ThinkGeek - Cool Stuff for Geeks and Technophiles

Monday, December 21, 2009

another database cracked

This one has far-ranging consequences. It's a global database, and most of the people listed are children:

The majority of the children are accurately identified by their age, addresses, birthdates and (where possible) national identification numbers. All United States kids with Social Security numbers are now sharing their identities with the whole world.


For some, the consequences have already hit home:

Jane Doe has had to disappear into the FBI witness protection program to hide from the crowd of men seeking her company. Frequent age errors in the database mean that grown men and women who used their social security numbers as banking passwords are now losing their life savings.


Some people are now questioning whether the database should ever have been compiled in the first place. Just how much does Santa Claus need to know about who's been naughty or nice?

See the full story at Precision Blogging.

Labels: , ,

Saturday, December 12, 2009

on the accuracy of the measurements in the galaxy song

Paul Kohlmiller of the San Jose Astronomical Association analyzes Eric Idle's Galaxy Song here.

Labels: ,

Tuesday, November 24, 2009

private facebook photos are not private

From Ars Technica:

Nathalie Blanchard took leave from her job at IBM a year and a half ago after being diagnosed with "major depression," according to CBC News. At that time, Manulife began paying out monthly sick leave checks as part of her benefit package—until Blanchard posted photos to her private Facebook profile depicting her having fun at her own birthday party.


How did the insurance company obtain the photos? It's hard to say. But the takeaway here is that Facebook photos — even those published privately — are open to the public.

Labels: ,

Thursday, November 19, 2009

Edsger Dijkstra on Algol

Edsger W. Dijkstra on the influence of Algol-60:

In a short summary I could formulate as follows: through its merits ALGOL 60 has inspired a great number of people to make translators for it, through its defects it has induced a great number of people to think about the aims of a "Programming Language".


from the essay, Some Meditations on Advanced Programming.

Labels: , ,

Thursday, October 29, 2009

LO, forty years ago

Forty years ago this day, the first message was sent from one computer to a computer located at a remote site. In those days, different operating systems could not talk to each other, so the first network connections were made by connecting the campus mainframe to a smaller computer known as the Interface Message Processor (IMP). The IMPs from each campus could then talk to each other, and each institution only had to get their machine to communicate with the IMP.

On October 29, 1969, at 10:30 PM, Charley Kline at Stanford Research Institute (SRI) attempted to log in to the computer at UCLA. His machine successfully sent the "L" and the "O" as he typed the word "LOGIN", but when he typed the "G", the SRI computer recognized the command and tried to auto-complete it. The sudden burst of three characters overwhelmed the connection, and it crashed. but the "LO" got through, and is recognized as the first Internet message.

Labels: ,

Monday, October 26, 2009

whitehouse drupal

The new media team at the White House announced over the weekend that the whitehouse.gov website has been moved to Drupal. Open source advocates are hailing this as a victory for open source over proprietary software.

Tim O'Reilly says:

This move is obviously a big win for open source. As John Scott of Open Source for America (a group advocating open source adoption by government, to which I am an advisor) noted in an email to me: "This is great news not only for the use of open source software, but the validation of the open source development model. The White House's adoption of community-based software provides a great example for the rest of the government to follow."

John is right. While open source is already widespread throughout the government, its adoption by the White House will almost certainly give permission for much wider uptake.


Dana Blankenhorn says:

The switch was designed to be transparent, but even a casual observer will note the site now features five separate blogs, and that officials’ names are now listed on announcements that read more like stories, often with personal details.

So it’s one small step for Washington, one giant leap for open source.


He also notes:

Sites like Whitehouse.gov are the ultimate honeypots for hackers and script kiddies around the world. This is true regardless of the party in power.


Because the White House is such an inviting target, the White House team needs to be extra vigilant.

Security expert Robert "RSnake" Hansen explains:

According to Dries Buytaert, “…this is a clear sign that governments realize that Open Source does not pose additional risks compared to proprietary software…” This is a complete fallacy. More than that, it’s a dangerous that non-security people are touting their knowledge of security as if it’s fact. Look, if you were talking about vulnerabilities per line of code or something, I may get on board with that statement, but that’s just not how the real world works. There is one very massive difference between open source and proprietary coded applications. I can pen-test Drupal all day long without sending a single packet to Whitehouse.gov.


That is, if the White House is actually using an unmodified ont-of-the-box version of Drupal. But if the White House is concerned at all about security, they have already hardened their copy of Drupal before going live:

Like ha.ckers.org they most likely chopped it up, removed all the unnecessary functionality, stripped it down to bare bones, locked the server up so tight it would be impossible to even upgrade it without an act of Congress and on and on…


The irony of all this, RSnake notes, is this:

And how is a locked down highly customized variant of Drupal different than a proprietary solution?

Labels: ,

Wednesday, October 14, 2009

using gnu/linux for leverage

From Linux and Free Software:

Gillian was assigned to research GNU/Linux and found out that it would meet all the needs her department required and could be easily used instead of Microsoft Windows. Moreover, this switch to open source software would save them a lot of money.…However, like in all bureaucracies large or small, she still needed to get approval from the management. Little did she know that the management never genuinely wanted to switch over. Instead, they took Gillian's research and did what they wanted to do from the beginning. They used it as a leverage to get the Microsoft representative to get them a much better deal.


What's left unsaid is that this tactic can't work forever. At some point, Microsoft will be unable or unwilling to offer further discounts. Is the unnamed company willing to follow through with its threat if the boys from Redmond call its bluff? That's when we will see whether Gillian's research pays off.

Labels: