Saturday, August 23, 2008
Interview with Zach Anderson
Here is a link to a Popular Mechanics interview with Zach Anderson, one of the MIT hackers whose DefCon presentation on hacking the Boston subway was canceled via a temporary restraining order on behalf of the Massachusettes Bay Transit Authority. The interview goes in depth on exactly what happened. I found it particularly cool that the MIT guys were able to just walk to the Electronic Frontier Foundation booth at DefCon and get lawyers to help them.
Boycott Siemens
I want one of these, but it's still Big Brother's best friend. New Scientist has written a rather long article on this Big Brother In a Box. Use encryption!
Wednesday, August 20, 2008
Use SSL Whenever Possible
The talk at DefCon simply highlighted a well known vulnerability involved with sending session information via a cookie over unencrypted channels. As a result, gmail's security has been increased for those of us who want to take advantage. This is just another example of increased security as a direct result of hackers making a vulnerability public - or in this case driving the point home by making stealing someone's session credentials easy enough for a 6 year old. The middler is the name of the program written by Jay Beale. I will post on it at a later date perhaps.
Here is a good article detailing the problem.
Here is a good article detailing the problem.
Justice Served - Sorta
Judge O'Toole threw out the gag order filed by the MBTA against the MIT hackers, but he refused to comment on whether their right to free speech was violated in the first place. Here is the article from Wired.
Monday, August 18, 2008
To the Record Labels
You people are so far out of tune with the times, it is sickening. You are the only industry (if you can be called an industry - in recent times you have been reduced to what is essentially a law firm) that has deliberately and gladly made enemies of your own customers. You want to sue the hell out of the people who made you rich. You think you can solve your problem with lawyers and legal systems. Your imaginary -- er I meant intellectual -- property rights are all you are clinging to and you are failing miserably. Why not get in tune with the times? You simply cannot get around the inherent benefits of digital media, but you idiots simply cannot get this fact through your heads. Because, if you could, you would have thought of innovative ways to take advantage of the digital revolution like any other successful company. Instead, you imbiciles have fought tooth and nail against the tide and have been swimming up river ever since the digital revolution began, because it caught you with your pants down like a deer in the headlights. You never expected that your iron grip on the music industry and godlike powers of decided who and what gets published would ever come to an end, and now you are running scared like a dog with its tail between its legs. If you had your way, you would squeeze as much money as you could out of every single customer. I'm sure your think tanks right now are trying to figure out how to charge someone to listen to a single song one time at a rate of 5 cents per listen. After all, it is your property. It is not the property of the user who paid for the song. We should all pay you for the privilege to listen. Thank you, thank you soooooo much!
The fact is that more and more your DRM attemps are failing as people realize how much it sucks not to be able to use something that they paid for in the manner they choose to use it. The recent Yahoo! fiasco ring any bells? Their DRM servers are shutting down, so all of the customers who used Yahoo!'s service are SOL when it comes to all of the music they "purchased". Without the servers running to unlock "their" songs, these people cannot even listen to the music they paid for. Thankfully Yahoo! has enough sense to give these people credits to another DRM schemed service, so at the very least it is just a huge pain in the ass for these people to have to redownload all of their music from a new and equally locked scheme.
When I buy a song, it is mine! I paid for it, and I should be able to put it on every single one of my computers and digital media players, cds, cassettes, as a tatoo on my ass, etc. Good for Wal-Mart and their decision to sell music in the open and non-restrcted mp3 format. They should have some not insubstantial pull in this issue, and they have always been good at giving the customer what they want, which is why they are the single most successful business in America and the World.
