GNU/Linux

Originally Published August 10, 2008; Updated and Republished August 14, 2008; Updated and Republished August 26, 2008:

United States District Court Judge Douglas Woodlock, District of Massachusetts has issued an injunction prohibiting Massachusetts Institute for Technology (MIT) students from presenting their paper, "Anatomy of a Subway Hack" at this years DEFCON 16.

MIT students, Zack Anderson, R.J. Ryan, and Alessandro Chiesa, under professor Ron Rivest, figured out how to clone an insecure Massachusetts Bay Transportation Authority (MBTA) RFID¹ CharlieCard (researchers also looked at MBTA's CharlieTicket).

One wonders why MBTA is requesting and a court granting an injunction²against undergraduate MIT students—seems an injunction is better directed at the vendor of the MBTA RFID CharlieCard³.

There is something very refreshing about the MBTA's insecurity. One wonders how we've managed, in all our brilliance, to create a system in which 48 bit encryption is laughably trivial to protect us from them⁴.

Web:

• UPDATED 08/26/2008 MIT Tech, Students’ Presentation Shows How to Get Free T Fare
• UPDATED 08/26/2008 MIT Tech, MBTA Sues Three Students to Stop Speech on Subway Vulnerabilities
• UPDATED 08/19/2008 Reuters, Judge backs hackers in Boston subway dispute
• UPDATED 08/19/2008 ZDNet, MIT students ungagged: Judge vacates gag order
• UPDATED 08/19/2008 InfoZine, EFF Urges Judge to Lift Gag Order on MIT Students
• UPDATED 08/14/2008 Wired, Federal Judge Throws Out Gag Order Against Boston Students in Subway Case
• UPDATED 08/14/2008 ZDNet, Defcon’s over but MBTA wants gag order to remain
• UPDATED 08/14/2008 Wired, Computer Scientists Ask Court to Reconsider Gag Order in DefCon Case
• UPDATED 08/11/2008 InfoWeek, MIT Students Ordered To Withhold Boston's MTA Hack Details
• Cnet, Judge orders halt to Defcon speech on subway card hacking

-----notes-----

1. RFID technology is becoming ubiquitous. It is currently used in our new passports which were reportedly compromised by the Chinese during their manufacturing process.

While key size and shielding may differ between usages many security experts seem to think the current RFID passports are a bad idea.

2. Adopting policies and legislation aimed at securing our networks and peripheral devices by prohibiting our security researchers from publicly discussing and publishing their circumvention research is a crude and blunt approach. Not to mention ineffective and a blatant violation of our First Amendment.

However, we are making progress—we use to arrest and jail our security researchers!

3. Karsten Nohl's (University of Virginia) research previously exposed the Mifare Classic RFID cipher algorithm underpinning ticket system security used by various domestic and foreign subways.

4. Such a system, while entertaining and generative of make-work, does not seem particularly friendly, beneficial, or sustainable for humans.

Originally Published May 28, 2008; Updated and Republished August 20, 2008:

VIA has open sourced a WiMAX capable laptop design (OpenBook) under the Creative Commons Attribution ShareAlike 3.0 license.

Blog: CC, VIA Releases OpenBook, Opens CAD Designs under CC BY-SA 3.0

Web:

• UPDATED 08/20/2008 Update: Ripping Open the VIA OpenBook Video
• UPDATED 08/20/2008 Engadget, Hands-On Reviews VIA OpenBook
• Via Releases Laptop Design as Open Source

Originally Published March 14, 2008; Updated and Republished August 04, 2008:

This week the United States, as part of its National Strategy to Secure Cyberspace, conducted its second National Cyber Exercise (NCE), Cyber Storm II. The Department of Homeland Security (DHS) will report its findings later this year. Web: UPDATED 08/04/08 Cnet, DHS stays mum on new 'Cyber Security' center National Cyber Security Division CW, Opinion: Government and industry unite in cybercrime battle

FCC orders (86K pdf) Comcast to cease wrongfully discriminating against certain types of Internet traffic¹.

Net neutrality principles prevent Telecom, Cable, and other internet service providers from wrongfully preferring some Internet data packets over others—they can't act like a postal worker deciding which first class letters to deliver to you and when to deliver them.

Web: Save the Internet

Blog: Washington Times, FCC vote backs Net neutrality

-----notes-----

1. Comcast was throttling certain types of P2P traffic, typically related to bit torrents, a distributed file sharing protocol for transmitting a large numbers of data packets.

