How to Make Your Own NSA Bulk Surveillance System

Kim Zetter, Wired

Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, has detailed the basic steps that it would take to create your own mass-surveillance system like the NSA employs. While he points out that you would need massive hardware to actually pull off the same things that the largest spy agencies do, the technology is mainly based on off-the-shelf software, including open source system, Vortex, created by Lockheed Martin.

The point of his presentation, which he gave at the Enigma Security Conference this week, is that bad actors don’t have to be governments, but can be anyone with enough technical skill to setup these systems, as the cost is so dramatically low.

Another visitor to Enigma? NSA’s head of Tailored Access Operations, Rob Joyce, who spoke about common exploit techniques that they use, and how to guard against them.

Former NASA Administrator Sean O'Keefe pays his respects at the Space Shuttle Columbia Memorial after attending a wreath laying ceremony that was part of NASA's Day of Remembrance, Thursday, Jan. 26, 2012, at Arlington National Cemetery.  Wreathes were laid in memory of those men and women who lost their lives in the quest for space exploration.  Photo Credit: (NASA/Bill Ingalls)
Former NASA Administrator Sean O’Keefe pays his respects at the Space Shuttle Columbia Memorial after attending a wreath laying ceremony that was part of NASA’s Day of Remembrance, Thursday, Jan. 26, 2012, at Arlington National Cemetery. Wreathes were laid in memory of those men and women who lost their lives in the quest for space exploration. Photo Credit: (NASA/Bill Ingalls)

A Timeline of the Tragic Shuttle Launch That Changed NASA Forever

Mika McKinnon, Gizmodo

Yesterday was the thirtieth anniversary of the Challenger Shuttle tragedy, which remains ever large in mind when human space flight is brought up. Mika McKinnon, who writes extensively on space for io9 and Gizmodo, created a timeline of events in pictures that describes the disaster and it’s aftermath.

She also wrote an article a year ago about NASA’s Day of Remembrance, which coincides with the Challenger explosion, and is near the Apollo 1 and Columbia incidents as well. It’s good to remember that incidents such as these are bound to happen with progress, and that as a group, humanity is interested in overcoming these hurdles to accept the challenges of exploration beyond our planet bring. Matt Damon and ‘The Martian’ deserve to be rewarded critically as well as commercially for reigniting a passion for human expansion onto other worlds.

Linux Foundation quietly drops community representation

Matthew Garrett

Much of the code in Linux is written by employees paid to do this work, but significant parts of both Linux and the huge range of software that it depends on are written by community members who now have no representation in the Linux Foundation.

Matthew Garrett has noticed that the bylaws of the Linux foundation have changed as of last week to no longer allow associate members of the foundation (individuals who are not members as part of a large sponsor business) to be involved in the election process for directors of the organization. This seems like a pretty clear indication to me where decision making in the foundation is going, and it’s not surprising, but also not very welcome to the community at large.

Why Are Universities Fighting Open Education?

Elliot Harmon, Electronic Frontier Foundation

I tweeted about this on Thursday, but it bears repeating: there should be no reason that research done using federal grants at public universities isn’t made public and accessible to all. This gets even worse when it comes to journal publishers who claim copyright on work that they had no involvement in until the point of publication, but any and all copyrightable work can still grant rights and recognition to the actual researchers and assistants while still using share-alike creative commons licensing.

Software patents are already dangerous (after all, should loading-screen games really be a patentable idea?), but they get worse when made with public dollars.

In a Huge Breakthrough, Google’s AI Beats a Top Player at the Game of Go

Cade Metz, Wired

Go is one of those games that has long been touted as a high-water mark for AI developers. After the success of Deep Blue in 1997 and Watson in 2011, there were few areas that were considered as hard for computers to make progress as the ancient board game. While they wouldn’t call it a solved problem set, a Google team in the UK has created a system that has bested one of the best Go players in the world, and will be iterated upon for a public exhibition against the most awarded human player in the world in Korea this March.

The accomplishment is historic in how it defied estimates as to how long this would take. Even a year ago, one of the developers of the project anticipated at least a decade of work before real progress was made, and some researches were expecting that it would never happen. The researchers behind the win also point out that it’s not just optimizing a game playing machine that they’ve built, but working on AI systems that can teach and reinforce themselves, as well as make headway on more practical issues of robotics and signals analysis.

Inertia is hard to overcome; sustained change hard to enact.

That’s what I used to think at least, and that’s what we’ve been trained to think when it comes to personal change. The pendulum swings to this from irrational optimism over how this year will be different, how this year you have what you didn’t last: the Plan.

The Plan is that list that you make when you feel the need for change. You think “Hey, if I’m going to start a new business, I’m going to finally take those classes too, and finish that book, and go back to the gym, and eat better foods…” and on, and on. The Plan is the master list of everything that will be right with your life when you move from step one to two to three on an ordered path, and the only reason that you didn’t make salads for dinner before is because you didn’t have it written down here, for the world to see. But are those the things that you even want to do? Why?

Tim Urban discussed this on his amazing blog Wait But Why in the series in which he discusses Elon Musk, Cooks vs Chefs, and the power of uncovering first principles by asking why. He discusses the bottom floor of standard reasoning, the “Because I said so” mentality that is trained in from asking the question of why too many times. This puts a limit on how far your reasoning can go, when the basic assumptions that you start with end up being based on flawed models. Why do I want to complete this project? Because that person will maybe notice? Why?

I’m starting on another year of life, and I’ve made a great number of changes throughout the past year, but they have had less to do with a master plan (though I am guilty of writing these out from time to time) and more to do with tackling goals that are broken into smaller steps, one at a time.

This post isn’t supposed to be all about promises, kept or not. A few more things that have stuck out for me over the past year:

  • I did a fair amount of traveling, though only in the US this year, and not as much as some years prior. This includes Miami, Tampa, and Fort Lauderdale in Florida, as well as Atlanta, Washington DC, NYC, New Jersey, Philadelphia, and Minneapolis. I’m looking to revisit most of these places this year, as well as a vacation to California to knock another one of the goals off of my list.
  • I spoke at a variety of conferences in most of those cities, including several WordCamps, BarCamps, meetups, and php[world]. I’m a big believer in sharing and learning through teaching, and am working on improving my public speaking skills.
  • I’ve successfully kept out of the 27 club
  • I kept myself gainfully employed while goofing off, and am working on strengthening my business.
  • I launched a newsletter to tackle another short term goal, and to help as a stepping stone to a mid-length goal that I created for myself a few years ago.
  • I started a new maintenance service for clients not requiring full site work, with the intention of offering resources to businesses of all sizes. Check out SiteHealthy (rebranded as FixUpFox in 2017), and if you know someone in need of the service, let us know and we’ll pay for the referral 🙂
  • I led WordCamp Orlando for the last time, passing the reins to Lisa Melegari, who has been instrumental in keeping the event going the past few years and keeping me sane even longer.

I’m sure there’s more that I missed, and one of those goals that I spoke of is learning to keep track of things better (solving it in developer fashion with a plugin that’s launching next week). I’m looking forward to a bright and active 28, with lots of projects that I hope to share, both in the show-and-tell sense, as well as the freely distributed sense. GPLv3 and CC FTW!

Do you have any new or old goals that you’re working on maintaining this year? Leave a comment, see if we can work on them together!

The clever ways that service providers will encourage a secure by default web

In a post shared by Google’s Ilya Grigorik – on Google +, of course – news broke on the imminent release of Chrome’s new compression algorithm, Brotli. Grigorik didn’t mention the estimated 17-25% performance improvements over gzip that it’ll bring to Chrome, instead choosing to comment “p.s. yes, HTTPS only.”

Via Ilya Grigorik on Google+
HTTPS Only – Via Ilya Grigorik on Google+

More information can be found on the intent to ship report.

This is the same tactic that Mozilla is taking up, whereby new features to their products are only available to environments running solely https, or secure http. While it’s nice clickbait to say that they will “hold features hostage“, it makes a lot of sense for an organization that prides itself on responding to the community, who spoke out in favor of the change at the organization, which produces the Firefox browser, among other things.

The future, faster, web protocol HTTP/2 is also going this route, indicating that those who build the web are placing high priority on a feature that they think is important for all users. Movers and shakers on the web like the Electronic Frontier Foundation build tools to make the change a reality, and well-backed non-profits like Let’s Encrypt are working to make the process less painful than it currently is, and free for website maintainers to boot.

This makes sense if it all comes together. There will surely be some hiccups along the way, but most major web services do a good job of hiding technical speed bumps from their users through the exact kind of careful planning and road-mapping that is being done here. These are useful services and tools using their clout to be opinionated on behalf of their users. Maybe you don’t notice or even care if there’s a lock in the corner of the address bar of your browser, but the good that it does you is clearly worth the effort that it’s taking the stanchions of the web to pull it off more effectively.

Is this the first Instagram masterpiece?

Alastair Sooke, Telegraph
Artist Amalia Ulman debuted one of her latest projects, Excellences & Perfections, over the course of several months via Instagram. Being billed as a performance in three episodes, “inspired by stereotypes of how young women present themselves online”, Ulman’s Instagram feed was supposedly a play on the behavior of her peers and how it’s enforced by society.

Call it what you will, but she chose to use the same platform that she was satirizing for her creation, which is more and more how younger users are defining themselves and their lives. The blending of fact and fiction, earnestness and sincerity, is going to be even harder to discern, like a Snopes article run amuck. Remember Zola and #TheStory this fall?

Enter the Grief Police

Megan Garber, The Atlantic

When our interactions become more and more virtual, how will that affect some of the more human interactions that we have, like the grief process? Do light posts to Facebook walls indicate that virtual friends aren’t differentiating when your status change isn’t felt day to day?

Garber doesn’t think so, instead positing that we’re returning to a pre-WWI sensibility of communal mourning, where we aren’t subject to keeping our emotions in check for the satisfaction of those around us wanting walls around feelings.

Of course, not everyone feels this way. I guess grief policing is a form of emotional control as well, though not as welcome when you’re trying to force control onto others.

Steam’s Atari Vault Package Brings Back 100 Classic Games

Chris Kohler, Wired

If it’s true that the trackball action is coming to the Atari Vault when it’s released on Steam, then it might be a good way to test out the haptics on my Steam controller. Either way, who’s ready for a Centipede-off?

Researchers have developed an extremely effective “sarcasm detector”

Ian Kar, Quartz

If you put out lots of tweets like I do, then it’s becoming even easier for computers to learn more about you. The next great divide of man and machine, sarcasm, is being conquered with deep learning.

The 25 Most Popular Passwords of 2015: We’re All Such Idiots

Jamie Condliffe, Gizmodo

As usual, based on analysis of leaked passwords, there are some passwords that are just far less secure than others. If you spot one of your passwords on that list, maybe change it? Maybe use LastPass or 1Password to handle this for you in the future? At least, as Wired pointed out, the most common passwords are getting less common year over year.

As passwords get stronger, it may only take ten people out of a million using the same password … to push it to the top ten.

Inside Facebook’s Ambitious Plan to Connect the Whole World

Jessi Hempel, Wired

Think what you may of the motives of one of the most powerful men on the planet, Mark Zuckerberg is on a mission. His mission, as he’s stated repeatedly through the years, is to connect the world. 2016 is shaping up to be a big year for Connectivity Lab, his research wing at Facebook designed to do just that, with AI, drones, and satellites being tested for their ability to improve accessibility to all in the world.

NSA Chief Stakes Out Pro-Encryption Position, in Contrast to FBI

Jenna McLaughlin, The Intercept

This one is a last minute add that I had to put in. I just want to assume that National Security Agency Director Adm. Mike Rogers is just clawing for a bit of good publicity for his agency that is in sore need of it, but maybe there’s another ploy here. Either way, I can rally behind the sentiment, as suspicious of the motives I may be.

