Thursday, December 13, 2012

Geek Links of the Week - 13Dec2012


Yeah, it's been a while. Work+life = no time for fun stuff like this.

In this week's post we cover everything from parade confetti and geek TV shows to online schools and police raids.

My Geek Links of the Week!

Pregame: Geekiest Ways to Cook a Turkey

What started out as an easy question on Slashdot quickly descended into hilarity...

"What self respecting geek doesn't go home to be pampered by Mom?"
"Don't you mean 'go upstairs' ?"



Link #1: Computer Viruses Can Kill in Ambitious Sci-Fi Web Series H+
“In upcoming sci-fi web series H+, people embed themselves with a chip that hardwires their nervous systems into the internet 24 hours a day — until a virus kills a third of the world’s population. How will survivors cope, and who unleashed the homicidal computer code in the first place?”
 - Hugh Stewart, Wired
A new series called H+ launched recently on  Webserieschannel.com. The series intrigues me to two ways...

1. The Scifi angle - The concept behind the story is that people can be implanted with a chip to interface their brains with the internet. At first glance the ability to access any information anywhere may seem like a good idea but, as with any other internet connected system, the inevitable happens: a virus spreads and kills 1/3 of the world's population virtually overnight. This reminds me of Ghost in the Shell, another series I never had the time to fully appreciate. Setting aside the apocalyptic theme for a moment, the story of how this was developed and sold to the public would make for a great piece as well. How would you convince people that the system was secure? Wouldn't people be wary of the devices? The possibilities are endless.

2. The direct distribution angle - This series was developed and produced by people that are no strangers to Hollywood and the entertainment industry (The director previous was attached to an X-Men movie) yet they chose to do this on a low budget (shooting in just 29 days) and release it as a web series. Perhaps they pitched it to some TV execs and were turned down? More likely this was done in their spare time as something fun to do and build their resume. Netflix and other online distributors are already producing properties that will never touch a traditional cable or satellite. When you are not bogged down with a studio or media corporation breathing down your neck the creative process can be much more free.

At any rate it will be interesting to see where this goes. The trailer looks really cool.




Link #2: The surprising, stealth rebirth of the American arcade
“The arcade industry is dead in the United States—everyone knows it—done in by a combination of rapidly advancing home consoles and rapidly expanding suburbanization in the late '80s and early '90s. The only people not in on this bit of conventional wisdom are the ones who happen to be opening a surprising number of successful new arcades around the country.”
 - Aurich Lawson, Ars Technica
This one is close to my heart. As a pre-teen I spent (wasted) a lot of money playing video games in arcades, amusement parks, and convenience stores. I have a special place in my heart for Super Mario, Pac-Man, and Gallaga. One of my fondest memories as a young child was playing Joust and Night Driver (the really old sit-in version) at a now defunct bowling alley near my Grandmother's house. A good friend of mine from high school is into collecting and restoring these old arcade games, which he does as a side project. PBS even did a documentary about it not long ago.

These old electronics are in danger of going away completely. As time goes by the plastic components degrade and eventually the circuit boards fail. The cool part is that you can buy really small devices to plug into your TV to emulate just about any old arcade game but the experience may fall flat. Nothing can compare to the old style way of standing in line with your quarter lined up on the machine to mark your place.

For some serious 80's nostaglia, check out the book "Ready Player One".



Link #3: 106 Passwords that BlackBerry 10 won’t let you use
“Deep in the heart of the BlackBerry 10 OS is a list of 106 passwords that you will not be able to use. We will probably see this list being added to over time.”
 - Rapid Mike, Rapidberry.net
I like the fact that RIM is taking a proactive approach and simply disallowing the most common passwords, forcing you to choose something a little less common. But this is chasing your tail: when you stamp out the 100 most common passwords they are replaced by the next 100 most common passwords. Users want ease of use and if you allow non-complex passwords in your app your users will use them. Ultimately this process will lead to the banning of the entire dictionary of single words. What's next, moving on to banning word combinations? Hint: many of the currently banned 106 passwords are more-than-one-word or letter/number combinations.

In the end, all it takes to be secure is a haystack.

Speaking of weak passwords...





Link #4: Update: New 25 GPU Monster Devours Passwords In Seconds
“The system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM, for example, would fall in just six minutes.”
 - Per Thorsheim, organizer of the Passwords^12 Conference
Read that quote again. They can crack ANY Windows XP password that was hashed using the LM hash in under 6 minutes (XP has a 14 character limit on passwords). They used off-the-shelf components that are easy to acquire, along with an open-source HPC platform to create a monster password cracking platform. This attack does mean that the attacker must have access to the actual password hash, which requires OS access, so the actual threat your typical user is low, but an attacker with physical access to a machine can easily take it over without changing any passwords. They can read the local admin password hash using some common tools, look it up in a hash table, and now they have root access.

The writing is on the wall: passwords are not secure. The technology to crack passwords is gaining ground. How long until we hear about someone who used AWS or Windows Azure, with a stolen credit card, to create a password cracking cloud service? We need something much more secure: multi-factor auth seems to be a possible alternative (something you know + something you have).

Why did Jeremi Gosney create this password cracking system? He was one of the first researchers to publish the list of common passwords after a list of password hashes stolen from LinkedIn was published online, but that's not the end of it. He is quoted in the article as saying, “I have way too much invested in this to not get some kind of return out of it.”





Link #5: POLICE RAID HOME OF 9-YEAR-OLD PIRATE BAY USER, CONFISCATE HER ‘WINNIE THE POOH’ LAPTOP
“Copyright enforcement might be getting out of hand in Scandinavia. As anti-piracy groups and copyright owners continue to work with authorities to curtail piracy in the region, police this week raided the home of a 9-year-old suspect and confiscated her “Winnie the Pooh” laptop”
 - Zach Epstein, BGR
This one is a trip, we'll have to wait to see how it plays out. Apparently...

  1. A 9-year-old girl (in Finland?) has her own laptop.
  2. She searches for songs on Google by a popular Finnish band, Chisu.
  3. Goog pointed her to links on The Pirate Bay.
  4. She clicks the links but the downloads failed.
  5. Her father takes her to a store and they buy the CD.
Meanwhile....
  1. One of the ISPs involved in her online activity (not clear if it was her residential ISP) flagged her activity.
  2. The ISP reported it to the Copyright Information and Anti-Piracy Centre (CIAPC), a non-profit anti-piracy organization.
  3. CIAPC contacted the family and demanded they pay a 600 Euro fine and sign an NDA.
  4. The father declines the offer.
  5. Police raid the home, confiscating the laptop and other items as evidence in the case.
The exact details are still fuzzy and it will take some time to clear all the legal facts in the case. For a moment we will assume all the alleged items above are true.

This brings up a lot of questions-
  1. Can a 9-year-old be held liable for not fully understanding copyright law online?
  2. Can you be legally liable for entering a search term on a search engine and then clicking on a link?
  3. What should be the legal or civil penalty if that link is not from a valid source?
  4. In the case of a simple infringement, even in the case where there IS infringement, was a police raid an appropriate response?

The quote from the father sums it up pretty well-
“I got the feeling that there had been people from the Mafia demanding money at the door,” the girl’s father said when recounting the police raid. “We have not done anything wrong with my daughter. If adults do not always know how to use a computer and the web, how can you assume that children or the elderly – or a 9-year-old girl – knows what they are doing at any given time online?”




Link #6: Researchers find Megaupload shutdown hurt box office revenues, despite gains for blockbusters
“In this paper we make use of a quasi-experiment in the market for illegal downloading to study movie box office revenues. Exogenous variation comes from the unexpected shutdown of the popular file hosting platform Megaupload.com on January 19, 2012. The estimation strategy is based on a quasi difference-in-differences approach. We compare box office revenues before and after the shutdown to a matched control group of movies unaffected by the shutdown.”
 - Abstract from the study, Munich School of Management and Copenhagen Business School
What does all that mean? Here's the money quote- “In all specifications we find that the shutdown had a negative, yet in some cases insignificant effect on box office revenues.” (emphasis added)

The researchers found that shutting down Megaupload had a negative effect on some box office returns. It did NOT have a positive effect in any case. That seems to follow the argument that pirates actually spend more money than the amount that they supposedly pirate.

Disclaimer and clarification: I do NOT endorse the stealing of intellectual property but I am most definitely FOR loosening digital copyright rules. This is a losing battle on all sides. I'm not sure there is a perfect answer but it is certainly not the situation we have now.




Link #7: Police documents found in parade confetti
“Parade-goers in New York City say they found shredded police documents mixed in with confetti at the Macy's Thanksgiving Day Parade. The documents contained confidential information, including detectives' Social Security numbers, bank information and unveiled undercover officers' identities, WPIX-TV, New York, reported.”
 - UPI
Who knew that you could steal someone's ID simply by watching a parade? }B^)

Of course Macys, NYPD, and Nassau County authorities (where the documents apparently originated) said they were investigating how such documents made it NYC to be used in the parade. Macys even said they used only commercially produced, multi-colored confetti and does not use shredded paper.

The moral of the story: EVERY company/organization that handles sensitive info MUST have a well-defined, trustworthy, and audited document retention and destruction policy. If not you are asking for trouble.




Link #1: Rise of the code schools
“Learning to code used to involve a school computer room, a bearded teacher in a cardigan, and a book the size of an encyclopaedia. Not any more. To the delight of shoulders everywhere, there’s a new breed of code school on the scene: one that expects no physical attendance, that won’t put you on the spot in front of the class, and doesn’t even require a textbook. Welcome to the online code school.”
 - PCPro.com
I ABSOLUTELY LOVE THIS!!!

Online learning has come a long way. I took some online college courses in '06 and hated the experience. In the past year I have taken courses from Khan Academy, codeacademy.com (along with my 10-year-old son).

Their user interfaces are incredibly easy to use. Even my kids love it because they make learning fun and easy. Isn't that what makes a good teacher in a real school?

Brick and mortar schools are in for some serious competition. And, yes, competition is a good thing.


}B^)