Tech World

I just got done reading this article on Slate, which argues that whitehouse.gov moving to Drupal is a “political disaster waiting to happen”. Let me take some time to address each of these lies.

Drupal knows best. It's not that Drupal thinks you're evil. It just thinks you're ignorant. In a basic setup, the software is suspicious of everything you try to do. Should you, say, go completely rogue and try to add some Javascript in the body of a page—a 14-year-old technology that controls interactive components like buttons—the platform will have none of it. The message: "That's dangerous stuff, and you probably don't know what you're doing." Better to outlaw something altogether, Drupal figures, than simply ask you if you really want to use it. If Drupal ran the Food and Drug Administration, it would ban high-fructose corn syrup. This is just the sort of straitjacketed paternalism that half the country is convinced the Democrats are hell-bent on imposing on us all.

Javascript is dangerous stuff. Ever try putting it in on Wordpress? You can’t. That’s not the case with Drupal, and it exemplifies that the author of this article has no idea what he is talking about.

XSS, that acronym for “cross-site scripting” is a huge security risk, accounting for 80% of all vulnerabilities in 2007. For example, when you login to a Drupal site there are cookies stored on your computer. Those cookies are what lets Drupal know that you are that logged in user. By placing a simple line of javascript inside of content posted on a Drupal site that allowed it, I could easily have your session cookie sent to some server I run and then put that cookie into my browser and now I am logged in as you and you would never know I got it. This isn’t limited to Drupal, but to any system that allows logging in.

So does that mean I can’t use Javascript in Drupal? Absolutely not. Let’s look at the code to embed a CNN video:

Know what that is? It’s Javascript and you can see that exact video on this site by clicking here.

Wow that must be some kind of voodoo, but it isn’t. It didn’t even require any programming. It was a simple option inside of Drupal where I can change my “input format” to allow it. Not only that but I can limit what users can enter Javascript and not (try doing this on something like Wordpress – you need a plugin or to code it yourself). That’s the power of Drupal, and the piece of mind any website owner can have with it.

Let’s move on

When Amazon first started selling their Kindles I started thinking of all kinds of problems this could present. Being in the tech field, I tend to do that a lot. Some of my thoughts were things like not being able to share a book with a friend, or losing the chance to float in the pool on a hot summer day and get lost in a book (dropping a $3.00 paperback is a hell of a lot better than dropping a $300 electronic device). Another thing I thought about was giving control of my own library to someone else, and those repercussions are now being felt:

In a move that angered customers and generated waves of online pique, Amazon remotely deleted some digital editions of the books from the Kindle devices of readers who had bought them.

An Amazon spokesman, Drew Herdener, said in an e-mail message that the books were added to the Kindle store by a company that did not have rights to them, using a self-service function. “When we were notified of this by the rights holder, we removed the illegal copies from our systems and from customers’ devices, and refunded customers,” he said.

And in the biggest irony of them all the books deleted were 1984 and Animal Farm. Funny how Orwell talks about “big brother” in 1984, then his book falls victim to that very same nemesis.

I got to at least give credit to Amazon for refunding the money. A lot of other companies would have just said “oh well” unless forced to by the courts, but this does show a big problem with devices like the Kindle. And while the money did comeback, other things that couldn’t be refunded is lost forever in the binary junk yard:

Justin Gawronski, a 17-year-old from the Detroit area, was reading “1984” on his Kindle for a summer assignment and lost all his notes and annotations when the file vanished. “They didn’t just take a book back, they stole my work,” he said.

Now this is a problem I didn’t originally think of when I was going through “what could go wrong with these Kindles". Perhaps for his final report he can just say “hey – I lived 1984 over the summer'”. A good teacher should accept that.

My first computer was a Timex Sinclair ZX80 way back in 80. A couple years later I got a Commodore 64 and really fell in love. I spent so many childhood nights learning how to program, and that is what lead me into my career in the computer field. I actually still play with the Commodore 64 and 128 today, but through emulators. Its just so much fun.

So I see a story like this and it brings a big smile to my face. Johan Van den Brande decided to put modern use to his old Commodore 64 and developed the software to send tweets from his big hair band era computer. To a geek like me that is just way too cool.

I read this local story the other day and have been scratching my head over it:

Rising environmental sensitivity and the Internet may soon make that dog-eared Cincinnati Bell White Pages directory a thing of the past.

The Public Utilities Commission of Ohio on Wednesday unanimously approved allowing Bell's recently launched online White Pages at Zoomtown.com to be its preferred method of directory assistance.
Bell said it is considering requesting a similar change in Kentucky.

Bell, which distributes about 1 million White Pages annually, still will make printed books available, but customers will have to ask for one.

The action comes amid growing environmental opposition over printing millions of pages of telephone directories. Legislation has been introduced in several states to limit distribution of phone directories only to customers who request them.

The action affects only Bell's White Pages and not the Yellow Pages, which is advertiser supported.

There is an environmental friendly feel to this decision, but should that merit such a change?

Currently the United States rates 17th in the world when it comes to broadband penetration, down from 15th just one year ago. The Cincinnati area has two main broadband providers – Cincinnati Bell and Time Warner Cable. Time Warner has much more coverage than Cincinnati Bell. Yet there are still larger areas of the greater Cincinnati area with no broadband coverage. I’m right on the border of one of those areas (luckily just inside). So if Cincinnati Bell wants to “save money” by cutting the distribution of their white pages, then shouldn’t they also be forced to increase their broadband coverage?

When Cincinnati Bell first started the DSL service some 10 years ago, they were saying that their entire coverage area would be able to get broadband within five years. Well double that has passed, and DSL isn’t available where I live. For the past eight years, every time I check I get a page saying “it is coming soon”. Eight years is “soon”?

We really need to invest in our infrastructure, and with the fast paced changes of the wired world, that needs to include providing better broadband coverage to the country. The United States is even further behind when it comes to DSL coverage. This is a sad state of our nation, the nation that pioneered the internet. We had great vision and innovation, then let it all go. Broadband should be available to everyone and also be affordable. And I’m not talking about that over priced satellite internet.

A candidate for Prime Minister of Israel has basically copied the design of Obama’s website. Not really a bad idea considering Obama has laid the foundation for the next generation of political-web sites.

Yesterday I posted that Obama had appointed some strong proponents of Net Neutrality to his transition team to oversee the FCC. Now we find out that another Democrat is working to bring actual Net Neutrality into law:

A lawmaker is bringing the issue of net neutrality back into the spotlight. Sen. Byron Dorgan (D-N.D.) plans to introduce a bill in January that would stop Internet service providers from blocking and managing certain Internet content.

The planned legislation follows a long battle between the Federal Communications Commission and cable-TV and Internet service provider Comcast. It would have the Internet Freedom Preservation Act bar cable and telephone companies from being Internet "gatekeepers" and keep the Internet open and free, according to Dorgan, who has introduced previous bills on net neutrality.

"He was the lead sponsor of net-neutrality bills for this session of Congress, which is about to end, and he will be introducing a bill in the next session of Congress," said Justin Kitsche, a spokesperson for Dorgan's office.

Of course the all powerful telecom industry is gearing up it’s opposition to the possibility of this new law:

"We don't believe legislation is necessary in this area and could harm innovation and investments," said Sena Fitzmaurice, Comcast's senior director of government affairs and corporate communications, in a phone interview. "We have consistently said that all our customers have access to content available on the Internet."

Harm innovation is a good one. The U.S. has fallen way behind the rest of the developing world in terms of internet access and speed. Are they saying that this legislation would take us back to the day of acoustic coupler modems? I doubt that. Instead of fighting this, the telecom industry should focus on ways to bring broadband to the entire nation, and increase our network speed and reliability. We need to start thinking in a 21st century mind.

Yesterday the Obama campaigned named two big advocates of net neutrality to his transition team. The best part is that they are heading up the review of the FCC:

Susan Crawford, a professor at the University of Michigan Law School, and Kevin Werbach, a former FCC staffer, organizer of the annual tech conference Supernova, and a Wharton professor, will lead the Obama-Biden transition team's review of the FCC.

Both are highly-regarded outside-the-Beltway experts in telecom policy, and they've both been pretty harsh critics of the Bush administration's telecom policies in the past year.

Perhaps we are looking at a new dawn in the world of online privacy and fairness under President Obama.

This is what happens when you elect a President who understands the world of technology and how most people now get their news and information:

Today, President-elect Obama will record the weekly Democratic address not just on radio but also on video -- a first. The address, typically four minutes long, will be turned into a YouTube video and posted on Obama's transition site, Change.gov, once the radio address is made public on Saturday morning.

The address will be taped at the transition office in Chicago today.

"This is just one of many ways that he will communicate directly with the American people and make the White House and the political process more transparent," spokeswoman Jen Psaki told us last night.

We are experiencing a revolution in Washington and it will help put the people back in our government. That's a win-win situation no matter how you cut it.

I have spent a long time working in the computer industry and one of the areas I do a lot of work in is cyber security. That means I have been very interested in the whole Palin email hacking case. Essentially what has puzzled me is the attention it has received from the Department of Justice. Email accounts get hacked all the time, usually at the rate of thousands per day. Even worse is the number of people who get suckered into bank scams or suffer from identity theft. These are far worse crimes yet the DOJ has allocated very few resources to fighting them. But when Sarah Palin gets her email hacked, they jump into a full Elliot Ness style task force to hunt down the perpetrators.

Harpers Magazine is now raising these issues in an article that deserves an entire read, but here is a key part:

The Justice Department seems to be setting one of its amazing new rules. When a Republican political figure is damaged in her expectation of being elected to office, it is telling us, that’s a felony. And why is that the case here? Because the hacker helped establish something important: Sarah Palin has been systematically violating the Open Records Act. As David Corn has noted at Mother Jones, Palin relied heavily on private email accounts for improper purposes. As governor of Alaska, she was obligated to maintain as public records her communications with respect to her discharge of official duties. Palin skirted this obligation by turning to private email accounts for government related dealings. In fact, the hacker in question helped flush out Palin’s violations. The hacker also helped establish a motive for the illegal conduct: Palin regularly involved her husband in official business, and it’s easy to understand why she did not want to leave behind evidence of her husband’s involvement.

