Prof. Sam Liles of Purdue focuses on cyber-security and low intensity conflict. Which makes his take on the recent China hacks, and the larger implications of what Google is creating, timely.
In a riff on Google's "Don't be Evil" motto, he titles it "Evil Google: What you don't know just might hurt you." Very thought provoking, even if you know a fair bit about this stuff already.
Barry Leiba makes a good point:
"What if you were having a house built, and the builder sent you a text message: "Should we put your floor joists 16 inches on center? I need an answer immediately, or my workers are going to another job." Would you know how to respond, without asking any questions back and risking losing the day?
How about if you tried to visit a web site, and your browser responded with a popup that said, "There's a problem with the site's certificate. Should I accept it anyway?" Oh, you say that last one happened to you just this morning..."
Speaking of data - Cory Doctorow (of BoingBoing) has a neat piece of dystopian fiction up at Radar magazine - called "Scroogled". The subtitle:
Google controls your e-mail, your videos, your calendar, your searches... What if it controlled your life?
Welcome, Instapundit readers...and everyone check this out as well...
Let me pull something over from my professional life for a second, because I think it's consequential enough that you folks ought to know about it. It's not something I've done but something I've been reading about.
Google and other companies (Six Apart, among them) are going to open their API for social graphs.
The short version: Google will announce a new set of APIs on November 5 that will allow developers to leverage Google’s social graph data. They'll start with Orkut and iGoogle (Google’s personalized home page), and expand from there to include Gmail, Google Talk and other Google services over time.
What's a 'social graph', you ask...it's a map of the connections between people and between people and content.
Some of you may have noticed that Winds went down entirely for about an hour yesterday. We made major modifications to our infrastructure recently, in order to run Winds on a series of base platforms that were more CPU-friendly (Ubuntu/LightTPD not Red Hat/Apache, no more Virtuozzo or CPx control panel, which forced a hosting switch from the excellent folks at ServInt to our new friends at Pixelgate). That worked, and performance improved significantly. But yesterday... over to Ev:
"They called back and let me know what happened. It was a trackback spam attack so large, it drove the load average on the server so high that they couldn't even log in themselves without forcibly rebooting the box first. The spam attack resumed while I was on the phone with him, so I've disabled trackback. It's simply untenable to keep on, when it can disable the machine so badly that not only can't I log in, they can't log in when they're physically in front of the server."
We've killed trackbacks now, and they'll stay dead. Movable Type's approach to dealing with trackback & comment spam is fundamentally non-scalable, which means it's fundamentally broken in an age of cheap CPUs and no consequences for spammers. Worse, their security flaws forced us to migrate to MT 3.3 (and the only CAPTCHA system that works with it, plus the unfixable author link limit annoyances, etc.) and made our lives here worse, not better. We're as frustrated as some of you are.
Which is why Winds of Change.NET will be moving to Wordpress once some test migrations of other blogs are finished and confirmed to be trouble-free. Wordpress is inherently more CPU-friendly (PHP not Perl), has a wider variety of features & plug-ins, and a community that is way, way ahead in anti-spam measures. I'm hoping this can happen by mid-to late November. It would be a fine birthday present for me, and a present for many of you, too.
For those who might be inclined to tune in to the Jawa Report for details and commentary on the kidnap, torture, and murder of Pfcs. Kristian Menchaca and Thomas Tucker, the blog is under a "distributed denial of service" attack from an Islamist hacker group based in Turkey. Most other Munuvian sites are up, and we're awaiting a new dedicated server that will be capable of getting the Jawa Report back up. No prediction yet from Pixy, but it's not supposed to be a long wait. Of course time is relative under these circumstances.
Update: Much more on the kidnap and murder at Hot Air, by way of Michelle.
In a shocking illustration of the truism that more integrated databases make for larger and more lucrative honeypots/ disaster magnets, the data of approximately 26.5 million US veterans was stolen recently. A Veterans' Affairs employee disregarded security protocols and took a laptop with sensitive data home, then the laptop was taken during a burglary at the employee's residence. Information stolen included the veterans' Social Security numbers, birthdates and in some cases a disability rating.
Using this information, sophisticated criminals could obtain credit reports, bank and credit card accounts and place of residence information to complete many or all of the requirements for identity theft. That in turn enables all kinds of fraud schemes that can do irreparable damage to individuals' credit ratings and finances.
Identity theft has become a serious problem in the USA. America has far fewer limits concerning the private or public collection, trade and custody of individuals' personal data, and there is little apparent liability for its misuse or associated negligence. The Direct Marketing Association and credit lobbies have been very effective, and consumers have been big, big losers in the bargain. This is just the latest of a series of major incidents, and it is unusual only in that it is an entirely public sector SNAFU.
Unfortunately, this particular incident has been compounded by questionable official actions...
Plagiarism Today has an excellent article about spamblogs, the problems faced by Google/Blogspot, its spread to MSN Spaces, and why this is likely to be a trend:
"The bitter truth is that the Web is more vulnerable than ever to splogging, not because of clever spammers but because of ill-prepared hosts. While Google responded to pressure from the blogging world to do a better job policing its service (though the effectiveness of its response is up for debate), other hosts have not taken any clear steps and many are completely unable to handle the problems that they face now."
Yes. This has been a discussion topic on Winds following our (continuing) ban on blogspot.com in comments or trackbacks. Personally, I believe we're headed for a blog future in which owning your own domain will be the only viable option to avoid fairly widespread blacklisting. As the PT article notes:
Seems our anti-spam plug-in SpamLookup has been blocking a lot of legitimate trackbacks lately (thanks to Security Watchtower for the alert) - including all blogspot trackbacks!
The situation is now fixed, and we encourage blogs to start sending us trackbacks again so our readers and authors can follow the links and see what you've written.
CNN Money is running a story about a new IBM service that "spams the spammers." The idea behind the technology is that when a spam email is received, it is immediately sent back to the originating computer - not an email account. Or so they say.
Interesting idea, and you can find more via Shlashdot... including an early commenter who points out that CNN's description of the system and what IBM's FairUCE actually does paint very different pictures. Nor is this the only the only thing the article gets blatantly wrong. Is it too much to ask that the media hire reporters who actually understand their subjects? (this Australian reporter, who writes about open-source software and Firefox browser adoption in businesses, clearly does).
BTW, note IBM's integration requirements description for FairUCE:
(posted Jan. 6, 2005; last updated June 12, 2005)
Six Apart, the folks behind the Movable Type software that runs this site, have just released a Guide for Fighting Comment spam on weblogs via comments, trackbacks, etc. As you might imagine, Jay Allen played a big role in compiling it. It's worth any blogger's time, especially those who run MT installations.
We use our own mix of techniques here at Winds of Change.NET. I'm going to go well beyond the Six Apart guide and give you some general principles for building your own blog's defenses, then move on to what we're up to so you can see some of these ideas in action. I'll conclude by talking about the source of this problem, and what can be done.
Further thoughts and suggestions will be welcome in the comments section, of course, and this post will probably evolve over time.
