Schedule

Schedule

Thursday, April 24

Friday, April 25

1398445200 Tech News Today
1398448800 This Week in Law
1398466800 Tech News 2Night

Saturday, April 26

1398535200 The Tech Guy

Sunday, April 27

1398621600 The Tech Guy
1398636000 This Week in Tech

Monday, April 28

1398704400 Tech News Today
1398708000 Triangulation
1398713400 iPad Today
1398726000 Tech News 2Night

Tuesday, April 29

1398785400 Marketing Mavericks
1398790800 Tech News Today
1398794400 MacBreak Weekly
1398801600 Security Now
1398808800 Before You Buy
1398812400 Tech News 2Night
1398816000 All About Android

Wednesday, April 30

1398871800 FLOSS Weekly
1398877200 Tech News Today
1398880800 Windows Weekly
1398888000 This Week in Google
1398898800 Tech News 2Night
1398900600 The Giz Wiz
1398906000 Ham Nation

Thursday, May 1

1398963600 Tech News Today
1398967200 Know How...
1398970800 The Social Hour
1398976200 Coding 101
1398979800 Home Theater Geeks
1398985200 Tech News 2Night
1398988800 OMGcraft

Friday, May 2

1399050000 Tech News Today
1399053600 This Week in Law
1399071600 Tech News 2Night

Saturday, May 3

1399140000 The Tech Guy

Sunday, May 4

1399226400 The Tech Guy
1399240800 This Week in Tech

Most Recent Episodes

Know How...

Project Ara is a modular smartphone concept, viewer feedback from our G+ community, Heartbleed in action, and more!

Home Theater Geeks

Scott chats with home theater legend Yves Faroudja about his career and research.

Tech News 2Night

The FCC proposes new rules some say will end net neutrality, Facebook buys Moves, Amazon beats estimates then takes on FedEx and UPS, Microsoft beat earnings, tech giants fund OpenSSL, Google+ loses its chief, and Google Glass is NOT on sale for everyone.

Coding 101

We learn about for loops, if then statements, and get modded before Dale Chase gives us the lowdown on using external data.

The Social Hour

Amber & Sarah chat with Mightybell's Gina Bianchini, Google+ head Vic Gundotra leaves the company, Facebook buys Moves app, is Famatic rad or fad? And more!

Ham Nation

Joe Walsh(WB6ACU) returns to the show to talk about how he started with Ham radio, Field Day, questions from the chat room and more!

Tech News Today

The FCC chairman proposes rules that critics say ends net neutrality in the US, big tech companies unite to prevent the next Heartbleed, Facebook acquires a fitness tracker and launches a breaking news service, and more.

OMGcraft

Chad demonstrates Minecraft Bingo!

The Giz Wiz

The horseless eCarriage, a crazy concept car from Toyota, a t-shirt with heart rate monitor, and more!

This Week in Google

Apple and Facebook quarterly results, Google I/O to focus on design, FCC proposes new net neutrality rules and more!

Coding 101 13

Sanitize')DROP TABLE Python;

April 17 2014

Hosts: Fr. Robert Ballecer, SJ and Shannon Morse

Guest: Dale Chase

Welcome to Coding 101 - It's the TWiT show that gives YOU the knowledge to live in the wonderful world of the programmer. This week we are introducing our newest module, Python with Code Warrior Dale Chase!

To see all the code used in today's episode, go to Our Github Repository for Module 2

Loops (Recap)

* As we may recall, loops are an easy way to reuse code.
* It allows us to "loop" a section of code so that it doesn't have to be writen over and over.

While Loops
"While loops in Python work very much like they do in C#

They use some sort of counter and some sort of relational true/false statement. The while loop will continue to run as long as the statement is true. The true/false statement is pre-test, meaning that it will evaluate the statement BEFORE the loop code is executed."

Code Sample:

counter = 0

while counter < 5:

counter = counter +1
print counter

Output:
1
2
3
4
5"

Sanitizing your Input!

The Heartbleed Bug

What is the Hearbeat?
* The problem lies in the "Hearbeart"
- It's a way to keep a SECURE TLS session alive /// to keep it from "timing out"
- The Heartbeat is a payload of arbitrary data which is sent from one end of the connection to the other, and back again.
- If the heartbeat makes the round trip intact, then both sides of the connection know that the connection is still active and still secure.

Here is the OpenSSL Code

(The Bug starts on Line 3972)
/* Read type and payload length first */

hbtype = *p++;

n2s(p, payload);

pl = p;

hbtype is the TYPE of data

P++ increments the pointer

p is the pointer for the payload

payload is the length of the payload"

The problem is that the SENDER gets to set the "payload" length and the code never checks to see if the sent length matches the recieved length of the payload.

The Crux of the Matter:
* The Hearbleed bug stems from code that does not check to make sure it's recieving into memory what it expected.
* In other words... IT DIDN'T SANITIZE IT'S INPUT!

Get in Touch With Us!

* Subscribe and get Coding 101 automatically at TWiT.tv!
* Follow PadreSJ and Snubs on Twitter.
* Watch the show live and join the chatroom every Thursday at 1:30pm PST.
* Email us at Padre@twit.tv and Shannon@twit.tv.
* Join our Google+ Community!

Download or subscribe to this show at twit.tv/code. Also, check out our transcripts.

Bandwidth for Coding 101 is provided by Cachefly.

Running time: 41:46

Sponsors: