Site Change

If you are seeing this post, then your DNS has not yet updated. This site has been moved to a new host, you should not have to do anything as the change just requires about 24 hours or so to take effect. If you are still seeing this site after a day or two, let me know.

Quick Security Alerts for Week Ending 6/1/2008

• Flash exploit found in the wild
• Large OS X update finally close calendar bug
• OS X update closes 40 security holes
• Hacking NFC (near field communications) in newer handsets

Quick News Links for Week Ending 6/1/2008

• Developer speaks out on Twitter outages
  The core problem they identified is a mismatched design. Twitter was original built as a CMS but is scaling like a messaging system. They are going to attempt an incremental re-write.
• The benefit of killing Live Book Search
  Microsoft is ending its involvement with the Open Content Alliance. Kahle, through the involvement of the Internet Archive, thinks the ending of corporate support is necessary for OCA’s long term sustainability.
• Google characterizes Viacom’s YouTube suit as broader threat
  Google sees this as a potential erosion of safe harbor under the DMCA. Viacom, not surprisingly disagrees and thinks Google is setting a “terrible example”. The outcome could substantially effect the nature of safe harbor either way.
• Possible second release candidate for Firefox 3
  At issue are ten critical bugs. Mozilla developers are planning on fixing, regardless, the question is whether the fixes will be included in the 3.0 release are as a 3.0.1 update.
• Allowance for breaking ineffective DRM in Finland overturned
  The ruling that was appealed was problematic in and of itself, as the article points out. Unfortunately, the result of the appeal is a step backwards. It gives weight back to industries tactics around secondary liability for infringement.
• Shady practice of “cramming”
  This story is horrifying and made all the worse by the apparent fact that consumers can do very little to defend themselves or fix the problem after the fact. The complacent attitude of the telcos is hardly surprising but infuriating nonetheless.
• Hacking a penny at a time
  A curious hack, to say the least, since I thought these deposits were actually auths, not actual transfers. Charges are pending on the fraudulent identities the hacker used, not on the theft itself.
• Cybernetics research advances as monkeys control robotic arm
  This is continuous with early research but is notable for the complexity of the tasks achieved. It cements that these approaches have merit and while much research remains there is eventual hope for applications for those with severe disabilities.
• Government sponsored knowledge repository
  This is an interesting effort and hopefully one that will spark applications with the ontological data stored therein. In and of itself, however, the value remains to be seen.
• New and updated developer tools from Google
  No new language for GAE, but two new APIs for memcached and images. GWT updated for Java 5 and a new AJAX loading library to work with the most popular AJAX libraries with minimal effort.
• Canadian net neutrality bill submitted
  Even though the bill appears to be well intentioned and tries to be specific, I still have reservations about how it will be enforced. There are no good consumer tools for auditing any kind of discrimination and much debate on what reasonable network management practices are, exactly.
• Mozilla’s scripting plug-in for IE
  As an application developer, this appeals, but I have enough experience to realize that going from the zero requirements of the browser itself to even 1 plugin is a huge logistical and psychological barrier.
• Discussing team dynamic on open source projects
  One approach to keeping the dynamic healthy by discouraging sense of ownership and hence a project’s code from being unduly beholden to a single contributor.

EFF Call to Action on NBC, Microsoft Broadcast Flag “Mistake”

The official response from both companies is highly unsatisfactory. The questions around why Microsoft chose to make Windows MCE compliant with the over-the-air broadcast flag remain unanswered despite the EFF’s victory in the case that allows all device manufacturers to effectively ignore the flag.

In the spirit of hacktivism, the EFF posted a request for help in getting to the bottom of Windows MCE’s real behavior in the presence of the broadcast flag. They are looking to capture actually ATSC stream data, not just screen captures of the recording error. There are detailed instructions for users who use HTHomeRune alongside a Windows MCE system.

