During a recent happy hour, a friend told me about a site called PostSecret. It’s a collection of anonymous postcards where people divulge their secrets. The site is an extension of a book by Frank Warren called A Lifetime of Secrets: A PostSecret Book. The secrets are sometimes funny, sometimes sad, but always interesting, I found this one especially interesting, since I have ‘accidently’ given bad directions to tourist before, this one is just plain funny.
Monthly Archive for June, 2008
In yet another totally sensational and incorrect article by TIME Magazine, Confessions of a Wi-Fi Thief, Lev Grossman expounds on the illegality of accessing unprotected wireless networks. The mere concept of this being illegal absolutely enraged me. Enough so to actually do some real research on the subject.
First off, let’s actually read this law that Lev cites. Title 18, Part 1, Chapter 47 of the United States Code, it doesn’t even to begin to cover wireless piggybacking. What it actually covers is the theft of data, whether it be personal or financial from government computers or other data that the government deems to be sensitive or a matter of national secuity. It does not in any way whatsoever make it illegal to piggyback off Internet connections.
This law is all about what data you access from a computer you aren’t authorized to use. So yes, if you piggyback on someone else’s wireless connection, and you actually steal private data, or attempt to extort that person or install a virus that causes damage, you are committing a crime, as to be expected. But if you just check your own email or surf the web for any publicly available data, you have NOT committed a crime.
No wonder TIME and Lev didn’t bother to actually link to this law or cite how it applies. Instead Lev quickly moves on to the unethical nature of this activity. Let’s address the ethical issues later on.
So it’s definitely not theft. You aren’t depriving someone else of the use of their wireless router or signal. If anything, it’s trespassing, which is not theft. And frankly, WiFi Trespass isn’t nearly as sexy and sensational of a headline as the phrase WiFi Theft.
But let’s examine this trespass idea. Some will argue that accessing an unprotected network is like entering a house where the door is unlocked. I see it more as entering a piece of land that is private property, not a house per-say.
In an article on Tech Dirt on the same subject, a fascinating discussion has been taking place. Readers have been arguing both sides of the issue with amazingly concise statements. An ‘Anonymous Coward’ wrote:
There are laws stating that if you want to enforce a “no trespassing” law on your property you must post highly visible signs all over the place.
This is totally correct. In order to enforce no trespassing, the landowner is the responsible party for clearly notifying a passerby of the landowner’s right to prevent that passerby’s access to said land. It is not the responsibility of the passerby to contact the landowner and find out if that land is open for public use.
If you leave your wireless access point open and unprotected and allow it to freely broadcast it’s SSID, you are inviting people in. And you are definitely not posting keep out / no-trespassing signs.
In my research, I was only able to discover one state, Michigan, where wireless piggybacking actually resulted in an arrest and successful prosecution, however, this was done under a Michigan law not a Federal law. The man, Sam Peterson II, charged and sentenced with this ‘crime’ received a fine and community service for the activity. I also found a case of a 21 year old Alaskan man being arrested for wireless piggybacking, here, but I could not find any evidence that he was convicted of a crime.
The independent research Wood TV8 did after the Michigan man was charged uncovered this:
New York’s Westchester County is trying a different tack. Their local government said it’s up to WiFi subscribers to protect themselves against piggybackers
To date, no one has been successfully prosecuted for wireless piggybacking with the Federal law Lev cites. The example Lev uses is the one I linked to above in Michigan, though Lev incorrectly states it’s Cedar Springs, Mich, when it is really Sparta, Mich, or so I assume since the TIME article lacks even basic citation or links.
In Briton, at least one person have been successfully prosecuted for piggybacking on wireless connections. However, that is Briton, not the United States.
Now, onto the ethical implications of wireless piggybacking. I for one don’t find it in the least bit unethical. Many people I know intentionally leave their wireless access points open in order to ’share the love’ of Internet access. I personally choose not to keep my network open because of security and connection speed concerns. For many years, I left my wireless router open, but too many individuals piggybacking on my network caused it to slow to a crawl. The connection speed became so intolerably slow I was forced to close my network off from the public and neighbors.
Whether your wireless access point is left open because you choose to share or your incapable of protecting it, it’s an open network and both strangers and friends should feel free to hop on your network and surf away.
Many thanks to Cornell for providing US Code and law online.
A friend sent me an awesome link to a site called Graph Jam. It’s very funny as well as a great time waster! Thanks Theresa, great find.
With all these social networks asking for my email password in order to scrape my contact list, I thought I would just save hackers and would-be assailants the trouble and post a list of my passwords here for convenience.
