On the always-excellent Search Engine podcast from TVOntario, host Jesse Brown interviews Alan Borovoy, general counsel of the Canadian Civil Liberties Association. Borovoy in one of Canada's most respected free speech and privacy activists, and he describes the state of Canada on the eve of the introduction of a sweeping spy-bill that will require ISPs to log and retain enormous amounts of our private communications, and then give police access to that material without a warrant. This is a stirring call-to-arms and an important historical context to understand the history of free speech and privacy in Canada.
The Electronic Frontier Foundation's SSL Observatory is a research project that gathers and analyzes the cryptographic certificates used to secure Internet connections, systematically cataloging them and exposing their database for other scientists, researchers and cryptographers to consult.
Now Arjen Lenstra of École polytechnique fédérale de Lausanne has used the SSL Observatory dataset to show that tens of thousands of SSL certificates "offer effectively no security due to weak random number generation algorithms." Lenstra's research means that much of what we think of as gold-standard, rock-solid network security is deeply flawed, but it also means that users and website operators can detect and repair these vulnerabilities.
While we have observed and warned about vulnerabilities due to insufficient randomness in the past, Lenstra's group was able to discover more subtle RNG bugs by searching not only for keys that were unexpectedly shared by multiple certificates, but for prime factors that were unexpectedly shared by multiple publicly visible public keys. This application of the 2,400-year-old Euclidean algorithm turned out to produce spectacular results.
In addition to TLS, the transport layer security mechanism underlying HTTPS, other types of public keys were investigated that did not use EFF's Observatory data set, most notably PGP. The cryptosystems that underlay the full set of public keys in the study included RSA (which is the most common class of cryptosystem behind TLS), ElGamal (which is the most common class of cryptosystem behind PGP), and several others in smaller quantities. Within each cryptosystem, various key strengths were also observed and investigated, for instance RSA 2048 bit as well as RSA 1024 bit keys. Beyond shared prime factors, there were other problems discovered with the keys, which all appear to stem from insufficient randomness in generating the keys. The most prominently affected keys were RSA 1024 bit moduli. This class of keys was deemed by the researchers to be only 99.8% secure, meaning that 2 out of every 1000 of these RSA public keys are insecure. Our first priority is handling this large set of tens of thousands of keys, though the problem is not limited to this set, or even to just HTTPS implementations.
We are very alarmed by this development. In addition to notifying website operators, Certificate Authorities, and browser vendors, we also hope that the full set of RNG bugs that are causing these problems can be quickly found and patched. Ensuring a secure and robust public key infrastructure is vital to the security and privacy of individuals and organizations everywhere.
Ford's Theater's Center for Education and Leadership sports a 6,800 volume, 34-foot-tall tower of (aluminum replica) books about Abraham Lincoln.
The majority of the titles are histories and biographies about Abraham Lincoln. Also included are books of Lincoln’s speeches, books of quotations or quips and one or two travel titles (i.e.: Indiana’s Lincolnland by Mike Capps and Jane Ammenson). Several children’s titles also are included, though not much in the way of adult historical fiction.
(Many sites report that there are 15,000 books in the pile, but that's not correct).
On my way to Dallas-Fort Worth airport today, I snapped this picture of the sticker on the inside of the back-seat passenger-side window of my taxi. It warns "The method used to authenticate credit card transactions for approval is not secure and personal information is subject to being intercepted by unauthorized personnel." There's some history there, I'm guessing. Consumer warnings are very nice, but I'm left wondering why they don't just update the firmware on the credit-card box with some decent crypto (unless this is because they use a CB radio to call in card numbers, which is pretty danged foolish).
Wired Science's Dave Mosher investigates elastomeric soft robots -- air-powered origami creepers that can go places that challenge their rigid metallic kin.
Getting the soft robots to perform a particular action is a feat of origami: Folded in just the right way and glued in the right spots, for example, the researchers showed how a crinkled clump of silicone-soaked paper lifted a 2-pound weight. The force of the air required to drive it was roughly twice that of a human exhalation.
