Banditry: The idle musings of John B

This Wired piece about some techies who discovered a major flaw in the DNS systems that underpin the Internet, and co-ordinated a mass surreptitious effort to fix it, is worth reading if you like That Sort Of Thing.

However, there’s one aspect of it which strikes me as utterly bizarre:

“The first thing I want to say to you,” Vixie told Kaminsky, trying to contain the flood of feeling, “is never, ever repeat what you just told me over a cell phone.”

Vixie knew how easy it was to eavesdrop on a cell signal, and he had heard enough to know that he was facing a problem of global significance. If the information were intercepted by the wrong people, the wired world could be held ransom. Hackers could wreak havoc. Billions of dollars were at stake, and Vixie wasn’t going to take any risks.

And later:

Andreas Gustafsson knew something was seriously wrong. Vixie had emailed the 43-year-old DNS researcher in Espoo, Finland, asking to talk at 7 pm on a hardwired line. No cell phones.

Gustafsson hurried into the freezing March evening—his only landline was the fax in his office a brisk mile walk away.

But mobile phones are protected by fairly hardcore encryption. While it’s theoretically possible to break GSM encryption, there’s no evidence of anyone actually having done so outside the lab, and the effort required to do so would be immense – while criminal gangs could muster the technology and expertise required, it’s extremely unlikely anyone in advance would realise the commercial importance of a few geeks calling each other up. CDMA encryption is harder still to break. On the other hand, tapping or bugging a landline is a trivial effort.

I know first-generation, analogue, mobile phones were easily intercepted (as Princess Diana discovered), but nobody uses them anymore, even in the US, and the events in the Wired article all took place this year. Now, Paul Vixie is a long way from an idiot when it comes to tech security issues – so is this a sign of encroaching senility on his part, with the other players indulging his whim, or are there some substantive concerns that I’m missing?

(and yes, this post should probably just have taken the format of ‘email to Alex Harrowell’…)

Buy this book. If you understand why you need to buy this book, then buy this book. If you don’t understand why you need to buy this book then – for the love of all that’s worth a damn – buy this book.

Just don’t listen to the author talk, because he’s got an unfortunately whiny voice – one of those chaps who makes those of us who’re ‘prettiest on the radio’ briefly view that as a compliment…

Yes, I know that I’m 29 years old, middle class and white. But fuck it, this is awesome:

(yup, it is indeed from this. How did you guess? And yes, I am indeed quite grumpy that I’ve got to go out every night this week. Can’t people leave me alone for, ooh, a month or so…?)

This is awesome statistical-demographic stuff. Combined with Rick Astley and depraved Japanese pornography, it’s precisely what the Internet was invented for…

[via Matt]

So, it transpires that Apple will launch a 3G iPhone within 60 days. Thanks for announcing that the same day my new TyTn II arives…

The hot drinks vending machine currently has a sign on it saying ‘no tea’. Obviously, that made me think of this.

I didn’t try and get any ‘no tea’, though.

A very long time ago, I had a blog whose software platform I wrote myself. It was pretty ropey by the standards of WordPress and Moveable Type, although it beat Blogger’s offer in those days (for really dull reasons, the only server I had access to ran Windows and Access; no existing blog software supported this setup, so I had to write some).

I learnt a lot about Access, IIS, and databases and scripting in general. And for ages I was relatively immune to spam, because automatic spambots were configured to deliver the right form data to work with Blogger, MT and WP. But after a year or so, blog comment spamming was sufficiently big business (and my old blog sufficiently popular, he said self-aggrandisingly) that – presumably manually – the droves of spam started coming.

Read more…

Article: O2 (UK) has shifted 190,000 iPhones in its first two months of sales, just short of its target of 200,000.

From the comments: “190,000 surprised me at first – given that we and the Europeans understand mobiles far too well to buy an outdated overpriced paperweight like the iPhone, I thought the number sold in the UK should be closer to 19. Then I remembered that there are Americans in Britain too. Some rigorous intertubes research later and I find that there are 220,000 Americans living in Britain. Mystery solved.“

This is a great logical argument:

1) A pretentious man claims that CDs aren’t as good as vinyl, despite the fact that they are;

2) If you compress a song to MP3, it doesn’t sounds all that great compared to an uncompressed song. People increasingly listen to MP3s on their personal music players, instead of, err, tapes;

3) Overproduced records by mediocre bands can sound quite good, but aren’t as distinctive as great records by great bands. There are more of the former than the latter;

THEREFORE: music is dead as an artform.

In a Computing Which? survey, Bebo has been rated the best social networking site, ahead of Facebook because its security settings make it harder for unwanted ‘friends’ to get user information. Yahoo Groups was rated as poorest, due to its lack of social networking features.

Relatedly, in a Sarcasm Which? survey, C-BBC has been rated the best TV channel, ahead of Channel 4 because its content guidelines make it unlikely that users will see adult-oriented content. Radio 4 was rated as poorest, due to its lack of visual content.

Look, computing-Which-people: Bebo is a networking site for kids, so it makes information sharing harder (note: this is a bad thing per se) so that weirdos can’t stalk them, groom them or nick their photos and post them on pervy websites (obviously, this is a good thing that outweighs the bad thing). Facebook is aimed at grown-ups, so it doesn’t. And Yahoo Groups isn’t a networking site at all.

Morons.