Quotulatiousness

March 29, 2011

Amazon’s “Cloud Drive” announcement

Filed under: Media, Technology — Tags: , , — Nicholas @ 08:17

Tired of moving your music from machine to machine? Feel constricted in your choices? Amazon.com thinks they’ve got an offering you won’t turn down:

Amazon.com, Inc. (NASDAQ:AMZN) today announced the launch of Amazon Cloud Drive (www.amazon.com/clouddrive), Amazon Cloud Player for Web (www.amazon.com/cloudplayer) and Amazon Cloud Player for Android (www.amazon.com/cloudplayerandroid). Together, these services enable customers to securely store music in the cloudand play it on any Android phone, Android tablet, Mac or PC, wherever they are. Customers can easily upload their music library to Amazon Cloud Drive and can save any new Amazon MP3 purchases directly to their Amazon Cloud Drive for free.

“We’re excited to take this leap forward in the digital experience,” said Bill Carr, vice president of Movies and Music at Amazon. “The launch of Cloud Drive, Cloud Player for Web and Cloud Player for Android eliminates the need for constant software updates as well as the use of thumb drives and cables to move and manage music.”

“Our customers have told us they don’t want to download music to their work computers or phones because they find it hard to move music around to different devices,” Carr said. “Now, whether at work, home, or on the go, customers can buy music from Amazon MP3, store it in the cloud and play it anywhere.”

Don’t get too excited, fellow Canadians: this is the .com company, not the .ca flavour. Since amazon.ca still can’t sell you MP3 tracks, I doubt that the Amazon Cloud will be available north of the border any time soon.

March 27, 2011

Rogers is actively throttling bandwidth for World of Warcraft players

Filed under: Cancon, Gaming, Technology — Tags: , — Nicholas @ 11:14

In what isn’t really a surprise, Justin Olivetti reports on how Canadian WoW players have been suffering from deliberate throttling:

If you play World of Warcraft in Canada and were wondering why your connection seemed a bit slow, it turns out there may be a good explanation: Rogers Communications has been deliberately throttling the game across the country.

[. . .]

Rogers said that it was Blizzard’s use of BitTorrent to deliver updates that triggered the throttling, and said that customers who disabled this setting — as well as any other peer-to-peer applications — would not see a slowdown in speed. “Rogers will engage our customers to ensure they are aware of these recommendations, while continuing to work on a longer term solution,” a spokesperson said.

March 24, 2011

Online security: compromised HTTPS certificates

Filed under: Technology — Tags: , , , — Nicholas @ 09:25

Iranian hackers (or someone trying to cast blame on Iran) managed to get a number of HTTPS certificates issued under false colours:

On March 15th, an HTTPS/TLS Certificate Authority (CA) was tricked into issuing fraudulent certificates that posed a dire risk to Internet security. Based on currently available information, the incident got close to — but was not quite — an Internet-wide security meltdown. As this post will explain, these events show why we urgently need to start reinforcing the system that is currently used to authenticate and identify secure websites and email systems.

[. . .]

Comodo also said that the attack came primarily from Iranian IP addresses, and that one of the fraudulent login.yahoo.com certs was briefly deployed on a webserver in Iran.

March 20, 2011

Hacking a secure WiFi connection not illegal, says Dutch court

Filed under: Europe, Law, Technology — Tags: , , , , — Nicholas @ 11:09

An interesting legal precedent may not be as far-reaching as the headline might imply:

Breaking in to an encrypted router and using the WiFi connection is not an criminal offence, a Dutch court ruled. WiFi hackers can not be prosecuted for breaching router security.

A court in The Hague ruled earlier this month that it is legal to break WiFi security to use the internet connection. The court also decided that piggybacking on open WiFi networks in bars and hotels can not be prosecuted. In many countries both actions are illegal and often can be fined.

[. . .]

The Judge reasoned that the student didn’t gain access to the computer connected to the router, but only used the routers internet connection. Under Dutch law breaking in to a computer is forbidden.

A computer in The Netherlands is defined as a machine that is used for three things: the storage, processing and transmission of data. A router can therefore not be described as a computer because it is only used to transfer or process data and not for storing bits and bytes. Hacking a device that is no computer by law is not illegal, and can not be prosecuted, the court concluded.

