Carlton Baugh Jr stroked an unbeaten 54 on yesterday’s second and final day of the Jamaica Scorpians fourth WICB Professional League trial match at Kensington Park.The diminutive wicketkeeper, who was dropped towards the latter part of last season after a series of poor scores, was the top scorer for Paul Palmer’s XI who played to a draw with Brandon King’s XI.Palmer’s XI ended on 183 for seven in their second innings after dismissing King’s XI for 238 in their first innings early yesterday.Palmer’s XI made 169 in their first innings.Other leading scorers for Palmer’s XI were Andre McCarthy, 37, pacer Sheldon Cottrell, 20, and leg-spinner Damion Jacobs, 17.Recent West Indies Under-19 captain, Ramaal Lewis, four for 35, led the way for King’s XI with fast bowlers Nicholson Gordon, Brian Buchanan and John Campbell claiming a wicket each.Earlier, Palmer’s XI, who resumed on 125 for three, were restricted by young pacer Rovman Powell, who finished with four for 40.Fast bowlers Marquino Mindley and Keno Wallace ended with two wickets apiece.The fifth and penultimate trial match, a three-day encounter, is set for Sabina Park starting next Wednesday.
26 October 2006The government has budgeted more than R700-million over the next three years for improving service delivery in South Africa, particularly at the local level.“The 2007 budget proposes to allocate more than R700-million over the next three years to Siyenza Manje,” Finance Minister Trevor Manuel said while tabling the 2006 Medium Term Budget Policy Statement in Parliament in Cape Town on Wednesday.Siyenza Manje is a government initiative, primarily driven by the Development Bank of Southern Africa (DBSA), which provides hands-on technical expertise to municipalities in a range of disciplines, including financial management and planning.This helps develop skills which are essential for the effective delivery of services.In the year to March 2006, South Africa’s municipalities received R120-million from the DBSA’s capacity building grant, up from R74-million in 2004/05 and R41-million in 2003/04.Manuel told Parliament that while there were many components of the civil service that worked well, there were also clear inadequacies. Municipalities had to deal with severe capacity challenges, negatively affecting the delivery of basic services and the achievement of water and sanitation targets.He said the government had become concerned that, in many cases, increased resources resulting accelerated public spending over the past five years had not been translated into increased outputs.“And so the public has not always seen the benefit of the significant rise in public spending.”Source: BuaNews
RW: You were very vocal when the Heartbleed news broke.See also: Exterminating Heartbleed: How To Clear It Out Of Your Data CenterJS: People needed to know what passwords to change and when, so we made an overall test page. People could find out if sites had updated their SSL certificates, if it was safe to change that password yet. That was a free tool for anyone, even if you didn’t have a LastPass account. We love making tools like that for everyone.And for LastPass users, we have a security check that looks for all sites known to be vulnerable. It tells you exactly which ones they are, how old your password is, if you should go change those passwords, and when it’s safe to do so.RW: For the Heartbleed checker, I heard that LastPass didn’t actually test sites for their vulnerabilities, but merely compiled info based on company announcements. Is that accurate? Or is it a checker with a real-time status updater?JS: That’s not the full picture. We had the exploit code that we could run ourselves, but we weren’t legally clear that that was allowed. I’ve since figured out how to do it, so we’ll be adding real-time current checks for sites currently vulnerable to Heartbleed on our page.Certain large sites fixed the major bug within a day. It was easy to do that. The harder part was reissuing and revoking certificates, and that was what we thought [was important], because that’s when you know its safe to go change your passwords.We focused on any sites that were known to be vulnerable. We checked the SSL certificates the sites were using, in multiple different ways—going to sites, grabbing the current certificates, seeing if they had been reissued and the date reported.RW: But didn’t LastPass itself use the Heartbleed-affected version of OpenSSL [the vulnerable security protocol used by many websites and cloud services]?JS: Fifty percent of sites were using the vulnerable version of SSL. You could say we had a 50/50 chance of being in that. We were also using it, but because we practice what’s known as “defense in depth,” we had another layer. So what could be revealed from LastPass is far less than just about any other website.Your data was encrypted on your device before it was sent to us, so it’s not very useful, compared to grabbing a password directly from memory from another site. We were also quick to shut it down, patch it and get it replaced, and quick to help people realize what they need to do to protect themselves.We have multiple layers of defense. Peeling back one layer of the onion exposes a little, but not enough that we felt it was necessary to take extraordinary steps. For sites that are fully reliant on SSL only, it’s a much more grave scenario for them.The ChallengesSee also: NSA Accused Of Exploiting Heartbleed For At Least Two Years; Agency Denies ItRW: You’ve had some challenges, even apart from being affected by Heartbleed. A few years ago, LastPass landed in the headlines for leaking passwords. JS: That harks back to May of 2011, when we saw some anomalous traffic. We couldn’t figure out if anything had been taken; we just didn’t have any real signs, except for a certain set of traffic graphs that indicated traffic had been passed. We were upfront about what we knew, what we didn’t, when we knew and when we didn’t. We definitely lost some people on the short term, but it made people respect how we view things and how we’re going to handle them. It was definitely a tough time—not just that it happened, and saying that mistakes were made, but also the ensuing time. Tons of additional people wanted to know more, wanted more support; it was a challenging experience, all the way around.[With Heartbleed,] we were out there, talking about how we were vulnerable hours after it happened. We think it’s important that people immediately know and have all the facts. I think that engenders a lot of trust. So many companies told us how great that was, because their company had run into something similar and basically passed it to their lawyers, who decided to sweep it under the rug. RW: With the password leak, and then Heartbleed, at each turn, you seem to be able to survive the issues and maintain your fanbase. What’s your secret? JS: From our perspective, we’re in the public trust. We have over 2 million people that use LastPass everyday, and over 4.8 million people total. We take our role protecting those people seriously. But we’re not perfect. There will be mistakes that we couldn’t have caught.If we see something wrong, we’re not going to brush it under the rug. We’re going to be open about it, so people can decide what’s best for them.Trust is built over time, and that’s something you earn. All we’re trying to do is keep earning that trust.RW: Trust is definitely an issue for consumers, particularly when it comes to passwords. That leads me to a blunt question: Online, some users wonder if the National Security Agency has ever approached you guys. Has it? If not, what would you do if it did?JS: The NSA has never come knocking on our door. If the NSA showed up, I would be availing ourselves of whatever legal resources we could to protect ourselves and our users. It hasn’t happened yet.But there are easier ways for them to peg attacks. If you’re interested in a particular site, going after that site is probably easier than trying to go after LastPass, where there are layers of defense that have to be peeled back, and a company that’s not going to be quiet about that.What you’re storing in LastPass is mostly passwords to other sites. If you’re the NSA, you’d rather attack the actual sites.Last LessonsRW: You’ve been doing this now for six years. What have been some of your biggest lessons?JS: There’s been a ton of highs and lows. Building something that people use everyday is incredibly intoxicating. It’s fun to come up with something that will save somebody time or delight them, and be able to roll it out relatively quickly, in front of a mass audience.Timing is always the hardest thing with companies. You can start too early; you can be too late. We might have still been a little early to the game, so we spent a lot of time educating, which is fine in retrospect. But it certainly would have been easier had we started later.RW: You think you were too early?JS: You can go back to our forums and blogs from 2009. There are epic, 50-post battles with people demanding every intricacy, and going from, “This is the stupidest idea in history” to “Oh my gosh, you have figured out how to do this!” There was a ton of that back and forth, and we had to slog through it and convince people, because there was so much “wisdom” that anything in the cloud was going to be taken by hackers.No one could do some of these things we could do in a secure manner. That kind of education is the battle we’ve been in from the get go—[and it’s] the battle right now that we’re fighting.Passwords aren’t a joke. It’s really important, and if you let your identity slip out because you’re reusing passwords everywhere, a lot of real damage can be done to you. That has been a drum that I’ve been beating for six years now. Heartbleed really helps with that education, but I’m hopeful that the media and others can help with educating consumers about it.RW: Strangely enough, I imagine Heartbleed must have been good for your business. Have you seen a surge in users since it surfaced?JS: We absolutely have. It was good exposure for the need of password managers. Heartbleed has been a wakeup call. Mobile photo by Anthony Myers for ReadWrite; All other images courtesy of LastPass adriana lee RW: For password managers in general, cross-app integration seems really tricky. On smartphones, particularly iOS, there’s still plenty of copying and pasting of passwords from LastPass into individual apps. How challenging has it been to deal with mobile versus desktop? JS: Sandboxing, if you are the person that is playing outside of the sandbox like we are, is something that drives you crazy [in mobile]. Basically, sandboxing means that apps are isolated and can only play within their own sandbox. LastPass is special, in that it needs to interact with other sandboxes. It needs to interact with other apps.We’ve been very happy lately to utilize the Accessibility API in later versions of Android to get in and do app filling directly. iOS continues to be a thorn in the side, since we can’t deliver the solution we and our customers want, because of the limitations Apple puts upon developers. RW: And there’s no way to get around that. JS: There are no very clean ways to get around it. If it’s jailbroken, you can do things, but none of that is easy for the mass market. Apple closed down and prevented developers from expressing and creating great software for its platform because of restrictions it ignores for itself, but restricts everyone else. If I sound a little bitter, I am. It’s not the way it should be. Nobody wants the future of computing to be completely isolated, wholly controlled by company-only type experiences. That will be bad for everyone.RW: You mentioned Android’s Accessibility API. How did you use it and which features ride on it?JS: With later versions of Android, it’s essentially the same technology that a screen reader would use for a blind person. We can utilize that to see what’s on the screen, and potentially fill in different fields using that Accessibility API. We can recognize what app is running, that a password field is there, and combine that. LastPass can present it to you and give you the option to fill this in for you.RW: All of it hinges on the master password, though. So what happens if a hacker manages to crack it? Is the user screwed?JS: There are a lot of protections. We have a ton of different multi-factor [authentication] options for your LastPass account, based on your phone, location, biometrics, etc. We support, by far, the most multi-factor type options, so that even if you screamed out your password at a bar, someone couldn’t use it without a secondary factor.We also have a lot of protections on the cloud side, like how many attempts you can make at guessing a password. This makes it difficult to break into an account that way; it gets locked down quickly.Staying Competitive Serverless Backups: Viable Data Protection for … Top Reasons to Go With Managed WordPress Hosting RW: Your pricing is really low. It’s 12 bucks per year, isn’t it?JS: We’re trying to help people as much as we possibly can. Like with pricing. My pricing isn’t sophisticated. It’s always been cheap. Everyone who contacts me thinks it should be [more]. We want to make a great product at a fair price, so it’s an easy decision for people. RW: You mentioned that you encrypt locally, on whatever device you’re using, and again in the cloud. At this point, others have come along that do that as well.JS: LastPass supports more platforms, more devices, more multi-factor [authentication] devices than anyone out there. We’re committed to ensuring that every device, platform is going to be supported. Because if that doesn’t happen, you’re going to fall back to your old habits of reusing passwords, or be terribly frustrated.I want people to use a password manager; it doesn’t need to be mine. There are others out there that are good. They don’t have the breadth we have, but they’re decent choices. The core thing is that people realize that it’s necessary to use something, because reusing the same password for every site just doesn’t make sense.We’re trying to cover all the bases, including covering you at work [with LastPass for enterprise]. We have a lot of big name companies that are using LastPass to make sure employees are practicing good password hygiene. We want people to stop emailing, texting and IMing passwords. You’re putting that password at risk, especially when you email, and it’ll sit there and be recorded forever. You should be sharing those passwords in the correct way, through LastPass, and it will help you when it updates—and magically everyone in your team has that update. Stopping The Heartbleed How Intelligent Data Addresses the Chasm in Cloud ReadWriteBuilders is a series of interviews with developers, designers and other architects of the programmable future.The recent Heartbleed bug, which threatened to leak user passwords and other personal information like a sieve, had one unexpected consequence: It put password managers in the spotlight.Post-Heartbleed, security experts warned users to choose new, unique passwords for affected apps and websites. That’s a big chore for most people, and relatively few actually follow through on such recommendations, even among the security conscious. Password managers, which store passwords for your various online accounts—email, banking, social sites like Facebook and Twitter and so forth—in the cloud, offered one way of easing that burden.Password managers like LastPass have stepped up to help Heartbleed-fearing people lock down their accounts. The company, headed by CEO and founding developer Joe Siegrist, has been offering advice and online tools for concerned users since the bug was first reported last month. Siegrist, 37, has been a vocal evangelist for better password security for six years, and in a way it’s now paying off, given that Heartbleed has been sending lots of nervous users his way. Siegrist’s earnestness, however, doesn’t hurt. “I want people to use a password manager; it doesn’t need to be mine,” he told me. “The core thing is that people realize that it’s necessary to use something, because reusing the same password for every site just doesn’t make sense.”It’s the same drum he’s been banging since he started. Here’s how it all began.The First Pass For LastPassSee also: Heartbleed Defense: The 3-Step Password Strategy Everyone Should UseRW: You used to work in Internet telephony.Joe Siegrist: Yes, I was the CTO of Estara [which sold to ATG in 2006 for $50 million]. We did a lot of security there, because we were doing phone calls for people on their computers, Voice Over IP calls, back in 1999 or 2000. RW: You’re listed as inventor for 5 patents related to that. You also worked at an Internet service provider at one point. How does somebody with your background end up in password management?JS: Security was a big issue at Estara. We had to do encryption. We had to figure out how to do key exchange, how to do all this securely. We were running a “Software As A Service” business before it was called that. When we left, we couldn’t do anything in VoIP telephony, so we had to pick a new one. I and three of my best guys who worked with me there left at similar times. We started LastPass because we wanted to work together again.It was on my mind: How do people do this? It was painful, how I was handling passwords. I had them in a file that I was encrypting and decrypting manually every time I needed it, editing the files, searching for the site name, copying and pasting passwords. It was complicated. You start asking around, and other people handle it by using the same password for every site. I was shocked. It was akin to using the same key for every lock. I really wanted to let people do what they wanted—which was reuse the same password everywhere—but do it securely, where you could update that password and be secure, without revisiting all the sites and without all the pain involved. Tags:#Builders#cloud#encryption#Heartbleed#Joe Siegrist#LastPass#OpenSSL#password manager#passwords#security#web Related Posts Cloud Hosting for WordPress: Why Everyone is Mo… Building something that people use everyday is incredibly intoxicating. It’s fun to come up with something that will save somebody time or delight them.—Joe SiegristRW: So you got the core team together in April 2008 to get LastPass off the ground. And the beta launch followed in August that year.JS: Yes. It was a lot of time spent in the basement of my house, usually the three or four of us sitting at a long card table, banging away 10 to 12 hours a day.RW: What did you decide to focus on first?JS: On the core of the product: filling passwords in, remembering passwords automatically, grabbing passwords that are sitting unencrypted on your computer, getting it working for Internet Explorer and Firefox. Back in 2008, Chrome didn’t exist yet. So our core focus was showing people the data that was sitting on their PCs, that any malware or virus could pick up. We shocked tons of people when they saw all those passwords sitting here. We started from there, and that allowed us to see people’s accounts. It let them get started without an empty vault and without a lot of effort on their side.RW: Did you work on the encryption side in conjunction with user-facing features, or did that come later?JS: We first tried to prove the major concepts of grabbing the passwords, being able to capture and fill them. This was before we launched. As we approached the launch date, we wanted to utilize cloud-type techniques. We wanted the best of what the cloud gave you without the downsides.That was a tough decision back then, because we were the first cloud-based password manager. Everybody immediately said, “A cloud-based password manager is stupid.” They pre-judged it, because they assumed there was no simple, elegant way to protect your data while keeping it in the cloud. That was one of the core innovations we were proud of: We figured out a way to keep your data encrypted, locally, with a key that only you have—never passing that to LastPass—so that you can trust us.We are provably secure. We can prove that your password data is encrypted in a way that even we can’t decrypt before it’s sent from your computer. Now, in retrospect, it seems like an obvious thing. But it wasn’t back then. It took a lot of education, years before people started recognizing that this was a better mousetrap.Developing For Mobile Is Tricky Business
