This ad hearkens back to the days before America came to mistrust its military-industrial complex, the dreamtime when the scream of jets was a sound to comfort your children.
Dr Ben "Bad Science" Goldacre sez, "I did a really sophisticated and complex data visualisation. I think you might enjoy it. There's definitely a pattern in there, I just need to decide what statistical tests will best extract the signal from the noise."
Dan Kaminsky sez,
Read the rest
There's been a lot of talk about some portion of the RSA keys on the Internet being insecure, with "2 out of every 1000 keys being bad". This is incorrect, as the problem is not equally likely to exist in every class of key on the Internet. In fact, the problem seems to only show up on keys that were already insecure to begin with -- those that pop errors in browsers for either being unsigned or expired. Such keys are simply not found on any production website on the web, but they are found in high numbers in devices such as firewalls, network gateways, and voice over IP phones.
It's tempting to discount the research entirely. That would be a mistake. Certainly, what we generally refer to as "the web" is unambiguously safe, and no, there's nothing particularly special about RSA that makes it uniquely vulnerable to a faulty random number generator. But it is extraordinarily clear now that a massive number of devices, even those purportedly deployed to make our networks safer, are operating completely without key management. It doesn't matter how good your key is if nobody can recognize it as yours. DNSSEC will do a lot to fix that. It is also clear that random number generation on devices is extremely suspect, and that this generic attack that works across all devices is likely to be followed up by fairly devastating attacks against individual makes and models. This is good and important research, and it should compel us to push for new and interesting mechanisms for better randomness.
You'd think that the proponents of SOPA would give up that legislative dead parrot's ghost. But they're still doing the rounds on radio and in print, claiming that millions of Americans were 'duped' into opposing their harmless little internet censorship law.
The fresh (!) talking points go like this: Wikipedia, Reddit, Boing Boing and others 'lied' to the public about what SOPA was in the crucial final moments, 'abused our power' by going dark for a day, and thereby tricked legislators and the public into turning on a much-needed new law.
What rot. Read the rest
Tim O'Reilly tweeted: "Quantified self for caffeine addicts -- IOS app to optimize intake. (Didn't know half-life in body was 5 hours!)"
Two doctors at Penn State University have developed Caffeine Zone, a free iOS app that tells you the perfect time to take a coffee break to maintain an optimal amount of caffeine in your blood — and, perhaps more importantly, it also tells you when to stop drinking tea and coffee, so that caffeine doesn’t interrupt your sleep.How to optimize your caffeine intake Read the rest
More fun from the self-loathing society: This American Life had a show about how young female undercover cops infiltrated a high school and flirted with boys to entrap them into selling pot, so they could charge them with felonies and destroy their lives at an early age.
Last year in three high schools in Florida, several undercover police officers posed as students. The undercover cops went to classes, became Facebook friends and flirted with the other students. One 18-year-old honor student named Justin fell in love with an attractive 25-year-old undercover cop after spending weeks sharing stories about their lives, texting and flirting with each other. One day she asked Justin if he smoked pot. Even though he didn't smoke marijuana, the love-struck teen promised to help find some for her. Every couple of days she would text him asking if he had the marijuana. Finally, Justin was able to get it to her. She tried to give him $25 for the marijuana and he said he didn't want the money -- he got it for her as a present. A short while later, the police did a big sweep and arrest 31 students -- including Justin. Almost all were charged with selling a small amount of marijuana to the undercover cops. Now Justin has a felony hanging over his head.Sick: Young, Undercover Cops Flirted With Students to Trick Them Into Selling Pot (Via Aurich Lawson) Read the rest
For people who still think it's important to shower with soap, this is neat: a piggybacking soap bar system. When the bar of soap becomes a sliver, you just stick it into the hollow part of a new bar of Stack soap.I haven't used soap or shampoo in a year, and it's awesome: personal experiment update18 months without soap or shampoo: success!Another look at soap and scienceUsing a rock instead of soapBody washing with water aloneClean, Soap-Free Living: Here Comes the ScienceBurning With Pride: How I Gave Up Spatulas and Learned to Embrace Pain Read the rest
Criticism of C-30, Canada's proposed domestic spying law, has focused on the fact that the police could access certain kinds of ISP subscriber information without a warrant. But as Terry Milewski writes on the CBC, the bill also gives the government the power to appoint special inspectors who can monitor and copy all information that passes through an ISP, also without a warrant.
Read the rest
The inspector, says the bill, may "examine any document, information or thing found in the place and open or cause to be opened any container or other thing." He or she may also "use, or cause to be used, any computer system in the place to search and examine any information contained in or available to the system."
