A breathless report from IDG News yesterday spread like a forest fire: Wi-Fi kills trees! Kills 'em dead! Oh n03s!!

Radiation from Wi-Fi networks is harmful to trees, causing significant variations in growth, as well as bleeding and fissures in the bark, according to a recent study in the Netherlands. All deciduous trees in the Western world are affected, according to the study by Wageningen University.

Hurray for credulity! Thousands of media sites and blogs picked up the story, adding new details, and rarely questioning the bizarre claim, despite the statement later in the same news item that only 20 trees were tested in one city, that researchers were not named, and it wasn't noted whether or not the study was published or peer reviewed. I turned, as I always do, to Gawker's Valleywag to bring sense and perspective to an issue. Wait. What? No, seriously. Valleywag's Adrian Chen found a public statement from the Dutch spectrum regulator (translation). The study took place indoors for three months with a variety of plants exposed to six Wi-Fi devices. Previous studies showed no harm. The work hasn't yet been published. I suppose BoingBoing readers are used to hearing sensational claims based on small-cadre studies issued in advance of peer review. Nonetheless, this one seemed particularly strange. Perhaps it was the combination of environmental harm, the fear of radiation (electromagnetic or otherwise), and the imprimatur of a university. Urban trees, which were apparently part of the focus of this study, are under tremendous stress, and tree cover in cities worldwide has been drastically reduced, although efforts in many places are underway to counter this. My hometown of Seattle has a loosely organized plan to plant hundreds of thousands of new trees in the coming years, for instance. Remember what happens when the trees get pissed off. Update! A commenter warns that all Northern hemisphere deciduous trees are currently undergoing some sort of chromatic die-off producing vast amounts of ground pollution and decay. Top photo from Pripyat near Chernobyl by Timm Suess via Creative Commons. Yes, that's Suess, not Seuss. Photo of leaves by mksfly via Creative Commons.

Meet Stephanie Laursen. She's a letterpress printer, who wants to set up her own shop one day. She's already apprenticed at three locations. She's practical about what she needs to make it work. As far as I can tell, she didn't fall through a wormhole from 1930. Stephanie is fully rooted in 2010.

Stephanie was assisting in the letterpress shop today at the School of Visual Concepts (SVC) in Seattle, where I'm attending the two-day Type Americana conference and seminar. The event is one day of history and one day of hands-on sessions. This isn't a tech conference: half the attendees and speakers are women, only two people have laptops out (I'm one of them), and everyone is paying attention. The subject matter requires a reasonably intimate knowledge of the last 140 years of type design to follow the speakers; I'm stunned by how many young people, SVC and other students, are nodding along.

Today, I've heard about Frederic Goudy, the Bentons (père et fils), and W.A. Dwiggins, as well as the life of Beatrice Warde, the collapse of a preeminent type foundry after a hundred years, and a wood-type museum's resurgence. Sumner Stone (Adobe's first type design chief) reminisced about the history of fonts before and at Adobe.

The school has a beautiful letterpress shop, the cleanest one I believe I've ever stepped foot in, with a full panoply of flatbed and platen presses, metal type, wooden furniture (the blocks used to space elements in a locked-up page), leading (mmm....delicious lead), and the like. It smells marvelous. Jenny Wilkson assembled and runs the shop.

Read the rest

The exaflood was the catchy name wrapped around a prediction that exabyte-scale demands for data would destroy the Internet, making it unusably slow and erratic. Year after year, Internet doomsayers make the same tired prognostication. Karl Bode of DSLreports.com notes that mainstream media is finally starting to get the message. The two leading prognosticators of doom, Nemertes Research and the Discovery Institute, seem to be driven by an interest in battering the concept of network neutrality and broadband regulation. I wonder why? (You may best know the Discovery Institute for its support of schools teaching sloppy magical thinking.)

Bob Metcalfe, Ethernet's inventor, famously and literally ate his words in 1997 because of a promise he made of a gigalapse in 1996 that failed to come to pass. No word yet from the current Cassandras Bhagwan Shree Rajneeshes on swallowing their pride and their continuously inaccurate doomsaying.

The Internet turns out to be resilient, not brittle, partly because money funds growth, and companies are dying to take our money. While broadband providers may try to spend the least amount to bring us passably usable service, the Internet's backbone is driven by service-level agreements, steely-eyed technologists, and filthy lucre. We may put up with "up to 15 Mbps* (*as little as 768 Kbps)" connections, but Comcast, Verizon, et al., don't play that game with their network interchanges.

The analysts who make these predictions also fail to account for dynamic feedback. Once you start engaging in behavior on the Internet that fails, you stop. When I'm watching Hulu or Netflix, and the video becomes choppy and unwatchable, I stop watching. What a concept.

Photo by yours truly.

One might be tempted to ask: Can God make a signboard so big that even He can't illuminate it? Spotted in the Fremont neighborhood of Seattle, otherwise known as the Center of the Universe.

I am the photographer, and I approve this use of my image.

Firesheep sniffs unsecured connections with major Web sites over local networks and lets a user with the Firefox plug-in installed sidejack those sessions. A trope has spread that the way to solve this problem is to password protect open Wi-Fi networks, such as those run by AT&T at Starbucks and McDonald's. The technical argument is that on a WPA/WPA2 (Wi-Fi Protected Access) network in which a common shared password is used, the access point nonetheless generates a unique key for each client when it connects. You can't just know the network password and decode all the traffic, as with the broken WEP (Wired Equivalent Privacy) encryption that first shipped with 802.11b back in the late 1990s.

Steve Gibson, a veteran computer-security writer and developer, suggested this the moment Firesheep was announced. A blog post at security consultant Sophos makes the same suggestion. But it won't work for long.

Gibson notes the key problem to this approach in the comments to his post: every user with the shared key can sniff the transaction in which another client is assigned its unique key, and duplicate it. Further, if you join a network with many clients already connected, you can use the aircrack-ng suite to force a deauthentication. That doesn't drop a client off the network; rather, it forces its Wi-Fi drivers to perform a new handshake in which all the details are exposed to derive the key.

Thus, you could defeat Firesheep today by assigning a shared key to a Wi-Fi network until the point at which some clever person simply grafts aircrack-ng into Firesheep to create an automated way to deauth clients, snatch their keys, and then perform the normal sheepshearing operations to grab tokens. I would suspect this might be dubbed Firecracker

The way around this is to use 802.1X, port-based access control, which uses a complicated system of allowing a client to connect to a network through a single port with just enough access to provide credentials. The Wi-Fi flavor of choice is WPA/WPA2 Enterprise, and the secured method of choice is PEAP. Even if every 802.1X user logs in using PEAP with the same user name and password, the keying process is protected from other users and outside crackers. Update: Reader Elmae suggests "Little Bo PEAP" instead of Firecracker.

Even though 802.1X is built into Mac OS X since about 2004, Windows starting in XP SP2, and available at no cost for GNU/Linux, BSD, Unix, and other variants (as well as for older Mac/Win flavors), it's got just enough overhead that hotspots haven't wanted to use it.

While hotspots aren't liable for people sidejacking with Firesheep or simply sucking down and analyze traffic on their networks (disclosure: IANAL), 802.1X is cheap and easy to implement when there's a single user account and password. It's possible we'll see some uptake. The long-term solution is for all Web sites that handle any data to encrypt the entirety of all user sessions.

Update: Commenter foobar pokes a hole, pun intended, in my suggestion for using 802.1X with a single user name/password: Hole196. This vulnerability, documented by AirTight, afflicts 802.1X networks. It allows a malicious party to spoof the access point for sending broadcast messages, and allows ARP and DNS poisoning. Thus Firecracker could become fARPcracker, and, once again, Firesheep emerges victorious. (I wrote about Hole196 for Ars Technica; it's not that big a deal for the enterprise, but it's perfectly easy to use in a hotspot.) Thus, sites securing all their connections with SSL/TLS becomes the only practical method to ensure privacy and prevent sidejacking.

Photo by Magic Foundry, used via Creative Commons.

The things one learns, when one has children. Many facts about fire trucks, planets, geography, tiny people who live in one's house, faeries, and...knocker-ups or knocker-uppers.

We brought home from the library this delightful book, Mary Smith by A. (Andrea) U'Ren, riffing off Mary Smith, a knocker-up who woke people in the early 20th century in East London. She ran about with a short rubber hose shooting dried peas at the windows of subscribers who needed to be awoken at a certain time in the morning. The indefatigable Daniel Pinkwater discussed the book with Scott Simon on NPR, and read it aloud back in August 2007.

Knocker-ups (knockers-up?) are part of the panoply of professions that popped up between the Industrial Revolution and the Golden Age of Technology, when people crowded into urban centers, and labor was remarkably cheap. The army of specialized professions dealing with excrement before central waste treatment, documented in Stephen Johnson's The Ghost Map, is a study in evolutionary niches in employment. Large-scale industry ultimately required shifts of labor, and needed people at particular locations at relatively precise times. Alarm clocks weren't yet both reliable and affordable; even an accurate watch was expensive in its own right. (Tea was also a key component, providing antibiotic properties, alertness, and avoiding the consumption of small beer. See Tom Standage's tour de force, A History of the World in Six Glasses, for more on impact of beverages on human society.)

Such odd professions persist in places where cheap labor is in abundance, and slums sit toe-to-toe with skyscrapers. India has the best known of these--the wallahs of all stripes and varieties, who carry out tasks that in the so-called developed world are too expensive to conceive of (the dabbawallahs who deliver meals from a home to an office mid-day in the tens of thousands in Mumbai alone), engaged in largely by high-priced professionals (street barbers, doctors, and ear cleaners), or automated or motorized (dish- and clotheswashing).

Mental Floss compiled a list earlier this year of seven pre-alarm clock waker-uppers, including the knocker-upper. But I have children: I haven't needed an alarm clock since my first was born.

Master disassembler iFixIt is promoting the Self-Repair Manifesto. The slogans are music to the ears of anyone who believes in the joy of discovery, whether you're learning about nature, abstract properties, or technological artifacts. They're giving away 1,500 posters of the above image at no cost; you can also download it as a PDF. The theses:

Repair is better than recycling.

Repair saves the planet.

Repair saves you money.

Repair teaches engineering.

If you can't fix it, you don't own it.

I've repaired a number of my devices in recent years, from washing machines to Apple laptops, and felt that I've learned, saved, and greened, all with the smug little pleasure of defeating The Man. Whoever That Man is.

iFixIt has a vested interest in this campaign worth noting: the company sells spare parts and upgrades, mostly for Apple equipment. On the flip side, iFixIt is assembling a giant directory of free repair manuals for all manner of manufactured goods. The company also publishes near-instant dissections of popular new electronics, like Microsoft Kinect and the iPhone 4, as a combination of promotion and exploration.

Tragic news today from the browser mines. An explosion rocked the Chromium operations, resulting in the death of good taste, simplicity, and utility. The resulting slag mixed together social networking, a form of RSS, and browsing into one giant, still smoking blob. Web 2.0 teams were immediately dispatched, but recovery is unlikely. We're going to have to live with Rockmelt.

Rockmelt is a social-networking and most-visited site dashboard wrapped around a browser. The notion is that instead of performing separate tasks in separate places, such as different tabs, windows, or programs, we're going to want to see what the hell all our friends are up to constantly, while watching streaming crap flow up both sides of the screen along with updates to Web sites we frequently view. Yeah, that's how I like to roll, yo.

I can see why the idea behind Rockmelt is appealing. It's why Flock was released over five years ago. As the number of social networks to which we belong grows, and the kind of activities we can perform is ever more tightly tied into Web behaviors, there's an obvious conclusion to draw: perhaps all of this could be in one place, making it more efficient and seamless. But that assumes that multitasking isn't a myth, and that people are incessantly in need of communication. I'm probably well outside the target demographic for this kind of software, but the target demographic is already using apps on smartphones, so they're not going to be interested in this browser, anyway. Rockmelt may be too hip for its waistline. Should I point out that Marc Andreessen is an investor?

I haven't used Flock, for the same reason Rockmelt isn't appealing: I actually have work to get done, and I'm not sitting constantly in front of a browser during my soi disant "idle time." (Idle time needs air quotes and double quotes around it, since I have two small children.)

Earlier in the year, I became fascinated with tools like Freedom, software for Mac and Windows that lets you save yourself from yourself. Freedom disables network access for a period of time you set. Other tools remove distractions by clearing the screen of apps except the one you're working on; several word-processing programs give you a blank sheet of paper and wipe the slate clean. The iPad has the same effect writ medium-large: whatever you're doing fills the screen, and it takes a conscious act to shift to another activity; you can't casually swap. (I wrote this up for the Economist in June as "Stay on target," complete with some neat comments from Peter Sagal of NPR's Wait, Wait, Don't Tell Me.)

If you don't have a prescription for Adderall already, just show Rockmelt to your physician, and he or she will be happy to oblige. I'll be in my unlit basement, viewing pages with lynx.

NASA image by Robert Simmon, using ALI data from the EO-1 team via Creative Commons.

Firesheep, meet BlackSheep. The Firesheep Firefox extension makes it a simple point-and-click operation to hijack the unsecured Web session of anyone on the same unprotected Wi-Fi hotspot network using any of a couple dozen popular sites. It was created as a demonstration of poor user data protection, but can be used maliciously, too. BlackSheep is a strange rejoinder. While I recommended here at BoingBoing that people consider using a VPN, encrypting communications with specific services, or using a secure Web proxy, Zscaler's free BlackSheep uses jiu-jitsu. It creates fake tokens and transmits them over the live network in a manner that Firesheep scans for. Then it alerts you if another system on the same network attempts to resubmit the same credentials. What you do next, I don't know. Stand up, start pointing your finger around the coffeeshop, and yell, "J'accuse!"?

A press release arrived in my inbox a couple days ago in which a CEO, facing a major change in his line of business, promised to continue to work for his customers 24x7x365. I was impressed. It's not every day that a company vows to accelerate its customers to a high fraction of the speed of light relative to the Earth to squeeze seven years into the space of one. What's more, many companies have the same capability. I worry about the fabric of reality, already stretched by firms impacting operations and effectuating paradigms. Our frame of reference will be stretched, snapped, and broken. For details on repair, consult How to Live Safely in a Science Fictional Universe.