Success in this endeavor will require another “mistake” by NBC which makes me a bit skeptical. At least in the near term, the broadcaster is likely to stay on its toes and behave. If you have the required pieces to help the EFF, bookmark the story and try to keep it top of mind in the coming months. The EFF has been successful with similar collective hacking investigations in the past. If they are able to reproduce that success in this case, it could tell us a lot about what really happened in the first case and arm consumers on how to better protect their rights to time shift.

Speakers Announced for Last HOPE

Hackers on Planet Earth is one of the better known hacker gatherings in the states. It is sponsored by the equally well known hacker mag, 2600. This year may be the last HOPE as the venue in New York where it is being held is scheduled for demolition.

I have failed to make it to any of the past HOPE conferences and will not make it to what may be the last, either. I have a couple of online friends and listeners planning on going. I will try to coordinate a recording session with them, afterwards, to discuss their experiences.

My disappointment at not going was deepened by the announced speakers:

Steven Levy, author of Hackers: Heroes of the American Revolution and chief technology writer and a senior editor for Newsweek.

Adam Savage, co-host of the popular TV show Mythbusters and “a maker of things.”

Kevin Mitnick, “the world’s most dangerous hacker” in the eyes of the government and mass media, imprisoned for over five years, and now a successful computer security consultant.

Jello Biafra, a tradition at the HOPE conferences, former lead singer of The Dead Kennedys and one of America’s most interesting social activists.

Steven Rambam, private eye extraordinaire, who can find out anything about anybody and has always been willing to share his knowledge of privacy with the hacker community. (The FBI prevented his 2006 talk from being given by swooping in and arresting him moments earlier. The case against him was later found to have no merit.)

The programming overall looks to be very full with over one hundred presentations in four tracks.

Podcast SciFi Series Stranger Things Evolves

Earl Newton the creator of the amazing podcast only, video science fiction anthology series, Stranger Things, shared his big news today. I was at this live event this past weekend and if you missed it, you missed a hell of a well put together shindig.

I remember when I first heard of Stranger Things on Slice of SciFi. I was skeptical at first. Sturgeon’s law is as in effect with podcasting as anything else so news of a new show is a gamble. I heard some good buzz, though, before I finally watched my first episode. In this case, that word of mouth excitement was spot on. I was blown away by that first story and every one since, including the sneak peek to which we were treated at the Singularity event at Balticon.

I had a chance to catch up with Earl at the event and after. I expressed my appreciation not only for the wonderful production values, explaining how I felt they were well worth the longer release cycles on the episodes, but also how much I really enjoyed the distinctive editorial character of the series. He expressed his gratitude and explained that the consistent vision was very intentional. I was glad to hear it as that fact pretty much guarantees I will enjoy every episode he produces, based solely on his track record to date.

My household is on satellite and doesn’t get Illusion, the VOD channel that is picking up Stranger Things. I was delighted at Earl’s insistence during his announcement that the podcast will continue the same as before. The implication was clear that he could not have succeeded so well without his original audience and was not going to abandon us any time soon. For both the existing and the new audience, what the support from Illusion really means is that once the logistics are established, Earl and crew will be able to put episodes out on a much more regular schedule.

Earl shared that this transition will require a bit more patience but I think it will be worth the wait. I’ve spoken with him a bit about the next two episodes after The Latchkeepers. I would crawl across broken glass if that meant I got to see them. Waiting a bit longer until he gets settled into his new production arrangement should not be anywhere near as big a sacrifice.

TCLP 2008-05-28 Monologue: Volunteerism (Comment Line 240-949-2638)

This is a feature cast.

In the intro, just a quick mention of Balticon and memorial day. My write ups of Balticon are on my LiveJournal for day 1, day 2, day 3, the wrap up, and a bit of memetic silliness.

The hacker word of the week this week is dead lock.

The feature is a monologue considering the topic of volunteerism, inspired by my work at Balticon and the holiday, especially a friend who as decided to re-enlist.

Download the show directly. Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Quick News Links for Week Ending 5/25/2008

Sorry, no commentary this week. I am bushed from Balticon 42 and I had no free time during. I need to flush the buffer so I can start collecting and reviewing stories for the upcoming news show.

• Mozilla contemplating user tracking
• Understanding the Betamax case as about innovation
• Second Life being used by AI researchers
• Latest attempt to define new sovereign state via sea steading
• Attack against root DNS servers
• Napster launches DRM-free music store
• Lessig on orphan work bill
• EFF on orphan works bill
• OLPC announces next XO
• More on XO2
• Call for privacy bill of rights
• Seattle judge finds software sold, not licensed
• Essays on participation in digital culture
• ACTA proposes to criminalize Pirate Bay
• Bender already founded Sugar Labs, courting other lap vendors
• Geist on ACTA
• More on recent discussion of ACTA
• More on the multicore front

TCLP 2008-05-21 Interview: Cory Doctorow (Comment Line 240-949-2638)

This is a feature cast.

A reminder that there will be no news cast this weekend as I’ll be at Balticon 42.

There is no new hacker word of the week.

The feature is an interview with Cory Doctorow in which we talk about his new book, Little Brother

Download the show directly. no detailed show notes this week.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Recording Skype with My Portable Recorder

I’ve been spoiled by recording Skype calls in my studio. Using a hardware solution, one commonly documented elsewhere, as opposed to a software solution has netted me some pretty good sound quality. Even better when I switched to using my old Griffin iMic to pull better quality audio directly out of Skype and into my mixing board.

Not having a comparable solution I can drive with my MacBook Pro has very much limited my availability for interviews. I enjoy getting great guests for the podcast but dread the inevitable scheduling hassles that arise from having a day job and not portable recording option.

I was dealing with this very hassle, trying to accommodate a recent guest’s travel schedule when inspiration struck. It started with the realization that my portable recorder has two channels which should be enough to drive a field mic and bring in Skype through the iMic.

From top to bottom, here is what I put together. For reference, I have an M-Audio Microtrack 24/96 which which has two quarter inch mono inputs and a monitor out. You are going to need something comparable, especially the monitor out to make a similar rig work. I also use a Mac, as mentioned above, and while I will try to keep my description from being too Mac specific, bear it in mind when adjusting for your system.

1. Connect the Griffin iMic
   After connecting it, I launched Skype and switched its audio input and output both to the iMic. On my system, I have to connect the iMic first so it will be available in Skype’s audio preferences.
2. Temporarily connect headphones to the headphone jack of the iMic
   I did this to get the audio level out through the iMic dialed in. I left the Skype preferences up and opened my sound preferences. I temporarily switched the system sound to run out of the iMic since Skype alone doesn’t afford that level of control. I found setting the output level to about 20% works well. You can click the little icon next to the output setting in the Skype preferences to hear sound through the iMic. If you have a Skype voice mail, you can replay it for an even better idea of the level. I also adjusted the pan, the left-right balance, all the way to the left. This helped push the Sykpe audio out well to the mono channel on my portable recorder.
3. Switch system sound back to the usual setting
   I did this to keep random system noises from piping through the iMic. I left the Skype ringer set to the system sound setting, this kept notifications from Skype from sounding through the iMic.
4. Disconnect the headphones and connect the iMic to one channel of the portable recorder
   I used a stereo splitter and connected just the left channel (hence the pan tweak above) to one of the portable recorder’s inputs. I used my test audio, a Skype voice mail, to check that sound was making it into the connected channel of my recorder.
5. Connect a mic to the open channel
   My portable recorder puts out phantom power so I connected a condenser and sat close to get a good, clear signal.
6. Connect a headset mic to the monitor on the recorder
   My portable recorder only sends sound out the monitor when recording. I recorded a couple of samples while playing my test voice mail from Skype. At this point, I was hearing what my recorder was capturing, audio straight from Skype!
7. Connect mic jack from headset to iMic
   This is necessary for my caller to hear me and closes the loop. If you use an iMic, you need to make sure the powered preamp is switched on. Most headset mics are unpowered on their own, mine certainly is.
8. Get a buddy to agree to a Skype call
   I performed this test to make sure my actual caller for the interview would be able to hear me as well as I can hear through the rig.

Thanks to this bit of experimentation, I now can record Skype calls anywhere I can find a reasonably quiet space and an internet connection. This is a huge relief when contemplating the scheduling exercise involved in pinning down a busy guest.

TCLP 2008-05-18 News (Comment Line 240-949-2638)

This is news cast 141.

I will be at Balticon 42 next weekend, so no news show that Sunday. I was going to skip the feature cast, too, to make more time to prepare, but I lucked into a last minute interview which I will share on Wednesday. More details when that show goes live.

Security alerts this week are the Debian GNU/Linux project fixes a critical crypto bug and PayPal is proven vulnerable despite using an enhancement to plain SSL security.

In this week’s news, researchers look at providing social interactions for remote workers though I worry this may exacerbate some other workplace trends, the USAF contemplates building a botnet, some of the risks of the cutover to digital TV, and NBC briefly activates thier broadcast flag although the EFF defended device makers’ right to ignore the flag.

Following up this week, a couple of cases go against the RIAA in particular Judge Davis in the Thomas case thinks he made an error.

Download the show directly. Grab the detailed show notes with time offsets and additional links either as PDF or OPML.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Quick Follow Up Links for Week Ending 5/18/2008

• Slow movement on France’s three strikes law
• Update on Canadian copyright bill
• FCC to try again to auction D block of 70oMHz spectrum
• Dutch voting machines de-certified

Quick Security Alerts for Week Ending 5/18/2008

• New kind of rootkit runs in secure x86 mode
• MSIE8 to try to harden ActiveX
• SQL injection cheat sheet
• SSH hardening advice in wake of increasing botnet attacks
• Apple unconcerned at latest Safari risk
• MSIE7, 8beta zero day bug

Quick News Links for Week Ending 5/18/2008

• Deep packet inspection appliance a serious contender
  The comfort at the exorbitant price is limited by the realization that they have cheaper, if less capable versions. That and the commodity curve means these type of hardware solutions will just get cheaper and cheaper.
• Questioning the default choice of XML
  Not an unreasonable examination of the question of whether to use XML or not and how most seem to adopt it out of default rather than real reasons.
• Google to bring social features as a service
  This makes sense and is what Wired’s Chris Andersen has been saying for some time. I am concerned about the security and privacy aspects, though. Integration sounds non-existent, though, may mitigate some risk.
• Researchers recycle circuit boards into oil
  Seems to be a thermal and chemical process, makes sense as how much oil goes into plastics and other synthetic materials. Curious to see someone actually try this, the oil could make it a nice profitable venture.
• DefectiveByDesign publishes open letter to libraries
  Identifies libraries as a captive market that could form a self feeding loop for DRM enforcement. Argues that DRM is counter to open access principles of public libraries. Allows customization of letter for local action.
• Issues with using GPS to curb truancy
  There is already some political resistance and the original NYT piece glosses entirely over issues of privacy, especially as the Ars article implies privacy breaches may result in safety.
• Researchers break quantum crypto, propose fix
  Really just proves that there is not absolute security. The fact that the problem is tied to a MAC algorithm strongly hints there may be more problems ahead that the physical nature of the system will not help solve.
• Oregon trying to retain copyright stance of publishing state laws
  Oregon wasn’t claiming copyright on the law itself, but rather the layout and headings. Stripping those would make re-publishing the laws by sites like Justia and public.resource.org too costly. The state is betting on that as it apparently realizes a fair amount of revenue from this tacky private content wrapping scheme.
• Australian court rules TV listings are created, not factual, and copyrightable
  The issue Patry raises is if this shifts the standard to one of effort to create, what will it do to other aspects of the law, including substantial similarity?
• Open source, open content reference for and by web developers
  Offerings seem a bit slim, at the moment, but worth bookmarking and keeping an eye on. Without clear editorial oversight, it is unclear how this will differ from just searching the whole web for reference articles and how to articles.
• Large cable operator to start tracking sites of users
  Sounds like a Phorm workalike. Hopefully it will raise similar resistance and ire, save that American cable operators have proven notoriously resistant from learning the lessons of others.
• Rep. Markey not happy about ISP user tracking, ad injection
  This in response to Charter’s plans to track their users. Unfortunately, it may take regulation, despite cable operators constant cries that they in fact do not need to be regulated.
• Hypocrisy of UMG over statutory copyright damages
  How can we make any forward momentum on copyright reform when one of the big four labels wants to play both sides of the law?
• Chicago latest metropolis to slip into panopticon
  The linked article is crowing over taking the human out of the equation. I blame the technology vendors selling “video analytics”. The day job has exposed me to this and its all breathless wonder and very little concern over the impact on civil liberties as in this case.
• Bletchley Park facing financial ruin
  It is unclear what the general public can do. It would be a shame to see such a landmark site bull dozed for something so mundane as a strip mall or Starbucks.
• More recommendations on securing against border searches
  The advice is consistent with the EFFs that there are no guarantees other than to not store anything sensitive on the laptop itself. Schneier and others have implored the US government to look into these problematic search and seizure practices.
• MPAA still fixated on closing analog hole
  And they are ransoming high definition video on demand in order to do so.
• MySpace suicide indictment sets scary precedent
  The Meiers suicide is a tragedy to but escalating contract violation to a felony is not worth it. We can only hope if this passes muster that it is stuck down as unconstitutional on appeal.
• A wiki for procedural generation algorithms
  I love emergent complexity so could not resist linking to a story about a resource for algorithms to produce it.