The Naval Meteorology and Oceanography Command, Naval Oceanographic Office (NMOC, NAVO) to get a 90 teraflop, IBM Power 575 Hydro-Cluster, optimized for NAVO modeling.

Web: Naval Oceanographic Office to Get Major Supercomputer

Res:

• NAVO, Shared Resource Center
• June 2008, Top 500 Supercomputer List

Web: NYT, Washington’s Boyhood Home Is Found. A story tailor made for the 4th of July.

Washington's presidency is widely considered to be the gold standard of American presidents—hopefully all Americans will deepen their love of country by learning more about it, its founding presidents, and their spouses.

If you do not know where to begin check-out the The American Presidents Series.

Originally published April 23, 2008: Updated and Republished May 18, 2008; Updated and Republished June 27, 2008:

UPDATE 06/27/2008:Twiceler is still behaving, entering the site at reasonable intervals by reading robot.txt; crawling like a spider—not an elephant; and has begun leaving helpful notes explaining its crawlers' intention and duration:

• crawl-8.cuill.com 64.1.215.164 27/Jun/2008 00:24:37 200 GET / HTTP/1.0 - Mozilla/5.0 (Twiceler-0.9 http://www.cuill.com/twiceler/robot.html) One-time, weeklong image crawl
• crawl-9.cuill.com 64.1.215.165 27/Jun/2008 00:05:44 200 GET / HTTP/1.0 - Mozilla/5.0 (Twiceler-0.9 http://www.cuill.com/twiceler/robot.html) One-time, weeklong image crawl

UPDATE 05/18/2008:Twiceler is better behaving, entering the site at reasonable intervals by reading robot.txt and exiting for an extended period on encountering the first 403 header return:

• 64.1.215.165 - - [18/May/2008:13:21:47 -0700] "GET /robots.txt HTTP/1.0" 403 1041 "-" "Mozilla/5.0 (Twiceler-0.9 http://www.cuill.com/twiceler/robot.html)"
• 64.1.215.164 - - [18/May/2008:15:14:22 -0700] "GET /robots.txt HTTP/1.0" 403 1041 "-" "Mozilla/5.0 (Twiceler-0.9 http://www.cuill.com/twiceler/robot.html)"

Cuill, a new Silicon Valley search engine start up, is running the rude, misbehaving, and rogue robot, Twiceler.

Twiceler is unregistered, undocumented, ignores robots.txt, and modifies its name variable {HTTP_USER_AGENT} in response to a regular expression blocking.

Cuill asserts Twiceler runs from IP address ranges:

• 38.99.13.121-38.99.13.126
• 38.99.44.101-38.99.44.106
• 64.1.215.162-64.1.215.166
• 208.36.144.6-208.36.144.10

It does not seem like a wise strategy for a start up search engine company (or anyone for that matter) to aggressively flaunt the directives of website administrators—particularly when your running an unregistered and undocumented (rogue) robot.

Some important factors in judging if a bot is SPAM:

• Is bot registered with robottxt.org?
• Is bot well documented and contact information provided?
• Does bot read robot.txt file?
• Does bot adhere to robot.txt file directives?
• Is bot well behaved on site
• Does bot use a reasonable crawl/index rate and times?
• Is bot part of a university or student research project?
• Does bot add or subtract transparency:opaqueness?
• Does bot enable or disable, directly or indirectly, censorship:surveillance?
• Is bot, nation-state; third party nation-state; private; corporate; ngo; personal?
• Is bot for commercial gain?

Res:

• Web Robots, A Standard for Robot Exclusion
• Bots vs Browsers : Public Bot / User Agent Database & Commentary
• Tristan Louis' User Agent Database
• Apache, URL Rewriting Guide
• Google->Apache
• Regular-Expressions Info

IBM's Roadrunner takes number one slot on the list of Top 500 Supercomputers at 1.026 petaflops (10 with 15 zeros), without feathers.

Web: Description of the Roadrunner. Principal cluster customer is DOE

Firefox 3 has been release much to the relief of those sticking with Firefox 1.5 awaiting 3—it’s been worth the wait, a greatly improved browser¹.

Web: Firefox 3 browser downloads strong in first day Eight million downloads and increasing!

-----notes-----

1. My only feedback so far is that it does not display B2evolution blog administration and post creating pages in a very friendly display—like a table with screwy row and data tags. (see comments for easy method of addressing feedback concern, courtesy Daniel)