The team has also cylinders that blow into spheres, tubes that act like springs and compact stacks that turn into rigid rings or pipes.
Avi Solomon notes the similarity between these eerie things and the robots in Ted Chiang's brilliant science fiction story Exhalation.
Absolut has commissioned Jamie Hewlitt (co-creator of Tank Girl and Gorillaz) to do a limited edition vodka bottle celebrating London's public drunkenness. It's a rather nice piece of work, too -- suitably grotesque. All it's missing is the grimy, mutilated pigeons squabbling over puddles of last night's binge-drinking lad and ladette vom.
MEP who resigned ACTA role explains how the treaty will result in invasive border searches of personal devices, privacy-invading dissemination of public's personal information
Kader Arif is the former EU rapporteur on ACTA (the secretive copyright treaty pushed by the US Trade Rep) on Europe's behalf. He made headlines when he handed in his report on ACTA and his resignation as rapporteur, which damned ACTA as an undemocratic, overly broad and ill-conceived trainwreck. In this WSJ interview, Arif goes into detail on the problems that made ACTA utterly irredeemable, and Mike Masnick despairs at how Arif's successor in the EU is seemingly unwilling to stand up for the democratic principles that ACTA tramples.
First is the article 11 of the agreement, which states that the right holder has the right to ask for information “regarding any person involved in any aspect of the infringement or alleged infringement”. This article is worded in such wide and unclear terms that it leaves a great deal of room for interpretation. In practice, almost anyone could be linked to an infringement of intellectual property rights and face criminal sanctions under such a vague definition. It is our responsibility as legislators and people’s representatives not to leave it to a judicial authority to decide of the scope of an agreement which could affect people’s civil liberties.
The second is the issue of having travelers’ personal luggage searched at borders. ACTA foresees that the use of counterfeited goods on a commercial scale can lead to criminal sanctions. But here again no definition of “commercial scale” is given. Article 14 of the agreement clearly states that, unless contrary action is taken by one of the parties, it is possible to search people’s personal luggage, including small consignments. So if a traveler has on his laptop or MP3 player a tune or movie downloaded illegally, could he face sanctions ? How many tunes or movies would one need to set up a commercial illegal activity? In theory one would be enough… The problem again here is that ACTA does not give any clear indication. Besides the fact that it is an extremely sensitive issue to authorize for the search of all travelers’ luggage, and personally I am totally opposed to it, I see here a great risk for abuse and unjustified sanctions.
Following The New York Times Sunday profile on VICE's in house drug aficionado/chemist, Hamilton Morris and his original web series Hamilton's Pharmacopeia, VICE today premieres the latest episode where Hamilton travels to Amsterdam to discover the Philosopher's Stone of psychedelics -- the [psilocybin-containing] truffle.A trip at the Magic Truffles farm
In this episode of Hamilton's Pharmacopeia, Hamilton sits down and chats with the notorious Truffle Brothers in a quaint Dutch farm that also functions as the world's largest truffle factory, then proceeds to munch down 8 grams of the magical mushrooms and explore Amsterdam on Queen's Day (the Netherland's most chaotic and rampantly wild day of the year).
Several years ago, I read Brian Aldiss's Billion Year Spree -- his "true history of science fiction" from Mary Shelley to the early 1970s. I found Aldiss's account of the genre's development entertaining and informative... but something bothered me, long after I'd finished reading it. So much so that I've since spent hundreds of dollars on forgotten, out-of-print books; I've written dozens of long, scholarly posts about the thing that bothered me so much, for io9 and my own blog, HiLobrow; and this year I've even launched a money-losing publishing imprint in a quixotic effort to set the record straight.
Aldiss's book is terrific on the topic of science fiction from Frankenstein through the "scientific romances" of Verne, Poe, and Wells -- and also terrific on science fiction's so-called Golden Age, the start of which he, like every other sf exegete, dates to John W. Campbell's 1937 assumption of the editorship of the pulp magazine Astounding. However, regarding science fiction published between the beginning of the Golden Age and the end of the Verne-Poe-Wells "scientific romance" era, Aldiss (who rightly laments that Wells's 20th century fiction after, perhaps, 1904's The Food of the Gods, fails to recapture "that darkly beautiful quality of imagination, or that instinctive-seeming unity of construction, which lives in his early novels") has very little to say. "Hm," I thought, when I noticed that. "That's an awfully long stretch of science fiction history to overlook, isn't it?"
