Adam Victor Brandizzi

In 2005, PC Pitstop decided to prove that no one reads fine print online by burying a monetary reward inside their user agreement. Five months and three thousand sales later, someone claimed their $1,000 reward.

Read The Blog Post Here »

Recently a British court ordered researchers to withdraw a paper, “Dismantling Megamos Security: Wirelessly Lockpicking a Vehicle Immobiliser” from next week’s USENIX Security Symposium. This is a blow not only to academic freedom but also to progress in vehicle security. And for those of us who have worked in security for a long time, it raises bad memories of past attempts to silence researchers, which have touched many of us over the years.

The paper, by Flavio Garcia of the University of Birmingham and Roel Verdult and Baris Ege of Radboud University Niemegen, would have discussed the operation and security of Megamos, a cryptography-based system used in most or all recent Volkswagen-made vehicles. Megamos wirelessly authenticates a key to the car, and vice versa, so that the car can be started only by an authorized key. Unfortunately, as the paper would have explained, Megamos has vulnerabilites that would allow an attacker to start the car without a legitimate key in some circumstances.

There is a fallacy, typically more common among non-experts, that only “constructive” security research—that is, research that claims to describe a secure system—has value. In fact, case studies of vulnerabilities can be very valuable. Given that most security systems turn out to be vulnerable, it pays to understand in detail how and why sophisticated designers end up shipping vulnerable technologies—which is exactly what the Megamos paper was apparently trying to do.

This case has strong echoes of an incident in 2001, when the Recording Industry Association of America and some other entities threatened to sue my colleagues and me over our case study of several copy protection technologies for compact discs. The RIAA and friends threatened to sue us and others if we went ahead with publication of our paper. Under these threats, we withdrew the paper from its original venue and went to court to secure the right to publish. With help from the EFF, USENIX, and others, we were eventually able to publish our work in the 2001 USENIX Security Symposium.

The two cases are similar in many ways. Both involved a case study paper that described how a technology worked and why it was vulnerable. Both papers were fully peer reviewed and accepted for publication, and in both cases affected companies knew about the papers well in advance but acted only late in the game to try to block publication. We faced threats of a lawsuit, whereas the Megamos researchers were actually ordered by a court not to publish (pending further court proceedings). And in both cases the threatening companies seemed to be motivated mostly by a fear of embarrassment due to their poor engineering choices becoming public.

As usual, the attempt to avoid embarrassment will fail. By trying to block publication, the company is effectively admitting that it has something to hide and that the paper is correct in saying that Megamos is vulnerable. Of course trying to block the paper will only draw more attention to the flawed technologies. But what the company might succeed in doing is to withhold from researchers and practitioners the main value of the paper, which is its diagnosis of exactly what went wrong and why, that is, the lessons it teaches for the future.

This is yet another example of the legal system’s apparent ambivalence about security research. We hear that digital insecurity is a major challenge facing society. But at the same time the law seems too eager to block or deter the very research and scholarly communication that can help us learn how to do better.

So I’m in my room at the other side of the planet. Its 37°C out there and this is one of my last days in Japan. This city should look quite familiar to me, but I guess Tokyo is an entirely different beast. I mean, it’s a large city, people are rushing to trains, subway and sidewalks 24/7, but – at first – I thought they were nothing like those guys sharing the bus with me back home.

In here, business hour starts at 9 o’clock. Public transportation reaches everywhere (I’m guessing) giving people many alternatives so they can hit the snooze button once in a while.

The thing that made them different from the folks I know well it’s their very distinctive silence in the morning. Even in a packed train car, you can hear the proverbial pin drop, but you won’t hear anyone talking (on phones or to each other). Working men and women stand side by side looking at screens silently waiting for their stop.

When they are not looking at their screens, they are immersed in a book, almost always wrapped in a protective cover. My chances of spotting someone reading “50 Shades of Grey” were nil.

Every morning, I stood by them silently paying attention to their indifference towards me. Being a gaijin it’s not big in Japan (!) and there are a lot less foreigners walking the streets than I had imagined. Every time you meet one you kinda gives them “that look”: “You are not from Japan, neither do I. Now go, sweet stranger”.

Not including one or the other curious child, none of the Japanese seems to notice me speaking a language that must sound incomprehensible. But if they do (I bet they do!), they simply look the other way and try not to bother me with puzzled glances.

Most Brazilians, myself included, are anything like that, we are naturally very curious and maybe a little intrusive. We pay attention to people talking in weird languages, and we strive to understand what is being said, just for the fun of it.

Their silence in the morning train made me admire their respect for privacy and courtesy to each other, but at the same time, all I could think was: guys, seriously, haven’t you saw the game last night? Or the news? Maybe, I don’t know… the weather for this week? Why aren’t you talking about stuff, complaining about your jobs or anything like that? Are you that different from me?

It took a sort of adventure to answer that question with a resounding no. After meeting some gaijin friends (mostly Americans) at a bar in Shinjuku – where we discussed our impressions of how the Japanese seem indeed reserved – I went to the closest subway station a little tipsy from all that very light beer they seem to like it here. On the way, a scene surprised me. Two Japanese girls helping themselves down a ladder. Suddenly, I wasn’t the only dizzy person walking down that staircase.

Laughing out loud, the girls weren’t alone in the party-hard early birds bloc. At the subway platform, groups of young and older guys and girls spoke loudly in nihongo. Maybe it wasn’t about the game, or the news or even the weather, but they did spoke loudly, without any signs of shyness. One could even say that some of them were being annoying and disrespectful to the few workers who rose early on a freaking Saturday. I wouldn’t, they were being quite familiar.

Nearly lying, I was around a group of young Japanese while they were questioned by a British tourist. The matter of the conversation involved one of them having to go back to his wife after the big night out. “Married? How old are you?”, the brit guy looked shocked at me, waiting for a reaction that I could not express (hence: hangover kicking in).

After debating the right (?) age to be married (brit pal actually said “never”), one of the Japanese guys turned to me and asked me bluntly: “Where are you from?”. Finally! One of them noticed me at a crowded subway car, and there was the question I’ve waited all those years (the second most basic question in English classes everywhere!): “I’m from Brazil!”.

Immediately, I had the attention of the whole wagon. “Wow, Brazil! What do you do in Tokyo?”. “I’m actually on vacation”. That strucked them fully. “But why go here?”, one of them questioned. “I guess I’ve always wanted to visit Tokyo. Looks like a great city”.

My compliment was well received, which gave me courage to say one more thing, I was in a roll: “It’s like São Paulo, but you are really quiet in the morning”. My stop was next and I had to rise from the depths of that seat and face the lightheadedness. When the doors were opening, one of them turned to me and said: “You should see us at night”.

It is frighteningly easy for speaking with a police officer to land an innocent person in prison. Especially when you’ll confess in exchange for a soda.

Read The Blog Post Here »

fer1972:

Javier G. Pacheco

just-art:

Raoni Assis

fer1972:

Paintings by Dirk Dzimirsky

fer1972:

Ricardo Cinalli (Artist found thanks to 2headedsnake)

fer1972:

Nikos Gyftakis

neolithium:

Trust

[video]

Never Say Never Again got its title because after Diamonds Are Forever Sean Connery had said he would “never again” play James Bond.

In summer 1940, Germany demanded access to Swedish telephone cables to send encoded messages from occupied Norway back to the homeland. Sweden acceded but tapped the lines and discovered that a new cryptographic system was being used. The Geheimschreiber, with more than 800 quadrillion settings, was conveying top-secret information but seemed immune to a successful codebreaking attack.

The Swedish intelligence service assigned mathematician Arne Beurling to the task, giving him only a pile of coded messages and no knowledge of the mechanism that had been used to encode them. But after two weeks alone with a pencil and paper he announced that the G-schreiber contained 10 wheels, with a different number of positions on each wheel, and described how a complementary machine could be built to decode the messages.

Thanks to his work, Swedish officials learned in advance of the impending invasion of the Soviet Union. Unfortunately, Stalin’s staff disregarded their warnings.

“To this day no one knows exactly how Beurling reasoned during the two weeks he spent on the G-Schreiber,” writes Peter Jones in his foreword to The Codebreakers, Bengt Beckman’s account of the exploit. “In 1976 he was interviewed about his work by a group from the Swedish military, and became extremely irritated when pressed for an explanation. He finally responded, ‘A magician does not reveal his tricks.’ It seems the only clue Beurling ever offered was the remark, cryptic itself, that threes and fives were important.”

(Thanks, John.)

Minha timeline de hoje derrete-se em elogios a uma capa “irônica” da TPM. A revista lançou uma capa “falsa” em que reproduz as chamadas mais clichês das publicações femininas: justamente aquele tipo de promessa e de cobertura do jornalismo “feminino” que essa revista se propõe a evitar. Ao lado da capa “falsa”, vemos a capa “verdadeira”, com uma chamada clean questionando por que se mente tanto para as mulheres.

Nas duas opções de capa vemos a mesma atriz, Alice Braga, linda, magra feito um palito, com ossos aparentes e tudo. A moça não tem um pelo, uma marca de espinha, uma ponta dupla. Talvez ela seja assim mesmo, sem Photoshop nem nada, mas esse não é o caso de praticamente nenhuma mulher e certamente não é o caso de nenhuma mulher sem dinheiro. O padrão de beleza atual não é passível de ser conquistado apenas com dons genéticos e hábitos de vida razoavelmente saudáveis. É preciso um investimento de tempo e dinheiro cada vez maior já que o objetivo desse padrão não é apenas te fazer chorar no chuveiro, mas essencialmente te fazer encher esse chuveiro de produtos de beleza. Prova disso é que os gastos do brasileiro com cosméticos, produtos de higiene pessoal e serviços de beleza passaram de R$ 26,5 bilhões há dez anos para R$ 59,3 bilhões neste ano: um pequeno crescimento de 124%.

A TPM se insere no contexto das revistas femininas mais ou menos como a Dove se insere no contexto dos produtos de beleza: ela é apenas um outro produto, só que voltado para uma mulher que quer parecer mais natural e autêntica sem necessariamente o ser. Como disse Toni Morrison, “the change was adjustment without improvement”.

