Learning Center
Plans & pricing Sign in
Sign Out



									2009-05-31 Show Notes

Offset 00:17

Topic Intro 4th anniversary coming up 6/22 Feature cast on 6/24 to celebrate Send voice mail, anything else you'd like to contribute Security Alerts Twitter API not prepared for security threats This article discusses some research by Aviv Raff Points out the disparity in security measures Between twitter itself and 3rd party sites Uses the example of twitpic which doesn't sanitize profile info for XSS Twitter didn't used to sanitize but now finally does Raff points out the danger in clicking through to vulnerable services Most services send tweets on behalf of the users Require followers to click through to see additional content Built a proof of concept, specifically with twitpic Raff's example shows how links can self propagate Would result in something very much like a worm Apparently has other examples he showed to ZD's Ryan Naraine Naraine suggests Twitter needs to invest in securing its API This resonates with the session fixation story about OAuth from a few weeks back It begs the question, though, of whether such APIs can ever be completely secure To be useful, they have to allow some flexibility This open-ness and power is at odds with restricting capabilities to improve security Dangerous DirectX vulnerability is being exploited Microsoft release an advisory of an exploit in the wild A specifically formed quicktime media file can exploit unpatched DirectShow software This component of DirectX apparently has been omitted from Vista and later Can even be exploited via the browser Since quicktime can be viewed via an embedded plugin The video files can bypass Quicktime itself, which is not vulnerable So the flaw in DirectShow can be reliable exploited Cannot apparently escalate privileges

01:57 02:17



Topic Attacking code can only gain the privileges of the current user Unfortunately, in older Windows it is common for users to have full admin Microsoft includes instructions for mitigating risks Even has a one-click hot fix to active all the recommended measures No indication of a patch or fix Not sure they will deliver one since they can use this as a possible prod to upgrade Even if you are not a Windows user, worth being aware of If you operate a site, you may inadvertently host attacking media No info in the article of advisory on how to identify such media I guess from context, like spam or other malware, you'd have to guess

07:37 07:51

News New research indicates a memory that may last for 1B years Spark story on problems of archiving digital media According to PhysOrg article Higher memory density reduces retention of data Makes sense as errors are likely to affect more data Macro scale forces have greater effect, like temperature, magnetic fields Quantum scale effects have more impact on devices Today's memory will last 10 to 30 years Need for more storage will only make this problem worse Alex Zettl and colleagues of American Chemical Society Publishing new research in early June in ACS' Nano Letters journal Experimental system already built Uses a carbo nanotube with an iron nano particle Acts like a physical switch, use magnetic force to set particle Can also read the particle's position Apparently simple to interface with existing systems Yields thousands of times more storage Potentially can retain information for 1 billion years Commenter on article points out this system is resistant to many forces That might affect the stored information Commenter also points out other favorable characteristics like quick read/write speed No time frame for when this could be brought to market Seems like should be quick, that it is similar enough to existing memory technology


Topic Like the cells in flash RAM This would solve issue of bit rot but not obsolete formats If it yields the amazing storage increases Could simply store a copy of software to read files Layering in emulators as needed I do wonder if we need formats that are resistant to this problem Self evident or simple enough to re-engineer ways to read Easy to say physical media holds up better Think for a minute of how we lost ability to read hieroglyphics We need to build a digital Rosetta stone, I believe researchers are doing Like this except for digital formats EFF launches curriculum to address industry misinfo on copyright I've long held education is important in finding a fair balance in copyright Motivates me to speak on panels, at events EFF has launched a project aimed at high school ages kids A curriculum educators can use Also a web site, A response to the Copyright Alliance Trade group wants to further the default of permission Want to chill innovation by equating new technology with high risk EFF's project is urging inquiry and understanding Material pulls in history, covers important limitations on copyright Tries to teach a balance, not just cheer leading remix culture Hallmark of a good idea, give kids the framework to think about issues Not just lecture them about do's and don'ts Have to imagine it is informed by urge to media literacy Kids coming up are more exposed to tools, knowledge Expressing themselves through remix as much as anything else Includes a rich bibliography, links to sites and resources Pointers to organizations for further resources Organized by topics like P2P, public domain, fair use I am saddened we need this As discussed at CopyNight a couple of months ago Copyright should be comprehensible Resistant to attempts by industry to spread misinformation Reality is there is just a lot of nonsense out there Glad the EFF has made this resource available



Topic I think it could even be used for adult, ongoing education I'll look it over for my copyright discussions at future events Google re-invents email, IM google-wave-what-might-email-l.html O'Reilly himself writes his impression from the demo at I/O Sees this is an uncommon question How would we write a well established app today? Using all of the lessons, newer tools O'Reilly's write up hits the high notes well Wave is a melding of email and IM Also brings in contextual conversations Like threaded discussions, forums The demo shows how responses can more cleanly be embedded Like email quoting without the manual work involved I watched the demo myself, see the potential beyond Also brings in elements of collaborative editing, like Google Docs In itself, the system is almost infinitely flexible A good quality for an innovation to have, to allow users to imagine new users As a platform, allows third parties to provide novel structure Can codify popular uses or provide support to make uses easier Glad to see it is open source, open standards and federated Follows the email model that way, allowing users to run their own servers I am curious about the integration story Could become a killer client for all kinds of messaging Especially if it adds a mute or pause button other services lack Will it steal momentum from other messaging systems? Or will its adoption be stymied because you can cobble some of this functionality together already? I can see it being a power users tool but wonder at wider adoption I wonder if a powerful enough story will emerge after the fact I can see all kinds of niche uses like distributed blog comments Definitely a need there for a user to be able to see all such conversations in one place Is this a communications aggregator, then, like RSS? I think that may be more compelling than the novel model it uses on its own The model just may make it easier for it to represent distributed conversations Wikipedia bans Church of Scientology



Offset 21:44

25:21 25:40

Topic Wikipedia bans Church of Scientology wikipedia_bans_scientology/ Wikipedia is blocking edits from known IP addresses held by the Church There was a long running dispute working its way through the sites process The final step is a request for arbitration Discussed and ruled on by Arbitration Committee Can view the request and all of its comments, The Reg article has the link This request had been under consideration since December last year According to the article, this is the highest profile ban Most cases are pursued against self promoting individuals The main driver here was the site's reputation for neutrality The article cites their concern that the CoS edits were damaging that reputation The ban of a block of IPs was apparently prompted by sock puppeting Editors using multiple accounts and addresses to foil single IP or account bans This is the fourth dispute involving the CoS Wikipedia has also had to act against anti-Church editors Gives some credence for their goal of neutrality The Reg engages in some mild Wikipedia bashing They are right to point out the site is not a democracy It is encouraging to see some transparency into the process The core editors will act in what they interpret as the site's best interest That includes picking which cases to pursue and which not Despite the vast bulk on contributions Policing efforts and dispute resolution are undertaken by a much smaller group I think that ArbCom undertakes its actions in the face of a claim Rather than necessarily actively policing May be to help preserve some safe harbor protections Means that also the community may help triage which disputes to pursue Obvious and trivial self promotion may not be worth the time Organized efforts like what the article suggestions May be higher priority because they genuinely do threaten a persistent bias tail -f Another twist in TPB case

25:21 Offset 25:40

tail -f Topic Another twist in TPB case This is the latest in a string of problems Masnick has links to the previous stories Including allegations of bias Not just in the trial judge, but the judge asked to review original bias charges Now the Cultural Minister has spoken out of turn Claims to have supported the ruling Sweden has laws that are supposed to bar government ministers from influencing ongoing legislation This seems to be of a piece with the issues discussed earlier That the trial is exposing some systemic conflicts in the Swedish legal system Judge threatens sanctions in NSA wiretap case Judge, Walker, is threatening summary judgement in al-Haramain case Would rule in favor of the plaintiffs Levying fines, sanctions against the government The latest point of pressure is the judge's order on the original document Plaintiffs received top secret document which original prompted their case The administration has been arguing state's secret, trying to get a dismissal In January, the judge ordered a protective order to allow the documents to be reviewed The administration has not yet complied, forcing the judges hand Gave them until Friday to persuade him not to pursue sanctions There will be a hearing early next week A summary judgement won't carry as much wight, the article implies I am guess it would not have as detailed a ruling from the judge Such a ruling would be a better precedent for future cases In the meantime, the FISA Amendments Act has granted immunity, retroactively legalized this authority Article mentions judge Walker is considering challenging the constitutionality of that law, too Outro Contact me Email to Web site at IM to command.line@skype Listener comment line is 240-949-2638 tag is "for:cmdln"




Topic I'd like to thank for AAC hosting and Wouter de Bie for MP3 hosting These notes and the show audio and music are covered by a Creative Commons license Attribution, non-commercial, share alike

To top