Aldiss seems to feel that authors of science fiction after Wells and before the Golden Age weren't very talented. He doesn't think much, for example, of the literary skills of Hugo Gernsback (sometimes called the "Father of Science Fiction") who founded Amazing Stories in 1926 and coined the phrase "science fiction" while he was at it. True, Gernsback's ideas were advanced, while his story-telling abilities were primitive. But does that really justify skipping over the 1900s through the mid-1930s? (PS: By my reckoning, Campbell and his cohort first began to develop their literate, analytical, socially conscious science fiction in reaction to the 1934 advent of the campy "Flash Gordon" comic strip, not to mention Hollywood’s innumerable mid-1930s Bug-Eyed Monster-heavy "sci-fi" blockbusters that sought to ape the success of 1933's King Kong. They were also no doubt influenced by the 1932 publication of Aldous Huxley's Brave New World. In other words, the Golden Age began before 1937; if I had to choose a year, I'd say 1934.) Is Aldiss's animus against that era due solely to style and quality? I suspect not. Billion Year Spree reminds me of one of those airbrushed Soviet-era photos from which an embarrassing historical fact has been excised.
Read the rest
My friend Vann Hall received the following email from the FBI. Apparently, they caught him through their, er, track light monitoring device. Vann, I hope you can clear this up quickly!
-------- Original Message --------
Subject: ISSUES OF FRAUD CRIME AGAINST YOU
Date: Fri, 20 Jan 2012 08:25:36 +0200
From: Mr Ronald Anthony (firstname.lastname@example.org)
THIS IS THE (F.B.I)
FBI Headquarters in Washington, D.C.
Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington, D.C. 20535-0001
FEDERAL BUREAU OF INVESTIGATION (FBI)
This the Federal Bureau Of Investigation (FBI) We are writing in response to our track light monitoring device which we received today in our office about the illegal transactions that you have been involve in for a long time now.
We understand from our general investigations that some con men from Australia has been ripping a man off him hard earned money with the pretense of dealing with birds Company that will deliver a pet to him and the proposed amount which was to be transferred to you is the sum of $5,000,000 Usd as stated in our record here.
We also got a complain from our Australia man counterpart stating that your identity/information's was used to dupe a Australia business man to the tune of $4 Billion Usd by some Australia Fraudsters which you have been in contact with for some time now.
The German Government has ordered for your urgent arrest regarding the crimes that was committed with your name,after all the series of investigations conducted here in our office we tracked your record and we found out that you have never been jailed or had any fraudulent case that may jeopardize your image and personality.
All this information's are on record and we are going to use it against you in the world court when this case will be brought before it and we called the Australia High Commission for an urgent compensation for the bad deed that has been committed with your name.
The Australia Government has made available the sum of $950,000.00 Usd for your compensation and then we would like to inform you to stop any further communications with the con men so that you will not be brought before the law..
We also discovered that you have made some payments to them earlier for this same funds that was to be sent to you.
Don't forget that all your properties will be confiscated as soon as you are jailed because it will be believed that you got them from fraudulent and dubious business transactions like the one that you are in right now.
We have forwarded a copy of this information's to all the states crime agencies including,
National Crime Information Center (NCIC)
CrimTrac Agency, Canberra,
Crime and Corruption Commission
Crime and Misconduct Commission
Home Land Security Service.
Economic And Financial Crimes Commission (EFCC)
Nigerian Local Metropolitan Police (NLMP)
So all you need to do right now in other to clear your name from the scam list which has already been forwarded to our office is to secure the CLEAN BILL CERTIFICATE immediately.
