Boing Boing 

Freedom sounds like fighter-jets


This ad hearkens back to the days before America came to mistrust its military-industrial complex, the dreamtime when the scream of jets was a sound to comfort your children.

Freedom Has a New Sound

Data viz: whom did the UK government invite to emergency talks about the health reform bills?


Dr Ben "Bad Science" Goldacre sez, "I did a really sophisticated and complex data visualisation. I think you might enjoy it. There's definitely a pattern in there, I just need to decide what statistical tests will best extract the signal from the noise."

Who is, and is not, invited to Cameron's emergency NHSbill summit? A data visualisation.

$5,075 loan from Western Sky Financial will cost you $40,872.72

Screen Shot 2012-02-17 At 2.50.20 Pm
Western Sky Loans boasts that it's "not a Payday Loan!" Whatever it is, a 116.73% APR on a $5,075 loan seems a bit steep. After 84 monthly payments you'll have spent $40,872.72 paying it back.

$5,075 loan from Western Sky Financial will cost you $40,872.72 (Via imgur)

Dan Kaminsky on the RSA key-vulnerability

Dan Kaminsky sez,

There's been a lot of talk about some portion of the RSA keys on the Internet being insecure, with "2 out of every 1000 keys being bad". This is incorrect, as the problem is not equally likely to exist in every class of key on the Internet. In fact, the problem seems to only show up on keys that were already insecure to begin with -- those that pop errors in browsers for either being unsigned or expired. Such keys are simply not found on any production website on the web, but they are found in high numbers in devices such as firewalls, network gateways, and voice over IP phones.

It's tempting to discount the research entirely. That would be a mistake. Certainly, what we generally refer to as "the web" is unambiguously safe, and no, there's nothing particularly special about RSA that makes it uniquely vulnerable to a faulty random number generator. But it is extraordinarily clear now that a massive number of devices, even those purportedly deployed to make our networks safer, are operating completely without key management. It doesn't matter how good your key is if nobody can recognize it as yours. DNSSEC will do a lot to fix that. It is also clear that random number generation on devices is extremely suspect, and that this generic attack that works across all devices is likely to be followed up by fairly devastating attacks against individual makes and models. This is good and important research, and it should compel us to push for new and interesting mechanisms for better randomness. Hardware random number generators are the gold standard, but perhaps we can exploit the very small differences between clocks in devices and PCs to approximate what they offer.

Primal Fear: Demuddling The Broken Moduli Bug (Thanks, Dan!)

Pin-up art on old fruit-crate labels


In the Vintage Ads LiveJournal group, a contributor called Noluck-Boston is currently digging up a fantastic set of cheesecake/pin-up fruit crate labels of yesteryear. Here's Foot-High Melons, and On Rush Vegetables.

Education is a snap at the Central Institute of Technology in Australia


A charming advertisement for a college down under, by Henry and Aaron. Stay to the end. Send the kids out the room. [via Gizmodo]

Ordeal on the Isle of the Everlasting Dead

201202171243
"The four posts of the death-machine tipped off Lang's fate: They were going to tear him apart -- nice and slow!"

(Via Subtropic Bob)

Oh my God, entertainment industry people are still pitching for SOPA

You'd think that the proponents of SOPA[1] would give up that legislative dead parrot's ghost. But they're still doing the rounds on radio and in print, claiming that millions of Americans were 'duped' into opposing their harmless little internet censorship law.

The fresh (!) talking points go like this: Wikipedia, Reddit, Boing Boing and others 'lied' to the public about what SOPA was in the crucial final moments, 'abused our power' by going dark for a day, and thereby tricked legislators and the public into turning on a much-needed new law.

What rot.

Read the rest

How to optimize your caffeine intake: there's an app for that

Tim O'Reilly tweeted: "Quantified self for caffeine addicts -- IOS app to optimize intake. (Didn't know half-life in body was 5 hours!)"

201202171117 Two doctors at Penn State University have developed Caffeine Zone, a free iOS app that tells you the perfect time to take a coffee break to maintain an optimal amount of caffeine in your blood — and, perhaps more importantly, it also tells you when to stop drinking tea and coffee, so that caffeine doesn’t interrupt your sleep.