The key here is the definition of a computer under the law: I expect the Dutch to update this definition in response to the outcome of this case.

March 8, 2011

Lastest boon to spammers? The move to IPv6, apparently

Filed under: Technology — Tags: , , , — Nicholas @ 08:50

John Leyden reports that with all the good things about moving to the vastly larger address space of IPv6, we can expect at least one negative:

The migration towards IPv6, which has been made necessary by the expansion of the internet, will make it harder to filter spam messages, service providers warn.

The current internet protocol, IPv4, has a limited address space which is reaching exhaustion thanks to the fast uptake of internet technology in populous countries such as India and China and the more widespread use of smartphones. IPv6 promises 3.4 x 1038 addresses compared to the paltry 4.3 billion (4.3 x 109) addresses offered by IPv4.

While this expansion allows far more devices to have a unique internet address, it creates a host of problems for security service providers, who have long used databases of known bad IP addresses to maintain blacklists of junk mail cesspools. Spam-filtering technology typically uses these blacklists as one (key component) in a multi-stage junk mail filtering process that also involves examining message contents.

“The primary method for stopping the majority of spam used by email providers is to track bad IP addresses sending email and block them — a process known as IP blacklisting,” explained Stuart Paton, a senior solutions architect at spam-filtering outfit Cloudmark. “With IPv6 this technique will no longer be possible and could mean that email systems would quickly become overloaded if new approaches are not developed to address this.”

March 5, 2011

xkcd re-interprets the Nolan Chart

Filed under: Humour, Liberty, Media — Tags: , , , — Nicholas @ 11:36

Nolan Chart

February 26, 2011

Arrested, beaten, tortured, and charged with treason . . . for watching viral videos

Filed under: Africa, Law, Liberty, Media — Tags: , , , , , — Nicholas @ 11:00

No matter how you say it, Zimbabwe is seriously screwed up:

Munyaradzi Gwisai, a lecturer at the University of Zimbabwe’s law school, was showing internet videos about the tumult sweeping across North Africa to students and activists last Saturday, when state security agents burst into his office.

The agents seized laptop computers, DVD discs and a video projector before arresting 45 people, including Gwisai, who runs the Labor Law Center at the University of Zimbabwe. All 45 have been charged with treason — which can carry a sentence of life imprisonment or death — for, in essence, watching viral videos.

Gwisai and five others were brutally tortured during the next 72 hours, he testified Thursday at an initial hearing.

There were “assaults all over the detainees’ bodies, under their feet and buttocks through the use of broomsticks, metal rods, pieces of timber, open palms and some blunt objects,” The Zimbabwean newspaper reports, in an account of the court proceedings.

Under dictator Robert Mugabe, watching internet videos in Zimbabwe can be a capital offense, it would seem. The videos included BBC World News and Al-Jazeera clips, which Gwisai had downloaded from Kubatana, a web-based activist group in Zimbabwe.

February 22, 2011

Former UK Home Secretary shocked to discover the internet awash in porn

Filed under: Britain, Government, Law, Liberty — Tags: , , , — Nicholas @ 07:52

The amusing thing is that she lead a major effort to suppress “extreme porn” while in office:

Former Home Secretary Jacqui Smith has professed herself “shocked” at the availability of porn on the internet after investigating the issue for a radio documentary.

Which raises the question of what exactly she thought she was cracking down on during her time in charge of law and order.

[. . .]

Smith told the Radio Times that during her research for the documentary, she had been “shocked” to discover how much hard-core material was washing around the net. And so much of it for absolutely no cost at all.

She admitted that after the pay-per-view smut scandal had broken, her son had said: “Dad, haven’t you heard of the internet?” Smith was also shocked by a visit to the Erotica exhibition, where confronted by the likes of the Monkey Spanker and artisan-built bondage furniture, “I felt completely innocent.

That Smith was ignorant of the amount of porn available on the internet seems incredible, given that during her time in government Labour cracked down hard on “extreme porn”. Smith’s Home Office also sought to clamp down on extremism on the internet, and to track all the UK’s browsing habits via a vast uber-database, the Interception Modernisation Programme. Surely some her staff might have noticed there’s lots of smut out there as well?