This Certificate will then clear your name from the scam list and also after the Certificate has been issued to you, you will then forward it to the payment officer for the urgent transfer of your compensation funds of $950,000.00 Usd.
You are required to forward to us your private contact number for oral communications and don't forget that you will be given only 72hours to secure the CLEAN BILL CERTIFICATE or you will face the law and its consequences.
Your e-mail address is now under our e-mail track monitor, so you should make sure that you don't respond to any e-mail that is being sent to you from anybody or organization that claims to be working for the Government.
Forward the details of the payment you made to them earlier, and also all the information's/documents that was forwarded to you by those criminals that you have been in contact with for a long time now.
Also below is my attached Identity Card for your perusal.
Get back to us as soon as you receive this e-mail so that we can guild you on how to secure the Certificate within 72hours.
THANKS FOR YOUR CO-OPERATION.
Thanks as I wait for your response
Mr Ronald Anthony
VeriSign Inc., the company responsible for assuring that more than half the world’s websites are authentic, was hacked multiple times in 2010, and the thieves succeeded in stealing information, reports Christopher Maag in Credit.com
When users click on a website, or on a hyperlink that would carry them to a website, their browser automatically checks the site’s security certificate to make sure that it’s authentic. If there’s a problem with the certificate, the browser may present a warning screen advising the user of possible security threats, or it may block access altogether.VeriSign, pillar of Internet security, hacked
If hackers gain access to those certificates however, they can make their own copy that looks exactly like the real thing. That would enable them to run a virtually fool-proof phishing scheme, diverting users to a fake website in order to steal account passwords, Social Security numbers and other valuable private data.
The Speal’s Tavern Cigar Box Guitar Museum near Pittsburgh, PA has been expanded and improved for 2012. The museum now sports over 40 handmade instruments, cigar box amplifiers, antique photos and artwork along with historical facts and discoveries. The 2012 exhibit will be unveiled this Saturday, February 18 at 6pm followed by a special Mardi Gras blues concerty by museum creator and cigar box guitarist, Shane Speal.
The centerpiece of the museum is a 92 year old cigar box guitar from 1910. It’s crude form features only a single string and is very similar to instruments performed in Vaudeville theatre at the turn of the Century. The museum is free and open to the public during Speal’s Tavern regular business hours.
Here's a trailer for Tim Burton's forthcoming adaptation of the satirical horror novel Abraham Lincoln: Vampire Hunter. Hard to tell how Burton will play it -- it will be tricky to maintain the relevance of the fact that the action hero is also Honest Abe without obliterating suspension of disbelief, since each reminder of this fact is a bit jarring in the context of a fun/funny horror romp.
Here's the Onion's Sean O'Neal's thoughts:
Adapted from the monster mash-up novel from Seth Grahame-Smith, the forthcoming film from Wanted director Timur Bekmambetov and producer Tim Burton obviously gets fairly tongue-in-cheek with its alternate U.S. history—the kind the liberal-run schools are too afraid to teach you—but it's not like you’d necessarily know it from this teaser.
Abraham Lincoln: Vampire Hunter (Thanks, Fipi Lele!)
Over at Submitterator, anelson sends us this surreal video of a child playing with a huge pack of Saint Bernards in a temperate rainforest in British Columbia. I love the idea of being surrounded by these panting, gallumphing beasts.
Buzzblog sez, "Ten years ago today, at 9:25 a.m., Slashdot founder Rob 'CmdrTaco' Malda, used his insider access to the homepage of one of the tech world’s most popular forums to send a very public Valentine’s Day marriage proposal to Kathleen Fent. Fifteen minutes later she said yes -- and then called him a dork -- an exchange that would generate more than 2,000 comments and make news on other tech sites. As the 10th anniversary of the proposal approached, Network World asked the couple to share their memories of that day and thoughts about it since, as a kind of case study on how this type of public proposal – be it on Slashdot or the stadium Jumbotron – holds up over the years. Would they recommend it? … Seems there is disagreement on that score."
Kathleen, what was your reaction the moment you read your name in that headline and realized what was happening?
