Category: Newsletter

Posted On

I’ve decided to try changing up the format to the newsletter on a more regular basis. I want to try new things with the layout and the conversational tone of the newsletter. If you love or hate my new format experiments, let me know!

Knight Crane Convergence Lab via flickr
Knight Crane Convergence Lab via flickr

It’s really hard to care about privacy. Do you even take the effort?

Do you care about your privacy? It’s pretty easy to say that you have nothing to hide so you don’t care, but let’s be honest here: there’s really nothing that you care about keeping to yourself? Maybe you think that your data is already being gathered and used. If you’re like most college students, as long as it’s being used to help you, that’s considered ok.

The issue is in part that you don’t always know who has access to your private data, or who they can share it with or how they can use it. Again, maybe you don’t care about the anonymity of Bitcoin being a myth.

There are some things that you just shouldn’t have to spend time worrying about, but isn’t it nice to know if stores and ads are tracking you through your phone and ultrasonic sounds, or how to block them? Or that advertisers have access to information like your race, which they can use to exclude ads from being shown to you, which would be pretty illegal if they had any federal oversight.

When knowledge is power, who should own that information?

I spend a lot of my time in the WordPress world and like any close community, the turmoil and commotion can offer an interesting distraction from the work. Last weekend we dealt with a discussion around the leaders of two huge companies, Automattic and Wix, trading blog posts about the latter’s use of the former’s GPL code in a closed source app. Both had some valid points, and it was pretty easy for fans or foes of either company to take sides. The crux of their arguments wasn’t about money (despite the potential for large exchanges of money here), but the value and nature of open source code and the free exchange of knowledge.

This extends beyond the usage rights of code, but the way that code can be used as a tool to hamper free trade and sharing of knowledge. Cory Doctorow has a great piece in Locus Mag this week about DRM, intellectual property rights, and the EFF’s fight for sane standards and laws around both. The EFF also fights for the knowledge to maintain system security, even when that fight is with the government over code exploits used to hack and track users of Playpen, a child pornography website that was busted, but kept running and even given performance improvements (besides the upgrade of infecting visitors with malware to trace them) which led to an increase in usage of the site before it was finally shut down.

As an example of how detailing exploits can be useful, Google tells Microsoft about a security flaw in the Windows kernel. Microsoft does not patch or inform users of this flaw. Google publicly reveals the existence of the vulnerability – which is actively being used – to help expedite the patching process.

New and shiny things to keep an eye on.

You may have heard of Magic Leap by now, and the five-year-old company is slowly leaking more information about its secretive mixed-reality glasses project, which could potentially be released within 18 months. Will it really change everything about computing displays? It’s nice to think that we’re moving into a ‘Ready Player One‘ world (minus the dystopic future wealth disparity part). Still, it’s pretty easy to see how the anticipation for seamless augmented and enhanced reality glasses can get smashed upon arrival in the real world.

Have you noticed Youtube comments getting nicer? It’s an old joke by now to call the space below a Youtube video the worst wasteland on the internet, which is why I make it a point (and highly encourage all of you!) to leave a positive comment on videos that I enjoy. Now it’s a bit nicer there, with new tools to patrol comments rolled out to the Google-owned video platform. Wired, which has been on a righteous crusade to clean up the vitriol of the internet, is celebrating this fact while calling out Twitter yet again, as the platform is becoming the lone holdout in a battle to make social media just a bit nicer.

Do you love Furby? Of course you don’t, but your young child does. There’s a new one out, and the Furby Connect is just as annoying as the old ones were.

Posted On

If Diamonds Are Forever, Your Data Could Be, Too

Joanna Klein, NYT

There’s a lot of discussion about archiving the web, and the problems that arise from link-rot. Maybe diamonds are the answer? Scientists have been experimenting with storing data in diamonds, and are currently able to store about 100 DVDs worth of information into a synthetic diamond half the size of a grain of rice. Soon, they say, they’ll be able to store even more into a smaller space, while making diamonds even cheaper.

Iceland Pirate Party leaders photographed in 2014. Via Day Donaldson
Iceland Pirate Party leaders photographed in 2014. Via Day Donaldson


Iceland election could propel radical Pirate party into power

Jon Henley and Luke Harding, The Guardian

Moving to Iceland is looking like a better proposition by the day. This weekend they hold their first parliamentary election after the resignation of former Prime Minister Sigmundur Davið Gunnlaugsson earlier this year, after his ties to offshore bank accounts were revealed in the Panama Papers. Polls are showing it as not that far-fetched that the Pirate Party could win a plurality of seats, allowing them to lead the charge to form a new government. Protection for whistleblowers, a commitment to transparency, voter-backed referendums? Yes please.

Web devs want to make the Internet of S**t worse. Much worse

Richard Chirgwin, The Register

The Register has made it clear what they think of The Internet of Things, often calling it The Internet of Shit in their articles. The W3C Web Bluetooth API is currently in their crosshairs, as it’s understandable that allowing websites and browsers to manage Bluetooth devices is totally not a terrible idea in general.

