m Quec.li

Vermont Is Mad as Hell at Patent Trolls and Is Not Going to Take It Anymore

Wed, 22 May 2013 14:52:00 -0400

How Chinese hacking makes it tougher for the U.S. to stop old-fashioned spies

Tue, 21 May 2013 11:20:00 -0400

m: ?You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that?s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That?s essentially what we think they were trolling for, at least in our case.?

In 2010, Chinese hackers infiltrated a special database within Google's systems that would have identified which user accounts had been flagged by the FBI or court orders for investigation, the Washington Post's Ellen Nakashima reports. Around the same time, they also tried to break into a similar database on Microsoft's servers.

Read full article >>

Surveillance and the Internet of Things

Tue, 21 May 2013 07:15:00 -0400

The Internet has turned into a massive surveillance tool. We're constantly monitored on the Internet by hundreds of companies -- both familiar and unfamiliar. Everything we do there is recorded, collected, and collated -- sometimes by corporations wanting to sell us stuff and sometimes by governments wanting to keep an eye on us.

Ephemeral conversation is over. Wholesale surveillance is the norm. Maintaining privacy from these powerful entities is basically impossible, and any illusion of privacy we maintain is based either on ignorance or on our unwillingness to accept what's really going on.

It's about to get worse, though. Companies such as Google may know more about your personal interests than your spouse, but so far it's been limited by the fact that these companies only see computer data. And even though your computer habits are increasingly being linked to your offline behavior, it's still only behavior that involves computers.

The Internet of Things refers to a world where much more than our computers and cell phones is Internet-enabled. Soon there will be Internet-connected modules on our cars and home appliances. Internet-enabled medical devices will collect real-time health data about us. There'll be Internet-connected tags on our clothing. In its extreme, everything can be connected to the Internet. It's really just a matter of time, as these self-powered wireless-enabled computers become smaller and cheaper.

Lots has been written about the "Internet of Things" and how it will change society for the better. It's true that it will make a lot of wonderful things possible, but the "Internet of Things" will also allow for an even greater amount of surveillance than there is today. The Internet of Things gives the governments and corporations that follow our every move something they don't yet have: eyes and ears.

Soon everything we do, both online and offline, will be recorded and stored forever. The only question remaining is who will have access to all of this information, and under what rules.

We're seeing an initial glimmer of this from how location sensors on your mobile phone are being used to track you. Of course your cell provider needs to know where you are; it can't route your phone calls to your phone otherwise. But most of us broadcast our location information to many other companies whose apps we've installed on our phone. Google Maps certainly, but also a surprising number of app vendors who collect that information. It can be used to determine where you live, where you work, and who you spend time with.

Another early adopter was Nike, whose Nike+ shoes communicate with your iPod or iPhone and track your exercising. More generally, medical devices are starting to be Internet-enabled, collecting and reporting a variety of health data. Wiring appliances to the Internet is one of the pillars of the smart electric grid. Yes, there are huge potential savings associated with the smart grid, but it will also allow power companies - and anyone they decide to sell the data to -- to monitor how people move about their house and how they spend their time.

Drones are another "thing" moving onto the Internet. As their price continues to drop and their capabilities increase, they will become a very powerful surveillance tool. Their cameras are powerful enough to see faces clearly, and there are enough tagged photographs on the Internet to identify many of us. We're not yet up to a real-time Google Earth equivalent, but it's not more than a few years away. And drones are just a specific application of CCTV cameras, which have been monitoring us for years, and will increasingly be networked.

Google's Internet-enabled glasses -- Google Glass -- are another major step down this path of surveillance. Their ability to record both audio and video will bring ubiquitous surveillance to the next level. Once they're common, you might never know when you're being recorded in both audio and video. You might as well assume that everything you do and say will be recorded and saved forever.

In the near term, at least, the sheer volume of data will limit the sorts of conclusions that can be drawn. The invasiveness of these technologies depends on asking the right questions. For example, if a private investigator is watching you in the physical world, she or he might observe odd behavior and investigate further based on that. Such serendipitous observations are harder to achieve when you're filtering databases based on pre-programmed queries. In other words, it's easier to ask questions about what you purchased and where you were than to ask what you did with your purchases and why you went where you did. These analytical limitations also mean that companies like Google and Facebook will benefit more from the Internet of Things than individuals -- not only because they have access to more data, but also because they have more sophisticated query technology. And as technology continues to improve, the ability to automatically analyze this massive data stream will improve.

In the longer term, the Internet of Things means ubiquitous surveillance. If an object "knows" you have purchased it, and communicates via either Wi-Fi or the mobile network, then whoever or whatever it is communicating with will know where you are. Your car will know who is in it, who is driving, and what traffic laws that driver is following or ignoring. No need to show ID; your identity will already be known. Store clerks could know your name, address, and income level as soon as you walk through the door. Billboards will tailor ads to you, and record how you respond to them. Fast food restaurants will know what you usually order, and exactly how to entice you to order more. Lots of companies will know whom you spend your days --and night -- with. Facebook will know about any new relationship status before you bother to change it on your profile. And all of this information will all be saved, correlated, and studied. Even now, it feels a lot like science fiction.

Will you know any of this? Will your friends? It depends. Lots of these devices have, and will have, privacy settings. But these settings are remarkable not in how much privacy they afford, but in how much they deny. Access will likely be similar to your browsing habits, your files stored on Dropbox, your searches on Google, and your text messages from your phone. All of your data is saved by those companies -- and many others -- correlated, and then bought and sold without your knowledge or consent. You'd think that your privacy settings would keep random strangers from learning everything about you, but it only keeps random strangers who don't pay for the privilege -- or don't work for the government and have the ability to demand the data. Power is what matters here: you'll be able to keep the powerless from invading your privacy, but you'll have no ability to prevent the powerful from doing it again and again.

This essay originally appeared on TheGuardian.com.

ID_AA_Carmack: @desplesda @Jonathan_Blow or some other garbage collection. For a large class of resources, just letting them leak is appropriate...

Mon, 20 May 2013 20:47:00 -0400

ID_AA_Carmack: @desplesda @Jonathan_Blow or some other garbage collection. For a large class of resources, just letting them leak is appropriate...

ID_AA_Carmack: We have had reload-resource-in-place for ages, but the mutability hazards have piled higher each year. Immutable is the path forward.

Mon, 20 May 2013 20:34:00 -0400

ID_AA_Carmack: We have had reload-resource-in-place for ages, but the mutability hazards have piled higher each year. Immutable is the path forward.

Comic for May 19, 2013

Sun, 19 May 2013 01:00:00 -0400

How did a single-income family in the 1960s have a full-time housekeeper?

Wed, 15 May 2013 00:49:00 -0400

An immigrant friend of mine was surprised to learn that my mother, holder of two degrees from Harvard University, was a stay-at-home mother and that, moreover, we had a full-time housekeeper. “How could you afford it on just your father’s salary?” she asked, not having experienced American life in the 1960s and early 1970s. My father worked as an economist for the federal government (not nearly as lucrative back then as it is now). Neither of my parents had any family money. So how did we do it?

I pointed out that there wasn’t much to buy back then. We couldn’t buy cable TV. We couldn’t buy mobile phones or personal computers. We had just one car, like most other American families. My dad took the bus to work. We took the bus to school. In any case, even if one wanted to splurge on a car, the most expensive cars available (e.g., Cadillac) were not more than twice as expensive as the average car (compare to today when most cities have dealers selling cars that cost 5-10X the average car’s price). Ordinary families did not aspire to live in 5000 square foot houses.

How about the housekeeper? “Her husband didn’t work, so she really had no choice but to work,” I replied. “Though her blood pressure was high and she developed some health problems later.” In thinking about it I realized that she would not have been a member of 2013′s American workforce. Both she and her husband would have qualified for disability benefits. So a big part of the answer for why our middle class household could afford a housekeeper was that we did not have to compete with the federal government for our housekeeper’s labor.

Transparency and Accountability

Tue, 14 May 2013 06:48:00 -0400

As part of the fallout of the Boston bombings, we're probably going to get some new laws that give the FBI additional investigative powers. As with the Patriot Act after 9/11, the debate over whether these new laws are helpful will be minimal, but the effects on civil liberties could be large. Even though most people are skeptical about sacrificing personal freedoms for security, it's hard for politicians to say no to the FBI right now, and it's politically expedient to demand that something be done.

If our leaders can't say no -- and there's no reason to believe they can -- there are two concepts that need to be part of any new counterterrorism laws, and investigative laws in general: transparency and accountability.

Long ago, we realized that simply trusting people and government agencies to always do the right thing doesn't work, so we need to check up on them. In a democracy, transparency and accountability are how we do that. It's how we ensure that we get both effective and cost-effective government. It's how we prevent those we trust from abusing that trust, and protect ourselves when they do. And it's especially important when security is concerned.

First, we need to ensure that the stuff we're paying money for actually works and has a measureable impact. Law-enforcement organizations regularly invest in technologies that don't make us any safer. The TSA, for example, could devote an entire museum to expensive but ineffective systems: puffer machines, body scanners, FAST behavioral screening, and so on. Local police departments have been wasting lots of post-9/11 money on unnecessary high-tech weaponry and equipment. The occasional high-profile success aside, police surveillance cameras have been shown to be a largely ineffective police tool.

Sometimes honest mistakes led organizations to invest in these technologies. Sometimes there's self-deception and mismanagement—and far too often lobbyists are involved. Given the enormous amount of security money post-9/11, you inevitably end up with an enormous amount of waste. Transparency and accountability are how we keep all of this in check.

Second, we need to ensure that law enforcement does what we expect it to do and nothing more. Police powers are invariably abused. Mission creep is inevitable, and it results in laws designed to combat one particular type of crime being used for an ever-widening array of crimes. Transparency is the only way we have of knowing when this is going on.

For example, that's how we learned that the FBI is abusing National Security Letters. Traditionally, we use the warrant process to protect ourselves from police overreach. It's not enough for the police to want to conduct a search; they also need to convince a neutral third party -- a judge -- that the search is in the public interest and will respect the rights of those searched. That's accountability, and it's the very mechanism that NSLs were exempted from.

When laws are broken, accountability is how we punish those who abused their power. It's how, for example, we correct racial profiling by police departments. And it's a lack of accountability that permits the FBI to get away with massive data collection until exposed by a whistleblower or noticed by a judge.

Third, transparency and accountability keep both law enforcement and politicians from lying to us. The Bush Administration lied about the extent of the NSA's warrantless wiretapping program. The TSA lied about the ability of full-body scanners to save naked images of people. We've been lied to about the lethality of tasers, when and how the FBI eavesdrops on cell-phone calls, and about the existence of surveillance records. Without transparency, we would never know.

A decade ago, the FBI was heavily lobbying Congress for a law to give it new wiretapping powers: a law known as CALEA. One of its key justifications was that existing law didn't allow it to perform speedy wiretaps during kidnapping investigations. It sounded plausible -- and who wouldn't feel sympathy for kidnapping victims? -- but when civil-liberties organizations analyzed the actual data, they found that it was just a story; there were no instances of wiretapping in kidnapping investigations. Without transparency, we would never have known that the FBI was making up stories to scare Congress.

If we're going to give the government any new powers, we need to ensure that there's oversight. Sometimes this oversight is before action occurs. Warrants are a great example. Sometimes they're after action occurs: public reporting, audits by inspector generals, open hearings, notice to those affected, or some other mechanism. Too often, law enforcement tries to exempt itself from this principle by supporting laws that are specifically excused from oversight...or by establishing secret courts that just rubber-stamp government wiretapping requests.

Furthermore, we need to ensure that mechanisms for accountability have teeth and are used.

As we respond to the threat of terrorism, we must remember that there are other threats as well. A society without transparency and accountability is the very definition of a police state. And while a police state might have a low crime rate -- especially if you don't define police corruption and other abuses of power as crime -- and an even lower terrorism rate, it's not a society that most of us would willingly choose to live in.

We already give law enforcement enormous power to intrude into our lives. We do this because we know they need this power to catch criminals, and we're all safer thereby. But because we recognize that a powerful police force is itself a danger to society, we must temper this power with transparency and accountability.

This essay previously appeared on TheAtlantic.com.

