Projects like Wikipedia, uses such as text and data mining, online access to cultural heritage and educational resources, and transformative use of the Internet do not follow the same logic as the traditional content industry value chains. Here limited user rights and long terms of protection become problematic and increased enforcement translates into chilling effects.
At the same time all of these types of uses are exactly what makes the Internet special and drives its potential to accelerate innovation and to democratize access to knowledge, tools and culture. The Internet is the first mass medium that is simultaneously enabling market driven uses, uses that are driven by public policy objectives (such as education or access to culture), and uses driven by people’s desire to create, collaborate and contribute to the commons.
SSL TLS HTTPS Web Server Certificate Fingerprints
Public and Private keys form cryptographically matched pairs. It is not feasible to derive one from the other, yet what one encrypts only the matching other can decrypt. Website SSL security certificates provide the site’s Public cryptographic key which is the public side of the server’s secret Private cryptographic key which is never publicly disclosed. Only the certificate’s public key can be used to encrypt data which the remote server can decrypt only using its matching private key. Since the SSL Proxy Appliance does not have the private key of the remote server—because only the remote server has it—the fake & fraudulent certificate the SSL Proxy provides to the user’s web browser is forced to use a different public key for which it does have a matching private key. And that means that no matter how hard any SSL-intercepting Proxy Appliance may try to spoof and fake any other server’s certificate, the certificate’s public key MUST BE DIFFERENT
via GRC | SSL TLS HTTPS Web Server Certificate Fingerprints
The remote server’s REAL certificate and the SSL Appliance’s FAKED certificate MUST HAVE AND WILL HAVE radically different fingerprints. They will not be remotely similar..
A Patent on Seven Simple Lines of Code
Basically, you look in one person’s account to see if there is enough money to make a transfer, and if there is, you transfer the money. I’ll bet you’ve done that before.
In fact, here’s the whole program:
10 LET account1 = 200.00
20 LET account3 = 300.00
30 INPUT “Value to exchange for transaction”; exchange
40 IF account1 < exchange THEN PRINT “Inadequate value”: STOP
50 account1 = account1 – exchange
60 account3 = account3 + exchange
70 PRINT “Instruction to 1st institution: adjust 2nd account by ”; -exchange
This implementation demonstrates that Alice’s patented invention requires only seven simple lines of code, not complex programming or specially designed hardware.
via A Patent on Seven Simple Lines of Code – Public Knowledge.
No, I Don’t Trust You! — One of the Most Alarming Internet Proposals I’ve Ever Seen
The technical details get very complicated very quickly, but what it all amounts to is simple enough. The proposal expects Internet users to provide “informed consent” that they “trust” intermediate sites (e.g. Verizon, AT&T, etc.) to decode their encrypted data, process it in some manner for “presumably” innocent purposes, re-encrypt it, then pass the re-encrypted data along to its original destination.
In essence it’s a kind of sucker bait. Average users could easily believe they were “kinda sorta” doing traditional SSL but they really wouldn’t be, ’cause the ISP would have access to their unencrypted data in the clear. And as the proposal itself suggests, it would take significant knowledge for users to understand the ramifications of this — and most users won’t have that knowledge.
This editorial illustrates that Man In The Middle (MITM) attacks cannot happen without user consent. This blogger fears that ISPs will require consent for all SSL sessions making all users’ end to end encryption vulnerable to a “trusted” proxy. Here is a blurb in the draft.
From the IETF draft: Explicit Trusted Proxy in HTTP/2.0 draft-loreto-httpbis-trusted-proxy20-01
This document describes two alternative methods for an user-agent to automatically discover and for an user to provide consent for a Trusted Proxy to be securely involved when he or she is requesting an HTTP URI resource over HTTP2 with TLS. The consent is supposed to be per network access. The draft also describes the role of the Trusted Proxy in helping the user to fetch HTTP URIs resource when the user has provided consent to the Trusted Proxy to be involved.
The consent is supposed to be on a per network (or destination) basis which means there may be a reason the user agent will want to use a trusted proxy — perhaps they do not trust the destination network. The blogger implies ISPs will want blanket consent over all destinations which 1) they could implement now without this standard and 2) this would not make for a good PR move because it would not go unnoticed.