And now you music industry idiots, particularly SoundExchange, are about to put my favorite online radio site Pandora.com out of business because you cannot come up with a fair rate to liscense "your" music to them with. It is unbelievablt that you would rather make a statement and ask for a shitload of money and end up with none, than to ask for a fair rate and make tons of money over time. Pandora has plenty of listeners, but you people are just too greedy and stupid to find a way to make money off of their creative business. You could charge a fair rate that would not put Pandora out of business and would thus allow you to make some liscensing fee money, while having the added benefit of getting music heard by an audience that is increasingly turning to online sources for everything (news, musics, videos, etc). NBC understands this, which is why they will be offering NFL games online for the first time ever this season (with ads on the page). They will be offering extras such as play-by-play action, instant replay control by the user, and multiple camera angles. This is genious on NBC's part and is another avenue for advertising revenue. But, again the recording industry doesn't understand this and seems content to just make their money from sueing people. I will let you idiots in on a little secret: Ever since I have been listening to my music on Pandora, I have not pirated music (well maybe just a little - but only about 1% of what I used to). I don't need to. I buy the stuff I really want, and Pandora offers enough variety in the stuff they stream, that things don't get old - my main impetus for downloading new music constantly. Similarly, ever since I started getting my movies on Netflix, I have not downloaded a single film. Why do I need to? I am already paying $15 a month to netflix, and if I downloaded and watched a movie on my PC, I would be wasting money I pay to Netflix because I could have watched the movie from them, and sent it back to receive another one to get the most out of my 15 bucks - plus, movies take up hard drive space that I could use for other things. A similar effect has happened with my downloading of TV shows and having them available on sites such as NBC.com. If I can watch them instantly via streaming on these sites, why waste the time it takes to download them. This has the added benefit for NBC that I am more likely to watch season 2 of Heros if I can catch up on season 1 first.
Some people and industries are smart enough to see the direction that things are going, and they find a way to use it to their advantage instead of fighting against it. It is still survival of the fittest, and the law may be making it easier for the less fit recording industry to survive and flounder a little bit longer than would otherwise be possible naturally (similar to the way the law allows people who cannot take care of themselves to live off of those of us who can), their idiotic behavior will eventually be their doom.
The fact is that more and more your DRM attemps are failing as people realize how much it sucks not to be able to use something that they paid for in the manner they choose to use it. The recent Yahoo! fiasco ring any bells? Their DRM servers are shutting down, so all of the customers who used Yahoo!'s service are SOL when it comes to all of the music they "purchased". Without the servers running to unlock "their" songs, these people cannot even listen to the music they paid for. Thankfully Yahoo! has enough sense to give these people credits to another DRM schemed service, so at the very least it is just a huge pain in the ass for these people to have to redownload all of their music from a new and equally locked scheme.
When I buy a song, it is mine! I paid for it, and I should be able to put it on every single one of my computers and digital media players, cds, cassettes, as a tatoo on my ass, etc. Good for Wal-Mart and their decision to sell music in the open and non-restrcted mp3 format. They should have some not insubstantial pull in this issue, and they have always been good at giving the customer what they want, which is why they are the single most successful business in America and the World.
And now you music industry idiots, particularly SoundExchange, are about to put my favorite online radio site Pandora.com out of business because you cannot come up with a fair rate to liscense "your" music to them with. It is unbelievablt that you would rather make a statement and ask for a shitload of money and end up with none, than to ask for a fair rate and make tons of money over time. Pandora has plenty of listeners, but you people are just too greedy and stupid to find a way to make money off of their creative business. You could charge a fair rate that would not put Pandora out of business and would thus allow you to make some liscensing fee money, while having the added benefit of getting music heard by an audience that is increasingly turning to online sources for everything (news, musics, videos, etc). NBC understands this, which is why they will be offering NFL games online for the first time ever this season (with ads on the page). They will be offering extras such as play-by-play action, instant replay control by the user, and multiple camera angles. This is genious on NBC's part and is another avenue for advertising revenue. But, again the recording industry doesn't understand this and seems content to just make their money from sueing people. I will let you idiots in on a little secret: Ever since I have been listening to my music on Pandora, I have not pirated music (well maybe just a little - but only about 1% of what I used to). I don't need to. I buy the stuff I really want, and Pandora offers enough variety in the stuff they stream, that things don't get old - my main impetus for downloading new music constantly. Similarly, ever since I started getting my movies on Netflix, I have not downloaded a single film. Why do I need to? I am already paying $15 a month to netflix, and if I downloaded and watched a movie on my PC, I would be wasting money I pay to Netflix because I could have watched the movie from them, and sent it back to receive another one to get the most out of my 15 bucks - plus, movies take up hard drive space that I could use for other things. A similar effect has happened with my downloading of TV shows and having them available on sites such as NBC.com. If I can watch them instantly via streaming on these sites, why waste the time it takes to download them. This has the added benefit for NBC that I am more likely to watch season 2 of Heros if I can catch up on season 1 first.
