Author Archives: benfranske - Page 11

The Facebook Privacy Problem

Posted by on September 8, 2006 1 comment

Regular readers may remember the this short article I wrote on how the information on the internet is going to be a problem for people in the future. Recently the online social networking site Facebook.com made some changes and people could easily see just how easily this information can be disseminated on the Internet. The change was followed by shock and revolt by Facebook users but the changes remain in place as of today. I wrote the following opinion for an online discussion list and thought blog readers may enjoy it as well.

As a Facebook user as well as a graduate student and computer professional the current controversy over the changes made by Facebook are of particular interest to me. My own experience and discussions with other members of the Internet generation leads me to believe that these users still do not see the “privacy light at the end of the tunnel“. Most users remain unaware of the risks associated with putting any kind of personal information on the internet and grossly misunderstand the ability of individuals and organizations to aggregate such data into profiles of users for anything from relatively benign marketing purposes to something more sinister such as identity theft.

The thing that’s really important to remember here is that the changes made to Facebook did not and have not made any information that was previously private available to the public. Clearly, this is the viewpoint of the Facebook team as can be read on their blog. In other words the only difference is that you are now presented with a list of all the recent changes your “friends” have made. Of course this information was available to you before, but you had to seek it out on each users’ page. Personally I find the feature to be quite a useful one and think it has been a long time in coming. In my opinion the usefulness of social networks such as this is to allow you to stay current with the lives and events of a great number of acquaintances quickly.

Where the problem comes in is that people have been hiding behind “security through obscurity” for some time. Most users don’t think twice about what information is available (to their friends) on their user page. Suddenly the information in thrust into the light and they are alarmed. Of course their have been newspaper stories around the country warning students that employers can and do look up prospective employees on the internee before hiring to see what kinds of people they are, but in my experience most students feel so removed from the employment process they aren’t concerned about this. Secondly, their is an incorrect perception that Facebook is a closed network. Because of this students feel free to post things they normally wouldn’t want “public”. Still others feel that they will be able to change or “clean” their pages before looking for a job. The problem with this is that I have no doubt this information is being crawled and archived by many people and could still be used against you in the future. Obviously alumni now employed in various field still have Facebook accounts and are typically quite accommodating when employers ask them to look up a prospective hire on Facebook. Still other users may be running bots through the network and collecting as much information as possible about as many people as possible for any number of reasons.

As mentioned by Alessandro in a recent message to the list there do exist a number of granular privacy controls which can be exercised within the Facebook environment. Few students take advantage of these tools as they fail to see the ramifications of having so much information public. My real concern is that this will soon blow over and people will go back to ignoring the implications of sharing so much data with the public. Even after several years of incidents being reported in the media there remains a problem with individuals and businesses understanding that once something is out on the Internet the cat is out of the bag. There’s no going back. By its very nature the Internet is a public place and is going to be crawled, indexed, cached and stored. It amazes me that people (especially those who have grown up with computers and the Internet) still fail to grasp this concept.

This isn’t the first time I’ve written about the implications of people sharing data on the Internet and certainly not the last. For more thoughts on how this might effect the ability of people to hold various jobs in the future or perhaps change our notions of what is and isn’t acceptable behavior I encourage you to read this short article I wrote on the topic back in March.

Obviously I don’t expect that people will remove all personal data from the Internet, nor do I think they should. Much of the usefulness of computers and the Internet springs from the ability to search vast databases of information. As a Facebook user and someone who has had a personal website for much longer than that I provide a lot of personal information about myself. The key here is for people to understand the ramifications of doing so and, most importantly, to think about what they say and do in public before they do it.

Goodbye freedb, long live freedb

Posted by on September 5, 2006 Comments Off on Goodbye freedb, long live freedb

If you’ve been following the freedb controversy you know that the two major freedb developers quit on July 1st of this year. Concerns exist that the freedb project may not be stable or reliable into the future. Obviously many freedb aware applications could be affected by a disruption in service. Thankfully a few alternatives are now available which can keep you running until applications make a switch to a new service.