Na capa “falsa”, Alice Braga aparece num maiô cafona, fazendo pose de blasé e cheia de laquê no cabelo. Na capa “verdadeira”, aparece tranquila e risonha. A mensagem é de que a leitora da TPM quer ser gostosa, mas com shortinho folgado e camiseta podrinha. Ela despreza a mulher que “se esforça demais” para preencher os padrões. Melhor preencher esses padrões naturalmente. Trata-se de uma mera mudança de estilo, de embalagem, não de estilo de vida, muito menos de pensamento.

Em sua tentativa de se diferenciar, a TPM acaba sendo mais mentirosa e opressiva que as outras revistas. Porque as outras pelo menos passam a real de que para fazer o tipo capa de revista o sujeito terá de gastar tubos de dinheiro e comer um alface, trabalhar nos fins de semana e ter dois empregos. Vai ter que guiar sua escolha de carreiras segundo os interesses do mercado, e não segundo seus gostos pessoais. A TPM finge que é possível ser linda, bem sucedida e rica mantendo um ar descolado, como se tudo na vida fosse muito fácil. Seremos perfeitas e sem paranoia. Um comportamento estilo bailarina: sofra sorrindo. Seja linda, mas vê se toma um banho rápido e não chateia os amigos com assuntos de dieta.

Quando leio a TPM me sinto tão pobre, feia e incompetente quanto quando leio qualquer outra revista feminina. A revista é cheia de casas maravilhosas habitadas por pessoas que nem atingiram os 30 (como pagar por aquele móvel trazido da Tunísia sendo uma “pessoa de humanas”? Ter uma família rica é o crediário mais acessível). Enquanto as outras revistas femininas pregam o empobrecimento e a fome, essa prega a iluminação espiritual e uma aura desencanada.

A TPM esbarra nos limites do feminismo burguês e de farmácia. Uma seção particularmente ilustrativa de suas limitações é aquela em que uma moça é convidada para mostrar seus looks da semana e dizer o que fez em cada um daqueles dias. São todas jovens e bem sucedidas. A maioria faz questão de se mostrar como uma pessoa que curte a vida, visita os amigos durante a semana, faz passeios. Lá ninguém trabalha o dia inteiro depois se joga deprimido num sofá com Neflix. Trabalhar muito é cafona, disse Nina Lemos, colunista da revista. O único inconveniente é que a vida financeira das moças não faz sentido. As profissões que elas dizem possuir não comportam o nível de consumo que elas aparentam ter trabalhando a quantidade de horas que elas alegam trabalhar.

Para ser uma mulher de Nova você precisa trabalhar muito, comer pouco e transar a cada dia numa posição diferente. Para ser uma moça da TPM você basicamente tem que nascer daquele jeito. A questão é: quem nasce assim?

Ps: Poucos dias depois de escrever esse post eu estava na fila do mercado e dei de cara com essa outra capa. Resta saber se é falsa, verdadeira ou se estamos fazendo a pergunta correta:

Here’s a little more respect.

O drama dos índios Awá e a resistência de seu povo que tenta impedir a ação criminosa de madeireiros na Reserva Biológica Gurupi, onde o território indígena já perdeu 30% de sua paisagem original.

As Ben mentioned in our previous post, our top priority right now is improving the stability of The Old Reader.  To start, we’re going to get The Old Reader a much needed hardware upgrade.  This week, we’ll be relocating the application to a top tier host located in the United States, tripling database capacity and adding over 10 times the network capacity.

The move is going to entail exporting all of the posts from about 6 million subscriptions, moving that data approximately 5000 miles and then importing it into the new database servers. This is a big move, and unfortunately it’s going to require about 48 hours of downtime.   

The new environment will be ready to roll on Tuesday at which point we will begin the transfer and maintenance window.  We’re shooting to begin that maintenance window at approximately 12AM GMT Wednesday.  During this time, we’ll be frequently updating Twitter, Facebook and Status page to make sure you know as soon as it is back up and running.

For those hopeless optimists out there, here’s some catchy headline reads:
Nanoparticles loaded with bee venom kill HIV
Scientists Discover Protein That Reverses Heart Disease In Older Mice
Souped-up immune cells force leukaemia into remission
Biofuel breakthrough: Quick cook method turns algae into oil
Harvard cracks DNA storage, crams 700 terabytes of data into a single gram

On Feb. 18, 1986, frustrated that heavy rains had prevented some jurors from reaching his court, U.S. District Court Judge Samuel King said, “I hereby order that it cease raining by Tuesday. Let’s see how that works.”

California immediately entered five years of severe drought, with strict water rationing.

When colleagues reminded King of his order in 1991, he said, “I hereby rescind my order of February 18, 1986, and order that rain shall fall in California beginning February 27, 1991.” Later that day the state received 4 inches of rain, the heaviest storm in a decade, and two further storms added another 3 inches.

In a letter to a local newspaper, King said this was “proof positive that we are a nation governed by laws.”