2012 11 26

From TheCommandLineWiki
Jump to: navigation, search

Contents

News Cast for 2012-11-26

(00:00:17.291) Intro

(00:03:10.031) Security alerts

(00:03:26.973) What do we do about untrustworthy Certificate Authorities?

  • http://craphound.com/?p=4366
  • I've covered a lot of the recent concerns around SSL, the primary means by which web access is secured
  • In particular, the biggest problem is the weakening on the certificates and authorities issuing them
    • On which the core cryptography relies for its trustworthiness
      • That is that a given site securing your connect to it is who it says it is
  • Cory Doctorow and Ben Laurie, a security researcher currently at Google
    • Co-wrote a call to fix this core trust mechanism on which the web relies
  • If you haven't been following the concerns, the first part of the article
    • Is a very accessible description of the problem
  • The rest of the article focuses in on two possible solutions
  • One is originated out of the EFF, Sovereign Keys, and claims to make impersonation impossible
  • This claim isn't really explained
  • The article focuses mostly on Google's solution, Certificate Transparency
  • It suggests that CT is an incremental step towards SK, apparently a more difficult solution
  • As much as I tends to reserve skepticism for Google, favoring non-profits like EFF and Mozilla
    • In this instance I think we need any solution that starts us in the right direction
  • Week after week it is becoming apparent to me that the situation for web security is worsening
  • This only makes sense as the tools we have are largely after thoughts
    • And use is only growing, not just in overall quantity but in kind
  • You only have to read any popular account of political protests out in the world
    • Even factoring for any tech utopian grains of salt
      • To understand how critical a communications medium the internet has become for everyone
  • I am increasingly of the mind that we should consider secure communication on the internet
    • A fundamental right, maybe more than just access to information as implied
      • By the UN charter of human rights
  • If we cannot access information securely, or discuss fraught ideas with far flung peers
    • Then how can we achieve and express true agency and defend the rest of our human rights?

(00:06:34.792) German government advocates security in the hands of users

  • http://www.h-online.com/security/news/item/German-government-advocates-security-in-the-hands-of-users-1753715.html
  • The H's security channel had news of a welcome paper from the German government
  • I wasn't sure that first what the lede, about putting security in the hands of users might mean
  • My first inclination was to think this is continuous with Germany's stance of privacy
    • That is to distrust corporate actors and set higher standards for preserving privacy
  • At a fundamental level, I think this paper is consistent with that stance
  • The focus of the argument is trusted computing, a fraught technology like RFID
  • At its core, trusted computing just seeks to establish a cryptographically proven chain
    • From the etched silicon on a CPU die up through the layers of firmware and software
      • Such that claims about what is and is not allowed on a computer are verifiable
  • This is a laudable goal in and of itself but the details of its primary use to date matter
  • Microsoft has drawn fire for harnessing this capability in service of DRM and little else
  • In that scenario, the computer would act on the behalf of rights holders, not users
    • Defying the common workarounds that have been used to exercise fair use personal copying
  • The German paper bolsters that position, that trusted computing modules must be under user control
    • Not acting in the service of third parties despite the users interests and wishes
  • Further, such modules must be disabled by default, allowing users to opt in or leave them dark
  • This is only a set of recommendations, it is unclear how they may inform policy
  • Regardless, this is consistent with some good, early, level headed thinking
    • In the form of owner override as expressed by EFF technologist Seth Schoen
      • In the earliest days of trusted computing
  • It is also incredibly relevant in the wake of Cory Doctorow's warning calls
    • To preserve the power of general purpose computing in the face
      • Of technology like trusted computing that could put users at risk despite themselves

(00:09:37.697) News

(00:09:51.257) Liberator: the untold story of the first British laptop

  • http://www.theregister.co.uk/2012/11/12/the_secret_history_of_liberator_the_first_british_laptop_part_one/
  • Tony Smith at The Register had a story that reminds us that the common myths of personal computing
    • Are really just the tales told by the victors
  • He has done a tidy bit of research into the first home-grown British laptop, the Thorn EMI Liberator
  • The machine in question wasn't the firs portable but the first made in Britain
    • And the first to exhibit a feature we still take for granted
  • As near as Smith can tell, the Liberator was the first machine that suspended on closing the lid
    • And resumed exactly where the user left off on opening
  • The article makes the historical context clear, a time where the Liberator was easily overshadowed
    • By the burgeoning IBM PC and its first wave of clones
    • As well as the shift of the market from home users to the more lucrative business market
  • The origin of the Liberator was in a third, distinctly British segment, the Civil Service
  • Smith lays out the history to that point of the Central Computer and Telecommunications Agency
    • Which was responsible for creating the laptop
  • The need for the machine is subtle and a consequence of how British civil servants work
  • Positioning it to closely to word processors, electronic typewriters with memory and storage
    • Risked upper tier employees rejecting it as they'd see it as doing the work of the typing pool
  • I was surprised to read this, that as late as 1985 at least office culture
    • Was still this heavily stratified
  • Regardless, the man in charge of finding a suitable portable machine, Bernard Terry
    • Started with an evaluation of existing machines
  • None of them was a clear standout so another round of evaluation, in the field took place
  • Terry was able to demonstrate both a need for a very particular machine
    • And that none of the existing options quite fit the bill
  • This set the stage for CCTA specing out and collaborating to build the Liberator
  • The rest of the story reads like a lot of the contemporary computing history
    • If completely more obscure that the usual players we know of this side of the pond
  • It is worth reading the bulk of the article to get a sense of what I mean
  • Even though the machine was launched under the auspices of a large company, Thorn EMI
    • The designers and programmers were rescued from an ill fated early innovator, Dragon
  • The final stretch of the article has some more technical details
    • That reveal some of the other early innovations that went into this machine
  • It used a processor that still exists, the Zilog Z80A
  • Z80's in recent years have been offered in the same space as Arduinos
    • As low power, easy to program chips for a variety of DIY projects
  • I remember seeing someone from Zilong on the Screen Savers, showing off a self scoring ping pong table
  • Back in the 80s, the Z80 was already an older chip but had one thing in its favor
    • Compared to the early Intel chips like the 8088 whose architecture went on to dominate PCs
  • The Z80A was much lower power and could be slowed down or even put into standby
  • The portability of the Liberator was hardly an after thought
  • Its creators showed a conscientiousness for battery life that lives on in many modern mobile systems
  • Smith led the article noting that in between IBM and its clones
    • Many companies still sought out niches and unique approaches
  • The concluding fact about the Liberator is surprising
  • The operating system it ran was CP/M which never achieved the same popularity as DOS
    • But certainly is known from this time as a common contender
  • I couldn't help but be reminded of recent waves of innovation where the winner was far from clear
    • And much effort was put into ideas that didn't quite stick, like in the early e-readers
  • The Liberator shows that even if the complete machine has limited success
    • When the pressures to produce a useful product are consistent
      • Even small innovations may outlive the machine that housed them, decades later

(00:15:38.832) Google engineers open source book scanner design

  • http://www.h-online.com/open/news/item/Google-engineers-open-source-book-scanner-design-1750059.html
  • The H was one of many outlets to carry a story I found a little bit surprising
  • I linked to and mentioned the Google Books suit and ensuing settlement which is still ongoing
  • At the heart of that project was a massive undertaking by the search giant
    • In cooperation with any number of libraries to scan books at an unprecedented scale
  • Many, myself included, consider what Google was trying to be fair use
  • The idea was not to offer the scans without consideration for the rights holders
  • Arguably, by using the resulting texts in its search but directing users to known sources for purchase
    • Had the project proceed to conclusion uncontested
      • It would have driven significantly more business to publishers and authors
  • Instead we are left in a situation where book scanning at any scale is legally ambiguous at best
  • The story the H is covering is one potentially good outcome
    • That the plans for the scanners used in the project have been released openly
  • For about $1500 in accessible parts and materials, anyone can build one
  • This is not the first DIY book scanner, at least one earlier example
  • Google's design is novel in that it re-purposes a household vacuum cleaner
    • To automate the turning of pages in a simple and reliable way
  • The H's article has links to the design and supplemental materials, including a 30 minute video
  • The DIY Book Scanner project is more than a set of plans
  • There is a thriving community, including a lot of people who have visual impairments
    • Using the tools and technology to access more books than they would be able to otherwise
  • It also includes a set of free and open tools for converting the captured pages
    • Into actual text that can be re-packaged into any of the popular ebook formats
  • Google's open plans should be an incredibly valuable asset to this community
  • Both projects remind me of a book I read since learning about the DIY scanner and Google Books
  • In Vernor Vinge's Rainbows End, one of the plot threads
    • Revolves around a scanning project at a university library
  • At the risk of spoiling part of this older book
    • The process used destroys the books in question, many of which are hard to come by
  • As much as the particulars are off in terms of why people would protest scanning
    • That they would protest it is spot on
  • Since the Books case, the space seems to have cooled considerably
    • With only die hard digital archivists like Brewster Kahle and the Internet Archive
      • Still noticeably active in the space
  • I don't expect Google's contribution to change things much one way or the other
    • Unless it invites a legal response from the plaintiffs in the Books settlement
  • We have certainly seen those who hold power along with the copyrights
    • Want to squash not just any particular copy but disrupt the means to make copies
  • It would be pretty much impossible to invoke the DMCA to stop book scanners
    • But I can easily see a similar attempt, around inducement or circulating tools
      • If enough interest were to spark back up again in individual scanners
  • I'd almost like to see something happen, just to move the state of things forward
    • Away from the deadening default of permission towards something more lively
      • And just possibly a little bit more permissive, at least at the personal scale

(00:20:55.355) Computer AI successfully identifies why abstract art evokes human emotion

  • http://www.extremetech.com/extreme/140681-computer-ai-successfully-identifies-why-abstract-art-evokes-human-emotion
  • ExtremeTech had a story situated right at the intersection of art and AI
  • I've covered quite a few stories at this juncture, but before this most recently about music
  • We all take for granted the various instant play list capabilities
    • In a variety of music players and services
  • What if we had something similar for art?
  • A team from the University of Trento, led by Nicu Sebe, set out to prove a theory
    • Advanced by Wassily Kandinsky about the emotive nature of abstract art
  • Contrary to common thinking, Kandinsky held that abstract art's provocation is actually objective
    • As much as an observer may feel it is a subjecting and individual experience
  • If you have studied post-modern art, as I have, you will understand
    • That this is part of an over all deconstruction of art
  • It is not so dissimilar from the technical craft revival of the neo-classicists
    • But takes art down to its primitives, if you will
      • Rather than fixating on how building them up just so replicates some past ideal
  • In this instance, Kandinsky was speaking not just to color, field and figure
    • But extrapolating the theory out into the reaction of the viewr
  • The researchers took to the Museum of Modern and Contemporary Art of Trento and Roverto
    • To study both examples of abstract art and reactions of patrons
      • To see if a AI could bear out Kandinsky's idea
  • The used 500 paintings as essentially a training set
  • Tuning their AI, they were able to get it to converge with responses from 100 participants
  • Once they had it dialed in, they set their AI loose on another set of artwork new to the program
  • They achieved an 80% success rate in matching the reactions of the same 100 participants
  • That is a significant and impressive result, far above chance
  • The article has some examples of the conclusions the program is able to draw
    • Things that of course seem obvious to us but are novel for a computer to recognize
  • Beyond an initial validation of Kandinsky's idea, the work has some possible applications
  • Rather than focusing directly on predicting human emotional reactions
    • A point the article makes humorously, likening that end to robotic domination
      • The work is more likely to be used to improve machine generated art
  • The example mentioned is coupling this ability with something else machine's do far better than humans
    • Like scanning an entire social network graph of relationships
  • I wish the author had finished that thought as it is suggestive but rather vague
  • Is the idea that a program could use a web of relationships to come up with a visual gestalt?
  • Or is it rather something more subtle like mining the pictures posted by friends
    • Trying to suss out some sentiment that is less obvious than text updates?
  • Penn State University’s James Wang is cited suggesting something far more pragmatic
  • If a person using image search wanted either images matching some emotional suggestion
    • Or to categorize results based on some object sense of the same
      • Then this work could clearly aid with those ends
  • I am pretty sure Google already uses neural networks and other techniques from AI
    • Maybe not for such ends but for similar ones
      • To help pin down the ambiguities latent in search terms
      • And the relevance of potential matches

(00:26:09.840) Student Suspended for Refusing to Wear a School-Issued RFID Tracker

  • http://www.wired.com/threatlevel/2012/11/student-suspension/
  • David Kravetz at Wired's Threat Level has details of a story a couple of sources noted
  • A student in Texas was suspend for refusing to wear an ID badge with an RFID tag
  • She cited both privacy and religious reasons but it sounds like more of the latter
    • And perhaps only the former in service of the latter
  • Later in the articles, Kravetz quotes the family as identifying the badges
    • As the mark of the beast from the book of revelations
  • I had dearly hoped this was a student more directly inspired by something
    • Like Cory Doctorow's Little Brother that, in a case of predicting the present
      • Posits an environment much like what was at play here
  • Kravetz lists several other schools that have tried or are using similar tracking tech
  • In most cases, the desire to do so is based on funding being based in part on attendance
  • Before using badges and RFIDs, this relied on physical presence during roll call
  • Now with more sophisticated technologies, the school can know if a student is present
    • Whether they are at a particular place at a particular kind
  • I am not entirely unsympathetic to the school's position
  • Generously, any number of students may be involved with activities that pull them away from home room
  • In many cases, those activities would actually be strongly associated with successful students
    • Like clubs, sports or student government and shouldn't cause schools to be penalized
  • I do not want to feed into demonizing RFID which is a multi-use technology
    • Like many others of which I am an unreserved fan, like WiFi or the personal computer
  • The fact that the students SSNs are represented as bar codes on the badge
    • And that undoubtedly the RFIDs are unsecure an open to any self built reader is my concern
  • I unavoidably have a US passport with an RFID in it
  • When it actually works at self service kiosks and more reliably at foreign customs and border checks
    • I am a fan of how it makes an otherwise slow and burdensome process relatively pain free
  • I can, however, act to protect my privacy outside of it being actively checked
  • My passport is ensconced in a radio blocking wallet when I am not asked to present it for valid reasons
  • I wonder if this student, or any others, could make a case for doing something similar
  • As long as the automated roll system still shows a more accurate count than the manual process
    • I can't see on what basis school administrators would object
  • Even if this student isn't a nascent privacy advocate
    • The idea of rolling the system out to all 110 schools in the district
      • Is much more likely to catch out such, early activists and hackers with questions
  • At least in this instance, a judge hearing the family's complaint has blocked the suspension
    • In order to allow the situation to be investigated more thoroughly
  • Kids are clever, far more than I think we often given them credit
  • If the school doesn't find a better balance in using this technology for its ends
    • And respecting the wishes and desires of the students
      • Then the sort of evasion techniques freely offered in Little Brother
      • And at most one web search away, will be deployed, have no doubt
  • Breaking this system rather than understanding reactions and working with them
    • Will just make the situation worse and in the extreme case
      • Lead to a clueless ratcheting up that serves no one's agenda

(00:31:07.300) Following Up

(00:31:17.706) Book Scanning As Fair Use: Google Makes Its Case As Authors Guild Appeals Hathitrust Fair Use Ruling

  • https://www.techdirt.com/articles/20121115/02514721054/book-scanning-as-fair-use-google-makes-its-case-as-authors-guild-appeals-hathitrust-fair-use-ruling.shtml
  • Techdirt actually has a two-for in its update on cases both involving the Authors Guild
  • The first is that the guild is appealing the ruling that went against it in the Hathi Trust case
  • The trust was representing libraries undertaking book scanning
    • An activity that in the original ruling was deemed fair use
  • Cause for optimism is that the guild will need to address the question
    • Of its standing in the case as it doesn't directly hold any of the rights at issue
  • Similarly, Google has files its appeal in the case pressed against it, that I mentioned earlier
  • As many had hoped earlier on, they now appear willing to press for a fair use defense
    • As well as also calling into question the standing of the guild to press a complaint
  • If the former appeal fails or the latter succeeds, it will widen the opening for book scanning
    • Despite those that want the publishing industry to remain much more in control than readers

(00:32:42.105) Linux Foundation UEFI Secure Boot key for Windows 8 PCs delays explained

  • http://www.zdnet.com/linux-foundation-uefi-secure-boot-key-for-windows-8-pcs-delays-explained-7000007841/
  • ZDNet's Stephen J. Vaughan-Nichols has a good recap of what is at stake
    • If the Windows 8 requirement for secure boot in UEFI cannot be disable
      • Or worked with via a legitimate pre-bootloader image blessed for use on Linux systems
  • In a nutshell, if only a Windows pre-bootloader will work on secure boot motherboards
    • They may as well be entirely incompatible with Linux
  • Worse, no amount of reverse engineering will get them to work
    • As with other unsupported hardware components
  • Or if through some genius a way forward is found
    • It is possible Microsoft will pressure component or system makers to press a DMCA complaint
  • The most likely way forward, getting Microsoft to bless a Linux community option
    • Has stalled, as one would almost expect that it must
  • It remains to be seen if such locked down motherboards flood the market
  • A clear alternative would be to source ones that don't have secure boot or where it can be disabled
  • Not much consolation to someone who is convinced to switch after the fact from Windows 8
    • But the best option for folks like me who are now happier to give many to ISVs like ZaReason
  • If the supply is affected so that such independent system vendors cannot survive
    • I would hope it would be sufficient cause to take Microsoft to court, again
      • But hopefully with a clearer and more compelling outcome against its anticompetitive behavior

(00:35:20.600) Outro

Personal tools