www.nytimes.com/2014/01/19/business/eagle-scout-idealist-drug-trafficker.html #d9c7144c4e5b98786adcfde66ad059a0
The goal of the arrest, at 3:15 p.m. on Oct. 1, 2013, was not simply to apprehend Mr. Ulbricht, but also to prevent him from performing the most mundane of tasks: closing his laptop.
highlights  from:instapaper  dt:year=2014  dt:month=04  dt:day=23  url:091db1490413e6b07c91ac573c7cb50b 
13 hours ago
dConstruct 2014 — Aaron Straup Cope
At each of these places, Aaron has left a trail of machine tags and maps in his wake.
aaronland  dconstruct 
20 hours ago
A system for sharing secrets using Shamir's Secret Sharing Scheme.
python  security 
20 hours ago
Heartbleed as Metaphor #0e74b383c5fe7f330af2f74ad5aaad18
One example of an effective monoculture, albeit within a domain that is almost but not quite Internet-scale, is the home and small business router market. Most on offer today are years out of date in software terms and there is NO upgrade path. Those routers can be taken over remotely and how to do so requires low skill. That they have been taken over does not diminish their usefulness to their owner nor is that takeover visible to their owner. The commandeered routers can be used immediately, which may be the case with an ongoing banking fraud now playing in Brazil, or they can be staged as a weapon for tomorrow, which may describe the worm called TheMoon that is now working its way through such devices. The router situation is as touchy as a gasoline spill in an enclosed shopping mall.
heartbleed  security  highlights  from:instapaper  dt:year=2014  dt:month=04  dt:day=23  url:db55b1b5cbb59a60452a0fa5b5200aa9 
21 hours ago
India’s largest public art project lands at Mumbai airport | Art Radar Asia #30d331404343f384bb03a846bd1eaeff
For Sethi, an airport was an ideal location for such a project, not least owing to its security and regulated temperatures. He was quoted in The Sunday Guardian as saying,

We are a nation in flux – and airports are resonant of this sense of transition more than anything else.

However, the idea of transforming airports into something more than merely liminal, functional spaces is not new. Amsterdam airport displays works from the Rijksmuseum, France’s Toulouse airport has been exhibiting contemporary art since 2012, and Paris’ Charles de Gaulle launched a museum of works by illustrious French artists in 2013. Airports in South Korea, Mexico and even New Delhi – which contains works by M.F. Hussain, Paresh Maity, Seema Kohli and Satish Gupta – house similar projects. But Mumbai’s airport museum is the largest and most ambitious of them all.
airports  museum  artisyourfriend  highlights  from:instapaper  dt:year=2014  dt:month=04  dt:day=22  url:687e223ba3a57fa140da50f88da234d3 
Eyes Over Compton: How Police Spied on a Whole City #e8e382cb175c27697b0de5dfbb32caec
Sgt. Douglas Iketani acknowledges that his agency hid the experiment to avoid public opposition. “This system was kind of kept confidential from everybody in the public,”he said. ”A lot of people do have a problem with the eye in the sky, the Big Brother, so to mitigate those kinds of complaints we basically kept it pretty hush hush.”
surveillance  highlights  from:instapaper  dt:year=2014  dt:month=04  dt:day=21  url:5788a2abc842fb6054c67085532e8cdf 
2 days ago
Restaurant Review: M. Wells Steakhouse in Long Island City, Queens - NYTimes.com
They know that we go to steakhouses to feel more alive. They respond appropriately, even if that sometimes means feeding us enough to kill us.

Let other chefs precisely engineer 130-degree steaks with immersion circulators and digital thermometers. Mr. Dufour has gone back to the cave, grilling meats over a crackling wood fire. This makes the steaks smoky, of course, and a little uneven, slightly overdone in spots, the meat seasoned with the scorch of burning fat. It’s an imperfect steak, and those imperfections are just the kind of the premodern thrill that makes a traditional steakhouse great.

When we go to a steakhouse, we want to wrestle with our own appetites, to learn their exact dimensions. Luckily, confrontational portions are the way Mr. Dufour signs his name.
food  resto  nyc  steak 
3 days ago
Yahoo Acquisitions Power Flickr’s New Object Recognition Search, Editing And Video Capture | TechCrunch
"In fact, Yahoo is doing actual object recognition in searches now, automatically generating tags from things it recognizes in your images. Is there a cat in your picture, but you didn’t tag it cat, or bother to tag it at all? No problem, Flickr’s new search will see the cat and transparently add a “cat” tag, surfacing it in search results. The same goes for dogs, horses, sunsets and a variety of other subjects."