Is OLPC Making Itself Irrelevant?

I have been a fan of OLPC since before I heard Ivan Krstić speak at Shmoocon last year. His breathless explanation of the principles of the constructionist approach to learning pioneered by the likes of Alan Kay and Seymour Papert left a lasting impression and fostered an optimism about the future of education if such principles could truly be realized.

Unfortunately, there has been a lot of static coming out of the project of which Krstić was formerly a member, OLPC. I previously shared my notes on this blog from a presentation by Benjamin Mako Hill and a roundtable he also attended, both at Penguicon 6.0. He was charitable in his characterization of OLPC’s recent struggles and the whole question of running some flavor of Windows on the eponymous devices.

That question, at least, has been unequivocably answered. Regardless of the philosophical questions of freedom this raises for the intended device owners, there are some meaty technical questions about whether such a custom laptop will support a useful experience with Windows. Then there is the unescapable reminders that Microsoft is perfectly willing to throw its weight around to try to make an incipient market behave as it wants rather than serve then original idealistic ends Negroponte espoused when launching OLPC.

The same person who cemented my interest in the project, despite these recent concerns, has given me much to think about. It would be easy to dismiss this essay as disgruntled mutterings. But it is pretty coherent and I am sure much of the historical evidence he cites is reasonably verifiable.

Even setting aside his criticism of Negroponte’s past failures and recent shifts in focus that seem to be abandoning what made OLPC so astonishing and daring, he deftly deconstructs what I think is really important. The question is whether a constructionist, one-to-one program works and his answer simply is no one knows. He has some good constructive ideas of how that question might be answered that recast the operating system question as irrelevant and I think even makes sense of some of the concerns over the Sugar effort that others have also raised recently and that Negroponte seems eager to simply brush under the carpet.

What I, personally, am left with is a need to re-focus on the questions and evaluate what people are saying and doing much as Krstić has done. It is not about any one person or organization. It may not even be about the merits of one approach over another, regardless of whether there is evidence to support it or not. It is about advancing the cause of education in a world where the demand for ever more well learned global citizens is only increasing.

I hope others take the time to read this essay. Read it a few times before setting hands on keyboard and making yourself more a part of the problem rather than actually considering what is at stake, here, and what is really in the best interests of furthering education, especially in developing countries, but everywhere traditional approaches have failed.