>the laziest blog on earth...contact me: mudwerks AT gmail DOT com
ALL MY SONGS!...
AVAILABLE NOW on bandcamp!
As I stated in my initial post about Aaron Swartz’s death, I don’t think it’s fair to “blame” the DOJ or others on Aaron’s suicide — just as I don’t think it’s fair to blame anyone’s suicide on a third party, no matter how horrible their actions. That said, the DOJ’s actions in this case were quite clearly horrible, and since the case will now never go forward, it seems imperative to highlight just how badly the DOJ acted in this case.
Larry Lessig’s post made some clear points suggesting that the feds and MIT were out of line in pursuing this case, which seems like an understatement:
Here is where we need a better sense of justice, and shame. For the outrageousness in this story is not just Aaron. It is also the absurdity of the prosecutor’s behavior. From the beginning, the government worked as hard as it could to characterize what Aaron did in the most extreme and absurd way. The “property” Aaron had “stolen,” we were told, was worth “millions of dollars” — with the hint, and then the suggestion, that his aim must have been to profit from his crime. But anyone who says that there is money to be made in a stash of ACADEMIC ARTICLES is either an idiot or a liar. It was clear what this was not, yet our government continued to push as if it had caught the 9/11 terrorists red-handed.
Aaron had literally done nothing in his life “to make money.” He was fortunate Reddit turned out as it did, but from his work building the RSS standard, to his work architecting Creative Commons, to his work liberating public records, to his work building a free public library, to his work supporting Change Congress/FixCongressFirst/Rootstrikers, and then Demand Progress, Aaron was always and only working for (at least his conception of) the public good. He was brilliant, and funny. A kid genius. A soul, a conscience, the source of a question I have asked myself a million times: What would Aaron think? That person is gone today, driven to the edge by what a decent society would only call bullying. I get wrong. But I also get proportionality. And if you don’t get both, you don’t deserve to have the power of the United States government behind you.
Lessig made it clear that the feds sought to get Aaron to agree to a plea deal, in which he’d plead guilty to some aspect of the charges against him, in exchange for letting him off on the more serious charges. Aaron did an amazing thing and refused, believing that he had not done anything wrong:
In that world, the question this government needs to answer is why it was so necessary that Aaron Swartz be labeled a “felon.” For in the 18 months of negotiations, that was what he was not willing to accept, and so that was the reason he was facing a million dollar trial in April — his wealth bled dry, yet unable to appeal openly to us for the financial help he needed to fund his defense, at least without risking the ire of a district court judge. And so as wrong and misguided and fucking sad as this is, I get how the prospect of this fight, defenseless, made it make sense to this brilliant but troubled boy to end it.
And, for those who don’t think that pushing back against the feds is an amazing thing, you have no clue how much pressure the federal government can put on you when it wants you to plead guilty. Two years ago I wrote about a documentary called Better This World, which is about an entirely different subject, but really opened my eyes to the way the feds handle some of these cases. It’s not about what’s right. It is entirely about them winning, getting the press coverage and “making examples” of people. And they’ll go to amazing lengths, and create pressure that you and I can only have nightmares about, to get people to accept bogus “plea” deals, just so they can notch up another “win.” It’s scary, scary stuff. Fighting back may have been the right thing to do, but must have created a level of stress unimaginable to most people…
(via AP News: US government tells computer users to disable Java)
WASHINGTON (AP) - The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks.
The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts.
Experts believe hackers have found a flaw in Java’s coding that creates an opening for criminal activity and other high-tech mischief…
ahem…if possible - dump it
Loud-Ass TV Ads Are Going to Be Outlawed at Midnight Tonight
Who says members of Congress (and the FCC) never get things done?
(Fear not, Fido. You won’t need that mute button anymore!)
“It’s an urban legend that the government launched the Internet,” writes L. Gordon Crovitz in Monday’s Wall Street Journal, launching into just one of a myriad of problems with his short opinion piece.
While he concedes that the military’s Defense Advanced Research Projects Agency (DARPA) program funded the creation of the ARPAnet, the first large-scale packet-switched network, he argues that the government doesn’t deserve credit for the creation of the Internet:
If the government didn’t invent the Internet, who did? Vinton Cerf developed the TCP/IP protocol, the Internet’s backbone, and Tim Berners-Lee gets credit for hyperlinks.
But full credit goes to the company where [Robert Taylor] worked after leaving ARPA: Xerox. It was at the Xerox PARC labs in Silicon Valley in the 1970s that the Ethernet was developed to link different computer networks. Researchers there also developed the first personal computer (the Xerox Alto) and the graphical user interface that still drives computer usage today.
Crovitz is right that Vinton Cerf, along with Bob Kahn, invented the TCP/IP protocol that is the foundation of the modern Internet. But he neglects to mention that Cerf’s early work on the protocol was funded by the US military through its DARPA program.
“Hyperlinks” are not the Internet, and Tim Berners-Lee didn’t invent them. Nor is the World Wide Web the Internet, although the Web has become such a popular Internet application that many people confuse the two. But more to the point, Berners-Lee was working at CERN, a research organization funded by European governments, when he invented the World Wide Web in the early 1990s.
Xerox is indeed a private company, and Xerox PARC researchers did develop some important computing technologies, including Ethernet and the graphical user interface. But it’s not accurate to say that “the Ethernet was developed to link different computer networks.” Ethernet was designed primarily as a local networking technology to connect computers in a home or office. The point of the Internet’s TCP/IP protocol was to allow networks using different standards, including Ethernet, to communicate with each other. Many of the networks that now comprise the Internet use the Ethernet protocol, but what makes the Internet the Internet is TCP/IP, not Ethernet.
Indeed, not only is Crovitz confused about the origins of the Internet, he also seems not to understand the conventions of the World Wide Web. He quotes George Mason University economist Tyler Cowen as saying that “The Internet, in fact, reaffirms the basic free market critique of large government.” But that quote wasn’t written by Cowen. It was quoted by Cowen in a 2005 blog post.The page Cowen was quoting has succumbed to bitrot, but the Internet Archive has a copy.
The Wall Street Journal has earned a reputation for producing in-depth and meticulously fact-checked news coverage. Unfortunately, it doesn’t always apply that same high standard of quality to their editorial page.
The House Oversight Committee has come out with a report slamming the TSA for tremendous amounts of waste, specifically in the “deployment and storage” of its scanning equipment. Basically, it sounds like the TSA likes to go on giant spending sprees, buying up security equipment and then never, ever using it. A few data points
- As of February 15, 2012, the total value of TSA’s equipment in storage was, according to TSA officials, estimated at $184 million. However, when questioned by Committee staff, TSA’s warehouse staff and procurement officials were unable to provide the total value of equipment in storage.
- Committee staff discovered that 85% of the approximately 5,700 major transportation security equipment currently warehoused at the TLC had been stored for longer than six months; 35% of the equipment had been stored for more than one year. One piece of equipment had been in storage more than six years – 60% of its useful life.
- As of February 2012, Committee staff discovered that TSA had 472 Advanced Technology 2 (AT2) carry-on baggage screening machines at the TLC and that more than 99% have remained in storage for more than nine months; 34% of AT2s have been stored for longer than one year.
- TSA knowingly purchased more Explosive Trace Detectors (ETDs) than were necessary in order to receive a bulk discount under an incorrect and baseless assumption that demand would increase. TSA management stated: “[w]e purchased more than we needed in order to get a discount.”
Oh yeah, and it appears that the TSA isn’t very good at tracking this stuff. When asked about the total cost of managing this equipment, the TSA was unable to provide an answer. And then it appeared to willfully mislead Congress about this:
- TSA intentionally delayed Congressional oversight of the Transportation Logistics Center and provided inaccurate, incomplete, and potentially misleading information to Congress in order to conceal the agency’s continued mismanagement of warehouse operations.
- TSA willfully delayed Congressional oversight of the agency’s Transportation Logistics Center twice in a failed attempt to hide the disposal of approximately 1,300 pieces of screening equipment from its warehouses in Dallas, Texas, prior to the arrival of Congressional staff.
- TSA potentially violated 18 U.S.C. Sec. 1001, by knowingly providing an inaccurate warehouse inventory report to Congressional staff that accounted for the disposal of equipment that was still in storage at the TLC during a site visit by Congressional staff.
- TSA provided Congressional staff with a list of disposed equipment that falsely identified disposal dates and directly contradicted the inventory of equipment in the Quarterly Warehouse Inventory Report provided to Committee staff on February 13, 2012.
One of the theories that was floated a few years ago when there was that big rush to rollout the nudie scanners, was that much of it was being driven by fear mongering from former government officials, like Michael Chertoff, who had economic relationships with the makers of the equipment. This report doesn’t confirm any of that, but it sure seems to fit that narrative pretty perfectly. Fear monger away, have the TSA buy a ton of questionable equipment it doesn’t actually need, and then have much of that equipment just sit in a warehouse. All on the taxpayers’ dime.
![(via Critical windows bug makes worm-meat of millions of high-value machines | Ars Technica)
Microsoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required.
The vulnerability in the Remote Desktop Protocol is of particular concern to system administrators in government and corporate settings because they often use the feature to remotely trouble-shoot e-mail servers, point-of-sale terminals and other machines when they experience problems. RDP is also the default way to manage Windows machines that connect to Amazon’s EC2 and other cloud services. That means potentially millions of endpoints are at risk of being hit by a powerful computer worm that spreads exponentially, similarly to the way exploits known as Nimda and Code Red did in 2001.
