Quotulatiousness

April 17, 2014

Online illegal drug sales persist because they’re safer than other channels

Filed under: Britain, Law, Liberty — Tags: , , , , — Nicholas @ 07:34

At the Adam Smith Institute blog, Daniel Pryor discusses the reasons for “Silk Road” continuing despite police crackdowns:

Growing up in Essex has made me appreciate why purchasing illegal drugs online is a far more attractive option. I have experienced the catastrophic effects of drug prohibition first-hand, and it is part of the reason that the issue means a great deal to me. Friends and acquaintances have had terrible experiences due to contamination from unscrupulous dealers with little incentive to raise their drugs’ quality, and every reason to lace their products with harmful additives. The violence associated with buying and selling drugs in person has affected the lives of people close to me.

As a current university student, I now live in an environment populated by many people who use Silk Road regularly, and for a variety of purchases. From prescription-only ‘study drugs’ like modafinil to recreational marijuana and cocaine, fellow students’ experiences with drugs ordered from Silk Road have reinforced my beliefs in the benefits of legalisation. They have no need to worry about aggressive dealers and are more likely to receive safer drugs: meaning chances of an overdose and other health risks are substantially reduced.

Their motivations for using Silk Road rather than street dealers correlate with the Global Drug Survey’s findings. Over 60% of participants cited the quality of Silk Road’s drugs as being a reason for ordering, whilst a significant proportion also used the site as a way to avoid the potential violence of purchasing from the street. Given that payments are made in the highly volatile Bitcoin, it was also surprising to learn that lower prices were a motivation for more than a third of respondents.

April 16, 2014

QotD: The wizards of the web

Filed under: Business, Quotations, Technology — Tags: , , , , — Nicholas @ 08:28

You would have thought this would have sunk in by now. The fact that it hasn’t shows what an extraordinary machine the internet is — quite different to any technology that has gone before it. When the Lovebug struck, few of us lived our lives online. Back then we banked in branches, shopped in shops, met friends and lovers in the pub and obtained jobs by posting CVs. Tweeting was for the birds. Cyberspace was marginal. Now, for billions, the online world is their lives. But there is a problem. Only a tiny, tiny percentage of the people who use the internet have even the faintest clue about how any of it works. “SSL”, for instance, stands for “Secure Sockets Layer”.

I looked it up and sort of understood it — for about five minutes. While most drivers have at least a notion of how an engine works (something about petrol exploding in cylinders and making pistons go up and down and so forth) the very language of the internet — “domain names” and “DNS codes”, endless “protocols” and so forth — is arcane, exclusive; it is, in fact, the language of magic. For all intents and purposes the internet is run by wizards.

And the trouble with letting wizards run things is that when things go wrong we are at their mercy. The world spends several tens of billions of pounds a year on anti-malware programs, which we are exhorted to buy lest the walls of our digital castles collapse around us. Making security software is a huge industry, and whenever there is a problem — either caused by viruses or by a glitch like Heartbleed — the internet security companies rush to be quoted in the media. And guess what, their message is never “keep calm and carry on”. As Professor Ross Anderson of Cambridge University says: “Almost all the cost of cybercrime is the cost of anticipation.”

Michael Hanlon, “Relax, Mumsnet users: don’t lose sleep over Heartbleed hysteria”, Telegraph, 2014-04-16

April 11, 2014

Open source software and the Heartbleed bug

Filed under: Technology — Tags: , , , , — Nicholas @ 07:03

Some people are claiming that the Heartbleed bug proves that open source software is a failure. ESR quickly addresses that idiotic claim:

Heartbleed bugI actually chuckled when I read rumor that the few anti-open-source advocates still standing were crowing about the Heartbleed bug, because I’ve seen this movie before after every serious security flap in an open-source tool. The script, which includes a bunch of people indignantly exclaiming that many-eyeballs is useless because bug X lurked in a dusty corner for Y months, is so predictable that I can anticipate a lot of the lines.

The mistake being made here is a classic example of Frederic Bastiat’s “things seen versus things unseen”. Critics of Linus’s Law overweight the bug they can see and underweight the high probability that equivalently positioned closed-source security flaws they can’t see are actually far worse, just so far undiscovered.

That’s how it seems to go whenever we get a hint of the defect rate inside closed-source blobs, anyway. As a very pertinent example, in the last couple months I’ve learned some things about the security-defect density in proprietary firmware on residential and small business Internet routers that would absolutely curl your hair. It’s far, far worse than most people understand out there.

[…]

Ironically enough this will happen precisely because the open-source process is working … while, elsewhere, bugs that are far worse lurk in closed-source router firmware. Things seen vs. things unseen…

Returning to Heartbleed, one thing conspicuously missing from the downshouting against OpenSSL is any pointer to an implementation that is known to have a lower defect rate over time. This is for the very good reason that no such empirically-better implementation exists. What is the defect history on proprietary SSL/TLS blobs out there? We don’t know; the vendors aren’t saying. And we can’t even estimate the quality of their code, because we can’t audit it.

The response to the Heartbleed bug illustrates another huge advantage of open source: how rapidly we can push fixes. The repair for my Linux systems was a push-one-button fix less than two days after the bug hit the news. Proprietary-software customers will be lucky to see a fix within two months, and all too many of them will never see a fix patch.

Update: There are lots of sites offering tools to test whether a given site is vulnerable to the Heartbeat bug, but you need to step carefully there, as there’s a thin line between what’s legal in some countries and what counts as an illegal break-in attempt:

Websites and tools that have sprung up to check whether servers are vulnerable to OpenSSL’s mega-vulnerability Heartbleed have thrown up anomalies in computer crime law on both sides of the Atlantic.

Both the US Computer Fraud and Abuse Act and its UK equivalent the Computer Misuse Act make it an offence to test the security of third-party websites without permission.

Testing to see what version of OpenSSL a site is running, and whether it is also supports the vulnerable Heartbeat protocol, would be legal. But doing anything more active — without permission from website owners — would take security researchers onto the wrong side of the law.

And you shouldn’t just rush out and change all your passwords right now (you’ll probably need to do it, but the timing matters):

Heartbleed is a catastrophic bug in widely used OpenSSL that creates a means for attackers to lift passwords, crypto-keys and other sensitive data from the memory of secure server software, 64KB at a time. The mega-vulnerability was patched earlier this week, and software should be updated to use the new version, 1.0.1g. But to fully clean up the problem, admins of at-risk servers should generate new public-private key pairs, destroy their session cookies, and update their SSL certificates before telling users to change every potentially compromised password on the vulnerable systems.

April 9, 2014

XKCD on the impact of “Heartbleed”

Filed under: Technology — Tags: , , , , , — Nicholas @ 11:00

Update: In case you’re not concerned about the seriousness of this issue, The Register‘s John Leyden would like you to think again.

The catastrophic crypto key password vulnerability in OpenSSL affects far more than web servers, with everything from routers to smartphones also affected.

The so-called “Heartbleed” vulnerability (CVE-2014-0160) can be exploited to extract information from the servers running vulnerable version of OpenSSL, and this includes email servers and Android smartphones as well as routers.

Hackers could potentially gain access to private encryption key before using this information to decipher the encrypted traffic to and from vulnerable websites.

Web sites including Yahoo!, Flickr and OpenSSL were among the many left vulnerable to the megabug that exposed encryption keys, passwords and other sensitive information.

Preliminary tests suggested 47 of the 1000 largest sites are vulnerable to Heartbleed and that’s only among the less than half that provide support for SSL or HTTPS at all. Many of the affected sites – including Yahoo! – have since patched the vulnerability. Even so, security experts – such as Graham Cluley – remain concerned.

OpenSSL is a widely used encryption library that is a key component of technology that enables secure (https) website connections.

The bug exists in the OpenSSL 1.0.1 source code and stems from coding flaws in a fairly new feature known as the TLS Heartbeat Extension. “TLS heartbeats are used as ‘keep alive’ packets so that the ends of an encrypted connection can agree to keep the session open even when they don’t have any official data to exchange,” explains security veteran Paul Ducklin in a post on Sophos’ Naked Security blog.

The Heartbleed vulnerability in the OpenSSL cryptographic library might be exploited to reveal contents of secured communication exchanges. The same flaw might also be used to lift SSL keys.

This means that sites could still be vulnerable to attacks after installing the patches in cases where a private key has been stolen. Sites therefore need to revoke exposed keys, reissue new keys, and invalidate all session keys and session cookies.

Bruce Schneier:

“Catastrophic” is the right word. On the scale of 1 to 10, this is an 11.

Half a million sites are vulnerable, including my own. Test your vulnerability here.

The bug has been patched. After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected.

At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.

April 2, 2014

Dog adoptions – the economics are trickier than you think

Filed under: Economics — Tags: , , — Nicholas @ 09:01

In the Harvard Business Review, Paul Oyer explains some of the changes in the market for adopting dogs over the last decade or so:

Lots of people are looking for a canine companion to brighten their lives, and there are always plenty of dogs “on the market” at shelters or through breeders. Yet, too many dogs don’t find homes, and they often pay the ultimate price (especially if they are in Sochi). So what stands in the way of dogs and owners finding one another?

For starters, the supply and demand at any given time in any given area is typically thin and random. Thankfully, online pet boards have thickened the market by enabling potential adopters, especially those who want to rescue a dog, to find a broader range of options rather than just settling for what the shelter happens to have the day they go there. Sites such as petfinder.com lead to many adoptions, many of which cross significant geographic territory.

[…]

A second problem — and this is much harder to solve than the thin-market problem — is there are a lot of duds on both sides of the dog adoption market, and it’s hard to tell exactly who they are. A breeder could describe a bad, Cujo-like dog as “good with children” while potential owners like Michael Vicks’ former associates would surely claim they would give a dog a safe home.

Shelters address this issue by thoroughly screening would-be adopters (I have always found it ironic that they give you your baby to take home after it is born with no questions asked, but you have to jump through a lot of hoops to adopt a puppy or kitten that will otherwise be euthanized.) But there is no evidence that these screenings are very effective.

People are less inclined to shop or bank online after NSA surveillance reports

Filed under: Business, Government, Technology — Tags: , , , , , — Nicholas @ 08:46

Among the side-effects of government surveillance revelations, ordinary people are deciding to be a bit less involved in online activities, according to a new Harris Poll:

Online banking and shopping in America are being negatively impacted by ongoing revelations about the National Security Agency’s digital surveillance activities. That is the clear implication of a recent ESET-commissioned Harris poll which asked more than 2,000 U.S. adults ages 18 and older whether or not, given the news about the NSA’s activities, they have changed their approach to online activity.

Almost half of respondents (47%) said that they have changed their online behavior and think more carefully about where they go, what they say, and what they do online.

When it comes to specific Internet activities, such as email or online banking, this change in behavior translates into a worrying trend for the online economy: over one quarter of respondents (26%) said that, based on what they have learned about secret government surveillance, they are now doing less banking online and less online shopping. This shift in behavior is not good news for companies that rely on sustained or increased use of the Internet for their business model.

[…]

Whether or not we have seen the full extent of the public’s reaction to state-sponsored mass surveillance is hard to predict, but based on this survey and the one we did last year, I would say that, if the NSA revelations continue – and I am sure they will – and if government reassurances fail to impress the public, then it is possible that the trends in behavior we are seeing right now will continue. For example, I do not see many people finding reassurance in President Obama’s recently announced plan to transfer the storage of millions of telephone records from the government to private phone companies. As we will document in our next installment of survey findings, data gathering by companies is even more of a privacy concern for some Americans than government surveillance.

And in case anyone is tempted to think that this is a narrow issue of concern only to news junkies and security geeks, let me be clear: according to this latest survey, 85% of adult Americans are now at least somewhat familiar with the news about secret government surveillance of private citizens’ phone calls, emails, online activity, and so on.

March 29, 2014

Surveillance of Canadian telecommunications channels

Filed under: Cancon, Government, Law, Media — Tags: , , , , , — Nicholas @ 00:01

The University of Toronto’s Munk School of Global Affairs looks at how the Canadian security establishment operates:

The issue of lawful access has repeatedly arisen on the Canadian federal agenda. Every time that the legislation has been introduced Canadians have opposed the notion of authorities gaining warrantless access to subscriber data, to the point where the most recent version of the lawful access legislation dropped this provision. It would seem, however, that the real motivation for dropping the provision may follow from the facts on the ground: Canadian authorities already routinely and massively collect subscriber data without significant pushback by Canada’s service providers. And whereas the prior iteration of the lawful access legislation (i.e. C–30) would have required authorities to report on their access to this data the current iteration of the legislation (i.e. C–13) lacks this accountability safeguard.

In March 2014, MP Charmaine Borg received responses from federal agencies (.pdf) concerning the agencies’ requests for subscriber-related information from telecommunications service providers (TSPs). Those responses demonstrate extensive and unaccountable federal government surveillance of Canadians. I begin this post by discussing the political significance of MP Borg’s questions and then proceed to granularly identify major findings from the federal agencies’ respective responses. After providing these empirical details and discussing their significance, I conclude by arguing that the ‘subscriber information loophole’ urgently needs to be closed and that federal agencies must be made accountable to their masters, the Canadian public.

[…]

The government’s responses to MP Borg’s questions were returned on March 24, 2014. In what follows I identify the major findings from these responses. I first discuss the Communications Security Establishment Canada (CSEC), Canadian Security Intelligence Service (CSIS), Royal Canadian Mounted Police (RCMP), and Canadian Border Service Agency (CBSA). These agencies provided particularly valuable information in response to MP Borg’s questions. I then move to discuss some of the ‘minor findings’ related to the Canadian Revenue Agency (CRA), Competition Bureau, Statistics Canada, and the Transportation Safety Board (TSB).

March 16, 2014

Defining hackers and hacker culture

Filed under: History, Technology — Tags: , , , — Nicholas @ 09:49

ESR put this together as a backgrounder for a documentary film maker:

In its original and still most correct sense, the word “hacker” describes a member of a tribe of expert and playful programmers with roots in 1960s and 1970s computer-science academia, the early microcomputer experimenters, and several other contributory cultures including science-fiction fandom.

Through a historical process I could explain in as much detail as you like, this hacker culture became the architects of today’s Internet and evolved into the open-source software movement. (I had a significant role in this process as historian and activist, which is why my friends recommended that you talk to me.)

People outside this culture sometimes refer to it as “old-school hackers” or “white-hat hackers” (the latter term also has some more specific shades of meaning). People inside it (including me) insist that we are just “hackers” and using that term for anyone else is misleading and disrespectful.

Within this culture, “hacker” applied to an individual is understood to be a title of honor which it is arrogant to claim for yourself. It has to be conferred by people who are already insiders. You earn it by building things, by a combination of work and cleverness and the right attitude. Nowadays “building things” centers on open-source software and hardware, and on the support services for open-source projects.

There are — seriously — people in the hacker culture who refuse to describe themselves individually as hackers because they think they haven’t earned the title yet — they haven’t built enough stuff. One of the social functions of tribal elders like myself is to be seen to be conferring the title, a certification that is taken quite seriously; it’s like being knighted.

[…]

There is a cluster of geek subcultures within which the term “hacker” has very high prestige. If you think about my earlier description it should be clear why. Building stuff is cool, it’s an achievement.

There is a tendency for members of those other subcultures to try to appropriate hacker status for themselves, and to emulate various hacker behaviors — sometimes superficially, sometimes deeply and genuinely.

Imitative behavior creates a sort of gray zone around the hacker culture proper. Some people in that zone are mere posers. Some are genuinely trying to act out hacker values as they (incompletely) understand them. Some are ‘hacktivists’ with Internet-related political agendas but who don’t write code. Some are outright criminals exploiting journalistic confusion about what “hacker” means. Some are ambiguous mixtures of several of these types.

March 12, 2014

A short history of the web

Filed under: History, Technology — Tags: — Nicholas @ 09:05

At the Guardian, an amusing way to present the short-but-fascinating history of the World Wide Web (when did we stop calling it by its formal name?):

A partial history of the open web, in snakes and ladders form

It was 25 years ago today that Tim Berners-Lee suggested the creation of the world wide web. As the creator speaks to the Guardian about his hopes for its future, we look at the triumphs of accessibility and challenges to openness that mark the history of the web

A short history of the web

However, pay attention to the claims in many headlines, as Kelly Fiveash suggests:

Top 5 headlines that claim Tim Berners Lee ‘INVENTED the INTERNET’. Whoops!
You’ll never guess what happened next

Newspapers are quite rightly back-slapping Brit inventor Tim Berners-Lee today — the man who brought the world wide web to the, er, world 25 years ago today.

It’s a pity, then, that mainstream publications continue to stumble over the concept by lazily and wrongly saying that Berners-Lee birthed the internet.

Sub-editors across the land are scrambling to correct copy that was carelessly slapped online with headlines stupidly claiming that TBL was the god-like creature who came up with the network of networks idea.

February 21, 2014

Online bounty hunting

Filed under: Business, Gaming, Law, Technology — Tags: , , — Nicholas @ 09:10

BBC News on a bounty being offered to track down and prosecute those involved in the DDoS attack on the game Wurm:

A bounty of 10,000 euros (£8,200) is being offered to catch the people who took the online multiplayer game Wurm offline.

The game’s servers were victim of a distributed denial of service (DDoS) attack this week and the game remains offline.

A DDoS attack forces a website offline by overloading the site’s servers with more data than it can process.

The bounty is being offered for any “tips leading to a conviction”.

Wurm is a massively multiplayer online role-playing game (MMORPG) that is played on personal computers.

The game takes place in virtual realms and everything in it is created by the players who are taking part. They can compete against each other or combine forces to defend a realm.

The attack happened just after an update to the game.

Writing on Wurm‘s website, one of its creators said it would be back online as soon as possible.

“We were the target of a DDoS attack and our hosting provider had to pull us off the grid for now.

“We will be back as soon as possible, but things are out of our hands since their other customers are affected.

“We can offer 10,000 euros for any tips or evidence leading to a conviction of the person responsible for this attack,” he wrote.

H/T to Hunter for the link.

February 15, 2014

South Korea’s high-speed broadband (censored) internet

Filed under: Asia, Technology — Tags: , , — Nicholas @ 10:43

The Economist looks at the gosh-wow technical specs of South Korean internet access, governed by the sensibilities of a restrictive, censorious regime:

Why South Korea is really an internet dinosaur

SOUTH KOREA likes to think of itself as a world leader when it comes to the internet. It boasts the world’s swiftest average broadband speeds (of around 22 megabits per second). Last month the government announced that it will upgrade the country’s wireless network to 5G by 2020, making downloads about 1,000 times speedier than they are now. Rates of internet penetration are among the highest in the world. There is a thriving startup community (Cyworld, rolled out five years before Mark Zuckerberg launched Facebook, was the most popular social network in South Korea for a decade) and the country leads the world in video games as spectator sports. Yet in other ways the futuristic country is stuck in the dark ages. Last year Freedom House, an American NGO, ranked South Korea’s internet as only “partly free”. Reporters without Borders has placed it on a list of countries “under surveillance”, alongside Egypt, Thailand and Russia, in its report on “Enemies of the Internet”. Is forward-looking South Korea actually rather backward?

Every week portions of the Korean web are taken down by government censors. Last year about 23,000 Korean webpages were deleted, and another 63,000 blocked, at the request of the Korea Communications Standards Commission (KCSC), a nominally independent (but mainly government-appointed) public body. In 2009 the KCSC had made just 4,500 requests for deletion. Its filtering chiefly targets pornography, prostitution and gambling, all of which are illegal in South Korea. But more wholesome pursuits are also restricted: online gaming is banned between midnight and 6am for under-16s (users must input their government-issued ID numbers to prove their age). Sites from North Korea, including its state newspaper, news agency and Twitter feed, are blocked, as are those of North Korea’s sympathisers. A law dating back to the Korean war forbids South Korean maps from being taken out of the country. Because North and South are technically still at war, the law has been expanded to include electronic mapping data—which means that Google, for instance, cannot process South Korean mapping data on its servers and therefore cannot offer driving directions inside the country. In 2010 the UN determined that the KCSC “essentially operates as a censorship body”.

February 11, 2014

Michael Geist on what Canadians can do about mass surveillance

Filed under: Cancon, Government, Liberty, Technology — Tags: , , — Nicholas @ 12:21

A post at Michael Geist’s website advises Canadians about their options to protest the government’s role in internet surveillance:

… we know that U.S. law provides fewer protections to personal information of non-U.S. citizens, suggesting that Canadian data residing in cloud-based servers in the U.S. are particularly vulnerable. Meanwhile, the Canadian legal rules remain largely shrouded in secrecy, with officials maintaining that programs fall within the law despite the obvious privacy interests in metadata and statutory restrictions on domestic surveillance.

[…]

Today is the day that Canadians can send a message that this official is wrong. The Day We Fight Back Against Mass Surveillance is a global effort to galvanize people around the world to speak out against ubiquitous surveillance. Canadians can learn more here, but the key ask is to contact your Member of Parliament. If you are concerned with widespread surveillance in Canada, take a couple of moments to send an email or letter (no stamp required) to your MP and let them know how you feel (alternatively, you can fill out the form at this site). In addition, you can sign onto a global petition supported by hundreds of groups around the world.

I’ve written about the need for changes here and many others — including Interim Privacy Commissioner Chantal Bernier, Kent Roach, Wesley Wark, Ron Diebert, David Fraser, Ontario Privacy Commissioner Ann Cavoukian and Avner Levin, Craig Forcese, and Lisa Austin — have highlighted other potential changes. There are no shortage of ideas for reform. What we need now are Canadians to speak out to demand an open review and reform of Canadian surveillance law and policy.

February 5, 2014

The Internet and the defenestration of the gatekeepers

Filed under: Government, Liberty, Technology — Tags: , , , — Nicholas @ 08:51

In the latest Libertarian Enterprise, L. Neil Smith talks about the recent movie The Fifth Estate, prominent whistleblowers, and how the Internet upset so many top-down information models:

The top three “whistle-blowers”, of course, in no particular order, are Assange himself, Bradley/Chelsea Manning, and Edward Snowden. I’m interested in these individuals for a number of reasons, not the least of which, is that I wrote about them (actually, I anticipated them) long before most people in the world ever knew they existed.

Including me.

Eleven years ago, in a speech I delivered to the Libertarian Party of New Mexico entitled “Empire of Lies“, I asserted that every human being on Earth is swimming — drowning — in an ocean of lies, mostly told by governments of one variety or another. I pointed out that lies of that kind — for example, the Gulf of Tonkin “incident” that never happened, and yet cost the lives of 60,000 Americans and 2,000,000 Vietnamese — are deadly. I proposed, therefore, that any politician, bureaucrat, or policeman caught telling a lie to any member of the public for any reason — a well as any among their ilk keeping secrets — ought to be subject to capital punishment, preferably by public hanging.

On network television.

Some time later, I stumbled on what I think is the true historical significance of the Internet. For as long as human beings have been communicating with one another, except among family and friends (and even then, sometimes) communications have been vertical and one-way, from the top down. Just to take it back to the Middle Ages, you can’t talk back to, or argue with a church bell. You either do what you are trained to do when it rings — wake, pray, eat, go to bed — or you do not, and suffer whatever consequences society has arranged for you to suffer.

This sorry situation was not improved materially by later “great” inventions like the printing press, movies, radio, or television. Such innovations only made it easier and more convenient to issue orders. The elite laid down the law to the peons (that’s us) and there was no way of contradicting them. Letters to the Editor are limited to 400 words.

But the Internet, and all of the technical, political, and social phenomena associated with it, turned this communications hierarchy sideways. Almost overnight, it was now possible for anybody on the planet to talk to anybody else, and to speak privately with a single individual, or to millions, without obtaining anyone’s permission, judged not by their power or authority, but by the cogency of their arguments.

