To protect or not protect your WiFi?

Bruce Schneier is famous for leaving his WiFi wide open: no WEP, no WPA. (I've had this confirmed by someone who actually KNOWS him, which is exciting for me but a completely different story ) The point here is that he is reconsidering not to protect himself from people "stealing" his WiFi or breaking in to his system, but to protect himself from overzealous authorities who may trace some child porn or whatever to his IP.

It seems to me that leaving it open offers plausible deniability, as long as you aren't caught with the evidence.

Amplify’d from www.schneier.com

Security Risks of Running an Open WiFi Network

As I've written before, I run an open WiFi network. It's stories like these that may make me rethink that.

The three stories all fall along the same theme: a Buffalo man, Sarasota man, and Syracuse man all found themselves being raided by the FBI or police after their wireless networks were allegedly used to download child pornography. "You're a creep... just admit it," one FBI agent was quoted saying to the accused party. In all three cases, the accused ended up getting off the hook after their files were examined and neighbors were found to be responsible for downloading child porn via unsecured WiFi networks. Read more at www.schneier.com

 

See this Amp at http://amplify.com/u/b108pi

OK, so I take the train every morning into Union Station, and take the Metro to work. For the past few months, they have taken half the escalators out of service for long term repairs. That's fine, but unless they are replacing them with _stairs_ that only breakdown every 30 years or so it is just another inconvenience. This morning, they decided that wasn't enough and blocked off one complete entrance into the metro station. Can you imagine the mass of 500+ train commuters squeezing through the SINGLE non-working escalator at the A-Gate entrance? Not to mention the view of the poor people trying to get out of the metro station. I have to ask: Who are the chowderheads that run this two-bit operation anyway?

There, I feel better now. http://amplify.com/u/b108mt

Doc Searls giving up on Twitter

Maybe not "jumping the shark," although that should have happened with Charlie Sheen. Looks like Twitter's inability to scale has finally caught up with it.

Amplify’d from blogs.law.harvard.edu

Let’s move tweeting off Twitter

Getting 20,500,000 Google Image search results for “twitter fail” paints a picture that should be convincing enough. (See Danny Sullivan‘s comment below for a correct caveat about this metric.) Twitter’s own search results for “hourly usage limit”+wtf wraps the case. I posted my own frustrations with this the other day. After Eric Leone recommended that I debug things by going to https://twitter.com/settings/connections and turning off anything suspicious, I found the only sure way to trouble-shoot was to turn everything off (there were about twenty other sites/services listed with dependencies on Twitter), and then turn each one back on again, one at a time, to see which one (or ones) were causing the problem. So I turned them all off; and then Twitter made the whole list disappear, so I couldn’t go back and turn any of them on again.

So Twitter has become borderline-useless for me. Same goes for all the stuff that depended on Twitter that I turned off.

In that same thread Evan Prodromou graciously offered to help set up my own Status.Net server. I’m going for it, soon as I get back from my week here in Santa Barbara. Read more at blogs.law.harvard.edu

 

See this Amp at http://amplify.com/u/bznxs

Dropbox Lack of Security

As the BusinessInsider article linked to in the clip below makes clear, Dropbox's recent update to its security policy is nothing unusual, and in line with other cloud services. The clip below points out, however, that there are inconsistencies that arise from this, that will need to be addressed at some point.

Amplify’d from tirania.org

Dropbox recently announced an update to its security terms of service in which they announced that they would provide the government with your decrypted files if requested to do so.

My problem is that for as long as I have tried to figure out, Dropbox made some bold claims about how your files were encrypted and how nobody had access to them, with statements like:

All transmission of file data occurs over an encrypted channel (SSL). All files stored on Dropbox servers are encrypted (AES-256) Dropbox employees aren't able to access user files, and when troubleshooting an account they only have access to file metadata (filenames, file sizes, etc., not the file contents)

This announcement means that Dropbox never had any mechanism to prevent employees from accessing your files, and it means that Dropbox never had the crypto smarts to ensure the privacy of your files and never had the smarts to only decrypt the files for you. It turns out, they keep their keys on their servers, and anyone with clearance at Dropbox or anyone that manages to hack into their servers would be able to get access to your files.

If companies with a very strict set of security policies and procedures like Google have had problems with employees that abused their privileges, one has to wonder what can happen at a startup like Dropbox where the security perimeter and the policies are likely going to be orders of magnitude laxer. Read more at tirania.org

 

See this Amp at http://amplify.com/u/bzk6j

Visions of HP's TouchPad

Courtesy of @svartling. Even though it is still vaporware, the actual OS appears to have leaked and is pretty good. It won't get far if they can't get developers, but there used to be a pretty good community around PalmOS apps; maybe some of them can be ported over. If it comes out soon, it might have a chance against Honeycomb.

