Juniper Networks backdoor confirmed, password revealed, NSA suspected

Yet another reason to be deeply concerned for privacy. The NSA or some other agency has embedded a backdoor into the firewalls that ‘protect’ a great many organizations, allowing them (and now the whole world) to decrypt supposedly private communications, virtually undetectably and at will.

This kind of vulnerability might affect any closed-source product, but it is particularly worrying when it exists at such a crucial node in the network infrastructure. AU’s own VPN has been moving across to Juniper’s Junos Pulse over the past month or two, and AU has been increasingly shifting to closed-source, proprietary products from US companies (and, in the case of email and webinars, using services that are actually based in the US). This is a truly terrible idea. Open source products are not invulnerable to such manipulation, but the chances of finding flaws are at least thousands of times greater than in closed-source products like this, and it is possible for individuals to fix them, no matter how old the product. Given other open-source advantages like vendor-independence, control, capacity to be altruistic, and innate flexibility, it is hard to understand why anyone would entrust their network infrastructure to a proprietary, closed-source company.

Address of the bookmark: http://boingboing.net/2015/12/21/juniper-networks-backdoor-conf.html

Your iPhone Is Ruining Your Posture — and Your Mood – The New York Times

Are you sitting up straight as you are reading this? Good for you!

This is a report on something that has been bothering me for some time. After decades of taking inordinate care over the ergonomics of computers and making sure that I did all the right things to avoid the worst effects, tablets and smartphones have snuck in to my life and wrecked all that hard work. The article focuses mainly on the posture we adopt when using smart devices. This little snippet is worth thinking on:

“The average head weighs about 10 to 12 pounds. When we bend our necks forward 60 degrees, as we do to use our phones, the effective stress on our neck increases to 60 pounds — the weight of about five gallons of paint. “

As well as the obvious physical issues, the report describes some of the psychological ones, and they are doozies. The hunched posture makes us more depressed, less assertive, with less self-esteem, and with greater anxiety. It can, apparently, even make us more forgetful. This is happening in small ways but at a huge scale: it must be having a significant effect on societies all the way across the planet. Scary.

I doubt that many of us are willing to give up our devices, so we need to work on ways of reducing the ill effects. Smaller devices cause more hunching than larger ones. However I have found larger ones play more havoc with my hand muscles (even the super-light iPad Air 2), so it’s a case of swings and roundabouts. And it doesn’t help much to use stands, because then all the old problems with fixed-screen computers come back to haunt you, this time on even small and brighter screens. I did find a hand-strap worked fairly well for me for a while, until it broke (not a good thing with an expensive device).

The main thing, I believe, is to vary your posture, grip and reading angle/distance as much as you can, as often as you can. If you have been hunched, it also helps to stretch and contract your shoulder blades, and roll your head a bit from time to time. As a musician, I find playing an instrument is not a bad way of putting your fingers and wrists in different positions for a while, but it can be over-done. I’m also a fan of eye exercises: alternately look at very near and very far things for a while every now and then.

We should be teaching this stuff in schools and in public safety videos and posters. It seems to me that this is a massive and increasingly ubiquitous health problem that is all the worse for usually being quite subtle. We are changing not only our physical form but our collective psyche. Throw the known harmful effects of Facebook and its kin into the mix and it’s a recipe for a slow and sad disaster. And we’ll be too depressed to care that it has happened.

Address of the bookmark: http://www.nytimes.com/2015/12/13/opinion/sunday/your-iphone-is-ruining-your-posture-and-your-mood.html?_r=0

Google Chrome just made big changes to save your battery (but not big enough)

About time. However, though there might have been some improvements, it is still nothing like good enough yet.

I usually work for a few hours with my laptop on battery each day and can normally rely on 6-8 hours of battery life, even with lots of networked apps open, much more if I’m careful. Some days I can go off grid for 10 hours before warnings start to appear.

Yesterday I made the mistake of leaving Chrome running because I had been in a Hangout and forgot to close the app down. The browser-proper was shut, but the Hangouts app kept it running in the background. Apart from that, all I was doing was writing – I was not even browsing the web or checking my email. I got about 2.5 hours before the laptop hit 5%.

