Canada's bull-moose civil libertarian on Canada's new domestic spying law

On the always-excellent Search Engine podcast from TVOntario, host Jesse Brown interviews Alan Borovoy, general counsel of the Canadian Civil Liberties Association. Borovoy in one of Canada's most respected free speech and privacy activists, and he describes the state of Canada on the eve of the introduction of a sweeping spy-bill that will require ISPs to log and retain enormous amounts of our private communications, and then give police access to that material without a warrant. This is a stirring call-to-arms and an important historical context to understand the history of free speech and privacy in Canada.

Audio Podcast #124: Alan Borovoy | Search Engine (MP3) Read the rest

EFF: Tens of thousands of websites' SSL "offers effectively no security"

The Electronic Frontier Foundation's SSL Observatory is a research project that gathers and analyzes the cryptographic certificates used to secure Internet connections, systematically cataloging them and exposing their database for other scientists, researchers and cryptographers to consult.

Now Arjen Lenstra of École polytechnique fédérale de Lausanne has used the SSL Observatory dataset to show that tens of thousands of SSL certificates "offer effectively no security due to weak random number generation algorithms." Lenstra's research means that much of what we think of as gold-standard, rock-solid network security is deeply flawed, but it also means that users and website operators can detect and repair these vulnerabilities.

While we have observed and warned about vulnerabilities due to insufficient randomness in the past, Lenstra's group was able to discover more subtle RNG bugs by searching not only for keys that were unexpectedly shared by multiple certificates, but for prime factors that were unexpectedly shared by multiple publicly visible public keys. This application of the 2,400-year-old Euclidean algorithm turned out to produce spectacular results.

In addition to TLS, the transport layer security mechanism underlying HTTPS, other types of public keys were investigated that did not use EFF's Observatory data set, most notably PGP. The cryptosystems that underlay the full set of public keys in the study included RSA (which is the most common class of cryptosystem behind TLS), ElGamal (which is the most common class of cryptosystem behind PGP), and several others in smaller quantities. Within each cryptosystem, various key strengths were also observed and investigated, for instance RSA 2048 bit as well as RSA 1024 bit keys.

Read the rest

Canada's spying bill: be very afraid

Canadian comedy hero Rick Mercer nails the new Canadian spying bill and the political tactics that gave rise to it. Bravo!

Rick Mercer: Rant: Be Afraid (Thanks, James!) Read the rest

34-foot tower of books about Abe Lincoln

Ford's Theater's Center for Education and Leadership sports a 6,800 volume, 34-foot-tall tower of (aluminum replica) books about Abraham Lincoln.

The majority of the titles are histories and biographies about Abraham Lincoln. Also included are books of Lincoln’s speeches, books of quotations or quips and one or two travel titles (i.e.: Indiana’s Lincolnland by Mike Capps and Jane Ammenson). Several children’s titles also are included, though not much in the way of adult historical fiction.

(Many sites report that there are 15,000 books in the pile, but that's not correct).

Skyscraping Tower of Abraham Lincoln Books Read the rest

Taxi-window sticker: our security stinks and your credit card will be sniffed

On my way to Dallas-Fort Worth airport today, I snapped this picture of the sticker on the inside of the back-seat passenger-side window of my taxi. It warns "The method used to authenticate credit card transactions for approval is not secure and personal information is subject to being intercepted by unauthorized personnel." There's some history there, I'm guessing. Consumer warnings are very nice, but I'm left wondering why they don't just update the firmware on the credit-card box with some decent crypto (unless this is because they use a CB radio to call in card numbers, which is pretty danged foolish). Read the rest

Soft robots: elastomeric origami

Wired Science's Dave Mosher investigates elastomeric soft robots -- air-powered origami creepers that can go places that challenge their rigid metallic kin.

Getting the soft robots to perform a particular action is a feat of origami: Folded in just the right way and glued in the right spots, for example, the researchers showed how a crinkled clump of silicone-soaked paper lifted a 2-pound weight. The force of the air required to drive it was roughly twice that of a human exhalation.

The team has also cylinders that blow into spheres, tubes that act like springs and compact stacks that turn into rigid rings or pipes.

Avi Solomon notes the similarity between these eerie things and the robots in Ted Chiang's brilliant science fiction story Exhalation.

Origami Robots Run Only on Air Read the rest

Tank Girl vodka

Absolut has commissioned Jamie Hewlitt (co-creator of Tank Girl and Gorillaz) to do a limited edition vodka bottle celebrating London's public drunkenness. It's a rather nice piece of work, too -- suitably grotesque. All it's missing is the grimy, mutilated pigeons squabbling over puddles of last night's binge-drinking lad and ladette vom.