February 19, 2011

When “hacker army” is not an exaggeration

Filed under: Britain, China, Government, Military, Russia, Technology — Tags: , , , , , — Nicholas @ 10:07

Strategy Page counts noses of the various semi-organized hacker armies out in the wild:

Despite spending over a billion dollars a year defending their government networks, Britain recently complained openly of hackers getting into the communications network of the Foreign Office. The government also warned of increasing attacks on British companies. The recent attacks government and corporations were all targeting specific people and data. While China was not mentioned in these official announcements, British officials have often discussed how investigations of recent hacking efforts tended to lead back to China. There is also a strong suspicion, backed up by hacker chatter, that governments are offering large bounties for information from foreign governments. Not information from China, but from everyone else.

China one of many nations taking advantage of the Internet to encourage, or even organize, patriotic Internet users to obtain hacking services. This enables the government to use (often informally) these thousands of hackers to attack targets (foreign or domestic.) These government organizations arrange training and mentoring to improve the skills of group members. Turkey has over 45,000 of hackers organized this way, Saudi Arabia has over 100,000, Iraq has over 40,000, Russia over 100,000 and China, over 400,000. While many of these Cyber Warriors are rank amateurs, even the least skilled can be given simple tasks. And out of their ranks will emerge more skilled hackers, who can do some real damage. These hacker militias have also led to the use of mercenary hacker groups, who will go looking for specific secrets, for a price. Chinese companies are apparently major users of such services, judging from the pattern of recent hacking activity, and the fact that Chinese firms don’t have to fear prosecution for using such methods.

It was China that really pioneered the militia activity. It all began in the late 1990s, when the Chinese Defense Ministry established the “NET Force.” This was initially a research organization, which was to measure China’s vulnerability to attacks via the Internet. Soon this led to examining the vulnerability of other countries, especially the United States, Japan and South Korea (all nations that were heavy Internet users). NET Force has continued to grow. NET Force was soon joined by an irregular civilian militia; the “Red Hackers Union” (RHU). These are nearly half a million patriotic Chinese programmers, Internet engineers and users who wished to assist the motherland, and put the hurt, via the Internet, on those who threaten or insult China. The RHU began spontaneously in 1999 (after the U.S. accidentally bombed the Chinese embassy in Serbia), but the government has assumed some control, without turning the voluntary organization into another bureaucracy. The literal name of the group is “Red Honkers Union,” with Honker meaning “guest” in Chinese. But these were all Internet nerds out to avenge insults to the motherland.

You have to wonder how many script kiddies ever thought they’d end up being government operatives.

February 18, 2011

The internet in China: hidden powers of persuasion

Filed under: China, Government, Technology — Tags: , , , , — Nicholas @ 08:52

A look at how the internet in China has the power to (sometimes) punish corrupt officials and influence the government:

Corruption and viral marketing has provided the Chinese government with a powerful tool for controlling public opinion. It all began when Chinese companies realized that they could hurt competitors by planting damaging rumors on the Internet. This, even in China, is illegal. But the corruption in China being what it is, there was little risk of getting the police to hunt down and punish the perpetrators. This was partly because the marketing firms, hired by companies to burnish their image, or defame competitors, was careful to have other small outfits get on the Internet to actually do the work, and be careful to not be traceable. So the cops, when forced by companies to do something (often because the owner of the offended firm was well-connected politically), were stymied at first. But the police, declaring it a national security issue, eventually discovered how this was done. But this did not stop all these negative campaigns. To defend themselves, companies that were attacked by these Internet disinformation campaigns, fought back.

This use of negative tactics soon fell out of favor, as all those tarnished companies lost sales. So these Internet based opinion manipulation turned to praising your own products. About this time, the government discovered what was going on, and began to use these marketing companies, and their subcontractors, to change opinions towards government policies. There was a pressing need for this, because all this Internet opinion manipulation had started out, over the last decade, as a popular uprising against government corruption, mistreatment and media manipulation. This “online army” was not organized, except by outrage at government, or individual, wrongdoing. For example, many government officials, and their high-spirited offspring, injure or steal from ordinary citizens, and get away with it. These officials have enough political clout to make the police leave them alone. But once the online army gets onto these stories, everyone in the country knows, and is angry. There are over 400 million Internet users in China, a country of 1,400 million. When a lot of people on the Internet get angry enough, the story, and anger, explodes through the Chinese Internet community. China carefully monitors Chinese Internet use, and tries to block unwelcome information or discussions. But when the outrage on a particular item becomes too large, it’s better to just arrest and punish the guy whose misbehavior got the online army going in the first place.