Some people and industries are smart enough to see the direction that things are going, and they find a way to use it to their advantage instead of fighting against it. It is still survival of the fittest, and the law may be making it easier for the less fit recording industry to survive and flounder a little bit longer than would otherwise be possible naturally (similar to the way the law allows people who cannot take care of themselves to live off of those of us who can), their idiotic behavior will eventually be their doom.
The LHC firing up
The Large Hadron Collider at CERN in Switzerland has begun running some preliminary tests of some of some of tis sectors. The first experiements are due to run in October. Here is a nerdy rap video about the LHC that is surprisingly informative as to what the thing will be doing and what it is looking for:
Thursday, August 14, 2008
MIT Hackers Suffer Another Blow to Their Right to Free Speech
It is a sad day for free speech as another clueless idiot judge lets the gag order stand against the hackers for MIT working for a project under Ron Rivest (the 'R' in RSA encryption) barring these guys from exposing a flaw they found in RFID and magstripe cards used in Boston's subway. Maybe George O'Toole will get it right on Tuesday. From another article, here is a letter signed by 11 Computer Science professors from across the country speaking out against this. Here is the article the letter is from:
http://blog.wired.com/27bstroke6/2008/08/computer-scient.html
And here is the letter (Bruce Schneier was one of the signers):
http://blog.wired.com/27bstroke6/2008/08/computer-scient.html
And here is the letter (Bruce Schneier was one of the signers):
We write to express our firm belief that research on security vulnerabilities, and the sensible publication of the results of the research, are critical for scientific advancement, public safety and a robust market for secure technologies. Generally speaking, the norm in our field is that researchers take reasonable steps to protect the individuals using the systems studied. We understand that the student researchers took such steps with regard to their research, notably by planning not to present a critical element of a flaw they found. They did this so that their audience would be unable to exploit the security flaws they uncovered. . . .
The restraining order at issue in this case also fosters a dangerous information imbalance. In this case, for example, it allows the vendors of the technology and the MBTA to claim greater efficacy and security than their products warrant, then use the law to silence those who would reveal the technologies' flaws. In this case, the law gives the public a false sense of security, achieved through law, not technical effectiveness. Preventing researchers from discussing a technology's vulnerabilities does not make them go away - in fact, it may exacerbate them as more people and institutions use and come to rely upon the illusory protection. Yet the commercial purveyors of such technologies often do not want truthful discussions of their products' flaws, and will likely withhold the prior approval or deny researchers access for testing if the law supports that effort. . . .
Yet at the same time that researchers need to act responsibly, vendors should not be granted complete control of the publication of such information, as it appears MBTA sought here. As noted above, vendors and users of such technologies often have an incentive to hide the flaws in the system rather than come clean with the public and take the steps necessary to remedy them. Thus, while researchers often refrain from publishing the technical details necessary to exploit the flaw, a legal ban on discussion of security flaws, such as that contained in the temporary restraining order, is especially troubling.