Internet Explorer Continues to be Edged Out

Web Browser Market Shares May 2007 to December 2015 - Courtesy of w3Counter
Web Browser Market Shares May 2007 to December 2015 – Courtesy of w3Counter

Internet Explorer has long been a punching bag of the web. Articles with colorful titles like "Death to Internet Explorer" are celebrating the end-of-life support for IE versions older than 11. This officially went into effect on Wednesday, 12 January 2016, but the effects aren't likely to be seen at many businesses until more pressing reasons to update occur. These are the biggest losers, as it's clear that most users who have the option made the switch off of IE years ago. W3Counter, who among other things tracks global share of browser usage, has Chrome at the most popular browser by market share in late July 2012.

Commentators are seeing it as Microsoft pushing users to it's new Edge browser, while forgetting that end-of-life policies exist for most major software producers. There's only so long that a company can be expected to support outdated versions of their software, and the impetus on end-users exists to upgrade or risk the consequences. Note that Microsoft still promises security fixes for these older releases, provided that they are the latest that version of Windows can run.

While this might not be as big a problem in the open source world where active users can continue to enhance their software, close sourced software like the most popular web browsers does not have this freedom. While there are many philosophies to open source software, one thing is clear: if you rely on something produced by another vendor (like the many web apps geared toward IE6 that had to sink or swim when its time came), you'd better be sure you've got contingency plans in place.

Finally, if you're looking at which browser to switch to, a ZDNet contributor ran some benchmark tests on a mid-tier PC running Windows 7 to determine which browsers offer the highest performance. Chrome tops his list, followed by Opera, with Firefox lagging behind. IE11 is still worse off though, as it is really made for the Windows 10 architecture.

The Father of Online Anonymity Has a Plan to End the Crypto War

Andy Greenberg, Wired

David Chaum, an early developer of online anonymity tools, has been working on a new project called Privategrity with a team comprised of security experts at several universities, with the goal of ending the "Crypto War" between digital rights groups and world governments.

The tool is intended to put a controversial backdoor system in place that many government groups, including the CIA and FBI in the US and GCHQ in Britain, have been fighting for since the dawn of personal digital cryptography. The method that he has devised involves a nine member security council, with servers located in nine separate countries under nine separate compliance laws. Any attempt at decryption would have to be unanimous under the scheme, which would allow the group in total agreement to block or track specific users.

Apple’s Tim Cook Lashes Out at White House Officials for Being Wishy-Washy on Encryption

Jenna McLaughlin, The Intercept

Tim Cook, along with representatives from Facebook, Twitter, Cloudflare, Google, Drop Box, Microsoft, and LinkedIn, met with White House officials this week to discuss encryption and product security as well as the use of their technology by radical groups.

Cook and the other Silicon Valley executives have been adamant in refusal to purposefully weaken their software security. A briefing of the meeting has indicated that in addition to encryption, detection and measurement of radicalization on the companies' platforms was another top priority of the meeting.

The heroes who saved the Internet in 2015

The Daily Dot

To ring in the new year The Daily Dot published their list of influential folks in the realm of internet freedom in 2015. Ranging from the realms of government, like Gigi Sohn of the FCC and Senator Rand Paul, to Academics like Alison Macrina of the Library Freedom Project, through private sector employees like Colin Crowell of Twitter, the list covers a wide range of people fighting very hard for the rights of others using the internet. Reading through the list is also a great way to get caught up on some important issues regarding internet freedoms, and find new resources like the Electronic Frontier Foundation's "Who Has Your Back" report, detailing companies that defend their users' data from the government.

"Je Suis Charlie," but your free speech is terrorism

Cory Doctorow, BoingBoing

Just a reminder that words and actions are not the same thing. Where strong verbal support has come out for the defense of free speech in France after a localized attack on satirical news magazine Charlie Hebdo just over a year ago, that support was not in evidence while free speech rights in the country have been systematically curtailed, ramping up following the November Paris attacks.