Atlas didn’t shrug, Authority wigged.

Traditional Big Media, newspaper, magazine, and book publishers, movie studios, radio and television network executives, held onto their monopoly gatekeeper position, inherited from a more primitive era, desperately and at any cost. Only they were fit to judge what word could be sent by mere individuals to the Great Unwashed (that’s us, again). What it cost them is their very existence. They were incapable of divining that the Age of Authority, including theirs, was over.

For governments all over the world, subsisting as they all do on lies, intimidation, and violence, it was a nightmare. They have tried to fight back, but they will lose. The tide of history is against them. The idea of “peer-to-peer” communication is out there, and — short of the mass slaughter some of them seem to be preparing against us: a measure of their utter despair — it can never be called back or contained.

February 2, 2014

ESR goes down the rabbit hole

Filed under: Politics, USA — Tags: , , , , , , — Nicholas @ 10:36

After reading a post called An Incomplete Guide to Feminist infighting, ESR did a bit more spelunking down the feminist rabbit hole and came back with a bit of a travelogue for those trapped down there:

The most conspicuous thing is that these women ooze “privilege” from every pore. All of them, not just the white upper-middle-class academics but the putatively “oppressed” blacks and transsexuals and what have you. It’s the privilege of living in a society so wealthy and so indulgent that they can go years – even decades – without facing a reality check.

And yet, these women think they are oppressed, by patriarchy and neoliberalism, heteronormativity, cisnormativity, and there’s a continuous arms race to come up with new oppression modalities du jour and how many intersectional categories each player can claim.

While these children of privilege are filling out their victimological bingo cards…elsewhere, women are treated like chattels. Raped under color of law. Genitally mutilated. But none of this enters the charmed circle of modern American feminism. So much safer to rage at the Amerikkan phallocracy that provides them with cushy jobs writing about their outrage for audiences almost as insulated from reality as they are. Not to mention all those obliging men who will grow their food, fix their plumbing, mow their lawns, and know their place.

[…]

And to return to an older theme – I think this sort of bitter involution is what eventually and inevitably happens when you marinate in left-wing duckspeak for long enough. (Clue: if you find yourself using the word “neoliberal” as non-ironically as these women do, you’re there. For utter lack of meaning outside of a dense thicket of self-referential cod-Marxist presuppositions disconnected from reality, this one has few rivals.)

Accordingly, George Orwell would have no trouble at all identifying the language of the feminist twitter wars as a form of Newspeak, designed not to convey thought but suppress it. Indeed, part of the content of the wars is that some of these women dimly sort of get this – see the whole argument over “callout culture”. But none of them can wake up enough to see that the problem is not just individual behaviors. Because to do that they’d have to face how irretrievably rotten and oppressive their entire discourse has become, and their worldview would collapse.

Ah well. This too shall pass. The university system and establishment journalism are both in the process of collapsing under their own weight. With them will go most of the ecological niches that support these precious, precious creatures in their luxury. Massive reality check a’coming. No doubt the twitter wars will continue, but in historical terms they won’t last long.

January 21, 2014

Coming soon – ShapeShifter’s “polymorphic” defence against malware

Filed under: Technology — Tags: , , , — Nicholas @ 11:11

In The Register, John Leyden discusses a new start-up’s plans for defending websites against hackers:

Startup Shape Security is re-appropriating a favourite tactic of malware writers in developing a technology to protect websites against automated hacking attacks.

Trojan authors commonly obfuscate their code to frustrate reverse engineers at security firms. The former staffers from Google, VMWare and Mozilla (among others) have created a network security appliance which takes a similar approach (dubbed real-time polymorphism) towards defending websites against breaches — by hobbling the capability of malware, bots, and other scripted attacks to interact with web applications.

Polymorphic code was originally used by malicious software to rewrite its own code every time a new machine was infected. Shape has invented patent-pending technology that is able to implement “real-time polymorphism” — or dynamically changing code — on any website. By doing this, it removes the static elements which botnets and malware depend on for their attacks.

« Newer PostsOlder Posts »

Powered by WordPress