Posts tagged Next
ReadWriteBody is an ongoing series where ReadWrite covers networked fitness and the quantified self.
Quantifying your activity and nutrition, as I’ve done for years, can only take you so far. Sometimes gathering the numbers just tells you the same bad news you can see in the mirror. Here it is: After dropping 12 pounds last year, I’ve been stuck around 195 pounds for months.
I’m still very active, going on runs with my dog around Telegraph Hill, spiking my heart rate with gym workouts, and trying different training techniques while I continue to test new fitness gadgets and apps. It’s pretty clear what I need to tackle next: what I eat.
And I have a short-term motivator: I’ve signed up to take my colleagues through a boot-camp exercise program in a month. My co-instructor is a former MMA pro. I’m feeling the heat.
Beyond Food Logging
As much as I love MyFitnessPal, an app in which I log everything I eat, it doesn’t feel like a good meal-planning tool. I use it for accountability, recording what I eat as I go. Rigorously admitting my food slip-ups keeps me aware of my food habits and where I can improve them. I don’t want to tinker with that part of my routine.
What I need is an app that plans my meals, generates a shopping list, and helps keep me on track.
Ideally, it would look ahead at my calendar. For example, this week, I packed five days’ worth of morning meals, forgetting that I had two breakfast meetings planned. Push notifications to remind me to eat at the right time would help—especially since the timing of meals may be a factor in weight loss.
And there’s always the unexpected, like the leftover Chinese food I’m having for lunch today. An ideal meal-planning app would adjust on the fly for the occasional overindulgence.
The Ultimate Food App Hasn’t Been Invented Yet
The last thing I want is connectedness: I want an app that automatically populates MyFitnessPal with my planned meals as I eat them, that consults RunKeeper or MapMyFitness to get an eye on my calories burned through exercise, that picks up my sleep habits from my activity tracker, that pulls menus from restaurants when I schedule a meeting, and that outputs a shopping list I can import into grocery-delivery services like AmazonFresh, Postmates, or Instacart.
From what I’ve seen, there are plenty of meal planners that focus on organizing recipes. What they lack is contextual awareness of the vast amounts of data I throw off in my quantified life. Somewhere out there, someone must be building the perfect next-generation food-planning app, one that factors in my schedule, exercise, sleep, and other measurable habits. If you are, let me know.
In the meantime, I’ve got some old-fashioned work to do, with a familiar set of tools to rely on. I’ll let you know how it goes.
View full post on ReadWrite
What we thought was secure—Web servers, routers, virtual machines, virtual private networks, and even client software—isn’t so safe, after all.
Just about everything that relies on the open source cryptographic software OpenSSL is compromised by the Heartbleed bug, which can leak the contents of the memories of these networks and devices to compromise your security.
Heartbleed can expose data in random 64KB “heartbeats,” and while each leak is limited to 64KB of memory at a time, an attacker can keep connecting to collect more data, which can include sensitive data like passwords, private encryption keys, and website cookies.
While the Heartbleed bug was initially known to compromise secure Web servers, the list of affected devices has extended to routers and other products from Cisco and Juniper Networks, virtualization software from VMware, OpenVPN’s private networking software, Oracle software (though not clear), and may extend to devices like phones.
And then there’s the Trojan horse, “Reverse Heartbleed.”
Vulnerable From Within
Heartbleed’s blade cuts across both servers and clients. It can be used in reverse, by tricking a website to come to you, according to Brad Buda, CTO and founder of Meldium, a San Francisco-based firm that sells account and password protection software.
Meldium has created a web site called reverseheartbleed.com, where you can test whether your client’s security has the reverse Heartbleed vulnerability.
“Many organizations have hosts which initiate outbound SSL connections (pulling updates, fetching images, or pinging webhook URLs),” the site states. “These hosts are often on a separate infrastructure (with different SSL dependencies) within the organization firewall. These hosts may be vulnerable to the reverse Heartbleed attack.”
The post lists potentially vulnerable clients, including traditional clients and open agents.
- Traditional clients include browsers, applications that use http APIs, and applications loaded onto a computer via DVD, such as your friendly word processor or office application, plus mobile apps on iOS and Android. All of these clients can be affected, if they haven’t updated their OpenSSL.
- Open agents are clients an attacker can drive remotely; these agents are used by social networks, file sharing applications like Dropbox, and web spiders. Until yesterday, Pinterest was vulnerable, but its security team was “very responsive” and patched with us to polish the test tool,” Buda said.
To understand how open agents might work, consider Facebook and Twitter. Though neither is vulnerable, they both have user interfaces that easily illustrate how Heartbleed can exploit client vulnerabilities.
An open agent can trick you into typing a URL that’s malicious in some way. This threat may take time to uncover, Buda said, because people are only looking at the problem from the point of view of the secure Web server, and are not actively searching throughout their infrastructure for vulnerabilities.
Any software that runs OpenSSL—including servers and clients—can be problematic. It’s not built into any of the major Web browsers like Chrome or Firefox, but it is used in iPhone applications and back-end server applications. Reddit, for one, moved fast to patch its servers when Heartbleed first came to light, but it was still vulnerable to the bug.
“You need to look at every part of the system that can talk to the outside,” Buda said.
Since Meldium published its Reverse Heartbleed tool, people have been using it to help illuminate the sites that still need patching. Buda admits the user interface for the Reverse Heartbleed tool itself needs a little fixing, but in general, you “press the big blue button” and the tool will generate a URL with malicious code. If you copy and paste that URL into an agent (like a Facebook or Twitter status update), the tool will try to fetch the URL. You’ll know you’re safe if you receive an SSL connection error.
Servers are typically thought of as the defensive perimeter while the inside is considered safe, but Buda said you need to examine every part of your system that communicates with outside computers, servers, or systems.
When Buda heard about Heartbleed, he said Meldium tested its own servers.
“We were vulnerable to the normal attack and patched it right away,” he said. “It turned out that patch covered us.”
But in researching Heartbleed on Twitter, Buda saw a tweet that suggested the attack could theoretically be reversed. “I can’t claim credit for inventing this,” Buda said. “We wanted to be the first to have a working exploit,” though he built it with the hopes that the community would use it and help root out all the systems that need to be patched.
Routers, which are used in both public and private networks, including homes, can also be breached.
As many as 65 different Cisco products are known to be vulnerable to the Heartbleed bug, and others are still being evaluated. Many of the company’s most popular products, including Webex Messenger, Jabber client, Cisco IOS XR, Telepresence System 1100, Video Surveillance Media Server Software and Unified Operations Manager, were found to be susceptible to Heartbleed.
“Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server,” according to the Cisco alert.
Juniper Networks also alerted customers of products that are compromised, though you need an account to log in to get the information.
Virtualization Opens Many Doors To Heartbleed
VMware, for its part, lists more than 20 products that may be vulnerable to Heartbleed, including ESXi 5.5, vCloud Networking and Security, and the VMware Horizon View virtual desktop client for several operating systems, including Windows, Macintosh, iOS, and Android.
Citrix is still evaluating how its products are affected. Netscaler is safe, as are released versions of Citrix XenServer. However, some virtualization products are vulnerable, including Citrix XenMobile App Controller, and Citrix advises users of its Citrix Web Interface are advised to check whether deployed servers using Web Interface are vulnerable.
Other Citrix products, including GoToAssist, GoToMeeting, GoToTraining, GoToWebinar, OpenVoice, ShareFile, as well as our Citrix Labs products (GoToMeet.me, Convoi, Talkboard, Hu.tt) are not vulnerable,” Citrix writes.
Users of released versions of Citrix XenServer are safe;
As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.
“So many websites and applications are using this protocol, and until someone fixes it, the vulnerability is still open,” said Amtel CEO PJ Gupta. “Every company has to fix it, and once you fix the code, you need to change your passwords.”
But will fixing the code and changing one’s passwords be enough? Software developer Dave Winer thinks not.
“It’s hard to imagine something worse happening. And I think we’re late responding to it,” Winer wrote on his blog. “If this were a single system so compromised, the right technique would be to go offline and not come back until all the connection points were patched or verified to not need patching, it’s risky that we all keep using the net.”
View full post on ReadWrite
Google’s gearing up for a big announcement on April 22. The last time Google truly lowered the boom, we got Enhanced Campaigns, which have radically changed the SEM landscape. Let’s take a look at where Enhanced Campaigns have led us and what might be coming next. Enhanced Campaigns Have Changed…
Please visit Search Engine Land for the full article.
There is a fundamental shift in the star-making machinery in Hollywood that pumps out teen celebrities. They are no longer coming from studio creations like “The Mickey Mouse Club“ that launched the careers of Justin Timberlake and Britney Spears. Instead, they’re on YouTube.
No one can attest to that quite like Disney, which is betting big on viral stars not just to draw view but to build its next-generation franchises that it can promote on cable channels, theme parks, and more. The Walt Disney Co. is acquiring Maker Studios, one of YouTube’s largest video production networks for $500 million, Reuters reported on Monday. (That number could increase to as much as $950 million if Maker hits designated performance milestones.)
Its sale to Disney will likely hearten YouTube creators who, in recent years, have grown unsure of the economy the Google-owned video site has built around them.
See also: The YouTube Economy Is In Peril
Maker Studios produces and distributes videos for a viewership of millennials—those who came of age around the year 2000, four years after “The Mickey Mouse Club” went off the air. Its channels attract more than 4.5 billion monthly views and collectively have more than 340 million monthly subscribers.
Those are numbers that put most broadcast and cable operations to shame—yet Maker and other YouTube operators have struggled to make their stars household names. That’s where Hollywood’s hitmakers can help.
From “YouTube Famous” To Just Plain Famous
Gone are the days when stars like Christina Aguilera had to make it through grueling auditions. Now people can become viral celebrities virtually overnight, and thanks to YouTube’s system of channels, subscriptions, and revenue-sharing, turn those millions of fans into a lasting following that makes some of them millions.
Now that new star system is tying up with a traditional media company. And the Disney-Maker Studios deal won’t likely be the last of its kind.
So who are these celebrities of the future? Take a look at some of the people whose careers have launched on YouTube.
Felix Kjellberg, a 24-year-old Swedish videogame commentator, is YouTube’s biggest star, with 25 million subscribers. Maker Studios represents PewDiePie, as Kjellberg’s known on YouTube. While he’s not an old-media celebrity, his recommendations can instantly boost a game’s sales.
It’s easy to forget that the crooning Canadian has his roots on YouTube. At 12, he began posting videos of himself singing. Record labels soon discovered him and launched him into stardom. He’s since made history by passing 3 billion views on his YouTube channel. Bieber‘s the kind of futurecelebrity Disney hopes to own.
In 2007, Michelle Phan posted a video tutorial on makeup, and since then has become not only a YouTube phenomenon, but a much-cited cosmetics expert. By using YouTube to become one of the Internet’s most popular beauty insiders, she eventually created her own online-video network called FAWN (For All Women Network) and a beauty social networking site. She also teamed up with L’Oreal to launch her own makeup line.
She has more than 6 million subscribers and is one of the most popular female YouTubers.
Actor Lucas Cruikshank created the Fred video series as a teenager that centers around an annoying, dysfunctional 6-year-old boy named Fred Figglehorn. Though he describes his videos as “programming for kids by kids,” the storyline highlights serious issues children face growing up.
The video series was so popular that Nickelodeon picked it up for three movies and 24 episodes of “Fred: The Show.”
“Friday,” one of the worst songs ever made, immediately became a classic YouTube hit, with more than 66 million views. Since that infamous day, Rebecca Black has taken her YouTube talents to television, with appearances on The Tonight Show with Jay Leno and a cameo in a Katy Perry music video.
Her follow-up song, “Saturday,” was dubbed “a totally passable piece of Radio Disney-esque pop” by Billboard magazine.
What these stars’ crossover appeal tells us is that the YouTube audience can now determine what’s popular not just online, but offline as well. What Disney has bought isn’t just a stable of YouTube channels: It’s a next-generation talent-discovery machine that can fuel all of its entertainment properties.
Images via YouTube
View full post on ReadWrite
Glimpse: The Next Wave of Ephemeral Photo Apps Are Focusing on Privacy [SXSWi Interview] by @murraynewlands
If we’ve learned anything from Snapchat, it’s this—people love sharing photos, and will stop at nothing (including personal privacy) to do so. With the hype of ephemeral messaging continuing to climb, it seems like it’s the next big trend in the app world, but what does that mean for users? How can you protect yourself […]
Born in England, Murray moved to the USA in 2011 being recognized by the US government as “an alien of extraordinary ability”.
View full post on Search Engine Journal
Join the most accomplished search marketers in the world, June 11-12 in Seattle. SMX Advanced features two days of expert-only sessions, keynotes and the highest-level networking anywhere. Six in-depth workshops offered on June 10. SMX Advanced has sold out since its start in 2007. Secure your spot…
Please visit Search Engine Land for the full article.
Last November, Dropbox pledged that its business users would gain the ability to access their personal file-storage accounts as well, and now the company’s fulfilling that promise. According to The Verge, Dropbox sent an email to business customers about an upcoming press event, stating that the anticipated account-switching features will roll out across all of their devices on April 9. The email also reportedly notes that Dropbox will debut new administration tools.
See Also: Dropbox Gets Down To Business
That means Dropbox’s business users will no longer have to log in and out (or use multiple browsers or privacy modes) to access documents in both their individual and professional accounts. It’s a move intended to make Dropbox friendlier to business users and thus, the company has said, to improve worker productivity.
Dropbox says that it serves more than 4 million businesses, a number dwarfed by the sheer size of its consumer user base. More than 200 million people use Dropbox to manage more than one billion files, the company says.
Dropbox may need all the help it can get. Google just slashed the price of Google Drive storage to $10 a month for a terabyte of storage—far less than Dropbox’s upper tier of consumer cloud storage, which costs five times as much for half the storage.
Not that Dropbox, which is worth $8 billion, is hurting. But it faces tough competition, and not just from Google. One of its biggest rivals is Box, the cloud storage company that likewise started out catering to consumers, but doubled down on business clients in 2007. Box has reportedly already filed for an initial public offering.
Both services have pros and cons. Box may not be as easy to use or ubiquitous as Dropbox, but it offers the sort of advanced security that companies require. Security has been a sore point for Dropbox.
But the company attracted $350 million in funding last month to bolster its enterprise software division. Some of that should—and probably will—go toward security.
Image courtesy of Dropbox
View full post on ReadWrite
Search Marketing Expo – SMX Advanced is a fast paced, engaging, and intimate experience that emphasizes sharing ideas and networking with peers. The Search Engine Land editorial team creates the agenda, so you’ll be treated to sessions that are Q&A-packed, frequently controversial,…
Please visit Search Engine Land for the full article.
Nothing can replace the power of face-to-face engagement, networking, and learning you’ll get at a digital marketing conference. With ClickZ Live New York coming up, here are four tips on how to get the most out of your conference experience.
View full post on Search Engine Watch – Latest