The Internet Is In Danger!

GO HERE, READ THIS: http://americancensorship.org/

Time is running out ladies and gentlemen. You need to ACT NOW, TODAY,  to prevent censorship of the internet in America. The Great China Firewall has already demonstrated how devastating to free speech this policy would be, and if we do nothing the United States will  pass 2 bills that bring us much closer to a China style internet. so WHAT CAN YOU DO?

Paste this code into your website, prefereably in the <head></head> section:

<script type=”text/javascript” src=”http://americancensorship.org/js”></script&gt;

Write to your congressman, tell everyone you know (even your enemies) to go to americancensorship.org and let the government know what you think about censorship!

Twitter, The Easiest Way To Incriminate Yourself

The Electronic Frontier Foundation is running a story about the ongoing Wikileaks investigation:https://www.eff.org/press/releases/privacy-loses-twitterwikileaks-records-battle

Apparently, the courts have ruled that private Twitter records related the case are fair game for inspectors. Users who may have had other information disclosed can’t even find out where the information was disclosed from. Now, Twitter is not to blame for the release of this information and they are keeping users up to date on any information they are forced to reveal, but this should be a wake up call for anyone still snoozing out there.

There is no guarantee that your data is safe once you have uploaded it to a third party. Even information on a service such as Twitter can be used against you. The only real defense is to not post information that may come back to bite you.

The Stop Online Piracy Act

Ars Technica is running a great story on a not so great piece of legislation that if passed, would probably make the internet a bad place for Americans:http://arstechnica.com/tech-policy/news/2011/10/house-takes-senates-bad-internet-censorship-bill-makes-it-worse.ars

In essence what it does is try to erect black lists closing off parts of the internet. Yes, people have been trying to censor things on the internet for a long time, but not always with such government sponsorship. According to the article:  The bill gives government lawyers the power to go to court and obtain an injunction against any foreign website based on a generally single-sided presentation to a judge. Once that happens, Internet providers have 5 days to “prevent access by its subscribers located within the United States to the foreign infringing site.”

I can not help but feel that this would cause an insane amount of abuse, with no way for people to defend themselves. It’s not hard to imagine the comparison to China’s Great Firewall, both are controlled by the government and deployed with the sole interest of restricting access to the outside internet.

You can read more about this bill here: http://arstechnica.com/tech-policy/news/2011/11/the-borderless-internet-is-officially-dead.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss 

UPDATE: The EFF has published a 3 part series on the Stop Online Piracy Act

https://www.eff.org/deeplinks/2011/10/disastrous-ip-legislation-back-–-and-it’s-worse-ever

https://www.eff.org/deeplinks/2011/10/sopa-hollywood-finally-gets-chance-break-internet

https://www.eff.org/deeplinks/2011/11/hollywood-new-war-on-software-freedom-and-internet-innovation 

Paypal, The Risks and Rewards

Many people use PayPal to pay for and sell goods and services online. It is convenient, simple to use and always open for business. When you think about it, PayPal is a lot like a bank. It looks like a bank and acts like a bank, but there is one major difference. Using PayPal is a lot riskier than using a bank: 7 Big Risks

A good example of both would be how PayPal helped to make Mojang millions of dollars, and the decided that they hadn’t quite earned them yet: http://www.escapistmagazine.com/news/view/103385-PayPal-Freezes-750K-in-MineCraft-Devs-Account

You see, PayPal gets to decide the rules when it comes to transactions it handles. It can hold money that you have earned with little or no reason for an indefinite amount of time. The real damage is dealt when companies such as Mojang need to pay their employees, and can not because their payroll money is frozen. If a hold remains for long enough, a company may be forced under, unable to pay for its own upkeep. Its a hard lesson to learn, but one that is repeatedly taught to Indie game developers and small businesses all over the world.

Companies aren’t the only ones affected by this policy. Let’s say you sell a tv on ebay, using PayPal. The buyer sends the money, and PayPal puts a 21 day hold on it. At this point, even though the goods will be delivered before you are paid, you are obligated to send the item. That 21 day hold may turn into an indefinite hold. The buyer has his tv, paid for it, and PayPal gets to keep all the money.

So PayPal is risky, but there has to be a better way to make money right? Well lucky for you, here is a list of no less than 17 alternatives to PayPal. Take a look, shop smart, and keep your money safe: http://blog.webdistortion.com/2010/07/28/paypal-alternatives-e-commerce/

 

Adobe To Phase Out Flash

Well, this isn’t a suprise. Multiple sources are writing about Adobe’s exit from the mobile arena, and they are taking Flash with them. As of now, all our Android devices are stuck at whatever version of Flash they currently have, only to be updated with security patches. Its no suprise, Flash has long been seen as having an incredible amount of security flaws. It’s buggy nature has crashed tablets and eaten batteries everywhere, and Apple has continually made a strong case to keep Flash off iOS, as this letter by Steve Jobs shows:

http://www.apple.com/hotnews/thoughts-on-flash/

But what will replace Flash? HTML5 is really the only other competitor, and even Adobe seems to be supporting it these days, having released their own Flash to HTML5 conversion tool to ease the transition:

http://blogs.adobe.com/jnack/2011/03/wallaby-flash-to-html5-conversion-tool-now-available.html

I see HTML5 adoption as progress, not just for mobile devices, but for everyone, and although Flash has done things never done before, its time for Flash to retire.

UPDATE: Adobe product manager Mike Chambers has some interesting words for Apple.

http://www.engadget.com/2011/11/11/adobe-product-manager-fingers-apple-for-death-of-flash-player-fo/ 

 

 

 

 

When Good Enough Is Usually Not Good Enough

Is your anti-virus program good enough? It is probably written by a large, reputable company, and updated frequently. Its probably good at detecting viruses and keeping  your computer locked down. But it has limits. As this AV-Comparatives report shows, not all anti-virus programs are made equal, and NONE of them can stop every intrusion: http://www.av-comparatives.org/images/stories/test/dyn/wpdt2011_1_en.pdf

So its not good enough to just get an anti-virus program and call it a day. You need to be secured as well. One of the best ways of doing this is to lie to yourself. Tell yourself that you don’t have an anti-virus program installed. No anti-virus program is perfect, so why act like yours is? Would you click on that link if you weren’t protected? How about run that program that downloads more ram for you? It isn’t good enough to rely on the computer to protect you. It’s your job to protect it.

Rasberry Pi, Delicious and Dangerous

There is a new computer coming out in 2012, and it’s an amazing little piece of hardware. The Rasberry Pi is a 700mhz Arm computer capable of outputting 1080p video over hdmi and composite video. The base model will retail for $25, and draw less than 1 watt of power under full load. The developers envision it as a way to get kids interested in computing, introducing them to programming and Linux at an early age on the cheap. But the device has a lot more potential than that. I can think of almost as many ways it could be used for malicious purposes as benign.

At minimum usage, the rasberry pi draws only 180 milliamps of power. Most usb ports can output up to 500mA of power. The rasberry pi is small enough to hide inside other devices, leeching off of usb power provided by the computer. That means that once someone writes a piece of software that turns it into a keylogger, you can upload that to a hundred rasberry pi’s and distribute them in a wide area on the cheap. Alternatively, you could put one inside of a computer tower, and use it as an proxy connection, file repository, or anything else your heart desires.

It doesn’t matter if the pi is discovered, only that it steals enough passwords, credit cards, or social security numbers beforehand. Another plus is that the rasberry pi is designed to be simple enough for children to use, which means that its simple enough for the dumbest criminals. Sys Admins may find themselves with a large security problem, and a larger collection of these computers in a very short time.

For more information on the rasberry pi, visit their website:

http://www.raspberrypi.org/ 

Crossing the Border, How To Lose Your Laptop And Your Personal Information

You might be planning a trip outside of the US soon. Maybe on a train, a plane or by car. Whatever method of transportation you use, you may want to consider leaving your laptop and any other gadgets behind. Reports of laptops and phones being confiscated, opened and examined, and sometimes stolen make bringing them along a risky proposition.

There are multiple cases of TSA agents stealing or seizing laptops, never to be returned. In the case of Nelson Santiago, he would go through peoples luggage looking for anything of value, and stick it in his pants! Goods were often sold before the end of his shift, most of them unrecovered: http://www.geek.com/articles/gadgets/tsa-agent-caught-stealing-passengers-ipad-hides-it-in-his-pants-2011078/

Ok, so Santiago wasn’t doing anything that the TSA would officially stand by, but what about the official government policy on border security? “Federal agents may take a traveler’s laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing”. Yikes! That means that any border agent can take your laptop, without any justification, and then NEVER RETURN IT:

http://www.schneier.com/blog/archives/2008/08/us_government_p.html 

So do yourself a favor, next time you feel the urge to travel, leave your brand new laptop at home.

Name Brand, Quality You Can’t Always Count On.

For the past two years, the US Military has found itself in a bit of a problem. Simple parts intended for large scale systems, as well as complex equipment from companies such as Cisco, seems to come with a hidden Made In China sticker on it. The only problem is that the military didn’t order these parts from China.

Counterfit parts seem to be flooding in from China at a rate that is only increasing: “The committee’s ongoing investigation found about 1,800 cases of suspect counterfeit electronics being sold to the Pentagon. The total number of parts in these cases topped 1 million. By the semiconductor industry’s estimates, counterfeiting costs $7.5 billion a year in lost revenue and about 11,000 U.S. jobs.”

The previous excerpt, taken from this Associated Press article: http://www.google.com/hostednews/ap/article/ALeqM5g2LXrmqdue1S5B_Orrm6wNrEmFaQ?docId=93df24c9b63243ae943250ee25b3299f highlights the problem now facing the US and other countries. Besides the quality issue, there is the chance that hardware specifically designed to infiltrate US systems and cause havoc, such as the stuxnet worm, has already been integrated in a military database somewhere. Or a missile system. If the military is having this kind of trouble assuring that its parts are genuine, what does that mean for the average joe and his new wireless router? Can he trust that it will keep him secure?

For more on this extremely serious issue, see the following:

http://www.geek.com/articles/chips/over-a-million-fake-chinese-electronic-parts-found-in-u-s-planes-ships-missiles-2011118/

http://www.newser.com/article/d9qs49d81/lawmakers-describe-counterfeit-electronic-parts-flooding-into-militarys-supply-chain.html

http://www.newser.com/article/d9qss1501/electronic-industry-officials-describe-ticking-time-bomb-of-counterfeit-weapons-parts.html 

Mozilla’s New Development Model, Good or Bad?

Starting with Firefox 4, Mozilla has had a new development model that is designed to get features out as soon as possible, in order to make their browser as competitive as possible. Perhaps it is because Mozilla is rapidly losing market share, most notably to Google Chrome: http://www.tested.com/news/firefox-loses-market-share-but-mozilla-doesnt-mind-much/2969/

We should first examine what exactly that new development model is. As of right now, most development of Firefox is done via Mozilla-Central. Development builds of this can be downloaded via Firefox Nightly. Builds of Nightly are highly buggy, but contain the newest features. If the dev team has a problem with a particular part of the next version of Firefox, they simply freeze that component and push the rest through Aurora, Beta, and Release candidates successively. This helps to ensure that a working component of Firefox is never held back from release. Also, a complete explanation can be found here: http://mozilla.github.com/process-releases/draft/development_specifics/

Getting more features faster sounds like a good thing right? Well there are some problems that have become apparent after Mozilla’s switchover. Having 4 builds of Firefox also means that add-ons built for Firefox 4 are not guaranteed to work in Firefox 8, or Firefox 9. Every time Mozilla updates their browser, add-ons may need updating as well. Then there are the security risks that come with using beta, alpha, or even pre-alpha software not designed for release. With a shorter development time, bugs may not become apparent until long after release, allowing for exploits to take advantage of the browser.

For Mozilla at least, the most important question is: “Will this make our browser better for end users?”. As of now, I am not sure.