I knew something was afoot when I left for work and Rob said "See you soon!" I decided to check Slashdot right away when I got to work to see what was going on. When I saw my name in the proposal, I slammed my hand down on the desk and screamed, "Oh my god!" before I could even read the entire article. I started to hyperventilate.
Everyone rushed back to my cubicle to see what was the matter. I had to resist the urge to phone Rob at home, knowing that an email reply was much more fitting for the eventual story we'd tell. This was long before texting was commonplace, or I would have texted him the answer.
Rob, what did you think of the outpouring of well wishes -- and snark -- from the Slashdot community?
There was some pretty witty stuff in there. Kathleen pointed out a few random comments that she thought were funny. She read every single comment, but I was thankful for the moderation system that day because it was a (popular) story and it had its fair share of mean in it that I was able to skip. But mostly it was very positive: The vast majority of the Slashdot community strongly supported me throughout my time there, and this story might be the single loudest example of that.
[Video Link] "Dear God, we should not be putting civil rights issues to a popular vote to be subject to the sentiments, the passions of the day. No minority should have their rights subject to the passions and sentiments of the majority. This is a fundamental bedrock of what our nation stands for." -- Newark, N.J. Mayor Cory Booker
Marilyn Terrell of National Geographic Traveler magazine says, "I thought you might like this sweet story about Alexander Graham Bell, who was a 27-yr-old Scottish speech therapist and part-time inventor when he fell madly in love with 17-yr-old Mabel Gardiner Hubbard, who was deaf, and whose father was the first president of the National Geographic Society."
Mabel Gardiner Hubbard was only five years old when scarlet fever rendered her deaf for life. At the age of 17, she would meet a young Scottish speech therapist who was destined to shape her life. Gardiner Greene Hubbard, Mabel’s father and National Geographic’s first president, took a liking to the industrious teacher and part-time inventor. We know him better as Alexander Graham Bell. This is their love story.
The 27-year-old Alexander fell in love with Mabel when she was 17, but it was an unreciprocated fancy. “He was tall and dark with jet-black hair and eyes, but dressed badly and carelessly,” she said. “I could never marry such a man!” Despite her initial disinterest, she began to grow fond of him during his time as her speech teacher and their relationship evolved. After one of her first classes with him, a giddy Mabel wrote to her mother: “Mr. Bell said today my voice is naturally sweet.” In a letter to Mabel on the night of their engagement, Alexander wrote, “I am afraid to fall asleep, lest I should find it all a dream — so I shall lie awake and think of you.”
Photo: Mabel Hubbard Bell and Alexander Graham Bell. (National Geographic Society)
(In 2010, Boing Boing was pleased to feature as a guestblogger Arthur Goldwag, author of Cults, Conspiracies, and Secret Societies: The Straight Scoop on Freemasons, The Illuminati, Skull and Bones, Black Helicopters, The New World Order, and many, many more. The following is an excerpt from Arthur's latest book, The New Hate: A History of Fear and Loathing on the Populist Right. - dp)
Conspiracy theories often resemble a kind of misbegotten, debased form of theology — one that begins with a set of suppositions and then reverse engineers a fantastical version of reality that comports with them. History does not dispute, for example, the fact that Vladimir Ilyich Lenin’s mother’s father was Jewish. But in the auto magnate and arch-conspiracist Henry Ford’s telling, this genealogical detail held the key not only to Lenin’s entire character and political philosophy but to the vicissitudes of the former Russian Empire circa 1920 and to the historical development of Bolshevism worldwide. Lenin’s wife is Jewish, and his children all speak Yiddish, Ford insisted, a little hysterically. Russia’s yeshivas are the recipients of lavish subsidies from the Bolshevik state:
The Bolsheviks immediately took over all the Hebrew schools and continued them as they were and laid down a rule that the ancient Hebrew language should be taught in them. The ancient Hebrew language is the vehicle of the deeper secrets of the World Program.
And for the Gentile Russian children? “Why,” said these gentle Jewish educators, “we will teach them sex knowledge. We will brush out of their minds the cobwebs. They must learn the truth about things!” with consequences that are too pitiable to narrate.