Perhaps the simplest solution is simply to switch to freedb2. This project is designed to be entirely freedb compatible and is based off of the July 1st freedb data combined with new submissions. New data is released to the public domain and the server side software (forthcoming) under the BSD license. freedb2 will let you query in the standard way using http://freedb2.org:80/~cddb/cddb.cgi as your freedb URL. Submissions are accepted in the freedb way to either submissions@freedb2.org (preferred) or freedb-submit@freedb2.org.

If you’re looking for a more robust next generation solution I would suggest taking a look at what the people at MusicBrainz are doing. With core data in the public domain and additional data licensed under the Creative COmmons Attribution-NonCommercial-ShareAlike license MusicBrainz is becoming a much better database. One of the biggest problems with getting people to adopt MusicBraniz is the lack of compatibility with CDDB/freedb applications which have not been updated by their developers to the MusicBrainz protocol. Thanks to the recent events at freedb devlopers have answered this call and a freedb interface to basic MusicBrainz information now exists. Simply by pointing your CDDB/freedb application to http://www.mb.inhouse.co.uk:80/~cddb/cddb.cgi you can access MusicBrainz data. Note that this translator uses a cached copy of the MusicBraniz database so there is some lag between database updates and the data becoming available. Additional information on the limitations of this translator can be found here and a copy of the source code (license unknown) is available from this svn server. Because of additional and different fields than those supported by CDDB/freedb data must be submitted using a MusicBrainz aware application. It should be noted that the translator is not an optimal solution and is subject to a href=”http://lists.musicbrainz.org/pipermail/musicbrainz-users/2006-July/012741.html”>some limitations. It would be best for for application developers to switch to native support of MusicBrainz.

One of my favorite applications that uses freedb data is the excellent (and free) CD ripper Exact Audio Copy (EAC) which has excellent error correction. I have been unable to find any other application (which is unfortunate as I would prefer a Linux application for ripping) that does as good a job. Hopefully the author, Andre Wiethoff, will update his application to support MusicBrainz in the future. Even better would be if he would release the application under the GPL or BSD license so it could be ported to alternative operating systems.

GM car of the future

Posted by on August 31, 2006 1 comment

Check out this BBC video of a test drive in the GM Highwire. This experimental car has a few interesting tricks up it’s sleeve. In fact, if I was in marketing I would call a production model the “GM Chameleon”.

Where do we go from here?

Posted by on August 28, 2006 Comments Off on Where do we go from here?

Scott Bradner’s recent NetworkWorld column “What’s to become of the Internet?” pointed me towards two reports (1992 and 2006) by internet arcitect Dave Clark discussing how he feels a new, better Internet should work. Yet I disagree with some of the primary changes he proposes.

For example, Clark would like to see a basic security architecture that includes authentication of internet users. Certainly, this could bring about great changes such as the tracking and prevention of worms, viruses and spam. At what cost? Perhaps the cost of anonymity. While some would argue the benefists outweigh the costs and security requires authentication I would argue that much of the success of the Internet is based in our ability to be anonymous (or at least have the feeling of anonymity) when we choose. By building authentication into the architecture it would be much easier to track just where each user goes and what they do on the Net. It also legitimizes such tracking “in the name of security”. Just as importantly, how would people’s use of the Internet change if their identity was tied to their activities. Would the Internet be as successful or pervaisive as it is today?

Thoughts on the TSA liquid ban

Posted by on August 28, 2006 Comments Off on Thoughts on the TSA liquid ban

In a recent post to Dave Farber’s Interesting People email list by Perry Metzger makes a number of good points about the current ban on carry-on liquids during air travel. I share many of his sentiments and encourage you to give it some critical thought as well.