How to optimize your caffeine intake

MC Chris cartoon show

Nerdcore rapper MC Chris is getting his own cartoon show, which apparently involves zombies, the music industry and profanity. Just as it should.

the mc chris cartoon teaser trailer (via Neatorama)

Cop spends weeks to trick an 18-year-old into possession and sale of a gram of pot

More fun from the self-loathing society: This American Life had a show about how young female undercover cops infiltrated a high school and flirted with boys to entrap them into selling pot, so they could charge them with felonies and destroy their lives at an early age.

Last year in three high schools in Florida, several undercover police officers posed as students. The undercover cops went to classes, became Facebook friends and flirted with the other students. One 18-year-old honor student named Justin fell in love with an attractive 25-year-old undercover cop after spending weeks sharing stories about their lives, texting and flirting with each other.

One day she asked Justin if he smoked pot. Even though he didn't smoke marijuana, the love-struck teen promised to help find some for her. Every couple of days she would text him asking if he had the marijuana. Finally, Justin was able to get it to her. She tried to give him $25 for the marijuana and he said he didn't want the money -- he got it for her as a present.

A short while later, the police did a big sweep and arrest 31 students -- including Justin. Almost all were charged with selling a small amount of marijuana to the undercover cops. Now Justin has a felony hanging over his head.
Sick: Young, Undercover Cops Flirted With Students to Trick Them Into Selling Pot (Via Aurich Lawson)

The infinite cycle of Soap


201202171006
For people who still think it's important to shower with soap, this is neat: a piggybacking soap bar system. When the bar of soap becomes a sliver, you just stick it into the hollow part of a new bar of Stack soap.

Soap bars that join together - STACK

Canada's spying bill also allows appointed "inspectors" unlimited access to ISP data

Criticism of C-30, Canada's proposed domestic spying law, has focused on the fact that the police could access certain kinds of ISP subscriber information without a warrant. But as Terry Milewski writes on the CBC, the bill also gives the government the power to appoint special inspectors who can monitor and copy all information that passes through an ISP, also without a warrant.

The inspector, says the bill, may "examine any document, information or thing found in the place and open or cause to be opened any container or other thing." He or she may also "use, or cause to be used, any computer system in the place to search and examine any information contained in or available to the system."

You read that right. The inspector gets to see "any" information that's in or "available to the system." Yours, mine, and everyone else's emails, phone calls, web surfing, shopping, you name it. But, if that sounds breath-taking enough, don't quit now because the section is still not done.

The inspector — remember, this is anyone the minister chooses — is also empowered to copy anything that strikes his or her fancy. The inspector may "reproduce, or cause to be reproduced, any information in the form of a printout, or other intelligible output, and remove the printout, or other output, for examination or copying."

Oh, and he can even use the ISP's own computers and connections to copy it or to email it to himself. He can "use, or cause to be used, any copying equipment or means of telecommunication at the place."

In short, there's nothing the inspector cannot see or copy. "Any" information is up for grabs. And you thought the new airport body scanners were intrusive?

Online surveillance bill opens door for Big Brother (Thanks, Craig!)

DRM gives companies security -- from competition


Last night, Rob posted a very good piece on Apple's new "Gatekeeper" technology, which defaults to warning users of Apple's new Mountain Lion OS that software from companies that haven't been officially recognized by Apple should not be installed (though users can still choose to override it, or turn it off).

But I have one rather large quibble with Rob's piece. He wrote:

The truth is that Macs don't currently suffer much from malicious software, and DRM-esque lockouts are always circumvented. So what's the point of a DRM-esque system for malware prevention?

I agree that DRM is always circumvented, and it is especially circumvented by copyright infringers and malware creators. But I think that Rob has misunderstood the primary value of DRM to technology companies: because many countries' laws prohibit breaking DRM even if you're not doing anything illegal, DRM gives companies the right to sue competitors who make compatible products and services.