Viewed through Ford’s monistic frame, Lenin’s grandfather’s one-eighth contribution of Jewish “genes” was sufficient to neutralize the very Russianness of the Russian Revolution, to reduce it to just another local skirmish in Judaism’s global war against the Gentiles.
Richard Nixon was forced to resign his presidency because of a small-c conspiracy to cover up the illegal activities carried out by his reelection campaign. But to conspiracists on his right, his whole presidency had been the enactment of a long-standing conspiracy to destroy America’s sovereignty; his breakthrough trip to China was just the latest in a long line of betrayals. “If Mr. Nixon has been only kidding about his devotion to forging the links in the chain of the World Superstate that is to be welded around America’s wrists, then he is a consummate hypocrite,” the John Birch Society’s Gary Allen wrote in 1971, a year before Nixon’s epochal meeting with Mao. “But his commitment to world government goes back nearly a quarter of a century and indeed he would not now be in the White House if he were not committed to this ultimate goal of the Insiders.”
Conspiracism, like racial bigotry, is almost always a murky undercurrent in the mainstream of politics, its propositions only glancingly acknowledged by the establishment and summarily dismissed. But as cartoonish as its heroes and villains might be, as disordered and disreputable and deranged as its proponents and its premises so often are, they are rarely without pertinence to an understanding of the social and political environment that spawned them.
A fellow named Joe, from Saskatchewan, Canada, has been digging out his basement since 2005 with a fleet of remote-control scale models of tractors and trucks. He even has a conveyor belt to move the dirt. What fun!
"Canadian Digs Out Basement Using Only Radio Controlled Scale Tractors and Trucks…Since 2005!"
"I feel quite fortunate to have stumbled onto this basement excavation idea, it's been a great past time to date dreaming up new ideas to tackle different projects along the way," Joe wrote on the Scale4x4rc forums where he also posted pictures and videos of his feat.
"It's been a great hobby thus far, dreaming up - building all sorts of different miniature equipment from kits or from scratch for this "mining" project. If it wasn't for this mining project I probably would have lost of interest in this hobby by now b/c once the models are built - the novelty of how they work & perform would wear off with no task to be accomplished them," he notes in another post.
Further to Mark's bizarre old Valentines post from yesterday: Flickr user Page of Bats has assembled a marvellous and often inexplicable collection of tasteless, gross and weird vintage V-day cards. I can't figure out of some of these were from the likes of MAD magazine, or if they were all created in earnest by clueless card companies.
"From Public Radio International's Bullseye with Jesse Thorn: Mark Frauenfelder of Boing Boing and the Gweek podcast joins us to share his recommendations this week: the drawing game Depict and the Blackwing 602 pencil."
Listen to the whole Bullseye episode here: (with Daniel Handler, the Sklar Brothers and Nico Muhly).
As a veteran character animator, I was beginning to doubt whether I'd ever again have the opportunity to create a short narrative piece -- then I got the call. When Google calls and says, "We'd like you to drop everything and make a short narrative piece that will be seen by hundreds of millions of people," you heed that call!
Since the dot com crash I, like many of my Flash animation contemporaries, have been content to reboot my career to a trade less concerned with storytelling and more concerned with making online game characters perform repeatable incremental actions. It's a fine living, but the urge to tell a story, even a simple one, is what drives most animators to continue to create. I have always been humbled by watching my fellow animators working insane hours on their own time to try and squeeze a few more "story beats" into the opening cutscenes of the game they're working on. I've done it myself many times. It's the creamy center of any game production job: designing/storyboarding/(and if you're lucky) animating the intro sequence: a mini-movie for all of 20 seconds. Unlike the dot com glory days when animators had full time work telling stories for well-paying online patrons, these days working to create short pieces comes at a steep price: you must fund your animation independently out of your own pocket. Then it's up to you to market, advertise, and, against-all-odds, try to squeeze some money out of the whole endeavor. It dissuades a lot of potential storytellers.
Read the rest