Any bets on whether you'll be able to get any of this stuff back via the API?
flickr  roboteyes 
6 days ago
When ‘Liking’ a Brand Online Voids the Right to Sue #b7c1c951c357ad1e9e4b14a764919b50
General Mills, the maker of cereals like Cheerios and Chex as well as brands like Bisquick and Betty Crocker, has quietly added language to its website to alert consumers that they give up their right to sue the company if they download coupons, “join” it in online communities like Facebook, enter a company-sponsored sweepstakes or contest or interact with it in a variety of other ways.

Instead, anyone who has received anything that could be construed as a benefit and who then has a dispute with the company over its products will have to use informal negotiation via email or go through arbitration to seek relief, according to the new terms posted on its site.
motive  law  highlights  from:instapaper  dt:year=2014  dt:month=04  dt:day=17  url:2823d28cd4b2ef4bd342f587d5c77ee0 
6 days ago
A Life with a View #b52e1b7d5def73602ddc475f47fa9161
You can imagine a more poignant version of this conversation over an iPad showing a Facebook feed. The Internet, with its constant parade of lives-that-might-have-been-yours and classmates-not-dated, is a jungle of yearnings. Yearnings that were once confined to fading and static memories of childhood, occasionally awakened by petrichor, now sneak into your life as a steady, colorful stream of living confusion, via windows in present realities. There was no equivalent in the past to being a silent spectator of other lives by default. You either had active, evolving relationships of mutual influence, or mutual invisibility. Like passengers on subways, we only saw people on other routes at stations. There were no relationships of continuous mutual spectatorship.
network  highlights  from:instapaper  dt:year=2014  dt:month=04  dt:day=17  url:dad5fb434d4d312a42edb9c83fb61918 
6 days ago
Michael Lewis: 'Wall Street has gone insane' #f55b9333fa8fdd2ada0f1810ed3379b7
The cornerstone of Flash Boys is a discovery made by an obscure Canadian banker, Brad Katsuyama, who noticed that whenever he tried to execute a trade, the stock price moved before the order went through. A long and tortured investigation revealed that the variable speeds at which trading information travels down fibre-optic cables to the exchanges was being exploited by brokers and high-frequency traders – so-called for the volume of trades they make – to jump the queue, buy the stocks in question and sell them back at a higher price to the person who expressed the original interest.
finance  motive  highlights  from:instapaper  dt:year=2014  dt:month=04  dt:day=17  url:b7fc7d1a6d7aff330220e936b9f5b90d 
6 days ago
Webstock '14: Erika Hall - Beyond Measure on Vimeo
"Biochemical facts were no match for a good story."
design  erikahall 
7 days ago
What Is This Future? | Datacide #f898c39c9d2f7ec46009eb44c1724ca6
Awarenesses will see this world, and together they will make a culture. The question is not if a culture will develop from the storm, but what it will be. A culture rising during a rapid recombination of agrarian, industrial, and information society, combining spirituality with spiritual machines, bio-mechanical medicines with ancient traditions. A culture experiencing radical self reliance and radical oppression, warlords and social media, space travel and ever more ubiquitous surveillance. There are many directions culture can develop within disruption, some are expansive and some are horrible. In this regard the counter culture wave of the 20th century is the counterpoint to the Weimar Republic’s slide into the Third Reich. Our contribution today is to make a demonstration. We might not have a connection to “the future” but we can have a connection to its people, we can help this future culture in its coming into being. The path is not in detailed ideology or rigid conception, but in practices and principles. Our words, critiques, actions, and stories converse with the future. What matters is collaboration across time. Our powerful vantage is our locus in history, recognizing and reflecting the paradox of a future without a future. We might not stop disaster, but relaying our intention is crucial.
highlights  from:instapaper  dt:year=2014  dt:month=04  dt:day=16  url:9be2a066bcd585368cde48032af446d7 
7 days ago
State photo-ID databases become troves for police #50a87450a738f3df515d56a230782d4b
A detective in Carlisle, Pa., attempting to learn the real name of a suspect known on the street as “Buddha the Shoota” compared a Facebook page picturing the man with the mug-shot database and got a promising lead.

“Facebook is a great source for us,” said Detective Daniel Freedman, who can do facial searches from his department-issued smartphone. “He was surprised when we walked in and said, ‘How you doin’, Buddha?’  ”

He said the suspect responded, “How you know that?” — to which Freedman replied simply, “We’re the police.”