Okay, I want to be social. I want to play with the latest, coolest sites. But why on earth do all these Web2.0 developers have no clue about security and the fundamental rule, don’t share your password with anyone. There is an awesome post on this subject pertaining to Yelp here. And an even older post here.
Down in the comments on the Coding Horror piece, a reader states that Gmail provides an API for gathering a user’s contacts. Sadly, it’s no help. While there is a contacts API in Gmail, you need to be authenticated to see it and authentication requires your password, so it’s no fix to the problem. I haven’t checked out the Yahoo! and Windows Live APIs because I don’t use those services. Maybe they have addressed this issue, but somehow I doubt it.
This whole password sharing roared back into my mind after recently joining ping.fm (currently in private beta) and I found them practicing a similar habit. Ping.fm wanted my passwords in order to provide updates to Plurk, Pownce, Linkedin and many more. I immediately voiced concern in the ping.fm forum. I was surprised to learn I was the first person to raise the issue. Sean comforted me with that fact my passwords are heavily encrypted in their database and I can remove them at anytime. While this made me feel better, it’s still inherently flawed.
When you join Facebook, they have a similar practice. Facebook asks for your email password in order to help find your friends. While Facebook should know better, at least their open development platform allows users to find their Facebook friends on other sites such as friendfeed by adding a small application specific to that site. You can find me on friendfeed here.
I’m just not sure who is more to blame, services such as ping.fm (sorry for picking on you Sean) who ask for passwords or services like Plurk and Twitter for not providing account level API only keys such as the one offered by Jaiku. As Sean pointed out in the forum discussion, it’s how these services build their APIs. And for those of us that are joining more social networks everyday, services, such as ping.fm, will have to exist in order to conveniently manage it all.
So Gmail, Yahoo!, Hotmail, Windows Live and AOL all need to get off their asses and build public APIs that allow me to access my contacts through a separate key other than my password. And sites like friendfeed, Plurk, Twitter, Yelp and Pownce need to follow Jaiku’s lead and provide an API key that is separate from my password.
Here is that password list I promised.
- thomas
- arsenal
- monkey
- charlie
- qwerty
- 123456
- letmein
- liverpool
- password
- 123
Thanks to Modern Life for this list of Top 10 Most Common Passwords.
Bandwidth throttling and net neutrality are seriously confusing topics. In the go-go mobile world we live in, one thing is for certain, no one wants slow speeds when they surf. A recent post on Hot Hardware, brought the whole debate back to the front of my mind. In the article, Google announced it will take an active role by providing consumers with tools to determine if their bandwidth is being throttled down by their ISP.
Yippie, Google has rushed to our rescue! Right? well, it’s just not that simple. The Hot Hardware post quotes George Ou as supporting ISPs’ (specifically Comcast) right to throttle traffic on peer-to-peer networks, but in the post George Ou made on his site, it becomes clear that the debate is much more complex than what most have perceived, including myself.
Before I get too far into this, let’s look at the topics. Bandwidth throttling comes in two flavors. First, web servers throttle bandwidth to ensure servers don’t crash. For the most part, this is a good thing. It keeps sites running by limiting the number of connections a server allows per second. Second, there is ISP throttling. That’s when companies like Comcast or Time Warner cable limit the speed of upstream and downstream connections or services like BitTorrent. This is the throttling most people resent. ISPs argue they need to limit the amount of traffic any single user consumes in order to provide fast service to all. This is called network prioritization. I touched on the subject of throttling in my ISP Spys post.
Enter net neutrality. All websites want their content to load quickly. This limits user bail out (this site isn’t loading, must be down, I’m leaving). But what if ISPs limited the speed of a connection to a website because that site didn’t pay for fast-lane access. Such a system would ensure that only the big dogs survived. Not only would this severely limit competition, but it would essentially destroy most startups who have limited resources.
This is precisely what net neutrality seeks to prevent. The legislation in Congress wants to ensure competition by limiting or preventing connection prioritization. Ou argues this would actually have the opposite effect. Here is an extract from a piece by Cade Metz which quotes Ou on the subject.
Ou is adamant that - whether it (Net Neutrality rules) forbids ISPs from prioritizing apps and services or it forbids them from selling prioritization - neutrality regulation would actually prevent things like video and voice from flourishing on our worldwide IP network. “If you forbid prioritization, you forbid converged networks,” he [Ou] said. “And if you forbid converged networks, you get a bunch of tiny networks that are designed to do very specific things. Why not merge them into one fat pipe and let the consumer pick and choose what they want to run?
Ou raises an excellent point, now the argument isn’t so much about corporations against startups and the speed in which basic sites load, but about the future of IP networks in general as well as the consumers right to choose. Who cares if I get to my favorite blog quickly if videos I watch on the web or IPTV start-and-stop suddenly because the connection can’t be throttled up, right?
I want my cake and eat it to. I want a fast internet, I want IPTV. I want awesome broadband speeds that meet or exceed 7mbs. Hell, I want to see broadband over power lines (BPL) become a reality to further the number of competitors in the broadband market. Despite living in New York, I only have one choice for cable and one choice for phone. And if you are living in rural America, you may not have any choice beyond satellite.
In th end, I favor intelligent networks, as long as ISPs don’t kill my sites with slow-lane speeds and they provide a level of transparency by telling users if a site is being throttled down. One thing is for certain, I don’t think Congress should mettle in the industry by writing legislation, laissez-faire. The growing internet industry doesn’t need to be clipped in its prime by a overzealous government initiative.
Update: George Ou adds his thoughts in the comment section, be sure to check it out here.
I’ve been using Plurk recently and I like it. I had to find a new microblogging site after I decided to take a side in the Terms of Service (TOS) debate on Twitter. I personally found Twitter to be irresponsible in the matter and I made the personal decision to delete my Twitter account. I haven’t found a single person who also made this decision, but that’s why they call it a personal decision. This decision was made for many reasons, including excessive downtime of the Instant-Messanger feature, lack of use, and failure to support their TOS (at that time). This doesn’t mean I won’t go back to using Twitter if they improve their uptime and fully stand behind their TOS, it’s how I feel now.
First off, a little history. The whole Twitter TOS debate began after Ariel Waldman, a popular blogger, wrote a post about Twitter refusing to uphold their terms of service. The debate raged across the web, including on the Twitter topic site, for a few days and has since disappeared. This may be due to the myopic nature of the blogesphere, or it may be because nobody gives a shit.
Here’s my breakdown on the Twitter TOS debate. Twitter argues they are letting the community prosper and thrive and they choose not to censor. While I think that’s a noble stance, I find it pretty weak as an arguement, here is why. First off, unlike sites such as WikiPedia, the community can not remove offensive material. If I choose to write a nasty tweet, it’s out there in the public domain, and unless I choose to delete that tweet, it will stay in the public domain. This is both a good and bad thing. It means that if I write something about a company or person that I know to be true and can prove that it is true, but that company or person would rather not have the public know about it, they can’t remove it. It also means that if I write something that is false, and I know it to be false, it will remain in the public domain.
For instance, let’s say I write my truthful statement:
“Company X released three new products today. One new product will undercut their business model.”
Now that’s a pretty boring truth, but it’s true. It’s now out in the public domain, and people can find it in Google. Conversely, if I write:
“Company X kills babies with poisonous plastic poker chips.”
Now that’s a little more interesting, it’s false (and an example) and it’s also libel. If I continue to post false statements, which are in the public domain, about my fictitious company, it may be construed as harassment.
Back when I worked at TIME.com, management wanted to allow users to comment on magazine articles. We took the concept to the lawyers who told us no-way (but in nice lawyer terms). From what I understood at the time, this was because TIME.com would be responsible for any content written by a user because TIME.com owns the server space and the article was written for traditional media (a magazine). To this day, commenting is still not allowed on official articles from TIME or TIME.com, have a look here. Nytimes.com seems to have a similar outlook on the issue, they also don’t allow commenting on official newspaper articles, but do on their blogs.
What the TIME.com lawyers would allow is for blogs to be used, as long as the comments were moderated. Both Congress and the courts have enacted and enforeced laws to protect internet publishing. Wired posted an article back in 2003 that bloggers had gained protection from libel following an appeals court decision. In that article, Wired cited Zeran v. AOL, a case where AOL was not found responsible for the posting of it’s users, as well as two other cases: Gentry v. eBay and Schneider v. Amazon. In all these cases, the site could not be held responsible for the actions of their users. Twitter had firm legal ground to stand on should they be sued by Ariel who claimed harassment. Interestingly, the legal ground should they be sued by the so-called harasser for censorship is not so clear cut, which may be why they chose not to get involved.
Twitter wrote their official response on their company blog. It’s an interesting read. Like all debates, it has many sides (not just two) and this post reflects their view.
Regardless of your stance, or mine for that matter, on this debate, I have started using Plurk. I read a great article over on The Viral Garden on Twitter vs. Plurk. I dig the graphical interface on Plurk, and as I stated at the beginning of this post, I no longer use Twitter. But hey, I also dropped my MySpace account after Rupert Murdoch purchased it just because I disagree with his actions and publications. That’s the great thing about personal decisions, they are exactly that, which means you can either agree or disagree with mine, and that decision will be your personal decision. Oh yeah, you can find me on Plurk here.
I’ve joined the growing number of early adopters to hop on the friendfeed band wagon. I have to admit, I’m impressed. It has some cool features, like being able to aggregate my blogs and other social networking sites as well as track my friends interactions with their blogs and twitter (microblog). They seem to be adding more features fairly regularly as well. You can read about some of the latest additions over at TechCrunch. You can find me here on friendfeed.
A little while back, I posted a basic install of ffmpeg for CentOS 5. After working with that build over the last month, I found I needed to expand it to include many different video codecs. Because of licensing restrictions, binaries of the build cannot be distributed. However, instructions for a similar build can! I spent several days (or more) researching the packages I would need and I must have combed dozens of blogs to find this information. The build I made strips sound from videos [See update at the end of this post for more information on this subject], this decreases the final file size. If you need sound, you will not want to follow these steps exactly. I also stripped ffserver and ffplay from my build.
These packages were executed in the following order. I cannot say for certain this exact order must be followed, it was the order in which ffmpeg threw the errors. This tutorial assumes you have wget, bzip2, tar and subversion installed on your system. If you do not, please find and install the lastest versions of these utilities for CentOS 5. Additionally, I have allowed all packages to install into their default directories, typically this is /usr/local/[bin | lib]. If at any point during the process of a ‘make’ you run into errors, be sure and run ‘make clean’ before running ‘make’ again. You will either need root access of su access to install ffmpeg. The marker ‘codec:$’ is my prompt, it is merely to indicate separate commands.
- Package a52
- Package FAAD2
- Package FAAC
- Package LAME
- Package yasm
- Package X264
- Package Xvid
- Package libraw1394
- Package libdc1394
Getting Started
codec:$
codec:$ mkdir -p ./tmp/ffmpeg-packages
codec:$ cd ./tmp/ffmpeg-packages
Installing a52
codec:$ wget http://liba52.sourceforge.net/files/a52dec-0.7.4.tar.gz
codec:$ tar -zxf a52dec-0.7.4.tar.gz
codec:$ cd a52dec-0.7.4
codec:$ ./configure --enable-shared=PKGS
codec:$ make && make install
codec:$ cd ..
Installing FAAD2
codec:$ wget http://downloads.sourceforge.net/faac/faad2-2.6.1.tar.gz
codec:$ tar zxf faad2-2.6.1.tar.gz
codec:$ cd faad2
codec:$ autoreconf -vif
codec:$ ./configure --disable-drm --disable-mpeg4ip
codec:$ make && make install
codec:$ cd ..
Installing FAAC
codec:$ wget http://downloads.sourceforge.net/faac/faac-1.26.tar.gz
codec:$ tar zxfv faac-1.26.tar.gz
codec:$ cd faac
codec:$ ./bootstrap
codec:$ ./configure --disable-mp4v2
codec:$ make && make install
codec:$ cd ..
Installing LAME
codec:$ wget \
http://superb-east.dl.sourceforge.net/sourceforge/lame/\
lame-3.98b8.tar.gz
codec:$ tar zxfv lame-3.98b8.tar.gz
codec:$ cd lame-3.98b8
codec:$ ./configure
codec:$ make && make install
codec:$ cd ..
Installing yasm
YASM is a modular assembler, it is required by the x264 package.
codec:$ wget \
http://www.tortall.net/projects/yasm/releases/yasm-0.7.0.tar.gz
codec:$ tar zfvx yasm-0.7.0.tar.gz
codec:$ cd yasm-0.7.0
codec:$ ./configure
codec:$ make && make install
codec:$ cd ..
Installing x264
The x264 package is under git revision control, which is much like CVS or SVN. Thankfully, they provide daily tarballs. I grabbed this one:
codec:$ wget \
ftp://ftp.videolan.org:21//pub/videolan/x264/snapshots/\
x264-snapshot-20080513-2245.tar.bz2
I just did a little exploring via an FTP program to find the snapshot I was after. If you are feeling adventurous, download git and try checking out the latest version from their repository.
codec:$ bzip2 -d x264-snapshot-20080513-2245.tar.bz2
codec:$ tar xfv x264-snapshot-20080513-2245.tar
codec:$ cd x264-snapshot-20080513-2245
codec:$ ./configure --enable-mp4-output --enable-shared --enable-pthread
codec:$ make && make install
codec:$ cd ..
Installing Xvid
codec:$ wget http://downloads.xvid.org/downloads/xvidcore-1.1.3.tar.gz
codec:$ tar zxfv xvidcore-1.1.3.tar.gz
codec:$ cd xvidcore-1.1.3/build/generic
codec:$ ./configure
codec:$ make && make install
codec:$ cd ../../..
Installing libraw1394
codec:$ wget http://www.linux1394.org/dl/libraw1394-1.3.0.tar.gz
codec:$ tar zxfv libraw1394-1.3.0.tar.gz
codec:$ cd libraw1394-1.3.0
codec:$ ./configure
codec:$ make dev
codec:$ make && make install
codec:$ cd ..
Installing libdc1394
This project requires libraw1394, you must build it first. This project is a little confusing there is both a libdc1394 and a libdc1394-2. I have only installed the former. Visit Sourceforge here. I grabbed the tarball here:
codec:$ wget \
http://superb-west.dl.sourceforge.net/sourceforge/libdc1394/\
libdc1394-1.2.2.tar.gz
codec:$ tar zxfv libdc1394-1.2.2.tar.gz
codec:$ cd libdc1394-1.2.2
codec:$ ./configure
codec:$ make && make install
codec:$ cd ..
Installing ffmpeg
For FFMPEG, you will need to get the latest out of SVN. FFMPEG doesn’t ever make releases. To do so, run:
codec:$ svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
codec:$ cd ffmpeg
codec:$ ./configure --enable-gpl --enable-postproc --enable-nonfree --enable-postproc --enable-libfaad --enable-swscale --enable-avfilter --enable-pthreads --enable-libxvid --enable-libx264 --enable-libmp3lame --enable-libdc1394 --enable-liba52 --enable-libfaac --disable-ffserver --disable-ffplay
codec:$ make
codec:$ make install
It usually takes at least 5 mins for ‘make’ to run, be sure you have a good file before attempting to install. You will need to be sure and run the ldconfig setting if you have to re-compile, otherwise ffmpeg will throw an error that it cannot find library files. Here is a good resource for using ffmpeg.
Post-Installation Actions
After the install in complete, you may need to add the /usr/local/lib directory to your ld.so.config file. Do the following:
codec:$ cd /etc/
codec:$ cd ld.so.conf.d
codec:$ vi ffmpeg.conf
You need to add ‘/usr/local/lib’ [sans-quotes] to this file and save it. Press Esc, :, x to do so in vi. Afterwords you need to run the following from the commandline
codec:$ ldconfig
That’s it, you now have a fairly robust build of ffmpeg that can take almost anything you can throw at it. Sadly, licensing restrictions prevent binaries from being made of the above steps. Happy (video) encoding!
Update: This build doesn’t actually strip sound from videos, I am doing that with a flag when I run ffmpeg, however, it should be noted that all the audio codecs you may find in many common video formats may not be supported in this build of ffmpeg, which is why I am choosing to strip audio entirely from videos.
Vanity Fair has written an awesome article detailing an oral history of the internet. It’s an amazing read with some great interviews. Read How the Web was Won.
Yet another case of big brother spying on your web traffic surfaced recently. Wired reported that British Telecom, an internet service provider, secretly partnered with Phorm to inject JavaScript into all pages served to 18,000 of their customers. The JS code was used to track users’ movements on the web and serve up ads accordingly. Some users believed their computers had been infected with adware when the JS code Phorm injected caused their browsers to crash.
The desire to better target ads to consumer use has been a long sought goal for many companies. Both AOL and Yahoo have purchased or constructed similar ad tracking software recently in order to better target ads to users. AOL calls their software Platform A. Yahoo calls their software Amp. Additionally, Google surfaces targeted ads in their search results based on the search terms, known as Google Ad sense / Ad words.
Internet users who ever believed their surfing was anonymous are naive. Any web developer knows that every connection to a server passes, at the bare minimum, an IP address. But has British Telecom gone too far? Unlike Google, Yahoo and AOL who can only track your movement on their sites, BT tracked all traffic regardless of destination.
As the web becomes even more social, the sense of anonymity once present in early days of the web is quickly fading. Google popularized email addresses that are your real name. Long gone are the days of obscured screennames once so common to Hotmail and AOL. This movement came with the loss of some privacy, but users could feel secure knowing that surfing from one random website to another didn’t mean seeing ads from the last style site you visited. If a user had just spent an two hours looking up travel destinations, they could rest assured that they wouldn’t see travel ads when surfing to a music site. But, as companies seek to improve ad revenues, they will all desire to garner higher click thru rates and higher profits to pay for the vast server farms needed to sustain their companies.
You can find the original leaked report on Wiki Leaks here.