Updates from November, 2009 Toggle Comment Threads | Keyboard Shortcuts

  • .e 6:09 am on January 23, 2011 Permalink  

    digital hermitude 

    i’ve been more heavily buying into the notion of avoiding uninteresting input. my facebook feed, despite being 400 people or so, is in reality about 20 as i’ve hidden the vast majority of people who don’t post interesting things. my tumblr is 5, twitter is about half dozen.

    i’m also removing intrusive interaction. the only things that i allow to interrupt me are email when at work, IM when at work, and txts. everything else i check by visiting the websites when i feel like it.

    i’ve stopped checking news, unsubscribed from my political feeds, and admitted that there simply isn’t enough interesting that happens to justify a 24-hour news cycle.

    that and i’ve got too many books to read, and that list is growing instead of shrinking unfortunately. picked up Atlanta Nights recently. it needs to be read slowly and in a dramatic voice, but is simply phenomenal when done so. just oozes bad fiction juice. i’ll post some fragments later.

     

  • .e 5:53 am on January 20, 2011 Permalink  

    methematics 

    reading some lacan. i bring you a quote:

    human life could be defined as a calculus where zero was irrational. This formula is just an image, a mathematical metaphor. When I say “irrational”, I’m referring not to some unfathomable emotional state but precisely to what is called an imaginary number.

    the zero is precisely an irrational imaginary number, eh? the “precisely” is what makes it great to me. he’s not just wrong, he’s wrong and smug about it.

    reminds me of TAing freshmen computer science classes. you’d have people who never wrote a program in their life thinking that since it was confusing to them, it must be confusing to everyone else, when in reality it becomes clear as english after about a year of reading and writing it. kids screwing up their sentences then laughing it off as “objects, methods, who can tell the difference?”.

     

  • .e 4:07 pm on November 15, 2010 Permalink  

    rumors of my death, etc 

    not dead. just finally wrapping up recovering from the summer

    new shaolin will be an EP. it will be slower, more fed-back, and contain 4 new tracks and 2 old tracks. the old tracks will be “12 Hardcore” and “Sniper at the Edge of the World”.

    current monday morning plans: deal with 4200+ spam comments on a blog at work and figure out why a machine rebooted 13 times last night.

     

  • .e 3:03 pm on September 23, 2010 Permalink  

    diafungusa 

    there’s a project called diaspora that’s trying to write the open source facebook, except that’s going to completely respect privacy issues and shit unicorns.

    so the diaspora code got released just a bit ago and unsurprisingly it’s a security nightmare. if in the year 2010 you are trusting _GET passed item ids with no authorization checking, you shouldn’t be writing anything that’s not a dream diary, much less trying to create the secure/privacy respecting facebook replacement.

    hits up against that whole “just because you have good intentions, doesn’t mean that your actions are improving the world” thing. it’s surprisingly hard to realize your own limitations and what things you’re not capable of doing well. unfortunately with matters of security there is an objective test of your abilities, and diaspora is currently profoundly failing it.

    – -

    totally unrelatedly, i’ve been trying to run a minecraft server on a 12 year old laptop (hi nando) and oh man is it making some fascinating noises as the drive is thrashing every which way.

    – -

    surrealistic mood indicator:

     

    • Namey 3:05 am on September 24, 2010 Permalink

      Sure that thrashing’s not me trying to copy the MUD over? rsync’s timed out like ten times since this afternoon. :D

  • .e 3:08 am on February 13, 2010 Permalink
    Tags: attacks, buzz, , security, social media,   

    Exploiting Trust: Vulnerabilities in Social Media 

    Right now social media, security wise, is exactly where the internet was in the mid 90s: we’re excited, we’re adding functionality, we’re connecting to everyone, and we’re assuming that everyone else is as excited and good willed as us. In other words, we’re trusting.

    Much like early websites, built by enthusiasts (in all the negative connotations of this word), our current approach to distributing information about us has very little security precautions. This is partly because we don’t really understand the scope of our actions, partly because what we’re writing is free content for the social media sites: the more we write and the more people read it, the higher the value of their website.

    This isn’t an attack on any specific protocol, site, or network, though I will discuss a few, but rather a talk in the general about our attitude. I realize I’m writing this 1 day after the launch of Google Buzz, but all of these vulnerabilities existed previously as well, Google ubiquity and attempt to centralize all of it makes it more obvious.

    One great example of trust is the hash tag mechanism on Twitter. Companies are using hash tags to foster conversation about themselves without any thought about the lack of moderation in the medium. A corporation that would instantly file a cease and desist against a website that in official looking type made claims in it’s name, is more than happy to lend legitimacy to “its” hash tag by having reps post it to it from their twitter account. This creates a trusted space with absolutely no access control as anyone can post using with any hash tag.

    If an attacker waits for this company name hash tag to achieve legitimacy and a crowd of followers, all she has to do is to push enough posts quickly enough to cause a (pardon) buzz and an instant bad press rumor is launched. There are plenty of forums that can (and off the top of my head 4chan, digg, and reddit have) push enough posts to create a trending rumor out of the blue, especially as the retweets from confused readers begin and take over the process. Since Twitter provides an API, this could also be done by a bored single person who created a few thousand accounts for himself with a capcha breaker and can write scripts. By endorsing these open hash tags, companies are basically giving the world at large the ability to speak in their voice.

    Companies also have taken to displaying screens with their hash tags displayed as scrolling searches in their lobbies (or in one case in San Diego, on a large TV behind the bar). The lack of moderation means that anyone can post ads for their competitors, or simply embarrassing content in order to hurt the brand name. There is no way to stop this content from being posted to the hash tag, and short of closing the feed, no way to remove it. Some of the software goes as far as displaying images inline, ways to prank this are left as an exercise for the readers.

    On the complete opposite side of this target space be personal social media attacks. A casual glance at facebook, twitter, and buzz feeds shows that we treat these websites like personal conversation tools, not billboards for all to see. Things that we’d never plaster over our house, like “I’ll be gone on vacation for 7 days so no one is home”, we’re more then happy to put online on a site that also has our address. We fight like mad against the invasive nature of omnipresent cameras while tweeting our exact location every 30 minutes in order to get Foursquare points, with absolutely no sensation of irony.

    Google Buzz, which by default appends map information if posting by phone, makes this even more obvious. A chatty person involved in a back and forth might leave a complete trail of where they were at near constant intervals in their day. While I grant that this lack of privacy is not catastrophic in and of itself, a criminal with a smart phone and access to the “local buzzes” feature would be able to have up to the minute reports of who is where, who just went to the atm, who is bringing home a new expensive TV (and where exactly are they plugging it in), and with a trip to the airport, a constant feed of people excited to be going away for a few days.

    The last in particular highlights that we have not reached the point that caused the tip towards security on the net: automation of attacks enough to let every Joe the Script Kiddy do harm. Currently an attacker would have to go to the airport, set up a laptop, pull buzzes of people leaving or arriving, compare it to their previous buzzes and figure out their home address. However, all of the above can be converted into a simple application which performs all these steps in a few seconds, something which we’ll playfully call iBurglar. Once it’s an easy to use app, available for download, is the point where we might start to see action from the social media websites.

    We also do not realize how permanent the things we write on these website are and how trivial searching them has become. A search on social sites for phrases related to drug use (try 420) shows people more than happy to discuss illegal actions in criminally implicating ways. And this time, unlike phone or txt messages, we can’t even begin to claim an expectation of privacy, we are literally posting it for everyone to see. There was recently a news story about a bail-hopper who was caught because cops recognized the resort in the background of his new Facebook profile photo. This didn’t even require a warrant, it was a public photo.

    It’s easy to dismiss examples like that, and all the previous ones, as the fault of the users, but users assume privacy and assume good intention. Currently the social media is a giant space completely open to attack, and our current open-by-default approach is not sustainable. It is the responsibility of social media designers to create mediums that steer users into safe behaviors and quite literally to protect them from themselves, while at the same time balancing the needs of their shareholders and advertisers. It’s an interesting future, no doubt.

     

    • Nando 3:28 am on February 13, 2010 Permalink

      Very interesting points. I typically try to censor myself when posting to all these social media sites, but I realize that more than once I have gotten carried away in the moment and shared information I did not mean to share. Location awareness makes those lapses even worse.

    • .e 3:33 am on February 13, 2010 Permalink

      Yeah, I almost used you as an anonymous example of work goof ups but it didn’t sound spectacular enough and I didn’t want to explain what Barney Print was. Or Barney Scan. Whatever.

    • .e 3:33 am on February 13, 2010 Permalink

      I love how grumpy my IP makes me look.

    • Nando 4:31 am on February 13, 2010 Permalink

      Barneyscan. . . yeah, what’s the deal with these icons? are they changeable?

    • .e 4:35 am on February 13, 2010 Permalink

      autogenerates from your IP. in theory it allows for identification, in practice it makes you look like a confused starfish

    • Super Jamie 4:49 am on February 13, 2010 Permalink

      Using Maps on Android you are forced to reveal your location, so I will never Buzz from work or home using that app. Through the mobile website you can drop location, the Gmail interface (I think?) never posts location.

      Location-aware Buzzes time out of the Maps layer after 24 hours, so to stalk someone for “iBurgular” purposes you’d need to Follow them and go back through their posts, which is trivial but still not handing you their DVD player on a silver platter.