Design is a poor guide to authorization

Mon, 13 May 2013 09:51:00 -0400

James Grimmelmann has a great post on the ambiguity of the concept of “circumvention” in the law. He writes about the Computer Fraud and Abuse Act (CFAA) language banning “exceeding authorized access” to a system.

There are, broadly speaking, two ways that a computer user could ?exceed[] authorized access.? The computer?s owner could use words to define the limits of authorization, using terms of service or a cease-and-desist letter to say, ?You may do this, but not that.? Or she could use code, by programming the computer to allow certain uses and prohibit others.

The conventional wisdom is that word-based restrictions are more problematic.

He goes on to explain the conventional wisdom that basing CFAA liability on word-based restrictions such as website Terms of Use is indeed problematic. But the alternative, as James points out, is perhaps even worse: defining authorization in terms of the technical functioning of the system. The problem is that everything that the attacker gets the system to do will be something that the system as actually constructed could do.

What this means, in other words, is that the ?authorization? conferred by a computer program?and the limits to that ?authorization??cannot be defined solely by looking at what the program actually does. In every interesting case, the defendant will have been able to make the program do something objectionable. If a program conveys authorization whenever it lets a user do something, there would be no such thing as ?exceeding authorized access.? Every use of a computer would be authorized.

The only way out of this trap—short of giving up altogether the notion of “authorization” by technology—is to say that the designer’s intent that matters.

[This approach] requires us to ask what a person in the defendant?s position would have understood the computer?s programmers as intending to authorize. What the program does matters, not because of what it consents to, but of what it communicates about the programmer?s consent.

But even this underestimates the difficulty of relying on behavior. To see why, consider one of James’s examples: an ATM that was programmed so that when it did not have a network connection, it would dispense $200 cash to anyone, whether or not they even had an account at the bank. An Australian court convicted a Mr. Kennison who withdrew money without having a valid account. Notice that everything about the system’s behavior conveys the message that cash should be dispensed to anyone when there is not a network connection. This behavior of the system was pretty clearly not an error but a deliberate choice by the designers. If the system’s behavior conveyed anything to Kennison, it was that cash was supposed to be dispensed, and that the designers had chosen to make it behave that way. If you conclude Kennison’s use was unauthorized, then you have to get there by arguing that there was an understanding, not expressed in any words or behavior, that spoke more loudly than the system’s behavior. The lack of authorization did not stem from code, and it did not stem from words. Kennison was just supposed to know that the act was unauthorized. This seems plausible for ATM withdrawals, but it can’t extend very far into less settled technical areas.

Why did the ATM’s designers choose to make it dispense money? Presumably they figured that almost all of the users who asked for $200 would in fact have valid accounts of at least $200, and they wanted to serve those customers even at the risk of dispensing some cash that they wouldn’t have dispensed under normal circumstances. But this design decision seems to assume that people won’t do what Kennison did—that people will not take advantage of the behavior. It’s tempting to argue, then, that it is precisely the lack of technical barriers to Kennison’s act that conveys the designers’ belief that acts of that type were not authorized. But this argument would prove too much—if the existence of a fence conveys lack of authorization, then the non-existence of a fence cannot also prove lack of authorization. The conclusion must be that a system’s behavior is not a very reliable signpost for authorization.

Is there any case where a system’s behavior is a reliable guide to authorization? One possibility is where the system is clearly designed with a particular behavior in mind, but there was an obvious engineering error that created a loophole. For example, if a system requires passwords for account access, but the implementation treats a zero-length password as valid to access every account. Contentious CFAA cases are rarely like this. Text-based definitions of authorization may be problematic; but behavior-based restrictions are often worse.

Open source cellular targets rural comms

Sun, 12 May 2013 20:46:00 -0400

Linux and Asterisk for cellular networks

Start-up RangeNetworks is hoping that the combination of low cost and transparent software will allow it to break into the notoriously locked-down cellular network market.?

Don?t Just Read ?The Great Gatsby?

Fri, 10 May 2013 08:00:00 -0400

Something like the fifth movie version of The Great Gatsby is opening today, but it's silly to actually go see such a thing. The novel itself is quite short. You can probably read it in less time than it would take to go and see the movie, and you'll emerge from the experience much more fulfilled and satisfied because you'll have read F. Scott Fitzgerald's original novel rather what appears to be — at least judging from the trailers — a crazed 3D monstrosity by Baz Luhrmann.

... more ...

Reidentifying Anonymous Data

Wed, 08 May 2013 14:54:00 -0400

Latanya Sweeney has demonstrated how easy it can be to identify people from their birth date, gender, and zip code. The anonymous data she reidentified happened to be DNA data, but that's not relevant to her methods or results.

Of the 1,130 volunteers Sweeney and her team reviewed, about 579 provided zip code, date of birth and gender, the three key pieces of information she needs to identify anonymous people combined with information from voter rolls or other public records. Of these, Sweeney succeeded in naming 241, or 42% of the total. The Personal Genome Project confirmed that 97% of the names matched those in its database if nicknames and first name variations were included.

Her results are described here.

Honeywords

Mon, 06 May 2013 06:44:00 -0400

Here is a simple but clever idea. Seed password files with dummy entries that will trigger an alarm when used. That way a site can know when a hacker is trying to decrypt the password file.

Madonna es culpable

Sun, 05 May 2013 07:51:00 -0400

All of Jerry's best girls

Fri, 03 May 2013 15:31:00 -0400

Photographer Richard Prince took photographs of the 57 girlfriends Jerry Seinfeld had on the show and turned it in to the below composite.

See also Jason Salavon's work. (via @sippey)

Tags: Jerry Seinfeld photography Richard Prince Seinfeld TV

The Public/Private Surveillance Partnership

Fri, 03 May 2013 07:15:00 -0400

Our government collects a lot of information about us. Tax records, legal records, license records, records of government services received-- it's all in databases that are increasingly linked and correlated. Still, there's a lot of personal information the government can't collect. Either they're prohibited by law from asking without probable cause and a judicial order, or they simply have no cost-effective way to collect it. But the government has figured out how to get around the laws, and collect personal data that has been historically denied to them: ask corporate America for it.

It's no secret that we're monitored continuously on the Internet. Some of the company names you know, such as Google and Facebook. Others hide in the background as you move about the Internet. There are browser plugins that show you who is tracking you. One Atlantic editor found 105 companies tracking him during one 36-hour period. Add data from your cell phone (who you talk to, your location), your credit cards (what you buy, from whom you buy it), and the dozens of other times you interact with a computer daily, we live in a surveillance state beyond the dreams of Orwell.

It's all corporate data, compiled and correlated, bought and sold. And increasingly, the government is doing the buying. Some of this is collected using National Security Letters (NSLs). These give the government the ability to demand an enormous amount of personal data about people for very speculative reasons, with neither probable cause nor judicial oversight. Data on these secretive orders is obviously scant, but we know that the FBI has issued hundreds of thousands of them in the past decade -- for reasons that go far beyond terrorism.

NSLs aren't the only way the government can get at corporate data. Sometimes they simply purchase it, just as any other company might. Sometimes they can get it for free, from corporations that want to stay on the government's good side.

CISPA, a bill currently wending its way through Congress, codifies this sort of practice even further. If signed into law, CISPA will allow the government to collect all sorts of personal data from corporations, without any oversight at all, and will protect corporations from lawsuits based on their handing over that data. Without hyperbole, it's been called the death of the 4th Amendment. Right now, it's mainly the FBI and the NSA who are getting this data, but -- all sorts of government agencies have administrative subpoena power.

Data on this scale has all sorts of applications. From finding tax cheaters by comparing data brokers' estimates of income and net worth with what's reported on tax returns, to compiling a list of gun owners from Web browsing habits, instant messaging conversations, and locations -- did you have your iPhone turned on when you visited a gun store? -- the possibilities are endless.

Government photograph databases form the basis of any police facial recognition system. They're not very good today, but they'll only get better. But the government no longer needs to collect photographs. Experiments demonstrate that the Facebook database of tagged photographs is surprisingly effective at identifying people. As more places follow Disney's lead in fingerprinting people at its theme parks, the government will be able to use that to identify people as well.

In a few years, the whole notion of a government-issued ID will seem quaint. Among facial recognition, the unique signature from your smart phone, the RFID chips in your clothing and other items you own, and whatever new technologies that will broadcast your identity, no one will have to ask to see ID. When you walk into a store, they'll already know who you are. When you interact with a policeman, she'll already have your personal information displayed on her Internet-enabled glasses.

Soon, governments won't have to bother collecting personal data. We're willingly giving it to a vast network of for-profit data collectors, and they're more than happy to pass it on to the government without our knowledge or consent.

This essay previously appeared on TheAtlantic.com.

Why isn?t there a glut of good software engineers?

Wed, 01 May 2013 11:07:00 -0400

Dear Craig: Voluntarily Dismiss with Prejudice

Tue, 30 Apr 2013 23:57:00 -0400

[Cross-posted on my blog, Managing Miracles]

Last summer, Craigslist filed a federal lawsuit against the company Padmapper (and some related entities). Padmapper.com is a site that, among other things, allows users to view Craigslist postings on a geographical map. It is a business premised on providing value added services to Craigslist postings — with some of that added value going back to Craigslist in the form of more users. Craigslist did not like this, and alleged a host of claims — seventeen of them, by the time they were done with the “First Amended Complaint” (FAC). Among their claims were alleged violations of copyright, trademark, breach of contract, and — surprisingly — Computer Fraud and Abuse Act (CFAA). The CFAA claims were not in the original complaint (they showed up only in the September 2012 FAC). Today, the judge ruled that some of the claims would be dismissed, but that many would survive.

I am still at a loss about why Craigslist is taking such a scorched earth tactic against a site that appears to help more people find Craigslist postings. Sure, they’re looking to make money while doing it, but that’s how much of the internet business ecosystem works. I’m particularly shocked, because Craig Newmark has been at the forefront of fighting for so much good online policy. We’ve met a few times, including the period when he was embroiled in the fight over whether or not “adult services” would do away with his CDA 230 intermediary liability. He was on the right side of SOPA/PIPA and helped to fight against over-expansive copyright. I’ve always found him to be personally friendly, thoughtful, and savvy about what makes the internet work.

Craig: Why do you care if these guys scrape Craigslist? Don’t you want to see what kind of useful tools they’ll produce? I tried your own mapping function recently (which appears to be in reaction to Padmapper) and it’s not that great. You lost your primary copyright argument already in pretrial motions, but don’t you think that it’s poor form to pursue the remaining claims at trial? The internet economy has grown out of sharing information and building better tools. Instead of trying to imitate your new competitors, why don’t you define an API to provide them with the data in order to encourage their work? The CFAA (and state counterpart) claims are particularly distasteful and ill-advised for reasons that we all understand. You created the site to do good in the world, but this lawsuit feels like an attempt to do well.

Those of you following along at home can see the full docket, as well as the “First Amended Complaint” by Craigslist, and today’s Order. You should read the EFF’s summary, Derek Khanna’s summary, and the DMLP summary.

The fact pattern is a bit complex, but the 17 claims can be roughly broken down into the following:
1. Copyright Infringement, and the tort of Misappropriation
2. Trademark Infringement
3. Breach of Contract claims
4. Computer Fraud and Abuse Act, it’s California counterpart, and the tort of Trespass
5. Unfair Competition

Today’s opinion does not throw out any of these claims in their entirety.

The court says that, in general, Craigslist did not obtain copyright in the user postings, so it cannot enforce them. However, in a flip-flop of policy, Craigslist added on July 16 2013 a disclaimer to all new posts stating that it gained full exclusive copyright in the post contents, only to reverse that policy on August 8. The initial move was obviously in response to their concern that the copyright claim in this lawsuit would fail, and the reversal was the result of the natural response of the internet (i.e. “this is ludicrous”). That means that we have a weird situation in which user posts for a few weeks were arguably copyrighted works of Craigslist. So, the court tosses most of the copyright claims, but there are still quite a few posts in the course of that three weeks that could qualify.

Craig: If you push forward on this claim based on the 3-week period during which your company imposed a draconian and universally hated term of use, you’ll look foolish and vindictive.

The trademark claims seem thin as well, given that in the course of using the CRAIGSLIST mark, Padmapper stated clearly that it was not CRAIGSLIST. I don’t see any reasonable likelihood of confusion… and as for dilution, really guys?

The breach of contract claims seem hard to sustain because Padmapper cannot be forcibly made party to a contract by visiting a public web site (or, at least, the Ninth Circuit generally doesn’t think so). In any case, I’m not sure what remedy comes purely out of that claim.

It appears that the bulk of what remains involves whether or not Padmapper or its alleged affiliates accessed Craigslist data in an unauthorized fashion such that it would trigger the Computer Fraud and Abuse Act or the California equivalent. There are many far-reaching negative consequences, that I am sure Craig undertands intimately, to defining “unauthorized access” broadly enough to make it into a criminal claim in this case. The EFF has it right on this issue.

Craig: You should be helping to reform the CFAA rather than helping to bastardize its use in the federal courts. It’s time to voluntarily dismiss the entire suit, with prejudice.

Apple: You thought Google dodged taxes? Get a load of THIS

Tue, 30 Apr 2013 13:27:00 -0400

'The market is going to be all over it...'

Apple has embarked on one of the biggest bond offerings in history as part of a ploy to avoid tax.?

ID_AA_Carmack: "Write a better language than BASIC in 16k" would be a pretty fun and bounded project. Walk in the footsteps of Woz and Gates.

Tue, 30 Apr 2013 09:01:00 -0400

ID_AA_Carmack: "Write a better language than BASIC in 16k" would be a pretty fun and bounded project. Walk in the footsteps of Woz and Gates.

Mastering the Basics

Sat, 27 Apr 2013 07:58:00 -0400

T-mobile US in invisible handset handcuff contract smackdown

Fri, 26 Apr 2013 10:56:00 -0400

m: The Washing AG is being ridiculous. T-Mobile is actually trying to do the right thing by making air-time contracts transparent, separating them from the phones which they're selling separately (but perhaps in the same transaction).

In the end, $26k won't affect a bottom line significantly, but it's a sad state that the AG assumes that phones and airtime are intrinsically inter-linked like this.

'No restrictions' ads caused nose growth, pant fires - AG

T-Mobile USA's no-restriction contract turns out to have restrictions, and while they might seem obvious to some the state Attorney General in Washington feels they weren't obvious enough.?

Tor Needs Bridges

Fri, 26 Apr 2013 08:19:00 -0400

The Internet anonymity service Tor needs people who are willing to run bridges. It's a goodness for the world; do it if you can.

The Multiplier Effect and the Role of the Photograph in Boston

Mon, 22 Apr 2013 15:53:00 -0400

m Quec.li

Vermont Is Mad as Hell at Patent Trolls and Is Not Going to Take It Anymore

How Chinese hacking makes it tougher for the U.S. to stop old-fashioned spies

Surveillance and the Internet of Things

ID_AA_Carmack: @desplesda @Jonathan_Blow or some other garbage collection. For a large class of resources, just letting them leak is appropriate...

ID_AA_Carmack: We have had reload-resource-in-place for ages, but the mutability hazards have piled higher each year. Immutable is the path forward.

Comic for May 19, 2013

How did a single-income family in the 1960s have a full-time housekeeper?

Transparency and Accountability

Design is a poor guide to authorization

Open source cellular targets rural comms

Linux and Asterisk for cellular networks

Don?t Just Read ?The Great Gatsby?

Reidentifying Anonymous Data

Honeywords

Madonna es culpable

All of Jerry's best girls

The Public/Private Surveillance Partnership

Why isn?t there a glut of good software engineers?

Dear Craig: Voluntarily Dismiss with Prejudice

Apple: You thought Google dodged taxes? Get a load of THIS

'The market is going to be all over it...'

ID_AA_Carmack: "Write a better language than BASIC in 16k" would be a pretty fun and bounded project. Walk in the footsteps of Woz and Gates.

More Links on the Boston Terrorist Attacks

Mastering the Basics

T-mobile US in invisible handset handcuff contract smackdown

'No restrictions' ads caused nose growth, pant fires - AG

Tor Needs Bridges

The Multiplier Effect and the Role of the Photograph in Boston