Chrome is one of the very few apps that predictably makes my machine fan whir, whether or not I have lots of tabs open. It is the only app I know of that grows if left unattended too – I have several times had to delete it from my system when the app has grown to 2GB or more (it’s because, on a Mac, it retains all of its previous versions in the app itself). Do they not employ smart software engineers at Google? I thought that was kind of the point of their hiring policy.

Hangouts would be an incredibly useful app if it weren’t for its dependence on Chrome. From a technical, usability, functional and connectivity perspective it is far better than Skype, FaceTime, WhatsApp or Viber in almost every way. Seems that there’s a lot of foot-shooting going on here.

Though it did have a bad few years of slowness and bloat, Firefox has been far superior to Chrome for a year or two now and, of course, it is genuinely open, and largely free from commercial interests (I forgive it the integration of Pocket because I really like the service). It runs fast and lean, is highly usable, highly customizable, and solid as a rock.

I also really like Firefox Hello, the Mozilla answer to Skype et al, especially because it does not routinely route my conversations via the DSA, shower me with ads, or invade my privacy. Sadly, from a technical perspective, Hello still feels a little primitive and can be a bit glitchy.  It has a long way to go before it comes close to competing with Skype, WhatsApp, FaceTime or Hangouts and its great strength of not being built explicitly to farm its users also means that it can be harder to set up a meeting: unless you have a Firefox account, you can’t just ad hoc call or message someone. It would be great if more than two people could be in a meeting too.

 

 

Address of the bookmark: http://www.theverge.com/2015/9/3/9257871/chrome-memory-use-flash-pause-restore-tabs

10 free tools for creating infographics

From Creative Bloq, a list of free tools, mostly web-based, for creating infographics. A good range here, from data visualization to diagramming tools and templates.

I’m not a massive fan of the trend towards the indiscriminate use of infographics – it’s much too easy to disguise shallow thinking and inadequate research, and way too easy to fail to pass along things that matter and emphasize things that don’t, making them dangerous for much the same reasons as PowerPoint is dangerous – but, when they are done well, and when they are combined with links to richer sources of information, they can be powerful learning tools.

Address of the bookmark: http://www.creativebloq.com/infographic/tools-2131971

What would you miss? Trends in media use in the UK

Really fascinating examination of OFTEL figures on recent changes in use of tools and media in the UK, with some intriguing demographic variations showing enormous differences between young and old, and between richer and poorer (barely discernible gender differences). There are extremely clear trends, though, that cut across demographics. Basically, cellphones/tablets (the two categories are blurring) and TCP/IP-based alternatives to familiar media with analogue antecedents (mainly phone, SMS, TV) are rapidly taking over in almost every segment, especially among the poorer and younger demographics, and the change is occurring incredibly fast. Even native digital technologies like laptops are on the verge of disappearing into a minor niche any moment now. And the title of the article picks out one interesting trend: younger people, in particular, would not miss their TVs much. Most would not even notice they had gone.

Address of the bookmark: http://ben-evans.com/benedictevans/2015/8/10/what-would-you-miss

ToyRep 3D Printer – Costs Under $85 to Build Using Super Cheap 28BYJ-48 Motors

This is interesting – a fully functional 3D printer for (potentially) under $85. Of course, there are caveats. Though the printer itself seems very capable, even compared with those that cost at least ten or fifteen times as much, a fair amount of skill is needed to build it. Also, it does rely on a fair number of 3D printed parts, so you need to have access to a 3D printer to make one. That said, even if you had to rely on a company to produce those 3D parts for you, and even if you invested in a better printing head than the cheap one described here, it would still be possible to build one of these for a very few hundred dollars. This might not be the perfect solution for schools etc, where reliability and safety are paramount, but it looks like a great alternative for hobbyists wanting to explore Santa Claus machines.