Safeguards and trends
surveillance  facebook  peopletagging  highlights  from:instapaper  dt:year=2014  dt:month=04  dt:day=16  url:b9442c4e3953426debe4920a2a2f99e4 
7 days ago
All the News We Hope to Print #1a651057f7c24e977b93ec71c1a05e88
What is the point of this practice? The short answer is that there are too few opportunities for people to come together in public discussion about the future. Future forecasting is generally left to the "experts." Science fiction offers a more populist approach, but it too often offers a nearly unrecognizable image of the world. The newspaper format—digital or print—is effective because of its familiarity to so many people, and because of its aura of authority. Seeing a well-known media outlet describing events of the future has the potential to prompt concrete thinking and widespread discussion about what lies ahead.
designfiction  papernet  highlights  from:instapaper  dt:year=2014  dt:month=04  dt:day=16  url:db4fb250a19e6ca23e90b6447d993304 
7 days ago
State photo-ID databases become troves for police #f2228fffc363781021b8e15c18ea5b92
The most widely used systems were honed on the battlefields of Afghanistan and Iraq as soldiers sought to identify insurgents. The increasingly widespread deployment of the technology in the United States has helped police find murderers, bank robbers and drug dealers, many of whom leave behind images on surveillance videos or social-media sites that can be compared against official photo databases.
surveillance  highlights  from:instapaper  dt:year=2014  dt:month=04  dt:day=16  url:b9442c4e3953426debe4920a2a2f99e4 
7 days ago
jwz: Heartbleed Hit List
Also I'd like to point out again that nearly every security bug you've experienced in your entire life was Dennis Ritchie's fault, for building the single most catastrophic design bug in the history of computing into the C language: the null-terminated string. Thanks, Dennis. Your gift keeps on giving.
c  design  software  heartbleed 
12 days ago
Avoiding ‘words to avoid’ | Inside GOV.UK
To help publishers avoid these words, we’ve built a new feature in Whitehall Publisher that highlights the words to avoid in the text as you type.
12 days ago
Answering the Critical Question: Can You Get Private SSL Keys Using Heartbleed? | CloudFlare Blog
"We modified our test version of NGINX to print out the location in memory of each request (s->s3->rrec.data), whenever there was an incoming heartbeat. We compared this to the location in memory where the private key is stored and found that we could never get a request to be at a lower address than our private keys regardless of the number of requests we sent. Since the exploit only reads higher addresses, it could not be used to obtain private keys."
heartbleed  security  whosonfirst 
12 days ago
Schneier on Security: More on Heartbleed
This may be a massive computer vulnerability, but all of the interesting aspects of it are human.
12 days ago
NSA Said to Have Used Heartbleed Bug, Exposing Consumers - Bloomberg
While many Internet companies rely on the free code, its integrity depends on a small number of underfunded researchers who devote their energies to the projects.

In contrast, the NSA has more than 1,000 experts devoted to ferreting out such flaws using sophisticated analysis techniques, many of them classified. The agency found the Heartbeat glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency’s toolkit for stealing account passwords and other common tasks.
nsa  surveillance  heartbleed 
12 days ago
How the Guardian uses GitHub to audit GitHub | Info | theguardian.com
These are the simple security requirements gu:who enforces on each account in order to help make your code more secure:

Two-factor authentication enabled
a full name in their GitHub profile, helping you identify users you can't identify by username alone
Sponsor – a more senior member of staff willing to vouch for the validity of the user’s membership in the organisation

