random($foo)

CITIZENFOUR (Yes, you should watch it) #

October 27th, 2014 10:28

If you’ve been subjected to my tweets, you probably know that I was following the NSA leaks (and larger questions) pretty closely last year. And, since I’m currently back in one of the few cities that Laura Poitras’ new documentary on the subject, CITIZENFOUR is playing, it’s probably no surprise that I went to see it when I got a chance.

The short summary is that it’s a great documentary (currently 98% fresh on Rotten Tomatoes, 89 (Universal Acclaim) on Metacritic) but more importantly, it’s an important film, especially if you haven’t been following along with this story. While some have complained both wasy, IMO Poitras strikes a nice balance that nicely encapsulates the larger story of total surveillance while providing fascinating footage of the initial leaks as they happened (funnily enough, both of these made possible by modern technology).

Seeing this side of the story reminded me of when the leaks first broke last year – I was in Berlin for the first time for work (the PRISM story was literally “breaking news” on the TVs as we were boarding), and we made a toast after dinner to the then-anonymous leaker who without a doubt was totally and completely fucked. I hope it’s not a spoiler to say that yes, there is a scene in the documentary footage that captures that moment perfectly. It’s honestly breathtakingly terrifying, but also extremely thought provoking. Also, spoiler alert, it turns out that even with the tables stacked against you, sometimes you can luck out.

(One last Berlin aside, it was interesting digesting the surveillance revelations walking through the Holocaust and Berlin Wall Memorials, where the spectre of the Stasi is still in living, even recent memory. It was also eye-opening returning to the US and seeing how different the reactions were after a weekend of swapping reactions with Berliners, Germans, and Europeans.)

The biggest shame about the film is that it isn’t showing more widely, but I’m sure it’ll be on all types of digital distribution, licit or otherwise, soon.

  • Godfrey Cheshire (a former chairman of the New York Film Critics Circle) declared in his review (I only read reviews post-facto these days, but this is actually a quite intersting review, beyond the catchy opening):

    Though superlatives can mischaracterize any movie’s qualities, it is not an overstatement, I think, to call “Citizenfour,” Laura Poitras’ film about Edward Snowden, the movie of the century (to date).

  • The Nation just posted a very lengthy (wide-ranging and deep I suppose they’d say) interview with Snowden – it’s one of the more interesting Snowden interviews and if you are looking for more insight into his current political/policy/technology thoughts, it’s well worth the read.
  • For those that like video, Larry Lessig interviewed Snowden the other week at Harvard Law School which is similar in tone/scope to a lot of the other telepresent interviews/Q&A’s he’s done.
  • Glenn Greenwald also gave a fantastic talk on Why Privacy Matters at TEDGlobal this year:

The Future Might Be OK #

October 17th, 2014 9:05

It’s easy to get caught up in the news of the day (right this minute: Ebola epidemic, global economic instability), or the latest big tech announcements (slightly thinner and shinier gadgets) and miss some of the mind-blowing things that continue to happen all around us.

Since I’m posting links:

The Future of Social Networking #

September 29th, 2014 12:25

Ello blew up this week. It’s new and shiny and does some interesting things. That being said, it’s not where social networking or how we use the Internet needs to go.

If you want more reading:

I had posted some of my own initial thoughts, which is that the ideal social network should be end-user controlled and distributed and decentralized. A natural pre-condition is there should be an open protocol, but it’d be worth fleshing out the type of functionality that’s required (I’ll have to revisit some relevant thinking I did in the early 2000s in decentralized SNSs, the mid-2000s on permeability/privacy, and the late-2000s on Y!OS).

FWIW, the more interesting social networking-related project I discovered is an open source, decentralized, massively-distributed 3D simulation engine called Lucidscape. It is explicitly designed for an open metaverse. (See also: Open Cobalt née Croquet)

VR Link Dump #

September 18th, 2014 2:43

Most people I’ve talked to the past year probably aware that VR has been something that I’ve been getting more excited/focused on.

 

Oh, somewhat unrelated, but an awesome Cashmere Cat set:

Apple: Untrustable #

September 9th, 2014 2:25

As excitement of Apple’s new product announcements dominate today’s press coverage, and the memory of the celebrity iCloud hacks fade to obscurity (already seemingly long forgotten), completely un-remarked and un-addressed at today’s event (a good PR move, to be sure), I felt it might be worth posting some of my personal thoughts on the matter, as the silence from Apple on the issue has been quite disquieting.

To be clear, I’m a long-time fan of Apple design and engineering, and today’s keynote is a reminder of
Apple’s best-in-class in hardware and device software. I also own a not-insignificant amount of AAPL shares, but while I’d like to give them the benefit of the doubt, it seems to be increasingly clear that Apple should not be trusted with my personal information.

It’s famously well known that despite their technical prowess in hardware and software, Apple is just not very good at hosted services. Terrible at it really. From their earliest web-based apps, to their ongoing capacity problems, or their laughable attempts at building social services (Ping, anyone?), Apple’s online components are sometimes passable or on par, but more commonly they are mediocre, not-well thought out, clunky, outdated, or just plain broken; “not serious,” was the phrase a friend used. The problem is that today, the online components are as integral to a product as the device hardware or software. They are bound together, and sadly, the weakest link will cause the chain to break. Also, unfortunately, these traits seem to carry through for security for these services as well, which is definitely serious.

Over two years ago now, a friend, Mat Honan, had his Apple account (and digital life) hacked, in much the same way (via an almost identical vector) as the recent celebrity hacks. He’s a journalist, so he wrote all about it, and got a fair amount of press along the way, appearing on news shows, getting writeups, and generally making a big hubbub about it.

If you’re not familiar with that incident, it’s worth taking a look. Also worth reading is some of the analysis on the latest compromises:

Apple issued a terse official statement last week which denied any “breach” in any Apple systems and claimed that the accounts were compromised due to “targeted attack[s].” From a lawyerly perspective, this is perhaps technically accurate, aimed at deflecting blame and absolving responsibility, if not liability. Of course, like most such statements, especially looked at in context of the afore-mentioned writeups, it is quite misleading.

The attacks used to reset passwords via security questions and acquire iCloud access and backups were so frequent and common-place that discussions and communities had formed not just on the darknet, but on public forums/websites.

Either Apple’s security was so incompetent or negligent that they have not been aware of what was going on, or they knew, but actively ignored the issue and decided that it was not worth fixing. I’ll leave it to the reader to decide which scenario is worse.

Today, Apple announced their “Most Personal Device Ever”. They also announced Apple Pay (the only mentions of “security” and “privacy” in today’s event), and are rolling out health tracking and home automation in iOS 8.

Given their feckless track record, would you really trust Apple with (even more of) your digital life?

Some notes:

  • Last week, the same day where the big Apple news was the hiring of designer Marc Newson, Mike Hearn published a fascinating writeup of his anti-spam/abuse work at Google. Maybe unfair, but it struck me as an interesting contrast.
  • Over the years that these compromises have been happening, I haven’t heard of anyone that has been informed by Apple of a compromised account, or any information on their customer-facing forensic abuse team. Ignoring the larger issues of systemic security-holes (Apple can talk about “no breaches” but between non rate-limited/info-leaking endpoints, allowing resets via VPNs, lack of device pinning/access notices, they’ve left the door wide open for widely known attack vectors), what kind of support does Apple give you once your information is stolen?
  • Much hoopla has been made on 2FA. iCloud’s 2FA is less useful than you might think.
  • Not Safe For Not Working On – Dan Kaminsky writes about some of the implications of cloud security; also worth a read is What if I was a cloud? by iBrute‘s author. It’s obvious that cloud services need to seriously rethink how they store and authenticate personal information.
  • If you’re not already using fake security answers to security questions, you should. If you are, it may also be worth considering using a password manager to store unique nonsense answers for those questions

Cornell West on Obama #

September 5th, 2014 8:51

The full interview is a great read, but this part of it does a good job summing it up:

So that’s my first question, it’s a lot of ground to cover but how do you feel things have worked out since then, both with the economy and with this president? That was a huge turning point, that moment in 2008, and my own feeling is that we didn’t turn.

No, the thing is he posed as a progressive and turned out to be counterfeit. We ended up with a Wall Street presidency, a drone presidency, a national security presidency. The torturers go free. The Wall Street executives go free. The war crimes in the Middle East, especially now in Gaza, the war criminals go free. And yet, you know, he acted as if he was both a progressive and as if he was concerned about the issues of serious injustice and inequality and it turned out that he’s just another neoliberal centrist with a smile and with a nice rhetorical flair. And that’s a very sad moment in the history of the nation because we are—we’re an empire in decline. Our culture is in increasing decay. Our school systems are in deep trouble. Our political system is dysfunctional. Our leaders are more and more bought off with legalized bribery and normalized corruption in Congress and too much of our civil life. You would think that we needed somebody—a Lincoln-like figure who could revive some democratic spirit and democratic possibility.

Some Stuff #

August 16th, 2014 3:36

VimR is a new OS X native vim app. Pretty cool.

Interesting looking affordable hand position tracking/future haptics interface (discussion:

I mentioned in my last post buying a crappy keyboard to use. It’s been making me itch for a better travel keyboard. There are some good 60% keyboards…

I’ve spent a bunch of time the past couple weeks diving back into node.js and into node-webkit. I started building a prototype in “native” node-webkit, but went back to separating the core app as a traditional (express-based) web app so that it can be used both online and locally more easily.

Between that and work, I haven’t been exploring Berlin as much the past few weeks (plus the weather has been sort of wet and cold), but I’ll try to be doing some of that the next couple weeks before I end up back in the US.

Lunix, Still Just Works #

August 12th, 2014 5:07

In anticipation of my DK2 arriving in Berlin (Oculus refused to update the shipping address to Berlin, so it had to make a stop in my office in LA first; it’s currently in transit), I booted up the Linux dev box I’ve been carrying around. One problem became apparent booting up: I have a Bluetooth keyboard, but the Linux bootup sequence requires a USB keyboard because I set it up (on a whim) to run a cryptfs, and also because on an unsuccessful boot (like a powerdown) the default configuration for GRUB is for it to hang on the GRUB selection screen indefinitely (you can fix this by adding GRUB_RECORDFAIL_TIMEOUT=X to /etc/default/grub and then running update-grub).

OK, I ordered a cheap keyboard on Amazon.de. Got it.

So I’m able to boot now, except now I’m getting (this is new), kernel panics while booting… something related to the rtl8821ae wifi module… This is a little strange because this didn’t show in the office, but probably had to do w/ some combination of not being on a wired network…

Turns out, there are indeed some problems:

In the meantime I’ve blacklisted (you’ll need to remount,rw / from recovery) the rtl8821ae module. This took a lot of reboots/futzing, all told an hour+ of my life I’ll never get back.

Lunix, after a couple decades, still just working!

Location Set By GPS #

August 8th, 2014 7:18

For those that are interested, I’ve launched a new travel blog: Location Set By GPS where I should be updating more regularly.

I haven’t been writing as much as I should, but a couple short notes:

  • I wrote my first Slack bot and am convinced that it’d be a killer app (and they’re not so far away) if they would implement a way for non-technical end-users to easily create their own. (think Excel Macros, IFTTT, Pipes)
  • I’ve been working with inline editors. Currently Raptor, but saw two interesting WP related things. One, a pay-editor called Barley that looks pretty slick, and the other being the WordPress Front-end Editor in development
  • My DK2 finally arrived in Los Angeles, now it just needs to be shipped to Berlin…

Featured on Flickr #

June 9th, 2014 1:43

Late last night I started noticing something funny – I was suddenly getting a stream of Flickr notifications on my phone (I’ve actually since temporarily disabled notifications since they got a bit out of control). I jumped onto the site to see what was up, and to my surprise, there was one of my photos sitting on the sidebar. A click through lead to the blog post (the only CC licensed one!). Even neater, it’s also currently the splash image on the main blog. Here’s the pic btw if you’re too lazy to click:

Mist

While I’ve had some links from the dev blog in the past, this is actually the first time I can recall any love from the main blog (after 10 years, finally! :) This also coincidentally coincided w/ hitting 1M views (not sure if this was just counting from when the stats system started) total.

While I rarely look at the stats, I figured this merited some special attention, so after a full day (Flickr’s internal stats segment on UTC), here’s some tidbits:

  • Total traffic was about 25-30K views
  • Less than 100 visits came from the Flickr blog! Most of the rest (~25K) came from the Flickr site itself (sort of makes sense but the sidebar links to the blog post so who knows what’s up)
  • Only 1,088 of the views went to the specific picture. It acquired 233 likes. (21.4% of people who saw it liked it?!?)
  • Probably most interesting, is that over a dozen other photos had 300+ views and over 50 other photos had 200+ views that day – this is an incredibly long tail, and I think while there’s been much bellyaching about the new Flickr design, I think that sort of engagement has a lot to do w/ how quick/easy/rewarding it is to page through streams.

It’ll be fun to see what all these new followers think about my China pics (I’ll be uploading in the next couple days).