Amplify’d from gigaom.com

A beta emulator of HP’s webOS 3.0 leaked, and enthusiasts wasted no time putting together an extensive video walk-through of the platform on a virtual tablet. While webOS is still a work in progress, nearly 19 minutes of feature demonstrations show a highly user-friendly and effective touch interface. Software is only part of the equation, of course; HP will have to entice developers to create applications for the TouchPad tablet, due out this summer.

PreCentral’s Derek Kessler provides the virtual tablet tour, and even the naysayers would have to admit that webOS 3.0 impresses. Much of the user interface has an Apple iOS look-and-feel, just as the original Palm Pre handset did, but there are noticeable differences and improvements. The webOS notification system allows for email triage, for example. A word auto-completion feature, similar to that on many smartphones, is available. In landscape view, the email client can show mail in full-screen mode or users can view both mail contents and folders with one swipe. And while it’s not shown in this video demo, HP’s webOS phones interact directly and wirelessly with the TouchPad via the Touchstone technology: touching the phone to the tablet, for example, can shoot a website address from one to another.

My take on the video demo mirrors Om’s thoughts from when he took an early look at HP’s tablet efforts in February:

In theory, it seems to be one of the best competitors for the Apple iPad (I think Google’s Android OS on tablets is a tad half-baked). By using its core multitasking features, HP has created an extremely integrated user experience that marries applications to actual usage behavior and workflows.

Of course, a solid and fully-featured mobile device platform alone won’t sell tens of millions of TouchPads for HP. Outside he tablet pricing and hardware components – HP has already announced the specs and this shouldn’t be an issue — the TouchPad’s biggest challenge to success will be the quality and amount of third-party software. That’s still the big unknown. But if mobile app developers are impressed by the operating system’s early look, and HP can woo them with incentives, TouchPad sales might keep the forecasters honest. Recent estimates pegged HP with a paltry 3-percent market share for tablets by 2015. Read more at gigaom.com

 

See this Amp at http://amplify.com/u/bz33v

Decline of Oil

Key quote: "the trend was from more expensive energy to less expensive energy, not vice versa."

Amplify’d from rogerpielkejr.blogspot.com

The figure above comes from the IMF World Economic Outlook released earlier this week in a chapter on "oil scarcity" (PDF).

Over about 40 years oil lost about 90% of its role as a source of energy for electricity production (from a 25% share to a 2.5% share).  There are a few interesting points to take from this dramatic shift, some of which seem obvious but nonetheless worth highlighting.

1. Significant energy shifts happen. 2. They can take many decades. 3. Such shifts depend upon available substitutes. 4. The trend was from more expensive energy to less expensive energy, not vice versa.

There is a lot of material in the IMF report that will be worth a future discussion as well. Read more at rogerpielkejr.blogspot.com

 

See this Amp at http://amplify.com/u/bz2j2

Security and Incentives

This example pertains to education, but the condition exists in any security area.

Amplify’d from www.schneier.com

Changing Incentives Creates Security Risks

An interesting example of this is the recent scandal in the Washington, DC, public school system over teachers changing their students' test answers.

It turns out that a lot of those score increases were faked. In addition to teaching students, teachers cheated on their students' tests by changing wrong answers to correct ones. That's how the cheating was discovered; researchers looked at the actual test papers and found more erasures than usual, and many more erasures from wrong answers to correct ones than could be explained by anything other than deliberate manipulation.

Teachers were always able to manipulate their students' test answers, but before, there wasn't much incentive to do so. With Rhee's changes, there was a much greater incentive to cheat.

The point is that whatever security measures were in place to prevent teacher cheating before the financial incentives and threats of firing wasn't sufficient to prevent teacher cheating afterwards. Because Rhee significantly decreased the costs of cooperation (by threatening to fire teachers of poorly performing students) and increased the benefits of defection ($8,000), she created a security risk. And she should have increased security measures to restore balance to those incentives.

This is not isolated to DC. It has happened elsewhere as well. Read more at www.schneier.com

 

See this Amp at http://amplify.com/u/bz2cj

Security and Incentives

This example is about test scores in education. Obviously, it could apply to other security problems as well.

Amplify’d from www.schneier.com

Changing Incentives Creates Security Risks

An interesting example of this is the recent scandal in the Washington, DC, public school system over teachers changing their students' test answers.

It turns out that a lot of those score increases were faked. In addition to teaching students, teachers cheated on their students' tests by changing wrong answers to correct ones. That's how the cheating was discovered; researchers looked at the actual test papers and found more erasures than usual, and many more erasures from wrong answers to correct ones than could be explained by anything other than deliberate manipulation.

Teachers were always able to manipulate their students' test answers, but before, there wasn't much incentive to do so. With Rhee's changes, there was a much greater incentive to cheat.

The point is that whatever security measures were in place to prevent teacher cheating before the financial incentives and threats of firing wasn't sufficient to prevent teacher cheating afterwards. Because Rhee significantly decreased the costs of cooperation (by threatening to fire teachers of poorly performing students) and increased the benefits of defection ($8,000), she created a security risk. And she should have increased security measures to restore balance to those incentives.

This is not isolated to DC. It has happened elsewhere as well. Read more at www.schneier.com

 

See this Amp at http://amplify.com/u/bz2cj

Laser Weapons in practice

Flaming is nice, but as Martin the Martian used to say: "Where is my kaboom? There is supposed to be an Earth-shattering kaboom!"

Amplify’d from www.engadget.com

See that flaming wreckage in the picture above? A laser did that, mounted on board a second vessel similarly bobbing on top of the ocean last week. Yes, even though the United States Navy told us that legitimate seafaring death rays might take another decade to materialize, basic weaponized lasers are ready today, as the 15-kilowatt gun attached to the USS Paul Foster happily demonstrates. Of course, as you'll see in the video after the break, a beam of such minimal power takes a moment to burn through even an unshielded engine and ignite the fuel therein -- once we get some 100+ kilowatt lasers up in there, we shouldn't have such problems. Read more at www.engadget.com

 

See this Amp at http://amplify.com/u/byt2l

Adorable Evil?

They may be cute, but ...

Amplify’d from www.cracked.com

5 Adorable Animals That Are Turning to the Dark Side

#5. Squirrels

The Good

Squirrels are Exhibit A in what a cute face and a bushy tail can do for your cred among humans. As a species, we risk bodily injury and spikes in insurance rates whenever one dashes in front of our cars, because it is impossible not to feel like an asshole if you crush one. Hell, in Ice Age, the cutest character was the squirrel, and he had fangs.

The Evil

The animal kingdom is like prison. If you don't try the softest guy on your cell-block, you become the softest guy on the cell-block. Unfortunately, this is a difficult lesson to teach children, because among the squirrels at Cuesta Park in Mount Park, Calif., word seems to be getting around that humans, unlike the Wu-Tang Clan, are something to fuck with.

Between May 2006 and March 2007, multiple squirrels attacked 13 people, mostly children. One four-year-old boy thought he was being hugged by his furry little woodland friend until it started digging its fingers into his scalp. At this point the boy started screaming and rolling in the grass, which we've found is usually enough to scare away anything within 20 feet of us. But in this case, the squirrel just dug in that much harder, playing scalp rodeo until a grown-up came over and broke things up.

Fish and Game declared the squirrels in the park a "threat to continued public safety" and began trapping and killing them. Not by using a cage with a bunch of nuts in it, but by using a decoy baby stroller. See, a number of the attacks had occurred when the squirrels jumped into baby carriages -- presumably to suck the infants' souls from their lips for some dark squirrel harvest. They'd been doing it so frequently that it was apparently the only way the park rangers knew to trap them. The day after the first squirrel was captured in a baby carriage, another squirrel jumped onto a four-year-old girl's face, leaving scratches to both cheeks and her forehead that likely would have spelled out "snitch" if squirrels knew how to spell.

This is not an isolated incident. A squirrel attacked six people in the U.K. before being captured, and the town of Bennington, VT, is currently being terrorized by a rogue gray squirrel. You might start thinking that our dogs and cats have the right idea, with their much more hostile stance toward inter-species relations, but that's just because you haven't heard what happened in a Russian park in 2005. A stray dog was barking at a gang of local squirrels, as dogs are wont to do. Likely former Spetsnaz agents, the squirrels became irritated and decided to shut the dog up in much the same way the Russian Mafia shuts people up: by killing it.

Not pictured: Baseball bats and a lot of lye soap.

According to eyewitness testimony, the squirrels descended and tore the dog to pieces. The linked BBC report notes that one Russian scientist questioned the authenticity of the report, and goes on to note that "squirrels without sources of protein might attack birds' nests," because Russian scientists are bad at being reassuring. Read more at www.cracked.com

 

See this Amp at http://amplify.com/u/byt0v

The CIA and Assassinations

Your tax dollars at work.