“This type of vulnerability is where no user intervention or user action is required and an attacker can just send some specially crafted packets or requests, and because of which he or she can take complete control of the target machine,” Amol Sarwate, director of Qualys’ vulnerability research lab, said in an interview. While RPD is not enabled by default, he said the number of machines that have it turned on is a “big concern” because it is so widely used in large organizations and business settings.
The bug affects Windows XP and all versions of Windows released since, including the developer preview of Windows 8. It was privately reported by Luigi Auriemma, an Italian security researcher who frequently focuses on vulnerabilities in industrial control systems and SCADA, or supervisory control and data acquisition, systems used to control dams, gasoline refineries, and power plants. Microsoft said there’s no indication the vulnerability is being used in the public to attack Windows users at the moment, but the company predicts that could change.
“Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days,” Suha Can and Jonathan Ness, of Microsoft Security Response Center Engineering, wrote in an advisory published Tuesday.
They urged users to “promptly apply” an accompanying security update. Those who can’t update right away and are running Vista or a later version of Windows should enable Network Level Authentication, a feature that requires users logging in to RDP boxes to have security credentials before gaining access…
[a good time to make sure your pc’s are up to date, security patch-wise…]](http://24.media.tumblr.com/tumblr_m0uha26ge31qz5q5oo1_500.png)
(via Critical windows bug makes worm-meat of millions of high-value machines | Ars Technica)
Microsoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required.
The vulnerability in the Remote Desktop Protocol is of particular concern to system administrators in government and corporate settings because they often use the feature to remotely trouble-shoot e-mail servers, point-of-sale terminals and other machines when they experience problems. RDP is also the default way to manage Windows machines that connect to Amazon’s EC2 and other cloud services. That means potentially millions of endpoints are at risk of being hit by a powerful computer worm that spreads exponentially, similarly to the way exploits known as Nimda and Code Red did in 2001.
“This type of vulnerability is where no user intervention or user action is required and an attacker can just send some specially crafted packets or requests, and because of which he or she can take complete control of the target machine,” Amol Sarwate, director of Qualys’ vulnerability research lab, said in an interview. While RPD is not enabled by default, he said the number of machines that have it turned on is a “big concern” because it is so widely used in large organizations and business settings.
The bug affects Windows XP and all versions of Windows released since, including the developer preview of Windows 8. It was privately reported by Luigi Auriemma, an Italian security researcher who frequently focuses on vulnerabilities in industrial control systems and SCADA, or supervisory control and data acquisition, systems used to control dams, gasoline refineries, and power plants. Microsoft said there’s no indication the vulnerability is being used in the public to attack Windows users at the moment, but the company predicts that could change.
“Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days,” Suha Can and Jonathan Ness, of Microsoft Security Response Center Engineering, wrote in an advisory published Tuesday.
They urged users to “promptly apply” an accompanying security update. Those who can’t update right away and are running Vista or a later version of Windows should enable Network Level Authentication, a feature that requires users logging in to RDP boxes to have security credentials before gaining access…
[a good time to make sure your pc’s are up to date, security patch-wise…]
The hacking of the websites of the Federal Trade Commission’s Bureau of Consumer Protection on February 17 was the second attack on the agency’s web presence in less than a month. Both of the attacked servers were set up for the FTC by the public relations firm Fleishman-Hilliard under the same contract, and ran on servers the firm provisioned from web hosting and cloud services provider Media Temple. But even after the server for the FTC’s OnGuardOnline.gov site (ironically, a site intended to share tips from the government on computer security and privacy for consumers) was hacked on January 24 using an exploit of security weaknesses in the applications running on it, Fleishman declined to update the software running its other sites, an executive of Media Temple told Ars.
Media Temple chief marketing officer Kim Brubeck told Ars, “we have actually asked Fleishman-Hilliard to remove any [remaining] .gov sites” from Media Temple’s servers. In an email to Fleishman-Hilliard on February 18, Brubeck requested that the company complete the transfer of its remaining government websites to other hosting providers within 48 hours.
Referring to the government’s security regulations, Brubeck explained,”We aren’t a FISMA-certified hosting service,” and added that Media Temple was unaware that Fleishman-Hilliard had intended to use the servers for government accounts. Under the terms of the provisioning service that the servers were provided under, Fleishman-Hilliard was responsible for the administration and security of the servers, including operating system updates, software installations and backups, and had set up the servers—but “had chosen not to update their applications,” Brubeck said.
Fleishman-Hilliard has still not responded to requests from Ars for comment.
[lovely…]