Any moment now, 3D printing looks set to hit the mainstream. I’m still not quite sure what such machines can really do, given their current reliance on PLA or ABS filaments, their slow print speeds, and unreliable operation. I have spent a while browsing Thingiverse looking for projects and have been amused by printable guitars and violins (some glueing and extra components required).  I’ve had a few thoughts about designing bits and pieces like cord organizers, replacement parts for broken devices and instruments, home gadgets, etc, but I have yet to come up with any really compelling use cases that are not more trouble, nor significantly cheaper, than simply buying the things ready made. Most of the objects available on Thingiverse look a lot like uses of Sugru – great fun, ingenious, but embarrassingly amateurish, garish and crude.  And 3D printers are not compact things – you need to put them and their raw materials somewhere. For low-utilization scenarios it’s still more sensible, and not much more expensive, to simply send a design to a 3D printing service.

I feel almost certain that there are educational uses for such things. This is most obviously valuable for kids and those in physical design disciplines (architecture, engineering, interior design, sculpture, etc), and I can think of a few ways of using artefacts to help make concepts more concrete in a physical classroom (physical routers, logic gates, etc, for instance), but I have yet to work out a way to incorporate them into the things I teach online, all of which are conceptual and/or virtual.  I’m hoping that, when I get one, the possible will become more adjacent.

Address of the bookmark: http://3dprint.com/89620/toyrep-3d-printer

Welcome to The Internet of Compromised Things

Jeff Atwood clearly and coherently explains why connecting to the Internet is scary. It’s especially scary when all of our devices – cars, lights, heating, gas pumps, locks, surveillance cameras, TVs, etc – are connected. Most of us have learned to be at least a bit careful with our computers but we tend to be more careless and trusting of those simple plugin devices. Unfortunately, among the weakest links are our routers and, once owned, it is really hard to escape the malware that controls them. Worse, like many of our devices, their updates and configuration tend to be ignored or forgotten. As more and more devices embed powerful and dangerous net-connected computers, this problem is going to get a lot worse over the coming years. Some good advice in this article on protecting yourself as best you can.

Address of the bookmark: http://blog.codinghorror.com/welcome-to-the-internet-of-compromised-things/

We're heading Straight for AOL 2.0 · Jacques Mattheij

Interesting commentary on the hijacking and usurpation of open protocols by web companies intent on making a profit by closing their ecosystems via non-standard apps layered over HTTP. As Mattheij notes, this is very similar to the way AOL, CompuServe and other commercial providers used to lock in their users. Now, instead of running proprietary systems over layer 2-4 protocols (as AOL et al used to do), vendors are running them over layer 5 (or, for OSI purists, layer 7) protocols, with proprietary APIs designed to hook others into their closed systems (think Facebook or Google logins). The end result is the same, and it’s a very bad result.

Mattheij writes

Please open up your protocols, commit to keeping them open and publish a specification. And please never do what twitter did (start open, then close as soon as you gain traction).

I completely concur.

Address of the bookmark: http://jacquesmattheij.com/aol-20

Protocols Instead Of Platforms: Rethinking Reddit, Twitter, Moderation And Free Speech | Techdirt

Reddit logoInteresting article on the rights of companies to moderate posts, following the recent Reddit furore that, in microcosm, raises a bunch of questions about the future of the social net itself. The distinction between freedom of speech and the rights of hosts to do whatever they goddam please – legal constraints permitting – is a fair and obvious one to make.

The author’s suggestion is to decentralize social media systems (specifically Twitter and Reddit though, by extension, others are implicated) by providing standards/protocols that could be implemented by multiple platforms, allowing the development of an ecosystem where different sites operate different moderation policies but, from an end-user perspective, being no more difficult to use than email.