Amplify’d from www.schneier.com

The former CIA general counsel, John A. Rizzo, talks about his agency's assassination program, which has increased dramatically under the Obama administration:

Sometimes, as Rizzo recalls, the evidence against an individual would be thin, and high-level lawyers would tell their subordinates, “You guys did not make a case.” “Sometimes the justification would be that the person was thought to be at a meeting,” Rizzo explains. “It was too squishy.” The memo would get kicked back downstairs.

The cables that were “ready for prime time,” as Rizzo puts it, concluded with the following words: “Therefore we request approval for targeting for lethal operation.” There was a space provided for the signature of the general counsel, along with the word “concurred.” Rizzo says he saw about one cable each month, and at any given time there were roughly 30 individuals who were targeted. Many of them ended up dead, but not all: “No. 1 and No. 2 on the hit parade are still out there,” Rizzo says, referring to “you-know-who and [Ayman al-] Zawahiri,” a top Qaeda leader.

And the ACLU Deputy Legal Director on the interview:

What was most remarkable about the interview, though, was not what Rizzo said but that it was Rizzo who said it. For more than six years until his retirement in December 2009, Rizzo was the CIA's acting general counsel -- the agency's chief lawyer. On his watch the CIA had sought to quash a Freedom of Information Act lawsuit by arguing that national security would be harmed irreparably if the CIA were to acknowledge any detail about the targeted killing program, even the program's mere existence. Rizzo's disclosure was long overdue -- the American public surely has a right to know that the assassination of terrorism suspects is now official government policy ­ and reflects an opportunistic approach to allegedly sensitive information that has become the norm for senior government officials. Routinely, officials insist to courts that the nation's security will be compromised if certain facts are revealed but then supply those same facts to trusted reporters. Read more at www.schneier.com

 

See this Amp at http://amplify.com/u/bysw4

Don't expect help from the airlines

I did something similar to this on a Japan Airlines flight, but the response was much different (better ).



Obviously, the traveler is at fault for leaving something valuable behind. And people don't fly Southwest for great customer service/customer care. And, maybe, one should hold on a little more tightly to one's $900 iPad ...

Amplify’d from consumerist.com

If there's anything I've learned over the last year of reading the stories that our readers send in to The Consumerist, it's this: the seat-back pouches on airplanes are the perfect place to stash your iPad during a flight, then never see it again. This apparently happens to a surprising number of people, but Amin thought he was lucky: he noticed that his was missing only twenty minutes after getting off the plane. This meant that he could rush back and perhaps recover the iPad before the plane took off again. Except...well, we're posting this story, so you can probably guess what happened next.

On this flight, I accidentally left my iPad in the seat back pocket. I came back to the terminal within 20 minutes and ran to the Southwest check-in counter. I began to explain that I left my iPad on the plane. She then slowly went over and called the terminal. She then told me the lady on the other end let her know that she was the only one there and could not leave to get my iPad from the airplane. So I asked her what I could do, because I didn't want the plane to leave with my iPad. She told me I could run over to the terminal to get it.

So apparently she was too busy chatting to even inform ANYONE that my $900 iPad was stuck on the plane. By the time we were talking she also let me know that the turned off all communications with the plane and it would be impossible for me to get ahold of anyone on the plane. Which frustrated me even more.

So I had to file a missing iPad report only to find out the next day that nothing had been turned in. Of course nothing was turned it the employees did nothing to help me find it. I completely understand that it was my fault for leaving the iPad on the plane, but I remembered the same day within 20 minutes. I came running in to each area asking Southwest employees to help me. Instead of receiving any compassion or care they all kept passing me on and uncaringly told me to just file a report.

Had a flight attendant just made an announcement and picked up my iPad I wouldn't be short $900 and a lot of personal information. Thanks a lot Southwest...Please do something to make this right. One way or another I will share this even with the entire internet world, hopefully the story ends well.

I couldn't believe it. They had the audacity to tell me that I was frustrated by the length of time it took me to get back through security and to the gate. Obviously, I wasn't annoyed at that. That is normal protocol. What I was frustrated by was the fact that none of their employees gave a rats ass as to whether or not I was about to lose my overpriced iPad FILLED with tons of personal information. Yes, I know, that information is backed up on my computer and I didn't lose it. But someone does have tons of pictures of me and all my friends = and of course I changed all my passwords. Read more at consumerist.com

 

See this Amp at http://amplify.com/u/bxy1n