, scalability, and features such as smart playlists, template editor, and comprehensive scheduling have made it a powerful solution for MSPs managing digital signage networks. "We are very excited to be a sponsor of the 2017 IT Success Summit Series," said Mike Kilian, Senior Director of Business Development for Mvix. "We are proud to support ASCII's continued efforts to provide a forum where MSPs can educate themselves on potential industry opportunities, learn about new products and channel programs, and network with their peers and vendors.” Mvix continues to invest in the technology, people, enablement resources and support mechanisms that channel partners need to successfully sell digital signage as a service to small and midsize businesses (SMBs). They are renowned for offering turnkey, reliable solutions that meet the business needs of SMBs and make it easier for MSPs and IT service providers to generate profitable, recurring revenue streams. Mvix is inviting its valued partners to attend the Boston Success Summit with a VIP pass at no cost (valued at $1,895) which covers all meals, educational tracks and bonus materials distributed at the event. To register please contact us. For more information, visit www.asciievents.com.
Tanaka M.,Kumamoto University |
Tanaka M.,Maruboshi Vinegar Co. |
Takamizu A.,Kumamoto University |
Takamizu A.,ASCII Co. |
And 3 more authors.
Food and Bioproducts Processing | Year: 2012
The juice processing by-product of Citrus junos is a high potential source of valuable compounds such as essential oils and a high amount of dietary fiber, consisting of pectin, hemicellulose, and cellulose. The residues obtained from supercritical CO 2 extraction of C. junos peel was used as a starting material for hydrothermal treatment to separate pectin and hemicellulose. The experimental apparatus used was a semi-continuous flow extractor. Treatment conditions were in the temperature range of 160-320 °C and water flow rates of 2.1, 3.5, and 7.0 mL/min under a pressure of 20 MPa. Approximately 78% of the pectin was contained in the fraction collected at 160 °C at each flow rate. Most of the hemicellulose was separated from cellulose up until the fraction obtained at 200 °C. The proportion of cellulose in the residue obtained after hydrothermal treatment at 200 °C reached about 80%. Moreover, the characteristics of recovered cellulose were expected to exhibit greater crystallinity and lower impurity than that of the raw material based on the results of scanning electron microscopy (SEM), attenuated total reflectance Fourier transmission infrared (ATR-FTIR), and thermogravimetric-differential thermal analyses (TG-DTA). © 2011 The Institution of Chemical Engineers.