Categories
Author: Christopher Parsons
Policy wonk. Torontonian. Photographer. Not necessarily in that order.
Categories
Packets of Death
very nice detective work, in which we discover that a single ill-favored packet can completely kill certain Intel gigabit NICs (to the point that a power cycle is required to resurrect them). Excellent writeup (and I discovered a new tool: open source packet generation suite Ostinato, which aims to be “wireshark in reverse”).
The significance, via Slashdot: “With a modified HTTP server configured to generate the data at byte value (based on headers, host, etc) you could easily configure an HTTP 200 response to contain the packet of death and kill client machines behind firewalls!”
The supposed ban is meant to, in part, crack-down on cyberbullying. To be clear, such bullying is serious, but introducing security deficits into smartphones – for the children! – really isn’t the way to solve this social problem. You don’t solve social ills by turning to technological filters and blocks. Especially not when trying to get between a teenager and porn.
Categories
Quote of the month
From Warren McCulloch, one of the founding fathers of cybernetics:
“I don’t particularly like people, never have. Man to my mind is about the nastiest, most destructive of all animals. I don’t see any reason, if he can evolve machines that can have more fun than he himself can, why they shouldn’t take over, enslave us, quite happily. They might have a lot more fun, invent better games than we ever did.”
quoted in Mary Catherine Bateson, Our Own Metaphor (New York: Knopf, 1972)
Techno-utopianism (dystopianism?) for the win.
I have this seminar I’m running for free for college students and I’m going to show them this picture before we start. It’s a picture of someone graduating from college. You can’t tell, but you can guess that they’re probably $150,000 in debt. Written on the top of their mortarboard with masking tape it says, “Hire me.” The thing about the picture that’s pathetic, beyond the notion that you need to spam the audience at graduation with a note saying you’re looking for a job, is that you went $150,000 in debt and spent four years of your life so someone else could pick you. That’s ridiculous. It really makes me sad to see that.
While I understand what Seth Godin is suggesting, I also think that it’s largely reflective of his incredibly privileged position. When people are leaving schools with that amount of debt, with knowledge that they want to start a family and not suffer (total) financial ruin by starting something and failing, then those individuals may quite reasonably want full-time regular employment.
Godin’s most common response is that ‘such employment doesn’t really exist anymore – so adapt!’ While it’s a great response for some people who are willing to take on heightened risks in their lives it isn’t one that ought to be imposed on all individuals. Moreover, the thought that it’s “ridiculous” to want to be picked and work at a meaningful job and launch a career with a business that is compatible with your training and expertise shouldn’t make anyone sad. Instead, what should be “sad” is that such aspirations are less and less likely to be realized as companies abandon long-term commitment to employees and instead harden their ‘flexible’ hiring strategies that facilitate profits at the expense of human life.
Categories
3D Print of Winterfell
digg:
It only took an hour to print our own model of Winterfell. (Accidentally in Lannister red)
If you have access to a 3D printer, here’s the file.
Finally, a good use for 3D printers.
Hmm…this might be the thing that pushes me to actually look at/use the local makerbot
Needy U.S. borrowers are defaulting on almost $1 billion in federal student loans earmarked for the poor, leaving schools such as Yale University and the University of Pennsylvania with little choice except to sue their graduates.
The record defaults on federal Perkins loans may jeopardize the prospects of current students since they are part of a revolving fund that colleges give to students who show extraordinary financial hardship.
Yale, Penn and George Washington University have all sued former students over nonpayment, court records show. While no one tracks the number of lawsuits, students defaulted on $964 million in Perkins loans in the year ended June 2011, 20 percent more than five years earlier, government data show. Unlike most student loans — distributed and collected by the federal government — Perkins loans are administered by colleges, which use repayment money to lend to other poor students.
» via Bloomberg
The default situation is only going to get worse and worse, especially for those that tried to hide from the US recession by staying in school and taking on educational debt.
This is all kinds of badness, and speaks to malware vendors becoming increasingly sophisticated in how they are targeting low hanging fruit (i.e. random users). In essence, the attack involved getting a certificate issued and then using it to create valid digital signatures for .pdf invoice documents. Once individuals opened the invoices the malware associated with the .pdf would burrow into the OS and act as a key logger that targeted banking information.
Unfortunately, I’ve not yet seen a media article discuss the mediocre effectiveness of revoking the certificate used to sign the .pdf. The OCSP protocol is incredibly susceptible to being defeated, especially if malware already resides on the target’s computer or a point in between the target and the revocation server is controlled by the attacker (possible by setting a compromised computer to proxy traffic to a host controlled by the attacker). So, while while the cert has been revoked, this actions does not necessarily stop the malware from functioning, but just reduces the prospective attack surface. Moreover, if browser/operating system CA stores are not updated – again, possible if the attacker already controls the host – then the same attacker can convince the browser or OS to continue trusting an expired certificate.
Categories
2013.2.5
The totalizers would happily follow Johnson in seeking answers to questions such as “So what does the Internet want?”—as if the Internet were a living thing with its own agenda and its own rights. Cue a recent Al Jazeera column: “The internet is not territory to be conquered, but life to be preserved and allowed to evolve freely. … From understanding the internet as a life form that is in part human, it follows that the internet itself has rights.”13 That is the kind of crazy talk to be avoided. The particularizers would not invoke “the Internet” to embark on a quixotic attempt to re-make democratic politics; but the totalizers, in their quasi-religious belief, would do so gladly.
A good account of the Internet would never need to mention that dreadful word at all. This stringent requirement might uproot most of our Internet thinkers from the plateau of banal and erroneous generalizations where they have resided for the last two decades; after all, it is the very notion of “the Internet” that has allowed them to stay there for so long. Now that Internet-centrism is not just a style of thought but also an excuse for a naïve and damaging political ideology, the costs of letting its corrosive influence go unnoticed have become too high.
Evgeny Morozov, a Review of Future Perfect: The Case for Progress in a Networked Age
Excited Pixels 