Tuesday, August 12, 2008
DefCon 16
This was my second year at the largest hacker/security conference in the world, and I had a blast. After a 22 hour drive, I'm back home. Here are some articles covering the event:
http://www.wired.com/politics/security/multimedia/2008/08/gallery_defcon16?slide=1&slideView=2
http://blog.wired.com/27bstroke6/2008/08/a-first-ever-lo.html
http://blog.wired.com/27bstroke6/2008/08/eff-to-appeal-r.html
http://blog.wired.com/27bstroke6/2008/08/injunction-requ.html
http://blog.wired.com/27bstroke6/2008/08/exclusive-defco.html
http://blog.wired.com/27bstroke6/2008/08/medeco-locks-cr.html
http://www.networkworld.com/news/2008/081008-covert-operation-floats-network-sniffing.html?hpg1=bn
http://news.cnet.com/8301-1009_3-10012612-83.html?part=rss&subj=news&tag=2547-1_3-0-20
http://www.wired.com/politics/security/multimedia/2008/08/gallery_defcon16?slide=1&slideView=2
http://blog.wired.com/27bstroke6/2008/08/a-first-ever-lo.html
http://blog.wired.com/27bstroke6/2008/08/eff-to-appeal-r.html
http://blog.wired.com/27bstroke6/2008/08/injunction-requ.html
http://blog.wired.com/27bstroke6/2008/08/exclusive-defco.html
http://blog.wired.com/27bstroke6/2008/08/medeco-locks-cr.html
http://www.networkworld.com/news/2008/081008-covert-operation-floats-network-sniffing.html?hpg1=bn
http://news.cnet.com/8301-1009_3-10012612-83.html?part=rss&subj=news&tag=2547-1_3-0-20
Friday, August 1, 2008
Ron Paul on the Higher Education Opportunity Act
Madame Speaker, anyone in need of proof that federal control follows federal funding need only examine HR 4137, the Higher Education Opportunity Act. HR 4137 imposes several new mandates on colleges, and extends numerous mandates that previous Congress imposed on colleges. HR 4137 proves the prophetic soundness of people who warned that federal higher education programs would lead to federal control of higher education.
Opponents of increasing federal control over higher education should be especially concerned about HR 4137’s “Academic Bill of Rights.” This provision takes a step toward complete federal control of college curriculum, grading, and teaching practices. While this provision is worded as a “sense of Congress,” the clear intent of the “bill of rights” is to intimidate college administrators into ensuring professors’ lectures and lesson plans meet with federal approval.
The “Academic Bill of Rights” is a response to concerns that federally-funded institutions of higher learner are refusing to allow students to express, or even be exposed to, points of view that differ from those held by their professors. Ironically, the proliferation of “political correctness” on college campuses is largely a direct result of increased government funding of colleges and universities. Federal funding has isolated institutions of higher education from market discipline, thus freeing professors to promulgate their “politically correct” views regardless of whether this type of instruction benefits their students (who are, after all, the professors’ customers). Now, in a perfect illustration of how politicians use the problems created by previous interventions in the market as a justification for further interventions, Congress proposes to use the problem of “political correctness” to justify more federal control over college classrooms.
Instead of fostering open dialog and wide-raging intellectual inquiry, the main effect of the “Academic Bill of Rights” will be to further stifle debate about controversial topics. This is because many administrators will order their professors not to discuss contentious and divisive subjects in order to avoid a possible confrontation with the federal government. Those who doubt this should remember that many TV and radio stations minimized political programming in the sixties and seventies in order to avoid running afoul of the federal “fairness doctrine.”
I am convinced that some promoters of the “Academic Bill of Rights” would be unhappy if, instead of fostering greater debate, this bill silences discussion of certain topics. Scan the websites of some of the organizations promoting the “Academic Bill of Rights” and you will also find calls for silencing critics of the Iraq war and other aspects of American foreign policy.
Madame Speaker, HR 4137 expands federal control over higher education; in particular through an “Academic Bill of Rights” which could further stifle debate and inquiry on America’s college campus. Therefore, I urge my colleagues to reject this bill.
Subscribe to:
Posts (Atom)