Important News about Vine

Vine, Medium

Vine is shutting down. Twitter isn’t having any problems at all with their main service, and it’s only the The site will stay up indefinitely, so you can still watch some of your favorite vines, but you can also download yours to ensure that they aren’t deleted. Or you can read an analysis of one of the greatest Vines of all time.

Don’t fret too much. It looks like the founders of Vine are ready to hype their next project, a way to broadcast video on the internet (like Fine?), Hype.

Dan Kaminsky calls for a few good hackers to secure the web

Iain Thomson, The Register

With all of the hacks going on, the work of Dan Kaminsky and his coworkers at White Ops is welcome and overdue. Check out Dan’s Github page to see what is being worked on and how people can jump in and help.

Posted On

From liberal beacon to a prop for Trump: what has happened to WikiLeaks?

david Smith, The Guardian

WikiLeaks has been publishing dump after dump of private emails from Hillary Clinton, her campaign chairman John Podes, and others who have emailed them. The newsworthiness of some of the emails is undeniable, just as the non-newsworthiness of others is undeniable. For this or some other reason, the Ecuadorean embassy that Julian Assange has been living in for the past four years in London has cut off his internet access.

It’s believed that Russia supplied leaks to Assange’s whistleblower service, most likely through a Gmail Phishing scheme, which we’re all more susceptible to than comfortable admitting.

Maybe the four years of confinement have hardened the WikiLeaks’ founder’s views. Maybe he is stir-crazy, worried for his future at the embassy or abroad when Ecuador elects a new president next year. Maybe he’s trying to side with a candidate on the gamble that a win would provide lenience and allow him to avoid extradition to the US after extradition to Sweden. Maybe this is all a poorly timed coincidence with a high-profile scapegoat. Either way, we’ve got 18 days until the woman who (jokingly?) questioned the efficacy of drone attacks against is elected president, and Assange’s future is unknown.

Gangnam Style Galaxy Note 7 via Know Your Meme
Gangnam Style Galaxy Note 7 via Know Your Meme

DOT Bans All Samsung Galaxy Note7 Phones from Airplanes

Transportation.gov

The saga of the fiery Samsung Galaxy Note 7’s continues. As of 15 October, the phones are banned from air travel to, from, and within the US. This includes checked bags. If you’ve got one of these explosive devices, send it back and get a new phone with your refund.

Enjoy the jokes that have come at the $17Bn expense of Samsung while feeling sorry for them. Fire extinguishers behind a Note 7 display. A Gangnam Style ad. Using the explosive phone as an improvised grenade in GTAV. Just don’t let Samsung sue you if they submit a takedown request to your playthrough with the explosive phone mod.

Attackers Hiding Stolen Credit Card Numbers in Images

Chris Brook, Threat Post

What’s a good way to get stolen credit card information from an eCommerce site? Well after you’ve exploited the site, how about embedding that information in product images on the site? Then you can visit later (or direct a buyer to a link) as you please as if you are just browsing deals.

Sucuri discovered this attack running on some Magento sites due to a separate flaw that allowed attackers to gain access to the site and implant malicious code.

This article was suggested by @lmelegari. If you’ve got any cool story ideas, shoot them over to david@thisweekinweb.com or suggest them here!

Big-Data Algorithms Are Manipulating Us All

Cathy O’Neil, Wired

O’Neil, a former hedge fund quant, details some of the ways that big data is used to determine things about your future. Things like insurance rates, the likelihood of college acceptance, credit rankings and creditworthiness, and more.

The danger of allowing algorithms to make decisions for us about monumental life milestones is the lack of transparency in the process of selection. You don’t know why you got passed over in favor of someone else, or what the outcome of that personality test that you took at your last job was. But companies that gather your data and match you against trends, detemrining the maximum value that they can wring from you do. They don’t have to tell you what they choose or how, and you have little to no recourse from the decisions made.

Posted On

samsung_galaxy_tab_and_apple_ipad

The U.S. Supreme Court will weigh in on the value of design patents in the Apple-Samsung hearing Tuesday

Ina Fried, Recode

Samsung has already had a trying few months, what with Galaxy Note 7’s being replaced after battery meltdowns, Then those replacement phones also catching fire, and finally the company being forced to recall both batches in super flame-retardant return boxes, killing the flagship phone entirely.

Another issue over the past five years has been an escalating lawsuit between Samsung and Apple over design patents the latter holds. The $399M of the $1.05B award against Samsung related to the design patent is what’s being argued at the Supreme Court this week. I am of the opinion that it shouldn’t hold up in part because the design patents are broad and not what I would consider novel concepts. While Chief Justice Roberts probably doesn’t agree with me on that, he does seem to think that the outside design does not affect the guts of the phone and the profits earned by them.

This Twitter bot is tracking dictators’ flights in and out of Geneva

Amar Toor, The Verge

A Twitter bot was created earlier this year (with open source code to boot) that tracks planes belonging to dictatorial governments flying in and out of Geneva. The journalist who created the tool wanted to shed some light on the shadowy workings of Swiss banks. If we can’t get transparency, we can at least try to keep tabs!

Do You Have The Right To Privacy?

Gearbrain Editorial Team

A panel moderated by Gearbrain discussed how to maintain businesses while respecting the privacy of clients. The discussion centers in part around Internet of Things devices, which are gathering more and more information from users with elss and less oversight.

If the argument exists that you can’t have both security and privacy, or perhaps can’t have security without privacy, can we at least agree that you shouldn’t have to have neither? CDN company Akamai has shown that some SSH vulnerabilities in IOT devices have existed for years, potentially decades. Moreover, they’re not getting patched even after they become publicly known for the same reason that common security protocol was not followed in the first place: the rush to get to market makes important tasks like customer security and privacy less important as deadlines loom.

For now the devices may not even be worth it. If you can spend 11 frustrating hours trying to boil a kettle of tea with a connected device, is it worth it?

Even the US military is looking at blockchain technology—to secure nuclear weapons

Joon Ian Wong, Quartz

The lasting legacy of Bitcoin may not be the volatile currency itself, but the normalization of the concept of digital currency in general, and the blockchain, the powerful ledger that drives this and other secure transactions. DARPA is working on a use case for blockchain to maintain tighter control over the inventory of nuclear arms and parts that the government commands. At the very least, it can make it harder to lose track of nukes or fly them around by accident, costing military jobs.

Posted On

As I’m writing this week’s newsletter, WordCamp Orlando has been cancelled, which threw off a lot of planning by a dedicated team. Hurricane Matthew is bearing down, and I’m planning for some time without internet. If anything big happens in the world, be sure to let me know when I’m back.

Yahoo Hacks, courtesy Premshee Pillai via Flickr
Yahoo Hacks you, not the other way around. Courtesy Premshee Pillai via Flickr

Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence – sources

Joseph Menn, Reuters

Even better than searching stored or sent email? How about searching all incoming email? I can choose to not have a Yahoo email account (which is probably a good idea already with their massive breach). It’s harder for me to choose not to email anyone with a Yahoo account. If I do though, now I know that that email was also scanned by the US government.

If the reports that Reuters has received are true, this would be the first known case of a US corporation complying with a government request to scan all incoming mail, removing privacy protection from them and everyone that has contacted them. Apparently, the departure of Yahoo’s CISO Alex Stamos in 2015 was over the compliance with this government demand.

Thanks to FISA, Yahoo may also have felt legally obligated to hide the fact that they were complying as well, under a gag order on that activity. The NSA is ok with this though, suggesting that email providers “have the power to encrypt it all, and with that comes added responsibility to do some of the work that had been done by the intelligence agencies.”

N.S.A. Contractor Arrested in Possible New Theft of Secrets

Jo Becker, Adam Goldman, Michael S. Schmidt, and Matt Apuzzo, New York Times

The NSA has reduced the number of employees with access to classified information in recent years, but they continue to employee third party contractors. One of the consequences of this is more opportunities for a leakage of data.

Harold T Martin III is not Edward Snowden. For one thing, his focus was more on software and hacking tools, though it’s unclear if he has any connection to the Shadow Brokers, who released some NSA hacking tools earlier this year.

The Internet Finally Belongs to Everyone

Klint Finley, Wired

Following up on a recent newsletter, the rider in the federal budget requiring a pause of IANA transfer to ICANN ownership was removed before the budget was passed. This means that on 1 October the transition process was set in motion, and ICANN (which already was under control of a consortium of countries) has control over the Internet Assigned Numbers Authority, which has been colloquially referred to as the address book of the internet.

There has been a lot of misguided fear over the past few months by Republican lawmakers and presidential candidates over what this means. It basically means nothing beyond a symbolic gesture saying that yes, other countries do get a say in this international network, not just the US.

screenshot-2016-10-06-22-37-46

Right-wingers and ‘free speech’ trolls devise secret internet language to dodge online censorship

Jasper Hamill, The Sun

In a totally stupid move, a really simple code for racism was leaked from the white-supremacist movement that is trying to rebrand itself as “alt-right”. The idea is that referring to other races as “Googles, Yahoos, and Skypes” would allow them to freely congregate in public and avoid censorship, since Google wouldn’t ban the word Google. Turns out that the AI work that the Jigsaw team can figure out context while banning hate speech, and figure out this code that would be laughable if not so terrible.

Love that new Mac smell? Now you can buy a candle that smells like a freshly-opened Apple product

Jeff Benjamin, 9 To 5 Mac

TwelveSouth already makes some fancy mac accessories. Now they’ll help keep your senses in mac world with their candle that smells like a fresh Apple product. Incredibly they’re already sold out at $24 each, so people must really love that smell.