Month: March 2013

By Kevin Purdy, Lifehacker – April 29, 2010 at 08:00AM

An oldie-but-goodie post from entrepreneur Guy Kawasaki directly addresses the kind of problems the military has with complex PowerPoint decks—boring read-throughs stuffed with too much on-screen text. His parameters for preventing audience paralysis is dubbed the 10/20/30 rule.

Photo by alice_c.

Kawasaki, who we have no doubt has sat through his share of boring pitches, suggests that most people can only appreciate about 10 explanatory slides at most, and that’s only if each slide speaks directly to solving a problem or a key aspect of something to learn. The 20 is a time limit—you may have an hour, but between setup, late-coming viewers, and the very important Q&A section, you’ll want to limit yourself to 20 minutes.

The 30 means 30-point fonts—a smart creative constraint, and one that directly speaks to the U.S. military’s nightmare slides.

The reason people use a small font is twofold: first, that they don’t know their material well enough; second, they think that more text is more convincing. Total bozosity. Force yourself to use no font smaller than thirty points. I guarantee it will make your presentations better because it requires you to find the most salient points and to know how to explain them well. If “thirty points,” is too dogmatic, [then] I offer you an algorithm: find out the age of the oldest person in your audience and divide it by two. That’s your optimal font size.

ReadWriteWeb also points to Alexei Kapterev’s manifesto Death by PowerPoint, itself a very good presentation that we’ve previously posted. What constraints do you put on yourself to ensure your own presentations don’t turn your audience into very, very diligent email checkers?

By Whitson Gordon, Lifehacker – April 28, 2010 at 05:00PM

Firefox: Ever wanted to send a message to a bunch of people, but with a note tacked on the end for just one of them? Firefox extension Bccthis adds this feature to Gmail, saving you from writing multiple messages.

The extension adds a second collapsible text box to the bottom of Gmail’s compose view, allowing you to add another message that can be sent to any number of the message’s recipients in the to, cc, or bcc section. Gmail will then send two copies of the message: the original message, and an additional message to your Bccthis recipients with your secret message, so you don’t have to compose two yourself. Plus, for messages where you don’t need the extension, you can easily minimize the text box so it doesn’t take up so much space. It’s very useful for prompting follow-ups from one co-worker, tacking on impromptu “love you” post scripts to your significant other, or planning mutinies.

Bccthis for Gmail is a free download, works wherever Firefox does.

By Rich Whittle, Business Opportunities Weblog – April 28, 2010 at 11:05AM

Readers Digest reports that blasting through a decaying tooth to reach a cavity can involve “drilling out healthy parts of a tooth to get to a small area of infection,” says Wayne Flavin, director of scientific affairs for DMG America, a dental-materials company.

Enter Icon, the company’s new treatment for early cavities, which works by injecting liquid resin into the tooth. The quick-flowing resin reaches the inner “lattice” of decay faster than traditional metal or composite fillings can.

Once inside the problem spot, it solidifies and stops the cavity from progressing. “Patients love it because there is no anesthetic and no drilling,” says John Rowe, DDS, a dentist in Jonesboro, Arkansas, who has been testing the product for more than a year.

Already on the market in Europe, Icon will be widely available in the United States this year.

Photo by TV program ‘The Doctors.’.

From Business Opportunities Weblog.

By Kevin Purdy, Lifehacker – April 28, 2010 at 08:00AM

FamilySearch, the online arm of the Family History Library, has a new beta search service that lets the public dig around to find documents and facts on their relatives and ancestors. It’s a pretty huge index of data, and it’s free.

The library contains a vast amount of historical records and tallies from all over the country and world. Census data, birth and death certificates, church parish tallies, military enrollments, and many, many more data sources. If you’ve ever been intrigued about those who came before, but don’t want to invest your time quite yet in a family tree app, taking a peek around FamilySearch might pay off

It’s a service run by the Church of Jesus Christ of Latter-Day Saints, and it’s free to browse and use.

By Drea, Business Pundit – April 28, 2010 at 05:22AM

New Scientist has a fascinating infographic all about spam:

By (author unknown), Gizmag Emerging Technology Magazine – April 28, 2010 at 12:56AM

A few years ago, while searching for a suitable product to help his severely autistic son Callum adequately express himself, speaks4me creator Steven Lodge came up with the idea for a computer-based interactive communication tool based on a successful and popular autistic learning system, but the technology to support the idea was not readily available. That’s now changed…
Continue Reading Speaks4Me turns images into speech

Tags: Communicate,
Disability,
Speech

Related Articles:

• Barbie B Learning Computer
• IRiver Dicple offers voice recognition, translation and text-to-speech between English, Chinese, Japanese and Korean
• Study Nook gives special needs students added focus
• NEC testing on-the-fly two-way speech translator
• US$230 Handheld Translator speaks 12 languages
• A Computer for the world’s 4 billion illiterate and poor people

By John Baichtal, MAKE – April 27, 2010 at 09:00PM

Need something to do with those pesky 3-liter bottles, cinder blocks, and lumps of dry ice lying around? Combine them! [Via EMSL’s always-excellent linkdump.]

Read more | Permalink | Comments |

Read more articles in Chemistry |

Digg this!

By deb, smitten kitchen – April 27, 2010 at 08:54PM

I never had a Pop-Tart until college. I realize that for some people this may cause a shocked reaction on par with my husband’s the time I told him I’ve never watched Goonies before (or Jacob’s, upon discovering the internet). Obviously I grew up under a rock, right? Thus, given my proximity to concrete-like materials you’d think I have been better prepared for the texture of the one I purchased from the vending machine in the basement of my freshman dorm (not at 4 a.m. or anything, either, nope, not this angel!). But I was not. It was like particle board, but even particle board has a fresher aroma. It took two hands to break off a piece. I choked down my first bite, then chugged some water, convinced bits were stuck in my throat. Don’t you hate that?

I understand that if I had toasted it, my experience might have been better. And maybe the brown sugar cinnamon variety isn’t exactly the most vibrant. Also, it is entirely possible that a dusty dormitory basement doesn’t have, say, the packaged pastry turnover a large grocery store chain. But even at its most ideal, it could never be anything but a compromise for me: a dry, flavorless, glycerin, high fructose corn syrup, “artificial strawberry flavor”-ed version of what could be homemade and flawless.

… Read the rest of homemade pop tarts on smittenkitchen.com

---

© smitten kitchen 2006-2009. |
permalink to homemade pop tarts | 388 comments to date | see more: Breakfast, Photo, Tarts/Pies

By Jason Owens, Lifehacker – April 27, 2010 at 08:00PM

We’re no strangers to paranoia and online personal finance, but popular webapp Mint still won us over in the long run. Security professional and blogger Jason Owens offers tips for how he’d add extra layers of security to your sensitive Mint account.

About a month ago I wrote an article called “Mint.com in 2010 – Is it Safe?” As a new user I wanted to objectively evaluate real privacy and security considerations when using the site. And I tried to think about it from the perspective of a penetration tester. If I were trying to hack someone’s account, how could I try to get at a user’s information?

Note: In the first section, Owens discusses different ways one might attempt to hack your Mint account—using methods slightly different from our previous look at how easily your weak passwords can be hacked. If all you want to see are his tips for adding extra protection to your Mint account, click here to skip straight to that section.

The following is nothing new or really original. These are common techniques used, but may be new to you as a victim. If you routinely think about security when online, it’s unlikely you’d fall for this. However, for users who are unaware of some of the vulnerabilities below, there’s a likelihood of a successful hack.

The point of describing how your Mint.com account could currently be hacked is to a) make you aware of the possibilities and b) understand what you can do to protect yourself.

How I Would Try to Hack Your Mint.com Account

Brute Force Might Work, But…

Brute forcing the password is one way, but a bit ham-fisted. There is no account lockout or notification of failed attempts. Technically if I knew what a valid account was (which can be determined), I could have script run through a dictionary of passwords, and if that didn’t work have the script try by brute force until it got it. Assuming that Mint.com would not block the login attempts (which appears to be the case) if a user does not have a strong password or an attacker is able to guess the password before the victim changes it, the account will be compromised.

Hacking an account by brute force could be noisy, time-consuming, and not exactly elegant by some standards. It is possible, however, to do a targeted attack against someone using a combination of technical and social engineering.

A More Social Approach

Pieces to the compromise

• Victim using WiFi
• Victim is logged in to Mint.com
• Victim checking email via POP or IMAP (unencrypted)
• Attacker can see the top of the Victim’s screen

This attack assumes that for whatever reason, you’re being singled out. It could be random, it could be bored script-kiddies, or it could be a targeted attack. Maybe you’re a school principal and the students want to dig up some dirt, someone’s boss that just got fired, or you have a roommate that thinks you should be paying more for your share of the rent.

It’s not unrealistic to assume that someone might be logged into their account over WiFi. The victim may be in a coffee shop, public library, fast-food place, etc. Let’s call it The BreadPlace. The connectivity in TheBreadPlace could be WPA, WEP, or unencrypted. WEP is essentially worthless, although it is still used.

It’s also not unreasonable that the victim might be checking email with Thunderbird, Mail, Outlook, or other clients at the same time they are browsing. The average user might assume that because they are using a password for their account their mail is protected. What the victim might not realize is that unless they are encrypting or tunneling their email traffic, their username and password are sent over the network in clear-text. Some ISPs do not provide the option to encrypt mail traffic and will instead recommend you use a web interface to check mail.

When the victim is logged into Mint.com, their username is displayed at the top of the screen. As an attacker there are any number of ways I could get that information. Sitting by you, looking over your shoulder as I walk by, pretending to take a picture of my friend when I’m actually taking a picture of you, or stopping and saying , “hey I’ve heard about this…”

Mint.com has a forgot password feature that allows you to submit your email address. It then emails you a link to reset your account to a new password. There are no challenge questions or security checks. You simply use the link Mint.com emails you.

I can read your email. I can do this because I’ve either easily cracked the WEP traffic or I’ve impersonated the WiFi hotspot. You thought you were using the free WiFi from TheBreadPlace but you’re actually going to my laptop first, where I sniff your wireless traffic and then send it on to wherever you were going. And because you were using plain old email and sending your email authentication in clear-text, I know what your password is and can log into you email account.

At this point, as the attacker I have everything I need. I don’t have to get the victim to request a password reset because I can submit it myself, because I know the email address for the account. So I log into your email account, submit the forgot password link, get the reset link when it is emailed to you, and delete the email. Because there are no challenge questions, I get immediate access to reset your account. I set a new password to one I know. Then I change the email address on the account to a random email account I have already setup.

As the attacker, I now own your Mint.com account, and I believe you would have no idea where your account or data went. You could not recover your account or password as your email is no longer associated to the account. At best you could send a help email to Mint.com support asking them to look into their data to see what happened to your account and what the current email address is. But I’ve already run screen shots and captured as much as I can to export, PDF, or an Evernote account.

Principal Skinner, I see you what’s in your wallet. You purchased from rubberlederhosen.com recently…

How to Better Protect Your Mint.com Account

Your Mint.com account doesn’t currently have access to write to any of your financial accounts. Why does it matter if your account gets hacked? If you don’t care, or don’t have any privacy concerns, then it might not matter. But understand what people could learn about you if they did get access – see the account compromise section in the linked article for details.

How to Protect Your Mint.com Account from Brute Force Attacks

• Don’t use your regular email address, set up one specifically for Mint.com (you could have it forward to your real address so you still get notifications)
• Make your new email address random so it’s difficult to guess.
• Use a strong password
• Change your password
• Store your login information in a password database like KeePass so you don’t need to remember it

How to Protect Your Mint.com Account from Social Engineering and a Reset Attack

• Know how to Protect Your Email
• Make your new email address random so it’s difficult to guess
• Don’t be bullied or manipulated
• Remember if you’re in public, be protective of what’s on your computer screen
• Don’t click on suspicious links in email
• Don’t log into your Mint.com account from shared unprotected public computers, such as the library

Other Recommendations to Request

Your could ask Mint.com to add the following functionality

• The ability to hide or disable the display of your account name when you’re logged in
• The ability to add challenge questions to the password reset function
• A two-step process that would require follow-up confirmation of the reset process
• The ability to optionally approve the reset from more than one account
• The ability to do a password recovery from any email you previously associated with your account

---

You can follow Jason on Twitter @jason_owens and subscribe to his RSS feed.

By (author unknown), Irongeek's Security Site – January 14, 2008 at 12:56AM

New Video:Using GPG/PGP/FireGPG to Encrypt and Sign Email from Gmail
This tutorial will show how to use GPG and the FireGPG plug-in to encrypt and
decrypt messages in Gmail. GPG is an open source implementation of OpenPGP
(Pretty Good Privacy) , a public-key-encryption system. With public key
encryption you don’t have to give away the secret key that decrypts data for
people to be able to send you messages. All senders need is the public key which can only be used to encrypt, this way the secret key never has to be sent across unsecured channels.