The Great Race [WoW Style]

By Jimmy Rogers
Contributing Writer, [GAS]

So you think your level 70 paladin is pretty boss?  Well just think about how much time you spend in World of Warcraft simply running around.  These guys set up a simulation that requires one to actually run in order to keep their character going.  Check it out:

The awesome guys in this video added a treadmill to their normal joystick and keyboard set-up.  Never before have a bike tire and a mouse pad been used to propel a Night Elf.

Personally I was not the least bit surprised by the results.  While most things in video games try to replicate real life (which makes them more immersive), the running and flying systems are really just there to move the game along.  In the middle ages, people were typically born and then died within a fifty mile area.  Clearly that won’t cut it for WoW, a game where you sometimes have to travel to other worlds.

[Via Gizmodo]



The Ultimate Drinking Game for Geeks: Wizard’s Staff

Ok, first, posting this in the morning might not be the best idea, but hey, this is a geek game isn’t it? The objective of Wizard’s Staff is to attain the highest level possible and be the last standing participant in the room. Please note that while we think the game is “funny” in itself, we do not advise anyone to partake into such activities. If you do, please make sure to give your car keys to someone sober before starting. We all know that wizards can have -illusions- of grandeur, and your newly leveled sorcerer could suddenly -feel- the urge to cast a flying spell on his car’s +5 engine of speed. You’ve been warned.

[Via SloshSpot]



Perspectives extension for Firefox gives second opinion on security

The ubiquity of secure online transactions often makes us take them for granted.  Most people will happily type their credit card and other personal information into a web form and hit Submit, as long as they see that little padlock in the status bar.  Sometimes they don’t even check for that.

Have you ever had your browser cough up a security warning dialog about the certificate on the page you’re viewing?  Either the certificate has expired or it’s self-signed — which means that no independent certificate authority can verify that the page you’re visiting is really who they say they are.  How many times have you just accepted it anyway?  It could mean that someone malicious is trying to initiate a man-in-the-middle attack, in which they intercept your conversation while they forward it to the real site so everything looks normal.  You think you’re talking directly to your bank, but a black hat just copied your username and password.

How do they do it?  If they can gain control of your network access (for instance, an unsecured wireless connection) or poison a DNS cache, then they can redirect your HTTP requests to their own server first.  Of course, in order for them to read what you type over a secure connection, they have to give you their public key for encrypting the message.  After they decode it, they’ll re-encrypt the message using the public key from the site you think you’re accessing.

To prevent that, public keys are issued by certificate authorities in digital certificates that verify the identity of the key’s owner, so your browser can check it.  Now of course that doesn’t mean that I can’t pay a certificate authority to say that I’m someone I’m not, but if the key on your bank’s site is different today than it was yesterday then you might be under a MitM attack.  With self-signed certificates, no CA is involved at all, so you never know for sure when someone else is peeking at your packets.

That’s the principle behind a new Firefox 3.0 extension called Perspectives, developed by some smart people at Carnegie Mellon University.  This extension verifies that the public key for a site matches the key obtained for that same site by “notaries” — external servers that monitor key values.  If the key you obtained doesn’t match the known value for that site, then you get a stern warning that you might be under attack.

You can tune the sensitivity of the extension quite a bit, as seen in this dialog:

With the default settings (shown here), the extension only checks when you’d normally get a warning from the browser.  If the notaries check the key out OK, then the browser warning is suppressed.  Chad Perrin (who writes for TechRepublic on IT Security) commented to me that the social engineering aspect of this feature could be beneficial, as fewer false warnings may lead the user to pay more attention to warnings when they do occur.

To test this out, I went into “Certificates” and deleted my trusted certificates for a couple of sites I know that use self-signed certs — then I navigated to each one.  After a slight pause, the “Perspectives” in the status bar displayed a green check-mark icon, and the following ribbon appeared at the top of the window:

If you’re really paranoid, you can crank the settings way up.  For instance, you could change the Quorum to 100% (all notaries have to have the same key), and set the Duration to a non-zero value (the notaries had to have seen the same key for more than a day).  You can also tell Perspectives to contact the notaries for all HTTPS sites, even if the certificate checks out with the CA.  I ran it that way for a while to see how it would work.  I would guesstimate that it adds 1 to 2 seconds to each secure page load.  Noticeable, but not onerous.

Whenever you’re on a secure page, you can click the “Perspectives” in the status bar to see what Perspectives thinks of the current page.  Here’s what it looks like for GMail (with validate all HTTPS turned on):

If I had to guess, I’d say that the notaries have been in operation for 60.75 days.

As the authors note, this is no silver bullet.  A “powerful adversary” might be able to spoof the notaries as well as the site under attack.  And there’s nothing here to stop a malicious site from pretending to be something it isn’t.  But it should cut down on some MitM attacks by helping users to validate self-signed certificates.

New Tokyoflash Rogue watch looks amazing

We here at [GAS] love TokyoFlash watches, and even if they aren’t always super-convenient, the geek factor they bring alone is enough to get me wanting this one pretty badly.

Featuring a green LED / LCD display and a silver or IP black finish, the rogue’s appearance is stunning enough to get everyone around you talking, just like most of their other watches. I know, I wear the 1000100101 all the time, and I get stopped every day by people asking me what the hell this thing is.

Once mastered, navigating the time is simple, but creates a sense of mystique to the uninformed. The outer ring of small dots represents minutes, every fifth dot being slightly smaller to distinguish five minute groups. The ring of large blocks represents rough minutes, the position of the gap indicating approximate minutes. The inner ring of blocks represents hours, the position of the gap in the ring showing the current hour as on a clock face.

The Rogue is available at Tokyoflash.com for $161, including free worldwide shipping.

Google Rolls out Google Suggest

Starting today, Google will be gradually rolling out Google Suggest from their test labs to various google home pages around the world. As I’m sure you can guess, the new feature will suggest search words in real time as you’re typing. But why should you get excited by this new feature? Steve over at [H] really said it best: “I can’t wait until it is live so I can slowly type the word “analyst” and see what pops up.”

Today we’re excited because Google Suggest will be “graduating” from Labs and available by default on the Google.com homepage. Over the next week, we’ll be rolling this out so that more and more of you will start seeing a list of query suggestions when you start typing into the search box.

Apart from analyst, can YOU think of any other seemingly innocuous search words that would produce funny search queries? Let us know in the comments section!

At a loss for words? [Official Google Blog]

The Wrong Door: A Totally Insane British Show

I don’t how U.S. humor is, but our televised humor usually sucks here in Canada Quebec. When it comes to grabbing my attention, nothing beats a good British show, and the latest one to be part of this list is named “The Wrong Door”. Now this isn’t for everybody; it’s a bit weird, violent and bloody, but if you’re into that kind of stuff, you’ll love it. Videos After the jump.

Continue reading

No iTunes for China – that pesky Dalai Lama suspected!

By Mark O’Neill
Contributing Writer, [GAS]

If you’re in China and looking to download your iTunes tracks then you’ve probably been having some problems in the past few days.   That’s probably because Beijing doesn’t like a new Tibet-themed album that is now out on iTunes with the Dalai Lama giving a 15-minute talk.

As well as the talk, The Art Of Peace album also includes songs by Sting, Alanis Morissette and Moby.   According to iTunes, all money raised from the album will go to “support peace initiatives and Tibetan cultural preservation projects important to the Dalai Lama”.

According to the Associated Press, over 40 Olympic athletes competing in China downloaded the album from iTunes as “an act of solidarity” and it is speculated that it was this that caused the Chinese government to start blocking iTunes.

President Jintao – if you don’t like Sting’s music, just issue a press release and tell him to shut up!   You don’t have to block him!

Dark Matter and Dark Energy Explained

In the following video, Physicist Patricia Burchat sheds light on two basic ingredients of our universe: dark matter and dark energy. Comprising 96% of the universe between them, they can’t be directly measured, but their influence is immense. This is one of the best and most easy to understand explanation on Dark Energy and Dark Matter I’ve ever heard. Enjoy!