That last one is interesting because of the way it’s expressed. The senior member of staff adds the user to a users.txt file in a dedicated GitHub repo, taking responsibility via git-blame for the user being in the organisation. This ensures there’s always someone to go to when membership for a dodgy account is in doubt.
guardian  github  provenance  whosonfirst  security 
12 days ago
The unveiling of ‘East-West/West-East’ by American artist Richard Serra in Qatar’s Brouq Nature Reserve
Set in a natural corridor formed by gypsum plateaus, East-West/West-East spans over a kilometre in length, and crosses the peninsula of the Brouq Nature Reserve connecting the waters of the Gulf. East-West/West-East consists of four steel plates measured by their relation to the topography. The plates, which rise to 14.7 meters and 16.7 meters above the ground, are level to each other; they are also level to the gypsum plateaus on either side. Despite the great distance that the plates span, all four can be seen and explored from either end of the sculpture.
The unveiling coincides with the artist’s first solo show in the Middle East at Al RIWAQ DOHA Exhibition Space and QMA Gallery at Katara where visitors can see an ambitious new large-scale work, Passage of Time, which is made up of two 66.5m long and 4.1m tall steel curves that snake diagonally through the exhibition space, and works from different periods of Serra’s fifty year career of sculptures and drawings. The exhibitions, both entitled Richard Serra, are curated by Alfred Pacquement, curator and former Director of theNational Museum of Modern Art, Centre Pompidou, Paris, and run from 10th April to 6th July 2014. The commission and exhibitions follow the 2011 installation of the artist’s first public artwork in the Middle East, 7, a vertical steel sculpture in the MIA (Museum of Islamic Art)Park.
sculpture  serra  artisyourfriend  qatar 
12 days ago
Download the first experiment in algorithmic publishing from Milan
"The three PDFs downloadable now from Dezeen were generated last night by an algorithmic journalism machine, using software that combines voice recognition technology and social media content posted using the #OnTheFlyMilan hashtag."
13 days ago
Alien Squad
"alien squad", aka: surveillance photos of 1930s communist and nazi groups in nyc city
nyc  surveillance  archive 
13 days ago
Surveillance Photos of NYC Communists and Nazis Go Online
look, history removed from the consequence of the present...
archive  motive  surveillance  photography 
13 days ago
"opinions is a small Web application that watches the Supreme Court of the United States website for new opinions, downloads the PDFs for each decision and looks for external URLs to use as seeds for web archiving. "
scotus  law  americaland  archive 
13 days ago
NTP Amplification Attacks Using CVE-2013-5211 | US-CERT
The attack relies on the exploitation of the 'monlist' feature of NTP, as described in CVE-2013-5211, which is enabled by default on older NTP-capable devices. This command causes a list of the last 600 IP addresses which connected to the NTP server to be sent to the victim. Due to the spoofed source address, when the NTP server sends the response it is sent instead to the victim. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim. Additionally, because the responses are legitimate data coming from valid servers, it is especially difficult to block these types of attacks. The solution is to disable “monlist” within the NTP server or to upgrade to the latest version of NTP (4.2.7) which disables the “monlist” functionality.
security  ntp  spacetime  ddos 
14 days ago
Heartbleed and Pinboard (Pinboard Blog)
In layman's terms, the bug was the equivalent of asking a stranger "hey, what's up?" and having them tell you their most private thoughts, going on about their divorce, sharing their credit card info, whatever was on their mind at the time. You could keep asking "what's up" as often as you wanted, and hear new things each time. Worst of all, the stranger would have no recollection that it had happened.

Of course, I heard about heartbleed before it was cool. The servers were patched by around 7 PM on Monday night, California time, before half the Internet started casually playing with Python scripts that exposed the bug.

So only truly malicious people could have seen your Pinboard secrets. Hooray!

In awful times like these, it's good to stop and reflect on the timeless wisdom of the Pinboard security page:

"Please do not store truly sensitive information in your Pinboard account."
heartbleed  pinboard 
14 days ago
What Heartbleed Can Teach The OSS Community About Marketing | Kalzumeus Software
CVE-2013-0156 was the Rails YAML deserialization vulnerability. ”Oh! I remember that one!”, said the technologists in the room. Your bosses don’t. Your bosses / stakeholders / customers / family / etc also cannot immediately understand, on hearing the words “Rails YAML deserialization vulnerability”, that large portions of the Internet nearly died in fire. After I wrote a post about that vulnerability I was told for weeks by frustrated technologists about e.g. VPs nixing remediation efforts due to not understanding how critical it was. That’s a failure of marketing.

Compare “Heartbleed” to CVE-2014-0160, which is apparently the official classification for the bug. (I say “apparently” because I cannot bring myself to care enough to spend a minute verifying that.) Crikey, what a great name that is.
heartbleed  marketing  design 
14 days ago
You Are Here
"You Are Here is a study of place.

Every day for the next year, we will make a map of a city in which we have lived.

Each of these maps will be an aggregation of thousands of microstories, tracing the narratives of our collective experience. We will make maps of the little things that make up life — from the trees we hug, to the places where we crashed our bikes, to the benches where we fell in love.

Over time, we will grow this to 100 different maps of 100 different cities, creating an atlas of human experience.

We hope that by showing these stories, we empower people to make their city — and therefore the world — a more beautiful place.

You Are Here is a project of the Social Computing Group at the MIT Media Lab."
maps  youarehere  via:bcamper 
14 days ago
Errata Security: 600,000 servers vulnerable to heartbleed
We found 28,581,134 machines (28-million) that responded with a valid SSL connection. Of those, only 615,268 (600-thousand) were vulnerable to the HeartBleed bug.
network  heartbleed 
14 days ago
Schneier on Security: Heartbleed
At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL and has had two years of unfettered access to everything.
heartbleed  knownunknowns 
15 days ago
Social Change - BKM TECH
While there is an archival viewpoint to be made and one that we see fully, for us this was about setting a priority and making changes (not always popular ones) to honor those choices. It’s about saying when we are on a platform, we will engage (which is good for the community) or we will exit because it’s not appropriate engagement strategy to just sit. Community is a two-way street and requires engagement of both parties. There are places that are less community driven (or driven in a different way) that allow for sitting — that’s why we parked things at Wikimedia. Content can sit there and it can be owned by the community in a way that Flickr does not allow.
flickr  commons  brooklynmuseum 
15 days ago
A Few Thoughts on Cryptographic Engineering: Attack of the week: OpenSSL Heartbleed
"As you can see, the incoming (adversarially-generated) data contains a payload length ("payload") which is trusted without bounds checks. OpenSSL then allocates a buffer for its response, and copies "payload" data bytes from the pointer "pl" into it. Unfortunately, there's no check to make sure that there are actually "payload" bytes in data, or that this is in bounds. Hence the attacker gets a slice of data from main memory -- one that's up to 64KB in length.
security  heartbleed 
15 days ago
Bay of Tweets #61b1817c5324787004f1a343a5108d78
One might have also hoped that someone in the U.S. government asked the question: What if we fail? What if we are found out?

The answer, I’m afraid, can be found in the fear and outrage that slowly filled my Facebook page on Thursday as online activists around the world found out about the project—a boneheaded idea tailor-made to taint social media as a tool of the United States, and the activists as useful idiots at best, and traitors at worst.
motive  community  highlights  from:instapaper  dt:year=2014  dt:month=04  dt:day=08  url:88b3f1eddf563d7210e16b7ca64eeeff 
15 days ago
« earlier      
/ 3d aa:ima=link aa:ima=post aa:post=10days aa:post=agency aa:post=airportcity aa:post=anti-aliasing aa:post=barcode aa:post=beta aa:post=bwr aa:post=connected aa:post=delmaps aa:post=delmaps_02 aa:post=donut-hole aa:post=dragons aa:post=enplacify aa:post=face aa:post=filtr03 aa:post=firedopplr aa:post=hills aa:post=historybox aa:post=intimacies aa:post=mw09 aa:post=mw2010 aa:post=mw2011 aa:post=mw2012 aa:post=nearby aa:post=objects aa:post=otaku aa:post=privatesquare aa:post=py-wsclustr-php aa:post=question aa:post=spacemountain aa:post=things aa:post=turkishmmap aa:post=wall aa:post=wanderdrone aa:post=woedb aa:post=woelr aa:post=ws-decode aa:post=ws-modestmaps aa:post=youarehere aa:post=zomg aa:year=2005 aa:year=2006 aa:year=2007 aa:year=2008 aa:year=2009 aa:year=2010 aa:year=2011 aa:year=2012 aa:year=2013 aa:year=2014 aaronland airplanes airports americaland android api appengine architecture archive arduino artisyourfriend aws barcode bonus bwr camera canvas capacityplanning cats cli cloudcastles clustr colour communitiesofsuggestion community computervision cooperhewitt crouching crypto css d3 data database delicious design devel dotspotting drones dt:day=05 dt:day=13 dt:day=19 dt:day=21 dt:day=26 dt:day=28 dt:month=01 dt:month=02 dt:month=03 dt:month=04 dt:month=05 dt:month=06 dt:month=07 dt:month=08 dt:month=09 dt:month=10 dt:month=11 dt:month=12 dt:year=2013 dt:year=2014 ec2 email etsy facebook finance flickr food foursquare from:instapaper galleries geo git github google hardware hidden highlights history historyboxes http instagram ios iphone java javascript jquery keyboard language law london machinetags magicwords maps mobile montreal motive mozilla museum museums-and-the-network must namingthings network newaesthetic nodejs notifications nsa nyc ohyeahthat osm osx painting papernet perl photography php pinboard play prettymaps privacy publicspaces publictransportation python raspberrypi readme redacted resto roboteyes robots s3 search security semweb sensorworld sfba solr spacetime stamen stml surveillance sysadmin tagging travel twitter typos unfinishedhistory unicode video visualization voicefromabove whosonfirst wifi wikipedia yahoo

Copy this bookmark: