Category Archives: Internet

The New Pictograms

Google released 750 new icons for phones and tablets that will undoubtedly take over the world. They’re free for anyone to use.

click for larger image

(Click above for a larger image of a some of them.) Cory Doctorow thinks this move by Google is great, and one disagrees with Cory at one’s peril since he’s usually right.

I suppose it’s language-independent and transnational. I can’t help but think, though, that the task of memorizing the meanings for these pictures will be akin to learning Chinese.

Wasn’t the move from pictograms to the alphabet supposed to be a triumph of civilization?

Posted in Internet | 3 Comments

Shellshock Still Kicking

arghOh, joy: despite a vigorous round of patching, Shellshock isn’t dead, and isn’t even resting:

Google security researcher Michal "lcamtuf" Zalewski has disclosed to iTnews that over the past two days he has discovered two previously unaddressed issues in the Bash function parser, one of which is as bad as the original Shellshock vulnerability.

"The first one likely permits remote code execution, but the attack would require a degree of expertise to carry out," Zalewski said.

"The second one is essentially equivalent to the original flaw, trivially allowing remote code execution even on systems that deployed the fix for the initial bug," he added.

— iTnews.com.au, Further flaws render Shellshock patch ineffective. Spotted via Slashdot

Posted in Internet, Software | Leave a comment

Valde Mirum

This is soooo weird: Krebs on Security, Lorem Ipsum: Of Good & Evil, Google & China.

Posted in Cryptography, Internet | 1 Comment

.ma Meh

Dog.ma resolves, but isn’t interesting. Opti.ma is parked, which almost seems appropriate.

Enig.ma doesn’t resolve, which also seems appropriate, and it isn’t available. And neither are mag.ma and dra.ma.

Look.ma exists but is boring.

Ma.ma doesn’t resolve and isn’t available. Nor is Kar.ma.

Nor even meh.ma.

OK, back to work now.

Posted in Internet | Leave a comment

MDPLS Search Plugin Restored

Seems like every time the Miami-Dade Public Library system has a computer upgrade, their nifty search plugin gets lost in the shuffle. The MDPLS website recently had a major face-lift, with equivocal results on the desktop, but a much better look on my cell phone. And yes, again, the link to the search plugin vanished. And again I wrote in to complain. And again they were very very courteous in replying — I got three emails in less than two weeks, each apologizing for the delay in resolving the issue.

And now there is a new Library Tools page, with a link to install the MDPLS Quick Search browser plug‑in.

This is the same library system whose budget the Mayor keeps slashing by the way. The library is one of the rare cultural successes of Miami-Dade county — and if you live here MDPLS deserves your support.

Previously:

Posted in Internet | 1 Comment

Reset The Net

reset-the-net

Posted in Internet, Surveillance | Leave a comment

IETF’s Habermasian Resolve to Work Against Pervasive Monitoring

The IETF has issued RFC 7258, aka Best Current Practice 188, “Pervasive Monitoring Is an Attack”. This is an important document. Here’s a snippet of the intro:

Pervasive Monitoring (PM) is widespread (and often covert) surveillance through intrusive gathering of protocol artefacts, including application content, or protocol metadata such as headers. Active or passive wiretaps and traffic analysis, (e.g., correlation, timing or measuring packet sizes), or subverting the cryptographic keys used to secure protocols can also be used as part of pervasive monitoring. PM is distinguished by being indiscriminate and very large scale, rather than by introducing new types of technical compromise.

The IETF community’s technical assessment is that PM is an attack on the privacy of Internet users and organisations. The IETF community has expressed strong agreement that PM is an attack that needs to be mitigated where possible, via the design of protocols that make PM significantly more expensive or infeasible. Pervasive monitoring was discussed at the technical plenary of the November 2013 IETF meeting [IETF88Plenary] and then through extensive exchanges on IETF mailing lists. This document records the IETF community’s consensus and establishes the technical nature of PM.

The term “attack” is used here in a technical sense that differs somewhat from common English usage. In common English usage, an attack is an aggressive action perpetrated by an opponent, intended to enforce the opponent’s will on the attacked party. The term is used here to refer to behavior that subverts the intent of communicating parties without the agreement of those parties.

The conclusion is simple, but powerful: “The IETF will strive to produce specifications that mitigate pervasive monitoring attacks.”

I can’t help but see this as a shining example of the IETF living up to its legitimate-rule-making potential, as I described in my 2003 Harvard Law Review article Habermas@discourse.net: Toward a Critical Theory of Cyberspace.

Below, I reprint my abstract: Continue reading

Posted in Internet, Surveillance, Writings | Leave a comment