From Bruce Sterling’s “Viridian Note 00459: Emerging Technology 2006” (The Viridian Design Movement: March 2006):
Here’s another contender from Julian Bleecker …
“Blogjects” – objects which emit data about their use.
What’s a blogject? Read More »
From Bruce Sterling’s “Viridian Note 00459: Emerging Technology 2006” (The Viridian Design Movement: March 2006):
Here we’ve got the canonical Tim O’Reilly definition of Web 2.0:
“Web 2.0 is the network as platform, spanning all connected devices; Web 2.0 applications are those that make the most of the intrinsic advantages of that platform: delivering software as a continually-updated service that gets better the more people use it, consuming and remixing data from multiple sources, including individual users, while providing their own data and services in a form that allows remixing by others, creating network effects through an ‘architecture of participation,’ and going beyond the page metaphor of Web 1.0 to deliver rich user experiences.”
From Wikipedia’s “MacDonald triad” (26 July 2006):
The MacDonald triad are three major personality traits in children that are said to be warning signs for the tendency to become a serial killer. They were first described by J. M. MacDonald in his article “The Threat to Kill” in the American Journal of Psychiatry.
- Firestarting, invariably just for the thrill of destroying things.
- Cruelty to animals. Many children can be cruel to animals, such as pulling the legs off of spiders, but future serial killers often kill larger animals, like dogs and cats, and frequently for their solitary enjoyment rather than to impress peers.
- Bedwetting beyond the age when children normally grow out of such behaviour.
Warning signs of an incipient serial killer Read More »
From Eric Steven Raymond’s “Varieties of Open-Source Licensing” (The Art of Unix Programming: 19 September 2003):
MIT or X Consortium License
The loosest kind of free-software license is one that grants unrestricted rights to copy, use, modify, and redistribute modified copies as long as a copy of the copyright and license terms is retained in all modified versions. But when you accept this license you do give up the right to sue the maintainers. …
BSD Classic License
The next least restrictive kind of license grants unrestricted rights to copy, use, modify, and redistribute modified copies as long as a copy of the copyright and license terms is retained in all modified versions, and an acknowledgment is made in advertising or documentation associated with the package. Grantee has to give up the right to sue the maintainers. … Note that in mid-1999 the Office of Technology Transfer of the University of California rescinded the advertising clause in the BSD license. …
Artistic License
The next most restrictive kind of license grants unrestricted rights to copy, use, and locally modify. It allows redistribution of modified binaries, but restricts redistribution of modified sources in ways intended to protect the interests of the authors and the free-software community. …
General Public License
The GNU General Public License (and its derivative, the Library or “Lesser†GPL) is the single most widely used free-software license. Like the Artistic License, it allows redistribution of modified sources provided the modified files bear “prominent noticeâ€Â.
The GPL requires that any program containing parts that are under GPL be wholly GPLed. (The exact circumstances that trigger this requirement are not perfectly clear to everybody.)
These extra requirements actually make the GPL more restrictive than any of the other commonly used licenses. …
Mozilla Public License
The Mozilla Public License supports software that is open source, but may be linked with closed-source modules or extensions. It requires that the distributed software (“Covered Code”) remain open, but permits add-ons called through a defined API to remain closed. …
Types of open source licenses Read More »
From Laura Miller’s “Rent-a-coup” (Salon: 17 August 2006):
In March 2004, a group of men with a hired army of about 70 mercenary soldiers set out to topple the government of the tiny West African nation of Equatorial Guinea and install a new one. Ostensibly led by a political opposition leader but actually controlled by the white mercenary officers, this new regime would plunder the recently discovered oil wealth of Equatorial Guinea, enriching the coup’s architects by billions of dollars.
The Wonga Coup never came off, but not because of the kind of double-crossing anticipated in that early planning document. … One of the strangest aspects of the story is that the Wonga Coup nearly replicated an earlier failed attempt to take over Equatorial Guinea in 1973. And that coup had since been fictionalized in a bestselling book, popular with the mercenary crowd, by Frederick Forsyth, “The Dogs of War.” A case of life imitating art imitating life? The truth is even more bizarrely convoluted: Roberts has found evidence that Forsyth himself financed the 1973 coup. (And Forsyth has more or less admitted as much.)
The 2004 coup plotters made noises about installing a better leader, but their real motives were “wonga” — British slang for money — and something less tangible. “It’s fun,” said one observer. “Some of the guys did it for kicks, because life is boring.” …
Arrayed against rent-a-coup schemers like Mann is a breed that Roberts calls the “rag-and-bone intelligence dealer,” a kind of freelance spy who “darts about Africa with a laptop and satellite phone, lingering in hotel bars, picking up scraps of information where he can, selling them to willing buyers, whether corporate or government. The more sophisticated use electronic, online or other surveillance.”
A coup in Equatorial Guinea for fun Read More »
From Patrick Smith’s “Ask the pilot” (Salon: 4 August 2006):
The wing is shorn off. It lies upside down in the dirt amid a cluster of desert bushes. The flaps and slats are ripped away, and a nest of pipes sprouts from the engine attachment pylon like the flailing innards of some immense dead beast. Several yards to the west, the center fuselage has come to rest inverted, the cabin cracked open like an eggshell. Inside, shattered rows of overhead bins are visible through a savage tangle of cables, wires, ducts and insulation. Seats are flung everywhere, still attached to one another in smashed-up units of two and three. I come to a pair of first-class chairs, crushed beneath the remains of a thousand-pound bulkhead. In the distance, the plane’s tail sits upright in a gesture of mutilated repose, twisted sharply to one side. High on the fin, the blue and white logo remains visible, save for a large vacant portion where the rudder used to be. …
I’m taking in one of the aviation world’s most curious and fascinating places, the “boneyard” at Mojave Airport in California, 70 miles north of Los Angeles.
The Mojave Desert is a barren place, a region of forbidding rocky hills and centuries-old Joshua trees. But it’s also an area with a rich aerospace history. Edwards Air Force Base and the U.S. Navy’s China Lake weapons station are both here, as well as the airport in Palmdale, where the Lockheed L-1011 was built. The Mojave Airport, officially known as the Mojave Airport and Civilian Aerospace Test Center, is the first FAA-licensed “spaceport” in the United States, home to a burgeoning commercial spacecraft industry. It’s a spot for ingenuity and innovation, you could say. But for hundreds of commercial jetliners, it is also the end of the road.
Of several aircraft scrap yards and storage facilities, including others in Arizona, Oklahoma and elsewhere in California, Mojave is arguably the most famous. …
There are upward of 200 planes at Mojave, though the number rises and falls as hulls are destroyed — or returned to service. Not all of the inventory is permanently grounded or slated for destruction. Neither are the planes necessarily old. Aircraft are taken out of service for a host of reasons, and age, strictly speaking, isn’t always one of them. The west side of the airport is where most of the newer examples are parked. MD-80s, Fokker 100s and an assortment of later-model 737s line the sunbaked apron in a state of semiretirement, waiting for potential buyers. They wear the standard uniform of prolonged storage: liveries blotted out, intakes and sensor probes wrapped and covered to protect them from the ravages of climate — and from the thousands of desert jackrabbits that make their homes here. A few of the ships are literally brand new, flown straight to Mojave from the assembly line to await reassignment after a customer changed its plans. …
The scrap value of a carcass is anywhere from $15,000 to $30,000.
“New arrivals, as it were, tend to come in bunches,” explains Mike Potter, one of several Mojave proprietors. …
Before they’re broken up, jets are scavenged for any useful or valuable parts. Control surfaces — ailerons, rudders, slats and elevators — have been carefully removed. Radomes — the nose-cone assemblies that conceal a plane’s radar — are another item noticeable by their absence. And, almost without exception, engines have been carted away for use elsewhere, in whole or in part. Potter has a point about being careful out here, for the boneyard floor is an obstacle course of random, twisted, dangerously sharp detritus. Curiously, I notice hundreds of discarded oxygen masks, their plastic face cups bearing the gnaw marks of jackrabbits. Some of the jets are almost fully skeletonized, and much of what used to rest inside is now scattered across the ground. …
Near the eastern perimeter sits a mostly intact Continental Airlines 747. This is one of Potter’s birds, deposited here in 1999. A hundred-million-dollar plane, ultimately worth about 25 grand for the recyclers. …
The airplane graveyard Read More »
From Seth David Schoen’s “Wiretapping vulnerabilities” (Vitanuova: 9 March 2006):
Traditional wiretap threat model: the risks are detection of the tap, and obfuscation of content of communication. …
POTS is basically the same as it was 100 years ago — with central offices and circuit-switching. A phone from 100 years ago will pretty much still work today. “Telephones are a remarkable example of engineering optimization” because they were built to work with very minimal requirements: just two wires between CO and the end subscriber, don’t assume that the subscriber has power, don’t assume that the subscriber has anything else. There is a DC current loop that provides 48 V DC power. The current loop determines the hook switch state. There’s also audio signalling for in-band signalling from phone to CO — or from CO to phone — or for voice. It all depends on context and yet all these things are multiplexed over two wires, including the hook state and the audio signalling and the voice traffic.
If you wanted to tap this: you could do it in three different ways.
* Via the local loop (wired or wireless/cellular).
* Via the CO switch (software programming).
* Via trunk interception (e.g. fiber, microwave, satellite) with demultiplexing.How do LEAs do it? Almost always at local loop or CO. (By contrast, intelligence agencies are more likely to try to tap trunks.)
From The Internet Archive’s “Orphan Works Reply Comments” (9 May 2005):
The Internet Archive stores over 500 terabytes of ephemeral web pages, book and moving images, adding an additional twenty-five terabytes each month. The short life span and immense quantity of these works prompts a solution that provides immediate and efficient preservation and access to orphaned ephemeral works. For instance, the average lifespan of a webpage is 100 days before it undergoes alteration or permanent deletion, and there are an average of fifteen links on a webpage.
Info about the Internet Archive Read More »
From Bruce Schneier’s “Mitigating Identity Theft” (Crypto-Gram: 15 April 2005):
The very term “identity theft” is an oxymoron. Identity is not a possession that can be acquired or lost; it’s not a thing at all. …
The real crime here is fraud; more specifically, impersonation leading to fraud. Impersonation is an ancient crime, but the rise of information-based credentials gives it a modern spin. A criminal impersonates a victim online and steals money from his account. He impersonates a victim in order to deceive financial institutions into granting credit to the criminal in the victim’s name. …
The crime involves two very separate issues. The first is the privacy of personal data. Personal privacy is important for many reasons, one of which is impersonation and fraud. As more information about us is collected, correlated, and sold, it becomes easier for criminals to get their hands on the data they need to commit fraud. …
The second issue is the ease with which a criminal can use personal data to commit fraud. …
Proposed fixes tend to concentrate on the first issue — making personal data harder to steal — whereas the real problem is the second. If we’re ever going to manage the risks and effects of electronic impersonation, we must concentrate on preventing and detecting fraudulent transactions.
… That leaves only one reasonable answer: financial institutions need to be liable for fraudulent transactions. They need to be liable for sending erroneous information to credit bureaus based on fraudulent transactions.
… The bank must be made responsible, regardless of what the user does.
If you think this won’t work, look at credit cards. Credit card companies are liable for all but the first $50 of fraudulent transactions. They’re not hurting for business; and they’re not drowning in fraud, either. They’ve developed and fielded an array of security technologies designed to detect and prevent fraudulent transactions.
The real solution to identity theft: bank liability Read More »
From Bruce Schneier’s “More on Two-Factor Authentication” (Crypto-Gram: 15 April 2005):
Passwords just don’t work anymore. As computers have gotten faster, password guessing has gotten easier. Ever-more-complicated passwords are required to evade password-guessing software. At the same time, there’s an upper limit to how complex a password users can be expected to remember. About five years ago, these two lines crossed: It is no longer reasonable to expect users to have passwords that can’t be guessed. For anything that requires reasonable security, the era of passwords is over.
Two-factor authentication solves this problem. It works against passive attacks: eavesdropping and password guessing. It protects against users choosing weak passwords, telling their passwords to their colleagues or writing their passwords on pieces of paper taped to their monitors. For an organization trying to improve access control for its employees, two-factor authentication is a great idea. Microsoft is integrating two-factor authentication into its operating system, another great idea.
What two-factor authentication won’t do is prevent identity theft and fraud. It’ll prevent certain tactics of identity theft and fraud, but criminals simply will switch tactics. We’re already seeing fraud tactics that completely ignore two-factor authentication. As banks roll out two-factor authentication, criminals simply will switch to these new tactics.
One way to think about this is that two-factor authentication solves security problems involving authentication. The current wave of attacks against financial systems are not exploiting vulnerabilities in the authentication system, so two-factor authentication doesn’t help.
Two-factor authentication: the good & the bad Read More »
From Bruce Schneier’s “Hollywood Sign Security” (Crypto-Gram: 15 January 2005):
In Los Angeles, the “HOLLYWOOD” sign is protected by a fence and a locked gate. Because several different agencies need access to the sign for various purposes, the chain locking the gate is formed by several locks linked together. Each of the agencies has the key to its own lock, and not the key to any of the others. Of course, anyone who can open one of the locks can open the gate.
This is a nice example of a multiple-user access-control system. It’s simple, and it works. You can also make it as complicated as you want, with different locks in parallel and in series.
The HOLLYWOOD sign as multi-user access-control system Read More »
From Bruce Schneier’s “Burglars and “Feeling Secure” (Crypto-Gram: 15 January 2005):
This quote is from “Confessions of a Master Jewel Thief,” by Bill Mason (Villard, 2003): “Nothing works more in a thief’s favor than people feeling secure. That’s why places that are heavily alarmed and guarded can sometimes be the easiest targets. The single most important factor in security — more than locks, alarms, sensors, or armed guards — is attitude. A building protected by nothing more than a cheap combination lock but inhabited by people who are alert and risk-aware is much safer than one with the world’s most sophisticated alarm system whose tenants assume they’re living in an impregnable fortress.”
The author, a burglar, found that luxury condos were an excellent target. Although they had much more security technology than other buildings, they were vulnerable because no one believed a thief could get through the lobby.
When people feel secure, they’re easier targets Read More »
From Clay Shirky’s “Group as User: Flaming and the Design of Social Software” (Clay Shirky’s Writings About the Internet: 5 November 2004):
This possibility of adding novel social components to old tools presents an enormous opportunity. To take the most famous example, the Slashdot moderation system puts the ability to rate comments into the hands of the users themselves. The designers took the traditional bulletin board format — threaded posts, sorted by time — and added a quality filter. And instead of assuming that all users are alike, the Slashdot designers created a karma system, to allow them to discriminate in favor of users likely to rate comments in ways that would benefit the community. And, to police that system, they created a meta-moderation system, to solve the ‘Who will guard the guardians’ problem. …
Likewise, Craigslist took the mailing list, and added a handful of simple features with profound social effects. First, all of Craigslist is an enclosure, owned by Craig … Because he has a business incentive to make his list work, he and his staff remove posts if enough readers flag them as inappropriate. …
And, on the positive side, the addition of a “Nominate for ‘Best of Craigslist'” button in every email creates a social incentive for users to post amusing or engaging material. … The only reason you would nominate a post for ‘Best of’ is if you wanted other users to see it — if you were acting in a group context, in other words. …
Jonah Brucker-Cohen’s Bumplist stands out as an experiment in experimenting the social aspect of mailing lists. Bumplist, whose motto is “an email community for the determined”, is a mailing list for 6 people, which anyone can join. When the 7th user joins, the first is bumped and, if they want to be back on, must re-join, bumping the second user, ad infinitum. … However, it is a vivid illustration of the ways simple changes to well-understood software can produce radically different social effects.
You could easily imagine many such experiments. What would it take, for example, to design a mailing list that was flame-retardant? Once you stop regarding all users as isolated actors, a number of possibilities appear. You could institute induced lag, where, once a user contributed 5 posts in the space of an hour, a cumulative 10 minute delay would be added to each subsequent post. Every post would be delivered eventually, but it would retard the rapid-reply nature of flame wars, introducing a cooling off period for the most vociferous participants.
You could institute a kind of thread jail, where every post would include a ‘Worst of’ button, in the manner of Craigslist. Interminable, pointless threads (e.g. Which Operating System Is Objectively Best?) could be sent to thread jail if enough users voted them down. (Though users could obviously change subject headers and evade this restriction, the surprise, first noted by Julian Dibbell, is how often users respect negative communal judgment, even when they don’t respect the negative judgment of individuals. [ See Rape in Cyberspace — search for “aggressively antisocial vibes.”])
You could institute a ‘Get a room!’ feature, where any conversation that involved two users ping-ponging six or more posts (substitute other numbers to taste) would be automatically re-directed to a sub-list, limited to that pair. The material could still be archived, and so accessible to interested lurkers, but the conversation would continue without the attraction of an audience.
You could imagine a similar exercise, working on signal/noise ratios generally, and keying off the fact that there is always a most active poster on mailing lists, who posts much more often than even the second most active, and much much more often than the median poster. Oddly, the most active poster is often not even aware that they occupy this position (seeing ourselves as others see us is difficult in mediated spaces as well,) but making them aware of it often causes them to self-moderate. You can imagine flagging all posts by the most active poster, whoever that happened to be, or throttling the maximum number of posts by any user to some multiple of average posting tempo.
Examples of tweaking old technologies to add social aspects Read More »
From Clay Shirky’s “Group as User: Flaming and the Design of Social Software” (Clay Shirky’s Writings About the Internet: 5 November 2004):
Learning From Flame Wars
Mailing lists were the first widely available piece of social software. … Mailing lists were also the first widely analyzed virtual communities. …
Flame wars are not surprising; they are one of the most reliable features of mailing list practice. If you assume a piece of software is for what it does, rather than what its designer’s stated goals were, then mailing list software is, among other things, a tool for creating and sustaining heated argument. …
… although the environment in which a mailing list runs is computers, the environment in which a flame war runs is people. …
The user’s mental model of a word processor is of limited importance — if a word processor supports multiple columns, users can create multiple columns; if not, then not. The users’ mental model of social software, on the other hand, matters enormously. For example, ‘personal home pages’ and weblogs are very similar technically — both involve local editing and global hosting. The difference between them was mainly in the user’s conception of the activity. …
… The cumulative effect is to make maximizing individual flexibility a priority, even when that may produce conflict with the group goals.
Netiquette and Kill Files
The first general response to flaming was netiquette. Netiquette was a proposed set of behaviors that assumed that flaming was caused by (who else?) individual users. If you could explain to each user what was wrong with flaming, all users would stop.
This mostly didn’t work. The problem was simple — the people who didn’t know netiquette needed it most. They were also the people least likely to care about the opinion of others …
… Addressing the flamer directly works not because he realizes the error of his ways, but because it deprives him of an audience. Flaming is not just personal expression, it is a kind of performance, brought on in a social context.
… People behave differently in groups, and while momentarily engaging them one-on-one can have a calming effect, that is a change in social context, rather than some kind of personal conversion. …
Another standard answer to flaming has been the kill file, sometimes called a bozo filter, which is a list of posters whose comments you want filtered by the software before you see them. …
… And although people have continually observed (for thirty years now) that “if everyone just ignores user X, he will go away,” the logic of collective action makes that outcome almost impossible to orchestrate — it only takes a couple of people rising to bait to trigger a flame war, and the larger the group, the more difficult it is to enforce the discipline required of all members.
The Tragedy of the Conversational Commons
Briefly stated, the tragedy of the commons occurs when a group holds a resource, but each of the individual members has an incentive to overuse it. …
In the case of mailing lists (and, again, other shared conversational spaces), the commonly held resource is communal attention. The group as a whole has an incentive to keep the signal-to-noise ratio high and the conversation informative, even when contentious. Individual users, though, have an incentive to maximize expression of their point of view, as well as maximizing the amount of communal attention they receive. It is a deep curiosity of the human condition that people often find negative attention more satisfying than inattention, and the larger the group, the likelier someone is to act out to get that sort of attention.
However, proposed responses to flaming have consistently steered away from group-oriented solutions and towards personal ones. …
Weblog and Wiki Responses
… Weblogs are relatively flame-free because they provide little communal space. In economic parlance, weblogs solve the tragedy of the commons through enclosure, the subdividing and privatizing of common space. …
Like weblogs, wikis also avoid the tragedy of the commons, but they do so by going to the other extreme. Instead of everything being owned, nothing is. Whereas a mailing list has individual and inviolable posts but communal conversational space, in wikis, even the writing is communal. … it is actually easier to restore damage than cause it. …
Weblogs and wikis are proof that you can have broadly open discourse without suffering from hijacking by flamers, by creating a social structure that encourages or deflects certain behaviors.
Clay Shirky on flaming & how to combat it Read More »
From Wikipedia’s “Creative destruction” (13 July 2006):
Creative destruction, introduced by the economist Joseph Schumpeter, describes the process of industrial transformation that accompanies radical innovation. In Schumpeter’s vision of capitalism, innovative entry by entrepreneurs was the force that sustained long-term economic growth, even as it destroyed the value of established companies that enjoyed some degree of monopoly power. …
There are numerous types of innovation generating creative destruction in an industry:
New markets or products
New equipment
New sources of labor and raw materials
New methods of organization or management
New methods of inventory management
New methods of transportation
New methods of communication (e.g., the Internet)
New methods of advertising and marketing
New financial instruments
New ways to lobby politicians or new legal strategies
Word of the day: creative destruction Read More »