Battery-free technology brings gesture recognition to all devices
The researchers built a small sensor that can be placed on an electronic device such as a smartphone. The sensor uses an ultra-low-power receiver to extract and classify gesture information from wireless transmissions around us. When a person gestures with the hand, it changes the amplitude of the wireless signals in the air. The AllSee sensors then recognize unique amplitude changes created by specific gestures.
via Battery-free technology brings gesture recognition to all devices | UW Today.
Munich opts for open source groupware from Kolab
The Kolab groupware system that was originally developed for the German Federal Office for Information Security (BSI) will be employed as part of Munich’s MigMak project, a abbreviation used by the city to describe the migration of its mail and calendar system, Kolab said. The system is to be provided as completely open-source technology, including the necessary professional support, it added.
All the city’s LiMux PCs and the remaining Windows PCs will be using the Kolab Desktop Client in combination with the Kolab web client based on Kolab Enterprise 13, it said.
via Munich opts for open source groupware from Kolab | ITworld.
From: Kolab’s web site:
What is Kolab?
Kolab is a secure, scalable and reliable groupware server. It is formed by a number of well-known and proven components or the standards tasks such as E-Mail, Directory and Web Service.
Cellular’s open source future is latched to tallest tree in the village
And that network runs on open source. OpenBTS, an all-software cellular transceiver, is at the heart of the network running on that box attached to a treetop. Someday, if those working with the technology have their way, it could do for mobile networks what TCP/IP and open source did for the Internet. The dream is to help mobile break free from the confines of telephone providers’ locked-down spectrum, turning it into a platform for the development of a whole new range of applications that use spectrum “white space” to connect mobile devices of every kind. It could also democratize telecommunications around the world in unexpected ways. Startup Range Networks, the company that developed the open-source software powering the network, has much bigger plans for the technology. It wants to adapt the transceiver to use unlicensed spectrum for small-scale cellular networks all over the world without the need to depend on the generosity of incumbent telecom providers or government regulators.
via Cellular’s open source future is latched to tallest tree in the village | Ars Technica.
OpenBTS is a Unix-based software package that connects to a software-defined radio. On the radio side, it uses the GSM air interface used globally by 2G and 2.5G cellular networks, which makes it compatible with most 2G and 3G handsets. On the backend, it uses a Session Initiation Protocol (SIP) “soft-switch” or a software-based private branch exchange (PBX) server to route calls, so it can be integrated with VoIP phone systems.
ICANN seeks to tackle DNS namespace collision risks
For this “controlled interruption” JAS recommends returning an address within the 127/8 loopback range: “Responding with an address inside 127/8 will likely interrupt any application depending on an NXDOMAIN or some other response, but importantly also prevents traffic from leaving the requestor’s network and blocks a malicious actor’s ability to intercede.”
Instead of the familiar 127.0.0.1 loopback address for localhost, the report suggests “127.0.53.53”. Because the result is so unusual, it’s likely to be flagged in logs and sysadmins who aren’t aware of a name collision issue are likely to search online for information about the address problems.
Bitcoin Exchange Mt. Gox Goes Offline Amid Allegations of $350 Million Hack
A coalition of bitcoin businesses — including bitcoin wallet-makers Coinbase and Blockchain — quickly put out a statement as news of the hack spread. “This tragic violation of the trust of users of Mt. Gox was the result of one company’s abhorrent actions and does not reflect the resilience or value of bitcoin and the digital currency industry,” they said. “There are hundreds of trustworthy and responsible companies involved in bitcoin.”
Coding Horror: App-pocalypse Now
Let’s start with the basics. How do you know which apps you need? How do you get them installed? How do you keep them updated? How many apps can you reasonably keep track of on a phone? On a tablet? Just the home screen? A few screens? A dozen screens? When you have millions of apps out there, this rapidly becomes less of a “slap a few icons on the page” problem and more of a search problem like the greater web. My son’s iPad has more than 10 pages of apps now, we don’t even bother with the pretense of scrolling through pages of icons, we just go straight to search every time.