Is Twitter going to remove the 140 character limit?

Telegrapher by Don O'Brien
“Telegrapher” by Don O’Brien

Leigh Alexander and Jeff Jarvis over at Slate talked about why it would be a good thing to up the limit to 10,000 characters, in an appropriately long 10,000 character article.

What’s this all about? Twitter CEO, Jack Dorsey, posted a cryptic screenshot – via tweet, naturally – that is being seen as a sign that they’re planning on lifting the 140 character limit to tweets. Where does 10,000 characters come from? That’s the limit for direct messages, and has been suggested by internal sources to be the same limit being considered for standard tweets.

I would personally miss the brevity of form enforced by the current limit. Sure, it was sometimes hard to work with (maybe exclude @ replies or links from that limit?), but the medium created a new type of message. It fully embraced the perceived lack of attention span of its audience, and made me feel like a digital telegrapher.

Building a Startup in 45 Minutes per day While Deployed to Iraq
Matt Mazur,

Matt Mazur is a great guy who currently works with Automattic on their data team. He has quite a history with the tech industry, with two startups under his belt while serving in the Air Force. While on deployment to Iraq in 2011 he added a third, Lean Domain Search. I’d been using Lean Domain Search before having met Matt, or even before knowing that he lived in Orlando and ran in similar circles to me.

Automattic acquired the company in 2013, making him one of four of their employees in the area. Speaking of Automattic, Business Insider just posted an article on the hiring practices of the company, like how employees can make their own hours, work wherever they want, and rarely even speak to or see Matt Mullenweg before getting hired.

Matt believes that he would have completed the project sooner had he not been deployed, but at the same time he was more focused in the precious time that he had to work on it. From Matt: “It’s good to have constraints that force you not to bullshit around. [The deployment] gave me space to focus on what was important.”

Matt’s story is a good place to look if you think that you don’t have time to work on something that you care about. It’s also a good example of how doing good work and caring about it can lead to great outcomes. Congrats Matt!

Saucy ‘Escort Cards’ Were a Way to Flirt in the Victorian Era
Becky Little, National Geographic

Escort Card
Image by Alan Mays

These days we have Tinder, but in the late 1800’s there was no such way to indicate interest in somebody. Or was there? This is new to me, but apparently some upper class Americans during the Victorian era would discreetly display interest in public by passing along escort cards to one another. We’re talking “May I escort you home?” here, not “Here’s ten pound sterling, be my escort.”

Just like current online dating, the field seemed to be played much more by men than women. There were a variety of cards, some innocuous, and some were decidedly not so.

Here’s what you can no longer say on Twitter
Jessica Contrera, Washington Post

Following back up with Twitter, apparently people need a reminder that they are a privately owned company, and not a public service. This is mostly apparent when discussions of acceptable usage of the service arise, and last week Twitter updated their policies on community abuse. Among the things that are prohibited on Twitter:

You may not promote violence against or directly attack or threaten other people on the basis of race, ethnicity, national origin, sexual orientation, gender, gender identity, religious affiliation, age, disability, or disease.

The update announcement does make it clear that they are attempting to strike a balance between free speech and user rights, and many of the actions that would be taken to an account that is not in compliance stop well short of straight up account deletion. Still, it’s always good to have a reminder that what you consider your data isn’t only owned and controlled by you.

Facebook made its Android app crash to test your loyalty
Kwame Opam, The Verge

What if Google removed Facebook owned apps from the Play Store? Would users still use the social networks as heavily on their Android devices? The Verge suggests yes, based on the outcome of a report that indicates that Facebook purposefully introduced crashing bugs into their app for some users, in order to test their persistence.

The report by The Information shows that users would rather visit the website on their mobile browsers after an app crash than stop using the site altogether. This ties into a larger contingency plan that Facebook is creating, realizing that being beholden to any phone OS’ leaves them at a disadvantage that they don’t want to have.