Connect with us

Biz & IT

Google’s Grasshopper coding class for beginners comes to the desktop



Google today announced that Grasshopper, its tool for teaching novices how to code, is now available on the desktop, too, in the form of a web-based app. Back in 2018, Grasshopper launched out of Area 120 as a mobile app for Android and iOS and since then, Google says, “millions” have downloaded it.

A larger screen and access to a keyboard makes learning to code on the desktop significantly easier than on mobile. In the desktop app, for example, Google is able to put columns for the instructions, the code editor and the results next to each other.

ghop good dog v2

Google also today added two new classes to Grasshopper, in addition to the original “fundamentals” class on basic topics like variables, operators and loops. The new classes are Using a Code Editor and Intro to Webpages, which teaches you more about HTML, CSS and JavaScript.

In case you are wondering why a “Using a Code Editor” class is useful, it’s worth noting that most of the coding experience in the first few courses is more about clicking short code snippets and putting them in the right order than typing out code by hand.

After completing all courses, users will be able to build a simple webpage and be ready to take on more complex courses on other platforms, like Codecademy, for example.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Comcast hides upload speeds deep inside its infuriating ordering system



Comcast just released a 2020 Network Performance Data report with stats on how much Internet usage rose during the pandemic, and it said that upload use is growing faster than download use. “Peak downstream traffic in 2020 increased approximately 38 percent over 2019 levels and peak upstream traffic increased approximately 56 percent over 2019 levels,” Comcast said.

But while upload use on Comcast’s network quickly grows—driven largely by videoconferencing among people working and learning at home—the nation’s largest home-Internet provider with over 30 million customers advertises its speed tiers as if uploading doesn’t exist. Comcast’s 56 percent increase in upstream traffic made me wonder if the company will increase upload speeds any time soon, so I checked out the Xfinity website today to see the current upload speeds. Getting that information was even more difficult than I expected.

The Xfinity website advertises cable-Internet plans with download speeds starting at 25Mbps without mentioning that upstream speeds are just a fraction of the downstream ones. I went through Comcast’s online ordering system today and found no mention of upload speeds anywhere. Even clicking “pricing & other info” and “view plan details” links to read the fine print on various Internet plans didn’t reveal upload speeds.

Even after adding a plan to the cart and going through most of the checkout process, I could not find any mention of upload speeds. I got to the point where you have to enter credit card information to continue, so I initially stopped there. I later confirmed that Comcast’s ordering system will show upload speeds after it checks whether your credit card is valid, in the final page where you submit an order.

Deliberately keeping customers in the dark

I’ve long known that it’s difficult to find upload speeds on Comcast’s website, but I’m not sure exactly when it became virtually impossible. There were complaints about this very problem on Comcast’s customer support forums in 2020 and in 2019, though. “What is my upload speed now? No where in the world can I find documentation,” one customer asked. The answer was that existing customers can find upload speeds for their own plan in their account settings after logging in and navigating to the correct section.

But that does not help people who are signing up for service and want to find out what upload speeds they’ll get or compare upload speeds of different plans. Even the comparison tool that lets you compare details of different plans doesn’t reveal their upload speeds. The absence of upload speeds from Comcast’s website is so thorough that it is clearly a deliberate attempt to keep customers in the dark. This gallery shows how the Comcast Xfinity website displays Internet plans without mentioning upload speeds and continues that tactic through nearly the entire checkout process:

Thankfully, the third-party website lists both download and upload speeds, showing that Comcast’s 25Mbps download plan comes with 3Mbps uploads; the 100Mbps and 200Mbps download plans both have 5Mbps uploads; the 300Mbps download plan has 10Mbps uploads; the 600Mbps plan has 15Mbps uploads; and the 1Gbps download (1.2Gbps in some areas) comes with 35Mbps:

Comcast speeds and prices, no thanks to Comcast's website.
Enlarge / Comcast speeds and prices, no thanks to Comcast’s website.

Comcast’s website does list the 35Mbps upload speeds for the gigabit plan at this page, but I couldn’t find anything similar for Comcast’s other cable-Internet plans. Comcast also offers a fiber-to-the-home service with 2Gbps speeds both downstream and upstream. But Comcast’s residential fiber requires installation charges of up to $500, and the service costs $300 a month, which is more than three times as much as the gigabit-cable plan that has 35Mbps downloads.

Comcast, why did you make this so hard?

I contacted Comcast today with two primary questions: is there any way to find upload speeds on Comcast’s website before submitting an order for Internet service, and does Comcast have any plans to raise its cable upload speeds?

Comcast’s answer on where to find upstream speeds was as follows:

Our network report shows that, despite the growth in upstream traffic in 2020, patterns remain highly asymmetrical as downstream volumes were 14x higher than upstream throughout 2020. Our website reflects the way customers use the Internet with downstream overwhelmingly dominating usage, but upstream speeds are included in your cart and are visible upon check out when you submit your order.

Despite Comcast claiming that “upstream speeds are included in your cart,” I could find no evidence of this. Adding a Comcast Internet plan to the cart and then clicking the cart icon brought me to an ordering page that does not mention upload speeds. I confirmed this behavior on in both Chrome and Safari.

I circled back to the Comcast spokesperson and asked what exact steps I need to take to make upload speeds show up in the cart. It turns out the upload speeds never show up in the cart at all unless you define “cart” to include the entire ordering process. Comcast told us the upload speeds will finally appear “when you are at the step when you review your order.”

Despite my earlier reluctance to enter my credit card information for service I am not ordering, I finally did so to check whether this is accurate. I submitted my address, phone number, and credit card information, and I clicked “Next.” This triggered a step in which Comcast’s system checked to see whether I had entered a valid credit card. I accidentally entered a recently expired card number, so Comcast’s system “declined” my card and made me re-enter it. After I entered a card number that Comcast could charge, I finally got to this page, where the 300Mbps download-plan’s 10Mbps upload speeds are shown:

The last page in Comcast's ordering system.
Enlarge / The last page in Comcast’s ordering system.

At this page, with Comcast having already verified your card, you can view upload speeds and decide whether to submit the order or exit the ordering system. The part of Comcast’s statement that upload speeds are “visible upon check out when you submit your order” is thus accurate. But refusing to tell a prospective customer what they’re paying for until after they submit credit card information is simply ridiculous. You can probably get upload speeds earlier by asking a Comcast rep in an online chat or phone call, but that shouldn’t be necessary.

Continue Reading

Biz & IT

Parler sues Amazon (again), claims AWS ban sank a billion-dollar valuation



Enlarge / A person browsing Parler in early January, before the site got into a fight with AWS.

Social media platform Parler has dropped a federal lawsuit alleging Amazon colluded with Twitter to drive a rival offline—but in its place, the platform has filed a new state lawsuit alleging Amazon deliberately tanked its valuation.

Parler’s new suit (PDF)—filed in King County, Washington, where Amazon is headquartered—argues mainly that Parler is no worse than the competition and that Amazon defamed and devalued it when AWS discontinued service.

The platform has been embroiled in legal battles with Amazon since January, when Amazon cut off Parler’s AWS hosting in the wake of the January 6 insurrection at the US Capitol. Parler went offline shortly after and remained that way until mid-February.

How did we get here?

Parler launched in 2018 as a “free speech” alternative to mainstream social media companies such as Twitter and Facebook. By late 2020, it had gained a significant following among conservative and right-wing users—including far-right extremists who flocked to Parler as other platforms began to limit the spread of QAnon content.

Then everything hit the fan in the wake of the January 6 events at the US Capitol. Many of the participants in that mob livestreamed or posted photos from the Capitol on social media services, including Parler. Within a few days, both Google and Apple banned Parler from their mobile app stores, and AWS followed suit shortly thereafter.

Parler immediately filed a lawsuit against Amazon in federal court in Washington state, asking the court to force Amazon to reinstate its hosting. The judge assigned to the case rejected Parler’s request, finding that its claims against Amazon were weak at best.

Amazon, in its legal response to Parler’s lawsuit, effectively brought receipts showing more than 100 instances of violent content it had warned Parler about prior to the January 6 attack.

“If there is any breach [of contract], it is Parler’s demonstrated failure and inability to identify and remove such content,” Amazon wrote in its filing at the time. “Compelling AWS to host content that plans, encourages, and incites violence would be unprecedented.”

The road back to valuation

Parler’s new suit is unimpressed with Amazon’s claims about its old suit.

“Since its inception, Parler has carefully policed any content on its platform that incited violence,” the company claims. “To be sure, AWS had from time to time sent Parler problematic content, which content Parler immediately investigated and resolved.” Besides which, Parler argues, everyone else, including Amazon through its third-party retail marketplace, sells content that incites violence.

And when you get right down to it, Parler alleges, the real problem is money. “Just before all this occurred, Parler was about to seek funding and was valued at one billion dollars—something AWS also knew,” the suit claims. By booting Parler from AWS hosting, the argument follows, Amazon injured Parler and tanked that valuation through “deceptive and unfair trade practices,” defamation, and breach of contract.

Parler seems to be at a critical juncture with the ability to bring itself back online or not, and the suit seems designed to bolster it in that endeavor. The site is back online—more or less—and under new leadership since the board fired founder and former CEO John Matze a month ago.

That board is now under the control of investor Rebekah Mercer, who seems to be trying to bring the company back as a major platform. The Wall Street Journal last year was first to report that Mercer is Parler’s biggest investor. The Mercer family, including Rebekah, are prominent supporters of several conservative cause, sites, and politicians, including former US President Donald Trump.

Continue Reading

Biz & IT

Microsoft issues emergency patches for 4 exploited 0-days in Exchange



Microsoft is urging customers to install emergency patches as soon as possible to protect against highly skilled hackers who are actively exploiting four zero-day vulnerabilities in Exchange Server.

The software maker said hackers working on behalf of the Chinese government have been using the previously unknown exploits to hack on-premises Exchange Server software that is fully patched. So far, Hafnium, as Microsoft is calling the hackers, is the only group it has seen exploiting the vulnerabilities, but the company said that could change.

“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” Microsoft Corporate Vice President of Customer Security & Trust Tom Burt wrote in a post published Tuesday afternoon. “Promptly applying today’s patches is the best protection against this attack.”

Burt didn’t identify the targets other than to say they are businesses that use on-premises Exchange Server software. He said that Hafnium operates from China, primarily for the purpose of stealing data from US-based infectious disease researchers, law firms, higher-education institutions, defense contractors, policy think tanks, and nongovernmental organizations.

Burt added that Microsoft isn’t aware of individual consumers being targeted or that the exploits affected other Microsoft products. He also said the attacks in no way are connected to the SolarWinds-related hacks that breached at least nine US government agencies and about 100 private companies.

The zero-days are present in Microsoft Exchange Server 2013, 2016, and 2019. The four vulnerabilities are:

  • CVE-2021-26855, a server-side request forgery (SSRF) vulnerability that allowed the attackers to send arbitrary HTTP requests and authenticate as the Exchange server.
  • CVE-2021-26857, an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is when untrusted user-controllable data is deserialized by a program. Exploiting this vulnerability gave Hafnium the ability to run code as SYSTEM on the Exchange server. This requires administrator permission or another vulnerability to exploit.
  • CVE-2021-26858, a post-authentication arbitrary file write vulnerability. If Hafnium could authenticate with the Exchange server, then it could use this vulnerability to write a file to any path on the server. The group could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin’s credentials.
  • CVE-2021-27065, a post-authentication arbitrary file write vulnerability. If Hafnium could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server. It could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin’s credentials.

The attack, Burt said, included the following steps:

  1. Gain access to an Exchange server either with stolen passwords or by using the zero-days to disguise the hackers as personnel who should have access
  2. Create a web shell to control the compromised server remotely and
  3. Use that remote access to steal data from a target’s network

As is usual for Hafnium, the group operated from leased virtual private servers in the US.

More details, including indicators of compromise, are available here and here.

Microsoft credited security firms Volexity and Dubex with privately reporting different parts of the attack to Microsoft and assisting in the investigation that followed. Businesses using a vulnerable version of Exchange Server should apply the patches as soon as possible.

Continue Reading