ABSOLUT London Read the rest

MEP who resigned ACTA role explains how the treaty will result in invasive border searches of personal devices, privacy-invading dissemination of public's personal information

Kader Arif is the former EU rapporteur on ACTA (the secretive copyright treaty pushed by the US Trade Rep) on Europe's behalf. He made headlines when he handed in his report on ACTA and his resignation as rapporteur, which damned ACTA as an undemocratic, overly broad and ill-conceived trainwreck. In this WSJ interview, Arif goes into detail on the problems that made ACTA utterly irredeemable, and Mike Masnick despairs at how Arif's successor in the EU is seemingly unwilling to stand up for the democratic principles that ACTA tramples.

First is the article 11 of the agreement, which states that the right holder has the right to ask for information “regarding any person involved in any aspect of the infringement or alleged infringement”. This article is worded in such wide and unclear terms that it leaves a great deal of room for interpretation. In practice, almost anyone could be linked to an infringement of intellectual property rights and face criminal sanctions under such a vague definition. It is our responsibility as legislators and people’s representatives not to leave it to a judicial authority to decide of the scope of an agreement which could affect people’s civil liberties.

The second is the issue of having travelers’ personal luggage searched at borders. ACTA foresees that the use of counterfeited goods on a commercial scale can lead to criminal sanctions. But here again no definition of “commercial scale” is given. Article 14 of the agreement clearly states that, unless contrary action is taken by one of the parties, it is possible to search people’s personal luggage, including small consignments.

Read the rest

Adventures of a psychedelic truffle eater

Here's Part 2. And here's Part 3.

Juliette says:

Following The New York Times Sunday profile on VICE's in house drug aficionado/chemist, Hamilton Morris and his original web series Hamilton's Pharmacopeia, VICE today premieres the latest episode where Hamilton travels to Amsterdam to discover the Philosopher's Stone of psychedelics -- the [psilocybin-containing] truffle. In this episode of Hamilton's Pharmacopeia, Hamilton sits down and chats with the notorious Truffle Brothers in a quaint Dutch farm that also functions as the world's largest truffle factory, then proceeds to munch down 8 grams of the magical mushrooms and explore Amsterdam on Queen's Day (the Netherland's most chaotic and rampantly wild day of the year).
A trip at the Magic Truffles farm Read the rest

The Radium Age science fiction library

Several years ago, I read Brian Aldiss's Billion Year Spree -- his "true history of science fiction" from Mary Shelley to the early 1970s. I found Aldiss's account of the genre's development entertaining and informative... but something bothered me, long after I'd finished reading it. So much so that I've since spent hundreds of dollars on forgotten, out-of-print books; I've written dozens of long, scholarly posts about the thing that bothered me so much, for io9 and my own blog, HiLobrow; and this year I've even launched a money-losing publishing imprint in a quixotic effort to set the record straight.

Aldiss's book is terrific on the topic of science fiction from Frankenstein through the "scientific romances" of Verne, Poe, and Wells -- and also terrific on science fiction's so-called Golden Age, the start of which he, like every other sf exegete, dates to John W. Campbell's 1937 assumption of the editorship of the pulp magazine Astounding. However, regarding science fiction published between the beginning of the Golden Age and the end of the Verne-Poe-Wells "scientific romance" era, Aldiss (who rightly laments that Wells's 20th century fiction after, perhaps, 1904's The Food of the Gods, fails to recapture "that darkly beautiful quality of imagination, or that instinctive-seeming unity of construction, which lives in his early novels") has very little to say. "Hm," I thought, when I noticed that. "That's an awfully long stretch of science fiction history to overlook, isn't it?"

Aldiss seems to feel that authors of science fiction after Wells and before the Golden Age weren't very talented. Read the rest

419/FBI poetry: "Issues of fraud crime against you"

My friend Vann Hall received the following email from the FBI. Apparently, they caught him through their, er, track light monitoring device. Vann, I hope you can clear this up quickly!

respectively, pesco

-------- Original Message -------- Subject: ISSUES OF FRAUD CRIME AGAINST YOU Date: Fri, 20 Jan 2012 08:25:36 +0200 From: Mr Ronald Anthony ( Reply-To: ( To: undisclosed-recipients:;


FBI Headquarters in Washington, D.C. Federal Bureau of Investigation J. Edgar Hoover Building 935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001



This the Federal Bureau Of Investigation (FBI) We are writing in response to our track light monitoring device which we received today in our office about the illegal transactions that you have been involve in for a long time now.

We understand from our general investigations that some con men from Australia has been ripping a man off him hard earned money with the pretense of dealing with birds Company that will deliver a pet to him and the proposed amount which was to be transferred to you is the sum of $5,000,000 Usd as stated in our record here.

We also got a complain from our Australia man counterpart stating that your identity/information's was used to dupe a Australia business man to the tune of $4 Billion Usd by some Australia Fraudsters which you have been in contact with for some time now.