Who knew that sockpuppeting would be such a valuable online tactic in China? It might not just be limited to China, however:

If the Chinese wanted to use this tool in other countries, they would require posters who are familiar with the language and culture of the target population. That’s difficult skill to acquire, especially for at least a few hundred posters required (to hit, regularly, hundreds of message boards, chat rooms and so on). Done right, you can shift opinions among millions of people in a few days. Done wrong, you fail. And if you’re operating in a foreign country, you might get found out. But the opportunity is there.

How to view PDF documents natively in Chrome

Filed under: Technology — Tags: , , — Nicholas @ 08:42

Royce McDaniels provides step-by-step instructions for installing the PDF reader plug-in for the Chrome browser:

Hello, everyone, and welcome to today’s How To segment here at The Walrus Says! Today we’re examining another useful feature of the Chrome web browser from Google, namely the ability to display Adobe Portable Document Format (PDF) files directly in the browser rather than via an external application like Google Docs which has been necessary before. The instructions below not only show you how to activate this feature of Chrome, but show you an interesting way to access Chrome functionality not part of the standard configuration menus! (Chrome itself is an Open Source project sponsored by Google; you can get complete information about the browser’s development at The Chromium Project. Enjoy!

I’m still (barely) sticking with Firefox as my primary browser, although it’s becoming a pain to use these days: for example, as I’m typing this line, the letters I type are appearing several seconds after I type ’em. It’s a bit like using an old 300 baud line with a small buffer. If the next major release of Firefox doesn’t fix this problem, then I’ll be switching to Chrome as my primary browser.

February 13, 2011

Jay Rosen analyses the “Twitter Can’t Topple Dictators” meme

Filed under: Media, Technology — Tags: , , , , , — Nicholas @ 10:42

Jay Rosen has been seeing too many facile dismissals of the actual impact of Twitter and other social media tools in recent uprisings:

In other words, tools are tools, Internet schminternet. Revolutions happen when they happen. Whatever means are lying around will get used. Next question!

So these are the six signs that identify the genre, Twitter Can’t Topple Dictators. 1.) Nameless fools are staking maximalist claims. 2.) No links we can use to check the context of those claims. 3.) The masses of deluded people make an appearance so they can be ridiculed. 4.) Bizarre ideas get refuted with a straight face. 5.) Spurious historicity. 6.) The really hard questions are skirted.

If that’s the genre, what’s the appeal? Beats me. I think this is a really dumb way of conducting a debate. But I cannot deny its popularity. So here’s a guess: almost everyone who cares about such a discussion is excited about the Internet. Almost everyone is a little wary of being fooled by The Amazing and getting carried away. When we nod along with Twitter Can’t Topple Dictators we’re assuring ourselves that our excitement is contained, that we’re being realistic, mature, grown-up about it.

This feeling is fake. A real grown-up understands that the question is hard, that we need facts on the ground before we can start to answer it. Twitter brings down governments is not a serious idea about the Internet and social change. Refuting it is not a serious activity. It just feels good… for a moment.

February 11, 2011

Human hacking: the overconfident CEO

Filed under: Law, Media, Technology — Tags: , , , — Nicholas @ 07:19

An interesting story at PC World talks about the methods used to get inside information on individuals and companies:

“He was the guy who was never going to fall for this,” said Hadnagy. “He was thinking someone would probably call and ask for his password and he was ready for an approach like that.”

After some information gathering, Hadnagy found the locations of servers, IP addresses, email addresses, phone numbers, physical addresses, mail servers, employee names and titles, and much more. But the real prize of knowledge came when Hadnagy managed to learn the CEO had a family member that had battled cancer, and lived. As a result, he was interested and involved in cancer fundraising and research. Through Facebook, he was also able to get other personal details about the CEO, such as his favorite restaurant and sports team.

Armed with the information, he was ready to strike. He called the CEO and posed as a fundraiser from a cancer charity the CEO had dealt with in the past. He informed him they were offering a prize drawing in exchange for donations — and the prizes included tickets to a game played by his favorite sports team, as well as gift certificates to several restaurants, including his favorite spot.

The CEO bit, and agreed to let Hadnagy send him a PDF with more information on the fund drive. He even managed to get the CEO to tell him which version of Adobe reader he was running because, he told the CEO “I want to make sure I’m sending you a PDF you can read.” Soon after he sent the PDF, the CEO opened it, installing a shell that allowed Hadnagy to access his machine.

When Hadnagy and his partner reported back to the company about their success with breaching the CEO’s computer, the CEO was understandably angry, said Hadnagy.

“He felt it was unfair we used something like that, but this is how the world works,” said Hadnagy. “A malicious hacker would not think twice about using that information against him.”

Takeaway 1: No information, regardless of its personal or emotional nature, is off limits for a social engineer seeking to do harm

Takeaway 2: It is often the person who thinks he is most secure who poses the biggest vulnerability. One security consultant recently told CSO that executives are the easiest social engineering targets.

February 10, 2011

Some basic sense about mergers

Filed under: Economics, Media, Technology — Tags: , — Nicholas @ 00:08

Megan McArdle thinks back to the great fiasco that was the AOL/Time Warner merger:

Austan Goolsbee (now the head of the CEA) spent a class getting us to describe all the reasons that the deal was a good idea — and then systematically demolishing all of our rationalizations. Mergers are not a good idea merely because one company has an asset the other company can use (in the case of the AOL/Time Warner deal, the idea was that AOL’s content and Time Warner’s delivery mechanism were two great tastes that taste great together.) AOL had a perfectly good way to get access to Time Warner’s cable network: the companies could contract to share space. When you buy a company, the price the owners will want you to pay is going to be at least as much money as they could make by holding onto the stock, so there’s no way to generate profits by buying some company simply because it has assets you want to use. In order for the merger to make sense, there has to be something that you can’t do as a separate firm, but can do together.

And that thing has to be pretty profitable in order to make up for the costs of the merger. Acquiring firms usually pay a premium for the companies they buy, which means that the new entity needs to exceed the combined profits of the old just to break even. Beyond that, mergers are extremely costly to the organization. Integrating redundant departments takes up enormous managerial time, involves most of the company in vicious internicene battles to protect their turf, and often involves sacking some of your most talented people simply because there’s an equally talented person already doing their job. Unless it’s a really hands-off acquisition — in which case, why bother? — the conflict between corporate culture often saps morale.

The couple of times a former employer of mine got “merged”, the pattern just about exactly matched what Megan describes. In neither case did the merged entity reap the expected scale of benefit that must have motivated the acquisition in the first place.

February 9, 2011

Real usage-based billing might work, but not the current form

Filed under: Cancon, Economics, Media, Technology — Tags: , , , , — Nicholas @ 12:25

Tim Wu contrasts the way the UBB issue is being presented and how it might actually be successful:

The issue of usage-based billing is a little tricky because such systems are not inherently evil. When you think about it, we usually pay for things on a usage basis. Gasoline, electricity and even doughnuts are generally billed based on how much you use. And the fact that usage-based billing sounds reasonable in theory is surely why the Canadian Radio-television and Telecommunications Commission approved the new rules.

But take a closer look and something far more insidious is going on. If bandwidth were actually billed like electricity or water, that might be fine. But what the CRTC approved is something different. Claiming that its profit and consumer welfare are exactly the same thing, Bell wants to remake Internet billing. It wants to make use of the most lucrative tricks from the mobile and credit-card industries by preying on consumer error to make money. And this ought not be tolerated.

Any rule that asks the consumer to guess at usage, and punishes you if you’re wrong, is abusive. Imagine being asked to guess how much electric power you need every month, with a penalty for mistakes. Yes, that’s what cellphone companies do — or get away with — but that hardly makes it a model. It’s a system of profit premised on human error, and this begins to explain Bell’s deeper interest in usage-based billing. Bell wants to make the horrors of mobile billing part of the life of Internet users. And that’s a problem.

H/T to Michael O’Connor Clarke for the link.

« Newer PostsOlder Posts »

Powered by WordPress