You read that right. The inspector gets to see "any" information that's in or "available to the system." Yours, mine, and everyone else's emails, phone calls, web surfing, shopping, you name it. But, if that sounds breath-taking enough, don't quit now because the section is still not done.
The inspector — remember, this is anyone the minister chooses — is also empowered to copy anything that strikes his or her fancy. The inspector may "reproduce, or cause to be reproduced, any information in the form of a printout, or other intelligible output, and remove the printout, or other output, for examination or copying."
Oh, and he can even use the ISP's own computers and connections to copy it or to email it to himself. He can "use, or cause to be used, any copying equipment or means of telecommunication at the place."
In short, there's nothing the inspector cannot see or copy.
Last night, Rob posted a very good piece on Apple's new "Gatekeeper" technology, which defaults to warning users of Apple's new Mountain Lion OS that software from companies that haven't been officially recognized by Apple should not be installed (though users can still choose to override it, or turn it off).
But I have one rather large quibble with Rob's piece. He wrote:
The truth is that Macs don't currently suffer much from malicious software, and DRM-esque lockouts are always circumvented. So what's the point of a DRM-esque system for malware prevention?
I agree that DRM is always circumvented, and it is especially circumvented by copyright infringers and malware creators. But I think that Rob has misunderstood the primary value of DRM to technology companies: because many countries' laws prohibit breaking DRM even if you're not doing anything illegal, DRM gives companies the right to sue competitors who make compatible products and services.
The law has always recognized that interoperability is good for competition, markets, and the public. From generic windshield-wiper blades and hubcaps to third-party hard-drives and keyboards and inkjet toner, and software like Pages and Keynote, the law recognizes that there is a legitimate reason to reverse-engineer a competitor's products and make new products that replace, expand and augment them. Read the rest
The @Vikileaks30 account on Twitter has been publishing embarrassing personal information about Canada's Public Safety Minister Vic Toews, who is pushing for a domestic spying law that would require ISPs to gather and retain your personal information and turn it over to police without a warrant. The Vikileaks account kicked off with excerpts from the affidavits from Toews's very ugly divorce, including his ex-wife's allegations about his abuse of his official government expense accounts. The account created a nationwide stir over the domestic spying proposal, and has caused a rare (and possibly strategic*) climbdown from the majority Conservative government.
Now The Ottawa Citizen newspaper has tricked the person behind the anonymous account into visiting a website that it controls, and have traced back the IP address used in the trap to the House of Commons, suggesting that Toews's nemesis works for the federal government. The Citizen claims that the IP address has also been used to "frequently" edit Wikipedia "[give] them what appears to be a pro-NDP bias" (the New Democratic Party is the left-leaning opposition party in Parliament).
Read the rest
While it's impossible to say who is actually the using the address without a full-scale investigation undertaken by the House of Commons, a trace of the IP address shows it is also used by an employee of the House to post comments on a website for fans of the musician Paul Simon.
When reached by phone, the employee said that while he frequents the Paul Simon website he has nothing to do with the Vikileaks30 Twitter account.
Google has been caught circumventing iOS's built-in anti-ad-tracking features in order to add Google Plus functionality within iPhone's Safari browser. The WSJ reports that Google overrode users' privacy settings in order to allow messages like "your friend Suzy +1'ed this ad about candy" to be relayed between Google's different domains, including google.com and doubleclick.net. This also meant that doubleclick.net was tracking every page you landed on with a Doubleclick ad, even if you'd opted out of its tracking.
I believe that Google has created an enormous internal urgency about Google Plus integration, and that this pressure is leading the company to take steps to integrate G+ at the expense of the quality of its other services. Consider the Focus on the User critique of Google's "social ranking" in search results, for example. In my own life, I've been immensely frustrated that my unpublished Gmail account (which I only use to anchor my Android Marketplace purchases for my phone and tablets, and to receive a daily schedule email while I'm travelling) has somehow become visible to G+ users, so that I get many, many G+ updates and invites to this theoretically private address, every day, despite never having opted into a directory and never having joined G+.
In the iPhone case, it's likely that Google has gone beyond lowering the quality of its service for its users and customers, and has now started to violate the law, and certainly to undermine the trust that the company depends on. This is much more invasive than the time Google accidentally captured some WiFi traffic and didn't do anything with it, much more invasive than Google taking pictures of publicly visible buildings -- both practices that drew enormous and enduring criticism at the expense of the company's global credibility. Read the rest