The hacker revealed that Sarah Palin was violating the Open Records Act by using this account, on top of a bunch of other questionable, and possibly illegal behavior. Now here's where it gets tricky. You would think that the evidence from a hacked email account couldn't be used to against the victim of the hack. That is not the case. This was tried back in 2000 when some child porn peddlers had their email accounts hacked. They were found guilty and tried to get the verdict overturned since the evidence was obtained via "illegal means" (ie: hacking the email account). The federal attorneys argued that since the hacker weren't working as law enforcement or on behalf of law enforcement the information could be used. This turned out to be a successful argument:

The 11th Circuit Court of Appeals, in response to one of these trials (both men were found guilty), claims that ”Congress had left a loophole open in federal privacy law that lets hackers like ‘1069? get away with turning information over to the government and having it used in court” and that there’s a “legislative hiatus in the current laws purporting to protect privacy in electronic communications.”

Let's put this into a less techy scenario. Someone breaks into your house and steals a bunch of stuff. Included in the stolen items was your bag of marijuana. When the thief gets caught the police determine the marijuana was yours, so they charge you with possession. Incidents like this happen all the time, and what is going on with Palin's email account is no different. Her account was used to hide illegal activity. Someone used what could be considered illegal means to expose Palin's crime. Now the vigilante is the criminal. Something does not seem right about this and I think it's a perfect opportunity to look into why the DOJ is basing their investigations on what appears to be sole political purposes and not actual crimes.

Ok this is really scarey, but it looks like the Minority Report is starting to come to life:

Last year, New Scientist revealed that the US Department of Homeland Security is developing a system designed to detect "hostile thoughts" in people walking through border posts, airports and public places. The DHS says recent tests prove it works.

Project Hostile Intent as it was called aimed to help security staff choose who to pull over for a gently probing interview - or more.

So how long before these devices are everywhere - banks, stores, schools, etc.?

I'm still in catch up mode from being offline all last week, but I have to chime in on this whole Palin's email account being hacked thingy. The right wants you to believe some massive hacker fiddled his way through cyberspace, altering bits and warping the very space-time continuum in order to hack into Palin's email account at Yahoo. Sounds like a scene out of Live Free or Die Hard, or even War Games. Oh so scary.

The problem is that it was nothing like that. She had an account on Yahoo, which has been a hackers favorite target for years. Back in the hay days of Yahoo Chat, people lost accounts and a daily basis through hacks. Yahoo has done a little to make their accounts more secure, but not much.

PC Magazine has taken a look into this and published a decent article putting it out in laymen terms. Basically all you need to know is some personal information about a person in order to get their account. That's apparently what the hacker did. Information like that isn't hard to come by either when the victim is in the public spotlight.

So what happens if your account or mine ends up falling victim to some bored hacker? Do we receive the full investigative force of the federal government? Absolutely not. This is a tax payer luxury only afforded to people of high power - like the Governor of Alaska.

Oh and if you are wondering how to protect yourself from such a simple hack, that answer is simple. Don't use actual information for the password recovery forms. I never use actual information. Instead I use some items I came up with years ago and it's never the same between any two sites. Instead I keep a nice notebook with it all written down. That's not some super secret thing I learned in my three decades of software development. It is nothing more than simple common sense - something we would want our people of power to posses.

The Senate Judiciary Committee has approved new legislation creating a form of "copyright cops" to go after file swappers and people who violate intellectual property laws. Under this bill, they can now seize any computers involved in the infringement.

So will they go after McCain for his constant use of music without consent?

Meet the new Space Cube, a 2 inch cube that is a Linux based computer. Now my Mac mini doesn't seem so mini.

An interesting article in the Washington Post discusses how law enforcement is now using GPS to track suspects, mostly without any warrant. This really sounds like a gray area in the world of privacy. On one hand, police can "tail" a suspect without a warrant, which this is very similar to, but what if a citizen decided to put a GPS device on another persons vehicle, including police or elected officials? Would this be justified, or would they face possible charges for stalking?

Over all it looks like this won't be answered until it ends up in the courts, whenever that might be. I think the GPS idea is a good idea, but it's another one of those things that can be abused in the wrong hands. And yes - some cops are the "wrong hands".

As we move forward with technology, our sources of warfare also transform. This could be what's happening in Georgia right now:

August 11, 2008 (Computerworld) Hackers, perhaps affiliated with a well-known Russian criminal network, have attacked and hijacked Web sites belonging to Georgia, the former Soviet republic now in the fourth day of war with Russia, a security researcher claimed on Sunday.

Some Georgian government and commercial sites are unavailable, while others may have been hijacked, said Jart Armin, a researcher who tracks the notorious Russian Business Network (RBN), a malware and criminal hosting network.

This is an angle to warfare that is only discussed in theory, and one most think of as the plot from some sci-fi movie. Today it looks more like reality.