The German Government has ordered for your urgent arrest regarding the crimes that was committed with your name,after all the series of investigations conducted here in our office we tracked your record and we found out that you have never been jailed or had any fraudulent case that may jeopardize your image and personality.

Read the rest

Teapot made from tickets

Brian Jewett makes various kinds of sculptural housewares, including ticket bowls ("Made by winding multiple rolls of tickets into one disc, shaping and sealing"). He made this ticket-bowl teapot as a commission for teapot collectors Gloria and Sonny Kamm.

Ticket Bowls (via Craft) Read the rest

VeriSign, pillar of Internet security, hacked

VeriSign Inc., the company responsible for assuring that more than half the world’s websites are authentic, was hacked multiple times in 2010, and the thieves succeeded in stealing information, reports Christopher Maag in

When users click on a website, or on a hyperlink that would carry them to a website, their browser automatically checks the site’s security certificate to make sure that it’s authentic. If there’s a problem with the certificate, the browser may present a warning screen advising the user of possible security threats, or it may block access altogether. If hackers gain access to those certificates however, they can make their own copy that looks exactly like the real thing. That would enable them to run a virtually fool-proof phishing scheme, diverting users to a fake website in order to steal account passwords, Social Security numbers and other valuable private data.
VeriSign, pillar of Internet security, hacked Read the rest

Grand re-opening of the Cigar Box Guitar Museum near Pittsburgh, PA

Shane Speal says:

The Speal’s Tavern Cigar Box Guitar Museum near Pittsburgh, PA has been expanded and improved for 2012. The museum now sports over 40 handmade instruments, cigar box amplifiers, antique photos and artwork along with historical facts and discoveries. The 2012 exhibit will be unveiled this Saturday, February 18 at 6pm followed by a special Mardi Gras blues concerty by museum creator and cigar box guitarist, Shane Speal. The centerpiece of the museum is a 92 year old cigar box guitar from 1910. It’s crude form features only a single string and is very similar to instruments performed in Vaudeville theatre at the turn of the Century. The museum is free and open to the public during Speal’s Tavern regular business hours.

See photos of the entire collection Read the rest

Trailer for Tim Burton's "Abraham Lincoln: Vampire Hunter"

Here's a trailer for Tim Burton's forthcoming adaptation of the satirical horror novel Abraham Lincoln: Vampire Hunter. Hard to tell how Burton will play it -- it will be tricky to maintain the relevance of the fact that the action hero is also Honest Abe without obliterating suspension of disbelief, since each reminder of this fact is a bit jarring in the context of a fun/funny horror romp.

Here's the Onion's Sean O'Neal's thoughts:

Adapted from the monster mash-up novel from Seth Grahame-Smith, the forthcoming film from Wanted director Timur Bekmambetov and producer Tim Burton obviously gets fairly tongue-in-cheek with its alternate U.S. history—the kind the liberal-run schools are too afraid to teach you—but it's not like you’d necessarily know it from this teaser.

Abraham Lincoln: Vampire Hunter (Thanks, Fipi Lele!) Read the rest

A walk in the woods with 42 Saint Bernards

Over at Submitterator, anelson sends us this surreal video of a child playing with a huge pack of Saint Bernards in a temperate rainforest in British Columbia. I love the idea of being surrounded by these panting, gallumphing beasts.

Thanks anelson! [Video Link] Check out more wonderful submissions here Read the rest

Revisiting Slashdot's faméd V-day marriage proposal from CmdrTaco

Buzzblog sez, "Ten years ago today, at 9:25 a.m., Slashdot founder Rob 'CmdrTaco' Malda, used his insider access to the homepage of one of the tech world’s most popular forums to send a very public Valentine’s Day marriage proposal to Kathleen Fent. Fifteen minutes later she said yes -- and then called him a dork -- an exchange that would generate more than 2,000 comments and make news on other tech sites. As the 10th anniversary of the proposal approached, Network World asked the couple to share their memories of that day and thoughts about it since, as a kind of case study on how this type of public proposal – be it on Slashdot or the stadium Jumbotron – holds up over the years. Would they recommend it? … Seems there is disagreement on that score."

Kathleen, what was your reaction the moment you read your name in that headline and realized what was happening?

I knew something was afoot when I left for work and Rob said "See you soon!" I decided to check Slashdot right away when I got to work to see what was going on. When I saw my name in the proposal, I slammed my hand down on the desk and screamed, "Oh my god!" before I could even read the entire article. I started to hyperventilate.

Everyone rushed back to my cubicle to see what was the matter. I had to resist the urge to phone Rob at home, knowing that an email reply was much more fitting for the eventual story we'd tell.

Read the rest

More posts