The general idea behind this is older than the Internet. Of course, there already exist many systems that post via proprietary APIs to multiple places, from WordPress plugins to Known, not to mention those ubiquitous ‘share’ buttons found everywhere, such as at the bottom of this page. But, more saliently, email (SMTP), Internet Relay Chat (IRC), Jabber (XMPP), Usenet news (NNTP) are prototypical and hugely successful examples of exactly this kind of thing. In fact, NNTP is so close to Reddit’s pattern in form and intent that I don’t see why it could not be re-used, perhaps augmented to allow smarter ratings (not difficult within the existing standard). Famously, Twitter’s choice of character limit is entirely down to fitting a whole Tweet, including metadata, into a single SMS message, so that is already essentially done. However standards are not often in the interests of companies seeking lock-in and a competitive edge. Most notably, though they very much want to encourage posting in as many ways as possible, they very much want control of the viewing environment, as the gradual removal of RSS from prominent commercial sites like Twitter and Facebook shows in spades. I think that’s where a standard like this would run into difficulties getting off the ground. That and Metcalfe’s Law: people go where people go, and network value grows proportionally to the square of the number of users of a system (or far more than that, if Reed’s Law holds). Only a truly distributed system ubiquitously used system could avoid that problem. Such a thing has been suggested for Reddit and may yet arrive.

As long as we are in thrall to a few large centralized commercial companies and their platforms – the Stacks, as Bruce Sterling calls them – it ain’t going to work. Though an incomplete, buggy and over-complex implementation played a role, proprietary interest is essentially what has virtually killed OpenSocial, despite being a brilliant idea that was much along these lines but more open, and despite having virtually every large Internet company on board, bar one. Sadly, that one was the single most avaricious, amoral, parasitic company on the Web. Almost single-handedly, Facebook managed to virtually destroy the best thing that might have happened to the social web, that could have made it a genuine web rather than a bunch of centralized islands. It’s still out there, under the auspices of the W3C, but it doesn’t seem to be showing much sign of growth or deployment.

Facebook front pageFacebook has even bigger and worser ambitions. It is now, cynically and under the false pretense of opening access to third world countries, after the Internet itself. I hope the company soon crashes and burns as fast as it rose to prominence – this is theoretically possible, because the same cascades that created it can almost as rapidly destroy it, as the once-huge MySpace and Digg discovered to their cost. Sadly, it is run by very smart people that totally get networks and how to exploit them, and that has no ethical qualms to limit its growth (though it does have some ethical principles about some things, such as open source development – its business model is evil, but not all of its practices). It has so far staunchly resisted attack, notwithstanding its drop in popularity in established markets and a long history of truly stunning breaches of trust.

Do boycott Facebook if you can. If you need a reason, other than that you are contributing to the destruction of the open web by using it, remember that it tracks you hundreds of times in a single browsing session and, flaunting all semblance of ethical behaviour, it attempts to track you even if you opt out from allowing that. You are its product. Sadly, with its acquisition of companies like Instagram and Whatsapp, even if we can kill the primary platform, the infection is deep. But, as Reed’s Law shows, though each new user increases its value, every user that leaves Facebook or even that simply ignores it reduces its value by an identically exponential amount. Your vote counts!

Address of the bookmark: https://www.techdirt.com/articles/20150717/11191531671/protocols-instead-platforms-rethinking-reddit-twitter-moderation-free-speech.shtml

Everything Science Knows About Reading On Screens

Well, maybe not everything!

This article contains some interesting and useful information about the current state of the research comparing e-reading vs p-reading. In brief, there are no simple, unequivocal findings. The biggest issues with e-texts apparently relate to the propensity of screen-users to skim and/or be distracted, though there are also issues with knowing where you are in an e-text, which makes it both harder to get the bigger picture of how it all hangs together and more difficult to remember some aspects of what your are reading. On the other hand, there’s good evidence that screens are better for people with some disabilities like age-related sight impairment and dyslexia and the advantages of things like easy search, instant word lookup, shared annotations, variable fonts and, of course, cost and information density, are pretty compelling. In the past I’ve shared some thoughts on some potential solutions to the known problems with e-readers as well as on the relative merits and demerits of each technology. Like all technologies, it ain’t what you do, it’s the way that you do it. Research like this is useful because it helps to identify design problems that we need to solve, not because it provides definitive answers. I don’t think we are going to see much improvement in paper books in the near future, but there’s plenty to work on in e-reading!

Address of the bookmark: http://www.fastcodesign.com/3048297/evidence/everything-science-knows-about-reading-on-screens