Excited for the upcoming integration of Cinema 4D into After Effects? In this post we share 3 video tutorials that show you how the new Cineware feature will work in future versions of AE.Adobe has announced future integration of Maxon’s Cinema 4D into Adobe’s After Effects, via Cineware and Cinema 4D Lite. The motion design community couldn’t be happier.The current process of prerendering your Cinema 4D files and then bringing them into After Effects is clumsy and time consuming. The integration of Cinema 4D into AE will provide a live 3D pipeline that won’t require any rerendering. Instead you’ll be able to create and modify Cinema 4D files through After Effects. If a full version of Cinema 4D is installed on your system, AE would open that. Otherwise, Cinema 4D Lite (that will come included in future After Effects versions) will open. Anything you change in Cinema 4D will automatically be updated in After Effects.Ok, so you want to see it in action? Two of the most popular motion graphics gurus online have released their take on the new Cineware/After Effects Integration.The first video tutorial is from our friend, John Dickinson at Motionworks. He gives a 10 minute rundown on how Cinema 4D Lite will work in upcoming versions of After Effects. Tons of good info here, whether you’re a Cinema 4D veteran or are just curious on what it can add to your exisiting After Effects work.Below that we’ve got two video tutrials from the great Nick Campbell from Grayscale Gorilla. One of the tutorials is geared for existing AE users interested in Cinema 4D. The other is targeted for existing Cinema 4D users interested in AE. Take your pick.No doubt the C4D to AE feature will open up 3D motion design to a new legion of video professionals – a great move by both Maxon and Adobe! No details yet when this new release will be available for public purchase.After Effects: Cineware & Cinema 4D Lite by MotionworksCineware and Cinema 4D Lite For After Effects Users by Greyscale GorillaCineware and Cinema 4D Lite For Cinema 4D Users by Greyscale Gorilla
All of us have faced difficulties and disappointments of one kind or another during the year, which is now closing. However, even as we look back on the challenges we experienced this year, we recognize the meaning of the Season, the traditions and the symbols which give us cause to enjoy the unique feeling that this special time of year brings. Story Highlights We celebrate another Christmas as a nation, and we are grateful for the reminders of the power of peace and goodwill in shaping our lives. Christmas is a time that brings together families, friends, and communities, in thanksgiving and celebration, for the gifts and blessings we have received throughout the year. My fellow Jamaicans at home and abroad,We celebrate another Christmas as a nation, and we are grateful for the reminders of the power of peace and goodwill in shaping our lives. Christmas is a time that brings together families, friends, and communities, in thanksgiving and celebration, for the gifts and blessings we have received throughout the year.All of us have faced difficulties and disappointments of one kind or another during the year, which is now closing. However, even as we look back on the challenges we experienced this year, we recognize the meaning of the Season, the traditions and the symbols which give us cause to enjoy the unique feeling that this special time of year brings.We fully embrace any opportunity to engage with each other in an atmosphere of cordiality and conviviality, and to appreciate how good it is to ‘dwell together in unity.’ At the heart of this fellowship and goodwill is the true message of Christmas- that of building harmonious relationships, and a world where peace reigns in the hearts of humankind.In the spirit of the Season, I urge us all to focus our minds on all that is positive in our past – our values, our faith, and our generosity of spirit. It is equally important for us to recognize where we have fallen short in our responsibilities to the vulnerable; draw inspiration from the Christmas Message, and resolve to correct our oversight or neglect.As we spend time in reflection and renewal, let us:• Remember and sympathise with, those who are spending their first Christmas without a loved one who was taken by crime, illness, road fatality, or other travails.• Spend some quiet time in taking stock of our individual lives, and our impact on community and country.• Strengthen the bonds of responsible family life, and protect our children.• Be constructive with our suggestions as we are critical of our faults.• Renew our long-term resolve to serve those in need and show kindness to those experiencing difficulties.• And let us continue to exude the warmth and generosity which reflect the best of our Jamaican traditions.During this time of faith and family, I hope you will experience the love, gladness and heart of Christmas.Lady Allen joins me in wishing for everyone a safe, holy, peaceful and joyous Christmas Season.Happy Holidays everyone, and may God bless us all. We fully embrace any opportunity to engage with each other in an atmosphere of cordiality and conviviality, and to appreciate how good it is to ‘dwell together in unity.’ At the heart of this fellowship and goodwill is the true message of Christmas- that of building harmonious relationships, and a world where peace reigns in the hearts of humankind.