The law has always recognized that interoperability is good for competition, markets, and the public. From generic windshield-wiper blades and hubcaps to third-party hard-drives and keyboards and inkjet toner, and software like Pages and Keynote, the law recognizes that there is a legitimate reason to reverse-engineer a competitor's products and make new products that replace, expand and augment them.

Read the rest

Fallout shelter ads


On the always-excellent How to Be a Retronaut site, a great collection of 1960s fallout shelter ads, a perfect capsule of upbeat, cheerful fear-selling.

Fallout Shelter Ads, 1960s

Newspaper claims Vikileaks Twitter account traced back to House of Commons

The @Vikileaks30 account on Twitter has been publishing embarrassing personal information about Canada's Public Safety Minister Vic Toews, who is pushing for a domestic spying law that would require ISPs to gather and retain your personal information and turn it over to police without a warrant. The Vikileaks account kicked off with excerpts from the affidavits from Toews's very ugly divorce, including his ex-wife's allegations about his abuse of his official government expense accounts. The account created a nationwide stir over the domestic spying proposal, and has caused a rare (and possibly strategic*) climbdown from the majority Conservative government.

Now The Ottawa Citizen newspaper has tricked the person behind the anonymous account into visiting a website that it controls, and have traced back the IP address used in the trap to the House of Commons, suggesting that Toews's nemesis works for the federal government. The Citizen claims that the IP address has also been used to "frequently" edit Wikipedia "[give] them what appears to be a pro-NDP bias" (the New Democratic Party is the left-leaning opposition party in Parliament).

While it's impossible to say who is actually the using the address without a full-scale investigation undertaken by the House of Commons, a trace of the IP address shows it is also used by an employee of the House to post comments on a website for fans of the musician Paul Simon.

When reached by phone, the employee said that while he frequents the Paul Simon website he has nothing to do with the Vikileaks30 Twitter account.

A spokeswoman for the Speaker of the House of Commons said she is not aware of any investigation into whether any House IP addresses are behind the Vikileaks30 account. In order for an official government investigation to begin a complaint would have to be filed by a Member of Parliament.

Vikileaks30 linked to House of Commons IP address

* "Possibly strategic" because it looks like they're rushing this to committee, which is likely to go closed-door, exclude skeptical expert testimony, and speedily conclude that the bill is just fine as-is while maintaining a low public profile (Thanks, Colin!)

WSJ: Google caught circumventing iPhone security, tracking users who opted out of third-party cookies

Google has been caught circumventing iOS's built-in anti-ad-tracking features in order to add Google Plus functionality within iPhone's Safari browser. The WSJ reports that Google overrode users' privacy settings in order to allow messages like "your friend Suzy +1'ed this ad about candy" to be relayed between Google's different domains, including google.com and doubleclick.net. This also meant that doubleclick.net was tracking every page you landed on with a Doubleclick ad, even if you'd opted out of its tracking.

I believe that Google has created an enormous internal urgency about Google Plus integration, and that this pressure is leading the company to take steps to integrate G+ at the expense of the quality of its other services. Consider the Focus on the User critique of Google's "social ranking" in search results, for example. In my own life, I've been immensely frustrated that my unpublished Gmail account (which I only use to anchor my Android Marketplace purchases for my phone and tablets, and to receive a daily schedule email while I'm travelling) has somehow become visible to G+ users, so that I get many, many G+ updates and invites to this theoretically private address, every day, despite never having opted into a directory and never having joined G+.

In the iPhone case, it's likely that Google has gone beyond lowering the quality of its service for its users and customers, and has now started to violate the law, and certainly to undermine the trust that the company depends on. This is much more invasive than the time Google accidentally captured some WiFi traffic and didn't do anything with it, much more invasive than Google taking pictures of publicly visible buildings -- both practices that drew enormous and enduring criticism at the expense of the company's global credibility. I wonder if this will cause the company to slow its full-court press to make G+ part of every corner of Google.

EFF has an open letter to Google, asking them to make amends for this:

It’s time for a new chapter in Google’s policy regarding privacy. It’s time to commit to giving users a voice about tracking and then respecting those wishes.

For a long time, we’ve hoped to see Google respect Do Not Track requests when it acts as a third party on the Web, and implement Do Not Track in the Chrome browser. This privacy setting, available in every other major browser, lets users express their choice about whether they want to be tracked by mysterious third parties with whom they have no relationship. And even if a user deleted her cookies, the setting would still be there.

Right now, EFF, Google, and many other groups are involved in a multi-stakeholder process to define the scope and execution of Do Not Track through the Tracking Protection Working Group. Through this participatory forum, civil liberties organizations, advertisers, and leading technologists are working together to define how Do Not Track will give users a meaningful way to control online tracking without unduly burdening companies. This is the perfect forum for Google to engage on the technical specifications of the Do Not Track signal, and an opportunity to bring all parties together to fight for user rights. While the Do Not Track specification is not yet final, there's no reason to wait. Google has repeatedly led the way on web security by implementing features long before they were standardized. Google should do the same with web privacy. Get started today by linking Do Not Track to your existing opt-out mechanisms for advertising, +1, and analytics.

Google, make this a new era in your commitment to defending user privacy. Commit to offering and respecting Do Not Track.

Google Circumvents Safari Privacy Protections - This is Why We Need Do Not Track

Bruce Schneier's Liars and Outliers: how do you trust in a networked world?

John Scalzi's Big Idea introduces Bruce Schneier's excellent new book Liars and Outliers, and interviews Schneier on the work that went into it. I read an early draft of the book and supplied a quote: "Brilliantly dissects, classifies, and orders the social dimension of security-a spectacularly palatable tonic against today's incoherent and dangerous flailing in the face of threats from terrorism to financial fraud." Now that the book is out, I heartily recommend it to you.

It’s all about trust, really. Not the intimate trust we have in our close friends and relatives, but the more impersonal trust we have in the various people and systems we interact with in society. I trust airline pilots, hotel clerks, ATMs, restaurant kitchens, and the company that built the computer I’m writing this short essay on. I trust that they have acted and will act in the ways I expect them to. This type of trust is more a matter of consistency or predictability than of intimacy.

Of course, all of these systems contain parasites. Most people are naturally trustworthy, but some are not. There are hotel clerks who will steal your credit card information. There are ATMs that have been hacked by criminals. Some restaurant kitchens serve tainted food. There was even an airline pilot who deliberately crashed his Boeing 767 into the Atlantic Ocean in 1999.

My central metaphor is the Prisoner’s Dilemma, which nicely exposes the tension between group interest and self-interest. And the dilemma even gives us a terminology to use: cooperators act in the group interest, and defectors act in their own selfish interest, to the detriment of the group. Too many defectors, and everyone suffers — often catastrophically.

Liars and Outliers: Enabling the Trust that Society Needs to Thrive

Minecraft creators building a fan-specified game live and on camera this weekend with Humble Bundle, with proceeds to charities

The Humble Indie Bundle people are gearing up for their next event, the Humble Bundle Mojam, and this one's pure charity. Humble fans voted on which game they wanted to see the folks at Mojang (creators of Minecraft) make, and over the weekend, Mojang is going to build it, live and on camera, in 60 hours. At any time, you can buy Mojang's new game at any price you name, and all the proceeds will go to up to four charities of your choosing. As of 4AM on the Friday it kicks off, the project has raised about $17,000 for charity, and it's just getting started.

Mojang has one weekend to make your game — live! The indie studio Mojang will be livestreaming all the glory and drama of making a brand new game in 60 hours. Based on a poll of more than 100,000 users, Mojang is tackling a real-time strategy shoot 'em up with a steampunk ancient Egypt theme!

Pay-what-you-want for the game any time during the jam. Use the form below to pre-purchase the game and support vital charities.

All proceeds go to charity! You can support up to four vital non-profit organizations: The Child's Play Charity, the Electronic Frontier Foundation, the American Red Cross, and — for the first time in a Humble Bundle — charity: water, a non-profit organization bringing clean, safe drinking water to people in developing nations.

Humble Bundle Mojam This Weekend!

(Disclosure: I am a volunteer curator for an upcoming Humble Bundle ebook project)