      There is a “turn off Buzz” at the bottom of the Gmail tab, but it apparently doesn’t maintain previous privacy settings if you turn it back on. I think all social networking goes through a “teething phase” of privacy issues, hell Facebook sure did, Buzz just defaults to Google’s philosophies of not being evil and information freedom and unfortunately, the real world isn’t like that.

    • .e 5:08 am on February 13, 2010 Permalink

      Again, this isn’t about Buzz, this is about the lack of security in favor of market value, in the design of social apps as a whole.

    • Super Jamie 4:30 am on February 16, 2010 Permalink

      Well, nobody forces you to sign up for an account on these things.

    • .e 4:31 am on February 16, 2010 Permalink

      Again, this isn’t about me specifically, this is about the lack of security in favor of market value, in the design of social apps as a whole.

  • .e 8:56 pm on February 9, 2010 Permalink
    Tags: college, , dijkstra, thinking   

    defending the unthinkable 

    i went to college with the intent to major in computer science and design a computer that thinks. pretty ambitious, but computer power was and is flying up and after all, kurzweil says it’ll happen in 2030 or whatever is his hypothesis now, so it would be in my lifetime. as perfect time as there could be for it.

    along the ways i ran into a single quote from the 70s that completely stopped me.

    “The question of whether a computer can think is no more interesting than the question of whether a submarine can swim” – Edsger Dijkstra

    in one sentence it summarized for me that “thinking computer” is a just a language illusion. it’s not real and it will never be real.

    a computer will never think in the same way a submarine will never swim. swimming is what living things do, a submarine instead ‘propels itself through water’. a computer will never ‘think’, it will ‘perform computations in order to arrive at conclusions’. which, guess what, they already do and have been for ages.

    for people to agree that a machine is a “thinking computer” would be one that can feature a display of a pleasant cartoonish face that, when computing, would furrow it’s brow and make “hmm” noises. while an interesting task and a cognitive/behavioral challenge, it’s not a computer science problem.

    the better goal i learned in compilers: we should be working to precisely define problem spaces where computers can help with decision making, and then writing better and more robust expert systems (by whatever buzzword they’re going by nowadays) that can read data about the situation, and suggest or perform actions in response. not as glamorous as ‘thinking’, but infinitely more useful.

     

  • .e 5:42 am on February 9, 2010 Permalink
    Tags: , mac mini, reboot   

    and you thought your rebooting was a pain 

    this is process for rebooting the mac mini at my apt:

    1. power on
    2. enter username and password
    3. you will get between 0 and 4 warnings about hard drives being corrupt (long story), just hit ‘Ignore’ for now.
    4. your screen will suddenly switch from normal to all messed up. to fix it back, click offscreen to the right and up and find the pull down menu option to switch to 1244×768 resolution. long story.
    5. next, networking. the built in wireless doesn’t work (long story) so it uses a usb wireless. the one that this mac has is not mac compatible (long story) so it uses spoofed windows drivers. run USBWirelessUtility to connect. in case it ate it’s configuration, you might need to re-enter WPA2 key.
    6. networking part 2: since the computer shares network to the xbox you will need to put in custom command line routing rules (long story). first do “killall nadt” and wait about a minute (long story). after “ps -au | grep nadt” shows it died, run “./nads”.
    7. next, storage. there are four usb drives which all have full disk encryption. start Disk Utility and count the devices. they sometimes don’t come up correctly (long story) so if one doesn’t show up, figure out which one it is by disk size and power cycle it until it shows up.
    8. now open TrueCrypt and arrange the drives in correct order by size (‘Restore Favorites’ won’t work, long story) and mount them one by one using each of their unique passwords (all 30ish characters) which when entered together in the right order make a verse from a polish song from the 90s.

    and you’re done. if you’re feeling proactive you can reestablish smb connections to other machines, verify dropbox and simplifymedia are running correctly, and check for patches. if there are patches, cross your fingers that they won’t require a reboot.

     

    • Super Jamie 4:51 am on February 13, 2010 Permalink

      Lies. It just works. Steve and his team of turtlenecked lawyers will be sending you a C&D soon in regards to this post.

    • .e 4:59 am on February 13, 2010 Permalink

      in fairness, the only one that isn’t my doing is the screen one, that should just work.

      the wireless i broke (literally, i physically snapped the antenna in the computer, pretty awesome), the drives are full encrypted so are discovered correctly as unformatted garbage, and the custom networking is to avoid having to pay $60 for an xbox wireless adapter: i’m spoofing xbox live using the mac mini, then channeling it out to actual xbox live

  • .e 5:00 pm on December 8, 2009 Permalink
    Tags: alerts, , , power, , technology,   

    technology to make you an important person 

    in one of umberto eco’s collections of writings he mentions seeing a man in a restaurant who during dinner would loudly talk on his cellphone about large (iirc mafia-related) business deals. the man’s intention was to communicate that he was an important person of significant power. eco then points out that the man got one thing precisely wrong: an important person would never be interrupted during dinner.

    power is about being able to do what you want, when you want to, not simply being responsible for greater and riskier things.

    i recently thought about this upon receiving a random internet alert. i spent a large chunk of my life thinking that to be more technologically advanced you need to be more hooked up, with all your programs reporting status updates to you constantly. in reality this does not empower you, just scatters your attention.

    instead, i’ve now actually made an effort to disconnect myself and hide things away from myself. i have enough trouble concentrating without a periodic ‘beep’ that, upon investigation, will inform me that someone has become the mayor of a new eatery in foursquare. my phone and computer have no twitter/facebook/rss alerts at all anymore, instead i read those when i feel like it using web browser bookmarks. my phone now receives nothing that makes noise, except calls which still require immediate attention unfortunately.

    my only exception is emails that go to my work account show up in my computer dock. that’s a work obligation. nothing else does.

    technology should never interrupt you. technology should politely wait for you to look in it’s direction, then quickly, clearly, and efficiently say to you what it has to say, and when done move back and wait on the side.

     

  • .e 3:25 am on November 26, 2009 Permalink
    Tags: crowds, ,   

    the maliciousness of crowds 

    if there is one thing that programmers can almost uniformly be accused of is coding for the best case: wanting to write programs designed around all things behaving correctly every time.

    one random facet of this is the assumption that crowds and their voting can be trusted to behave in a productive way. let’s say you have a website where people vote on who is the best poster / reviewer / uploader / whatever, and rewards them in some way. simple to implement, simple to test, and you’re done, right?

    well, never underestimate the willingness of crowds to behave maliciously. getting 1000 people to do a prank on a system like that is trivial, and it’s even easier to get one person with a bunch of zombie machines all over the planet.

    attacks like this are really common: websites raid amazon review / recommendation pages for fun, 4chan obliterated a “person of the year” TIME poll, and twitter “trending topics” seem to be raids more often than not.

    the last one in particular strikes me as funny. businesses are now using personal hash tags to let people talk about them using hashtags, and in some cases display the results real time in the lobby or on their page. i’m astounded at this. all it takes is one message board post asking everyone to twitpic porn to the hashtag and voila, instant PR disaster.

    always program for the worst case, not the best case. unless you have some method to block them, assume that at any point in time there are thousands of bored suburban teenagers who would love to abuse any ranking system you have for laughs.

     

  • .e 3:45 am on November 12, 2009 Permalink
    Tags: cod5, , , modern warfare 2   

    modern wombat 

    what i learned from the game Modern Warfare 2:

    • the CIA is perfectly willing to slaughter hundreds of civilians as part of undercover op
    • all brazilians are armed to the teeth
    • the russian military gives each person a totally different brand and caliber gun
    • heartbeat monitors can detect if you’re friend or foe
    • and so can UAVs. they even mark foes with little red rectangles in real time
    • specops can drive snowmobiles one handed while shooting and reloading an uzi, but is completely befuddled by chain link fences and barb wire
    • it’s possible to get good consistant bandwidth in a remote mountain house (note! this one might not actually be true)
    • russia can launch a full land invasion of america with 1 day prep

    and that famous part to MW2, the “kill the civilians” bit, it’s funny to me that it’s that big a deal. you’re playing a shooter and have already shot dozens of random people, will continue to shoot hundreds more, and because some of them are unarmed it’s a big deal? yes, they get hit in “realistic” means (as much as that applies for computer games) but so does every other character

    cmon now, you call in airstrikes in crowded cities and grenade marketplaces, but apparently all those are abandoned and/or no one cares about brazilians.

    eh, whatevs.

     

    • Drew 2:11 am on November 13, 2009 Permalink

      The military really is working on the heartbeat monitor one. They’re developing an “empathetic” robot who will essentially shadow an actual soldier and monitor activity and life forms around him/her. Depending on the heart rate of that soldier, it will theoretically determine to the robot whether the life forms are enemies or not.

    • .e 2:21 am on November 13, 2009 Permalink

      in this game it basically works like gun mounted radar that blinks different colors for “good guys” and “bad guys” and tells , and for some stupid reason is called a “heartbeat monitor”.

      cheap bastards use it in multiplayer to sit in a corner with a belt fed machine gun and spray anyone who shows up before they can see you

    • Drew 9:03 am on November 14, 2009 Permalink

      Yeah…it’s almost the same technology, I suppose.

← Older posts

c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel