Otherwise Occupied - Computing

Net Neutrality Symposium at USF

gregh — Thu, 17 Jan 2008 01:59:29 -0600

The Intellectual Property Law Bulletin at USF is holding a symposium on Net Neutrality. Here are the details:

Net Neutrality refers to free access to the Internet without discrimination based upon content, how often a user accesses the Internet, or the type of services and programs used.

The University of San Francisco School of Law Intellectual Property Law Bulletin is sponsoring The Toll Roads: The Legal and Political Debate Over Network Neutrality, a symposium to increase awareness about network neutrality, bringing together lawyers, academics, economists, and technologists for a balanced debate on the issue. Panelists include Tim Wu, Richard Clarke, Lawrence Spiwak, and many others.

When: January 26th, 2008 8 AM - 7 PM
Where: Fromm Institute on the University of San Francisco main campus
Web: http://www.netneutrality2008.org
Cost: Professionals (6.0 Units MCLE Credit): $100
Non-professionals: Free - $75 (see registration page for details)
Register: http://www.netneutrality2008.org/Registration.html

My current intention is to attend. It should be interesting. I'm not a huge proponent of mandated neutrality, and I'm bothered that most advocates (and some of the statements on the symposium site) suffer from the seeming belief that the Internet is and has been neutral, whereas it isn't and never has been. Hopefully, someone will be trumpeting that side.

SQL injection isn't funny?

gregh — Thu, 11 Oct 2007 01:55:54 -0500

SQL injection humor isn't funny? That's what I was informed as I was leaving school tonight. Oddly, I laughed pretty good at it. I got it from a Facebook Friend update, with SarahD laughing at it. It popped up on my Planet Identity feed later in the day. Whew. I know I'm not the only one who gets it; in fact, I imagine a good number of my regular readers do. Could be wrong...

However, here's an attempt at humor that fewer will get. It actually popped in my head when I read it, but I forgot about it. Same strip, but I've added a caption:

"Eve, why do cats suck?"

Nothing like a little SQL injection humor...

gregh — Wed, 10 Oct 2007 13:22:21 -0500

Daily blogging.

gregh — Tue, 14 Aug 2007 00:12:56 -0500

Whew. I'm done.

I just let the time pass, leaving no entry on the archives calendar for August 13, 2007. On June 5, I decided to start blogging at least once per day until the end of the summer. Now, school doesn't start for another week, but it was time to let this go. Now I've got the blemish on the calendar. No more struggling to get a post out if I can't find anything meaningful to say.

I'm sure that won't mean an end to meaningless posts. But then, what truly is meaningless? Today, someone arrived on the site via a Google search for "paul anka freedom american gilmore". As it happens, this site comes up first in such a search. Can a post be meaningless if some lost soul comes to it from the vastness of the Internet?

More on getting it.

gregh — Sun, 05 Aug 2007 23:50:00 -0500

Earlier, I posted with a fairly abrasive title, suggesting that a newsletter about blawgging that is available only by email struck me as odd. The newsletter publisher, Sheryl Sisk Schelin, of blawg The Inspired Solo, posted some thoughtful responses as comments on the original.

I bring this back up largely to address the thought more completely.

The title of the post was, "How to convince me you don't get it." (emphasis added.) I completely understand her points. Chunks of my day job have been spent proselytizing on the benefits of syndication and "Web 2.0." Other chunks of my day job have been spent wedging email notifications into products where moderately flexible feed notifications exist. I understand that it's a small community that truly gets feeds.

That it's a small community that gets it is precisely why I feel that those pushing blogs (and blawgs) should be utilizing the technologies to their utmost. That readers may not all use feed readers or even understand what that means, however, doesn't diminish the importance of using feeds for publishing. It makes it more important!

There are tools, such as Feedburner Email, to allow the recalcitrant users to subscribe to feed-based publications via email. There are tools in most publishing platforms to do the same. It's certainly possible to publish by feed and allow subscriptions via email, all without the user knowing what's going on at all. But more importantly, surely part of that publication will be education, and what better way to educate a user about the feed than to give examples of the the precise content they're looking at as a feed?

Obviously, publishers may publish however they want. However, in my opinion, if one truly gets and values syndications and feeds, it only makes sense to publish everything appropriate via feed and to make allowances for others when needs arise.

How to convince me you don't get it.

gregh — Thu, 02 Aug 2007 17:28:01 -0500

Introducing the Inspired Blawggers Newsletter!:

You might notice, if you're reading this on the blog's website, that I've got a new addition to the sidebar - a prominent link to a new page where you can sign up to join the newly minted Inspired Blawggers newsletter mailing list!

This newsletter is going to feature all new content - stuff you won't find on Inspired Solo or anywhere else, for that matter. Articles written exclusively for the newsletter will include a host of topics of interest to lawyers who blog:

"I will inspire you to be a better blawgger by forcing you to sign up for an email newsletter."

For those of us who realize the benefits of syndication, the notion of being forced into email newsletters is crazy. Email doesn't allow for the richness, the linking, the sharing, or the cataloging that syndicated web content does. There is really only one compelling reason to make this sort of move: identification of readers to advertisers. That's hidden in code here: "in addition to new and exclusive content, subscribers will also receive advance notice of new services and products from Inspired Consulting. . . ." But then there's my favorite: "regular “best of the blog” feature where I’ll highlight some of the most useful posts at The Inspired Solo since the last newsletter was issued."

Tell me again how an email newsletter is supposed to inspire me about blogging? And please, tell me how seriously I'm supposed to take a blogger who resorts to a an email newsletter for content distribution.

Wireless insecurity: a reminder

gregh — Thu, 02 Aug 2007 16:21:50 -0500

Last summer, ZiefBrief reported that wireless was coming to the library. There was a note in that article: "(Our helpful Law IT staff ask us to remind you that, wireless being wireless, it will never be 100% secure. So please don't us it for your online banking and such!)"

I commented with some of my thoughts about why that was important. Our public networking uses a wildly insecure method for authenticating users and authorizing access. The first, most obvious problem is that no wireless encryption is used. All communications with the wireless network are in the clear, and anyone within range can watch your traffic. Second, there's no authentication of the wireless network; that is, there's no way for the user to know that the "USFWireless" SSID they connect to is, in fact, USFWireless. Finally, because there is no authentication of the wireless network and no wireless network authorization, authentication to the public network happens by means of a jail, which is opened by means of a form on an apparent transparent HTTP proxy.

Why is that a concern? Rather than redirect the request to an authentication host with an appropriate, properly sign TLS (nee SSL) certificate, the request is simply hijacked. Users are lulled into accepting these poorly signed certificates as a regular part of getting online. It becomes second nature to ignore those warnings, and I'm sure many do. That opens up a prime opportunity for a man-in-the-middle attack. Even if you send all of your traffic across an encrypted channel, if you get to the point you simply accept "bad" certificates, you no longer know who is watching your data.

This came to mind today as I was reading this article from the Washington Post. It describes new, automated tools for sniffing credentials from the "wire" and using them to connect to common online services. Similar attacks on USFConnect (the university intranet) aren't hard to imagine. It's never been particularly hard to pull this off; it's just that now folks are demonstrating automated tools to do the job.

And so, this is a gentle reminder to watch the certificates you're granted while you're surfing online. Be careful with the information you send around on insecure wireless networks, and that especially includes relatively public places like the law school. Perhaps one of these days, the IT folks will see fit to strengthen the protections; it's not hard, but the user support can be daunting. For the time being, wireless continues to be unsafe, even though its use can be a calculated risk.

Regular blogging

gregh — Wed, 01 Aug 2007 21:48:38 -0500

Whew.

If you look at the archive calendar on the right for July 2007, you'll notice that every day has an entry. On June 5, I set out with a goal of some meaningful post each day. I've had to settle for a post every day since. There have been some popular posts in that time, and there have been some that have had to undergo several revisions as I rushed to get them out by the day's deadline.

I may continue this push until school starts; I may not. Quality over quantity is a better goal. If I can't get out something meaningful each day, it probably doesn't make sense to post. In the next few days, I do expect to make some changes:

A new name. I'm still trying to decide.
A new look. I've been working on new themes.
Integration with my Google Reader Shared Items and my del.icio.us tagged items.
A Drupal upgrade. This should be invisible to users, unless I screw it up. However, I do plan on integrating Drupal's OpenID support for my small community of commenters.

More when it happens.

First Day of N.Y. Bar Exam Marked by Software Snafus

gregh — Wed, 25 Jul 2007 23:22:35 -0500

Law.com - First Day of N.Y. Bar Exam Marked by Software Snafus:

Test takers who typed the essays on the New York state bar examination into their laptop computers this week experienced problems saving their work and uploading the files for transfer to graders, the chair of the Board of Law Examiners acknowledged Wednesday.
...
The board suspects that a flaw in the Secure Exam software provided to test takers by Software Secure Inc. is responsible for the computer glitches, said Diane Bosse, chairwoman of the Board of Law Examiners. Even as the board was administering the second day of the two-day bar exam Wednesday, officials were trying to determine how many test takers were affected by the software problems and whether any of their essays would be lost.

Because there aren't enough pressures when taking the bar exam, lousy software also comes into play. Securexam is the same thing we use for our final exams, and even on our limited scale, and even with requirements to do practice tests prior to exams, we still have people with problems.

As I've previously written, I find the whole notion of locking us down somewhat offensive. However, I guess for the bar exam, with thousands of people, policing the situation in a nearly anonymous environment might be near impossible.

This just in: user stupidity threatens computer security

gregh — Tue, 24 Jul 2007 22:53:14 -0500

Of course, it's easier to blame the technology.

Congress: P2P networks harm national security:

The politicians present Tuesday generally said they believe that there are benefits to peer-to-peer technology but that it will imperil national security, intrude on personal privacy and violate copyright law, if not properly restricted. Both Waxman and Rep. Paul Hodes (D-N.H.) dubbed P2P networks ongoing national security threats.

One would be led to believe this is the only way imaginable to get at this. Meanwhile, Congress all but ignores the spam issue, the bots that exist on computers around the world that allow it to happen, and the myriad other risks to government computer security. The primary risks? Untrained users on poorly secured networks.

There were some attempts at balance and sanity:

Mary Koelbel Engle, the associate director for advertising practices in the Federal Trade Commission's Bureau of Consumer Protection, said her agency has found in its studies of peer-to-peer network use that risks to sensitive information "stem largely from how individuals use the technology rather than being inherent in the technology itself."

But leave it to our elected representatives to be "impenetrable to logic":

Some politicians nonetheless lashed out at the sole representative from a peer-to-peer software company at Tuesday's hearing: Lime Wire's Gorton, who is also CEO of parent company Lime Group.

The most scathing criticism came from Rep. Jim Cooper (D-Tenn.), who launched into a lengthy monologue in which he deemed Gorton "one of the most naive chairmen and CEOs I've ever run across," and accused his company of making the "skeleton keys" that grant access to material harmful to U.S. national security.

"I'd feel more than a shade of guilt at this point, having made the laptop a dangerous weapon against the security of the United States," Cooper said. "Mr. Gorton, you seem to lack imagination about how your product can be deliberately misused by evildoers against this country." (Cooper also, at one point, claimed that Gorton's own home computer was probably leaking sensitive documents.)

Gorton know doubt rubs his hands together coolly each day thinking, "All your tubes are belong to us." Apparently the main things missing from this hearing were some moronic platitudes from Chertoff.

I really only see one solution: shut down this Internet experiment. Just flip the switch on it. It's endangering our national security, leaving no other realistic choice.