Saturday, 25 February 2017

Check Uber estimated times and prices from command line

Lately I’ve found myself using Uber exclusively for traveling around when I need to. But I’ve also found myself waiting just a little bit longer to see if that surge price goes down. It just seems that there is always surge pricing, and it’s so annoying trying to refresh from the application because you never know if it’s a new price or the old one. But I’ve come to accept it because I trust it more than I trust regular cabs and it’s also a lot more convenient. So if I am in front of my laptop now I can use this, because I iz developer, right?

That being said, as a lazy person it pains me everytime open my phone, open the Uber app, type my destination, and see the estimated price, only for my inner, responsible, cost-cutting, fiduciary-self to end up taking the bus all the way home. Jae Bradley

You’re not the only one…

Check estimated time and prices for your next ride from the command line using Uber CLI →

Quite fun and also pretty good. Also check out these other nifty Uber projects to play around with that I discovered on ProductHunt:

However, ever since this news broke out, I am seriously considering ceasing the use of the app and joining the #DeleteUber movement. Just waiting on the independent review outcome.

Friday, 24 February 2017

List of sites possibly affected by Cloudflare’s Traffic Leak

Great news this morning from Cloudfare →

[…] in some unusual circumstances […] our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.

List of Sites possibly affected by Cloudflare’s #Cloudbleed HTTPS Traffic Leak →

Between 2016-09-22 – 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months.

Requests to sites with the HTML rewrite features enabled triggered a pointer math bug. Once the bug was trigerred the response would include data from ANY other cloudfare proxy customer that happened to be in memory at the time. Meaning a request for a page with one of those features could include data from Uber or one of the many other customers that didn’t use those features. So the potential impact is every single one of the sites using CloudFare’s proxy services (including HTTP & HTTPS proxy).

Emphasis:

This list contains all domains that use cloudflare DNS, not just the cloudflare proxy (the affected service that leaked data). It’s a broad sweeping list that includes everything. Just because a domain is on the list does not mean the site is compromised, and sites may be compromised that do not appear on this list.

Cloudfare has been working on it before it made the announcement.

The infosec team worked to identify URIs in search engine caches that had leaked memory and get them purged. With the help of Google, Yahoo, Bing and others, we found 770 unique URIs that had been cached and which contained leaked memory. Those 770 unique URIs covered 161 unique domains. The leaked memory has been purged with the help of the search engines.

But just to be sure, change your passwords & clear your cookiesGitHub users kamaljoshy and avian2 have written some scripts to check domains of saved logins for Chrome and Firefox.

https://gist.github.com/kamaljoshi/2cce5f6d35cd28de8f6dbb27d586f064
https://gist.github.com/avian2/30db0d579732287d758c21ba8ded9393

Update:

Monzo’s Response to Cloudbleed →

Good to see a transparent bank. Anyone willing to try it out, I have a Golden Ticket.

Sunday, 19 February 2017

How to enable Hey Siri on Mac with your voice

When Siri for Mac was first announced at WWDC 2016 the first question I asked myself whether it would be available as a voice command. That proved not to be the case, at least not by default, so here is how you can create a dictation trigger to summon Siri on your Mac using the “Hey Siri” command. You can watch the whole video on YouTube.

How to enable Siri using “Hey Siri” command on your Mac

  1. Open System Preferences
    The System Preferences icon can normally be found in the dock, or you can use Spotlight to search for it.

  2. Select Siri and choose “Press Fn (Function) Space” as the Keyboard Shortcut for triggering Siri. Alternatively you may customise the shortcut. I chose Option+S. Note down your shortcut as you will need to perform it later.
  3. Go back to the main window in System Preferences and make sure you have Dictation enabled under Keyboard -> Dictation.
  4. Go back to the main window in System Preferences and choose the Accessibility option. Scroll down in the right panel and select Dictation under Interacting.
  5. Check Enable the dictation keyword phrase
  6. Replace the word Computer with Hey

  7. Click Dictation Commands… at the top of the window.
  8. Enable Advanced commands and press the “+” button just above the check to create a new custom command.
  9. Call it Siri if you want your trigger to be “Hey Siri” just like on iPhone, iPad or Apple Watch.
  10. Perform the keyboard shortcut that matches Siri’s Keyboard Shortcut in step 2. This could be the Fn (Function) Space combo or a custom combination. I chose Option + S.
  11. Click Done and test it out.

Good luck triggering all your other devices with the command! One suggestion would be to change the trigger word – “Hey”- to something else.

Wednesday, 15 February 2017