First they came for the nail clippers, but I did not complain for I do not cut my finger nails. Now they’ve come for the shampoo bottles, but I did not complain for I do not wash my hair. What’s next? What will finally stop people in their tracks and make them realize this is all theater and utterly ridiculous? Lets cut the morons off at the pass, and discuss all the other common things you can destroy your favorite aircraft with. Bruce Schneier makes fun of such exercises as “movie plots”, and with good reason. Hollywood, here I come!

We’re stopping people from bringing on board wet things. What about dry things? Is baby powder safe? Well, perhaps it is if you check carefully that it is, in fact, baby powder. What if, though, it is mostly a container of potassium cyanide and a molar equivalent of a dry carboxylic acid? Just add water in the first class bathroom, and LOTS of hydrogen cyanide gas will evolve. If you’re particularly crazy, you could do things like impregnating material in your luggage with the needed components. Clearly, we can’t let anyone carry on containers of talc, and we have to keep them away from all aqueous liquids.

See the elderly gentleman with the cane? Perhaps it is not really an ordinary cane. The metal parts could be filled with (possibly sintered) aluminum and iron oxide. Thermit! Worse still, nothing in a detector will notice thermit, and trying to make a detector to find thermit is impractical. Maybe it is in the hollowed portions of your luggage handles! Maybe it is cleverly mixed into the metal in someone’s wheelchair! Who knows?

Also, we can never allow people to bring on laptop computers. It is far too easy to fill the interstices of the things with explosives — there is a lot of space inside them — or to rig the lithium ion batteries to start a very hot fire (that’s pretty trivial), or if you’re really clever, you can make a new case for the laptop that’s made of 100% explosive material instead of ordinary plastic. Fun!

No liquor on board any more, of course. You can open lots of little liquor bottles and set the booze on fire, and besides, see the dangers of letting people have fluids. Even if you let them have fluids, no cans of coke — you can make a can of coke into a shiv in a few minutes. No full sized bottles of course, since you can break ’em and use them as a sharp weapon, so no more champagne in first class either, let alone whiskey.

Then, lets consider books and magazines. Sure, they look innocent, but are they? For 150 years, chemists have known that if you take something with high cellulose content — cotton, or paper, or lots of other things — and you nitrate it (usually with a mixture of nitric and sulfuric acids), you get nitrocellulose, which looks vaguely like the original material you nitrated but which goes BOOM nicely. Nitrocellulose is the base of lots of explosives and propellants, including, I believe, modern “smokeless” gunpowder. It is dangerous stuff to work with, but you’re a terrorist, so why not. Make a bunch of nitrocellulose paper, print books on it, and take ’em on board. The irony of taking out an airplane with a Tom Clancy novel should make the effort worthwhile.

So, naturally, we have to get rid of books and magazines on board. That’s probably for the best, as people who read are dangerous.

And now for a small side note. It is, of course, commonly claimed that we have nitro explosive detectors at airports, but so far as I can tell they don’t work — students from labs I work in who make nitro and diazo compounds for perfectly legitimate reasons and have trace residues on their clothes have told me the machines never pick up a thing even though this is just what they’re supposed to find, possibly because they’re tuned all the way down not to scare all the people who take nitroglycerine pills for their angina.

Now, books aren’t the only things you could nitrate. Pants and shirts? Sure. It might take a lot of effort to get things just so or they will look wrong to the eye, but I bet you can do it. Clearly, we can’t allow people on planes wearing clothes. Nudity in the air will doubtless be welcomed by many as an icebreaker, having been deprived of their computers and all reading material for entertainment.

Then of course there is the question of people smuggling explosives on board in their body cavities, so in addition to nudity, you need body cavity searches. That will, I’m sure, provide additional airport entertainment. By the way, if you really don’t think a terrorist could smuggle enough explosives on board in their rectum to make a difference, you haven’t been following how people in prison store their shivs and heroin.

However, it isn’t entirely clear that even body cavity searches are enough. If we’re looking for a movie plot, why not just get a sympathetic surgeon to implant explosives into your abdomen! A small device that looks just like a pace maker could be the detonator, and with modern methods, you could do something like setting it off by rapping “shave and a haircut” on your own chest. You could really do this — and I’d like to see them catch that one.

So can someone tell me where the madness is going to end? My back of the envelope says about as many people die in the US every month in highway accidents than have died in all our domestic terrorist incidents in the last 50 years. Untold numbers of people in the US are eating themselves to death and dying of heart disease, diabetes, etc. — I think that number is something like 750,000 people a year? Even with all the terrorist bombings of planes over the years, it is still safer to travel by plane than it is to drive to the airport, and it is even safer to fly than to walk!

At some point, we’re going to have to accept that there is a difference between real security and Potemkin security (or Security Theater as Bruce Schneier likes to call it), and a difference between realistic threats and uninteresting threats. I’m happy that the police caught these folks even if their plot seems very sketchy, but could we please have some sense of proportion?

Making STEM work with public/private partnerships

Posted by on August 28, 2006 Comments Off on Making STEM work with public/private partnerships

Those teachers involved with Technology Education, at least in the United States, are bound to be familiar with the STEM (Scient, Technology, Engineereing & Mathematics) acronym/movement. What you may not know is that the National Science and Technology Partnership (NSTEP) is an education/private partnership designed to create a bridge between educators and electronics companies.

One of their initiatives aimed at Technology Education is called TechXplore which is a research based mentorship and competition designed to improve the science and technology skills of students.

Repairing MySQL tables with myisamchk

Posted by on August 28, 2006 Comments Off on Repairing MySQL tables with myisamchk

About the only time I have a problem with one of my MySQL database servers is if the power goes out at just the wrong time during a database write. Luckily for me MySQL comes with a handy utility called myisamchk which can be used to repair corrupted database tables. Instructions for how to use this utility can be found on this page in the MySQL documentation.

Experiments in backyard ballistics with Mentos and Soda Pop

Posted by on August 28, 2006 Comments Off on Experiments in backyard ballistics with Mentos and Soda Pop

Perhaps he’s not the first to experiment with it but Steve Spangler has a great deal of information about the now popular (at least with the YouTube and Google Video crowd) sport of creating geysers out of soda pop and mentos on his website. From science teachers looking for an eye-catching and engaging demo for the first day of school to crazy teenagers looking to make “cool stuff” happen in the backyard this experiment is bound to be a crowd pleaser.

Ross Anderson’s Security Engineering Book Free Online

Posted by on August 28, 2006 Comments Off on Ross Anderson’s Security Engineering Book Free Online

Author Ross Anderson has convinced his publisher (Wiley) to let him make his book, Security Engineering, available for free online. I’ll let his reasons speak for themselves:

My goal in making the book freely available is twofold. First, I want to reach the widest possible audience, especially among poor students. Second, I am a pragmatic libertarian on free culture and free software issues; I think that many publishers (especially of music and software) are too defensive of copyright. I don’t expect to lose money by making this book available for free: more people will read it, and those of you who find it useful will hopefully buy a copy. After all, a proper book is half the size and weight of 300-odd sheets of laser-printed paper in a ring binder. (My colleague David MacKay found that putting his book on coding theory online actually helped its sales. Book publishers are getting the message faster than the music or software folks.)

If more authors and publishers felt this way the world would be a better place. If I’m going to read an interesting book I’m going to buy it and carry it around in dead-tree format but for searching quickly for something that “I know I’ve read somewhere” it’s hard to beat a digital format.

Low cost electronics lab equipment

Posted by on August 28, 2006 1 comment

In the past I’ve had good luck purchasing inexpensive elecotronics lab equipment such as autoranging digital multimeters from circuitspecialists.com and would still recommend them but another option has come to my attention. In reviewing some of my literature from the January Consumer Electronics Show (read: working on the backlog of work on my desk) I stubled across the multimeterwarehouse.com website. To be sure these folks specialize in meters and a few power supplies, not the broader range of equipment that Circuit Specialists has, but if you need to outfit an electronics lab, shop or just yourself with a handy digial multimeter they may be just the ticket.