(date: 2024-04-12 17:34:03)
date: 2024-04-12, updated: 2024-04-12, from: Daring Fireball
https://www.theverge.com/2024/4/12/24128640/microsoft-windows-11-start-menu-ads-app-recommendations
date: 2024-04-12, updated: 2024-04-05, from: Bruce Schneier blog
It’s a pretty awful story.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
date: 2024-04-12, updated: 2024-04-12, from: Daring Fireball
https://twitter.com/joannastern/status/1778469290988994741
date: 2024-04-12, updated: 2024-04-12, from: Daring Fireball
date: 2024-04-12, updated: 2024-04-12, from: Daring Fireball
https://greensdictofslang.com/
date: 2024-04-12, updated: 2024-04-12, from: Daring Fireball
https://www.theverge.com/2024/4/11/24127497/microsoft-windows-10-upgrade-prompt-windows-11
date: 2024-04-12, updated: 2024-04-11, from: Bruce Schneier blog
Someone got caught trying to smuggle 322 pounds of gold (that’s about 1/4 of a cubic foot) out of Hong Kong. It was disguised as machine parts:
On March 27, customs officials x-rayed two air compressors and discovered that they contained gold that had been “concealed in the integral parts” of the compressors. Those gold parts had also been painted silver to match the other components in an attempt to throw customs off the trail.
https://www.schneier.com/blog/archives/2024/04/smuggling-gold-by-disguising-it-as-machine-parts.html
date: 2024-04-12, from: Robert Reich’s blog
Trump wants you to think that all he did was try to cover up a sexual affair. Wrong.
https://robertreich.substack.com/p/dont-call-it-the-hush-money-case
date: 2024-04-12, updated: 2024-04-12, from: Daring Fireball
https://www.theverge.com/pages/how-we-rate
date: 2024-04-12, updated: 2024-04-12, from: Daring Fireball
https://www.theverge.com/24126502/humane-ai-pin-review
date: 2024-04-11, updated: 2024-04-12, from: Daring Fireball
https://www.womenshealthmag.com/life/a60428945/how-solar-eclipse-will-affect-zodiac/
date: 2024-04-11, updated: 2024-04-11, from: Daring Fireball
https://www.cnn.com/2024/04/09/business/scrabble-together-game-scli-intl-gbr/index.html
date: 2024-04-11, from: Dan Rather’s Steady
A massive policy change is easy when you have no convictions
https://steady.substack.com/p/will-trumps-major-flip-be-a-flop
date: 2024-04-11, from: John Naughton’s online diary
The Public House The OED says that “pub” is an abbreviation of ‘Public House’ or inn. This legendary institution has been around since 1754, so it was likely to have been called a ‘public house’ for quite a while. (The … Continue reading
https://memex.naughtons.org/friday-12-april-2024/39349/
date: 2024-04-11, updated: 2024-04-12, from: Daring Fireball
https://blog.beeper.com/2024/04/09/beeper-is-joining-automattic/
date: 2024-04-11, updated: 2024-04-11, from: Daring Fireball
https://www.latimes.com/obituaries/story/2024-04-11/oj-simpson-dead
date: 2024-04-11, updated: 2024-04-10, from: Bruce Schneier blog
Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. It’s an untenable situation, and one that is being exploited by malicious actors. Yet precious little is being done to remedy it…
https://www.schneier.com/blog/archives/2024/04/backdoor-in-xz-utils-that-almost-happened.html
date: 2024-04-11, from: Enlightenment Economics blog
Money has always seemed mysterious to me, and so I’ve always carefully avoided monetary economics as too difficult (which makes it ironic that when I returned from my US PhD programme to a job in the UK Treasury in 1985 … Continue reading
http://www.enlightenmenteconomics.com/blog/index.php/2024/04/money-money-money-2/
date: 2024-04-11, from: Robert Reich’s blog
Drawings and ideas flow together
https://robertreich.substack.com/p/why-i-draw
date: 2024-04-10, from: Robert Reich’s blog
Friends, We learned today that the Consumer Price Index climbed 3.5 percent in March from a year earlier, up from 3.2 percent in February, and faster than most economists anticipated. This poses a conundrum for central bankers who have made it clear that they want to see further evidence that inflation is cooling before they cut interest rates.
https://robertreich.substack.com/p/why-are-we-still-suffering-inflation
date: 2024-04-10, updated: 2024-04-10, from: Julia Evans blog
https://jvns.ca/blog/2024/04/10/notes-on-git-error-messages/
date: 2024-04-10, updated: 2024-04-11, from: Bruce Schneier blog
Last week I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Here’s the longer version.
EDITED TO ADD (4/11): Two weeks before he passed away, Ross gave an 80-minute interview where he told his life story.
https://www.schneier.com/blog/archives/2024/04/in-memoriam-ross-anderson-1956-2024.html
date: 2024-04-10, from: Robert Reich’s blog
Friends, I’m the father of two young men of whom I couldn’t be prouder. But I don’t take the credit. They also had a terrific mother, loving grandparents, great teachers and mentors, and supportive friends. And they were fortunate to grow up with most of the resources they needed.
https://robertreich.substack.com/p/office-hours-what-responsibility
date: 2024-04-10, from: Daniel Stenberg Blog
Don’t trust. Verify. Here follows a brief description on how you can detect if the curl package would ever make an xz. xz (and its library liblzma) was presumably selected as a target because it is an often used component and by extension via systemd it often used by openssh in several Linux distros. libcurl … Continue reading Verified curl
https://daniel.haxx.se/blog/2024/04/10/verified-curl/
date: 2024-04-10, updated: 2024-04-10, from: Daring Fireball
date: 2024-04-10, updated: 2024-04-10, from: Daring Fireball
https://daringfireball.net/2015/11/the_ipad_pro
date: 2024-04-10, updated: 2024-04-10, from: Daring Fireball
date: 2024-04-10, updated: 2024-04-10, from: Daring Fireball
https://www.wsj.com/tech/google-expands-in-house-chip-efforts-in-costly-ai-battle-3121c852
date: 2024-04-09, from: John Naughton’s online diary
The listening post Dishes in Cambridge’s Lord’s Bridge radio telescope system: listening to the universe. Quote of the Day “He would have been considered a great Emperor, had he never ruled.” Roman historian Tacitus on the Emperor Galba Musical alternative … Continue reading
https://memex.naughtons.org/wednesday-10-april-2024/39342/
date: 2024-04-09, from: Robert Reich’s blog
Friends, Today, Arizona’s highest court, in a 4-to-2 decision, upheld an Arizona law dating from 1864 that bans nearly all abortions. The law, which was on the books long before Arizona achieved statehood, outlaws abortion from the moment of conception,
https://robertreich.substack.com/p/now-trump-cant-sidestep-his-key-role
date: 2024-04-09, updated: 2024-04-10, from: Daring Fireball
Like the stingy U.S. minimum wage — which was last increased, to $7.25/hour, in 2009 — these tiers ought to be adjusted for “inflation” periodically, but aren’t. If Apple really wants iPhone users not to worry about photo storage, they should offer more with iCloud, cost-to-Apple be damned.
date: 2024-04-09, updated: 2024-04-09, from: Daring Fireball
https://www.youtube.com/watch?v=bks2zGnssMY
date: 2024-04-09, from: David Rosenthal’s blog
|
| Source |
Once upon a time, three little businesses wanted a connection to the ARPAnet/internet. The year was 1990 or 1991. John Gilmore, John Romke[y], and Trusted Information Systems (TIS) split the $15K or so it took to get a leased-line and 3COM Brouters to Alternet, with what today you’d call fractional T1. An additional 56K leased line and Brouter brought the ’net up to Gilmore’s house, Toad Hall, in San Francisco.The three little businesses were Cygnus Support (John Gilmore), Epilogue Technology (John Romkey) and Trusted Information Systems (Steve Crocker). AlterNet was run by Rick Adams, whom Wikipedia justly describes as an “Internet pioneer”. He founded UUNET Technologies:
In the mid-1990s, UUNET was the fastest-growing ISP, outpacing MCI and Sprint. At its peak, Internet traffic was briefly doubling every few months, which translates to 10x growth each year.John Gilmore, a truly wonderful person, had many friends. So what happened was:
As time went on, friends of theirs wanted in on this rare and exciting ’net connection, resulting in Tim Pozar putting an old PC running Phil Karn’s KA9Q/NOS program, an amateur radio router capable of TCP/IP, onto Toad Hall’s ethernet. Tim installed a pair of modems, then dialed in once and stayed connected 24 hrs/day (Pacific Bell never said you couldn’t do that…)Once Tim showed that it was possible, this idea took off:
Eventually the NOS box was full, and more friends wanted in, but everyone was too busy to deal with the hassle.In 1989 Gilmore had co-founded Cygnus Support, whose tagline was “Making free software affordable”. TLG got started in August 1990 with the three businesses’ nodes on a 56K leased line. One was at Cygnus first office in an apartment complex on University Avenue in Palo Alto. Gilmore and other Cygnus employees had apartments there, so they used 10BASE2 coaxial cable Ethernet to distribute the Internet around the complex. Gilmore notes that they used “nonstandard thin 50-ohm coax in the expansion joints across the driveways when needed”. Pozar notes that they paved over the coax!
Somehow, in September 1992, Pozar and Gilmore and I worked out a deal where, I would maintain the thing, collect money to build more NOS boxes and contribute to the monthly Alternet bill, install more people, and get (1) a free connection to the internet and (2) a slice off the top after it exceeded N connections.
By that December, there were enough connections in place that I was pocketing $420/month. By March 1993 there were 11 modem-connected members (as we fancied ourselves).
|
| SparcStation SLC |
|
| SparcStation 1+ |
Luckily we were bought by Best Internet Communications, Mountain View; they had money, marketing, and a non-burned-out management; we had a solid locked-in customer base and positive cash flow.Best turned out to be a pretty good ISP too.
Edgar Nielsen almost single-handedly built the technical infrastructure that TLGnet ran on. He designed much of the network and routing structure, all of the security (with some help from Stu Grossman), wrote a complete, queryable, shared and remotely-accessible database (included every single modem, router, wire, cable, customer, IP (domain names and IP address allocations), and logical link) in standard and portable tools, installed equipment, built and maintained our unix boxes, put SNMP on every single node (hundreds) and automated the entire ISP technical infrastructure from one end to the other. I doubt many small to mid-size ISPs today have the things Edgar wrote by 1995.Second, good HR:
Another thing of crucial importance to me, and to Deke, Edgar and a lesser extent Gilmore, was hiring from our local communities; we hired principled people, punk and queer writers and organizers, and trained and paid them – pay in scale with effort. Total staff turn-over in three years was probably 20; peak staff was 12. Some 10 of them started out at $8.00/hr, unskilled, ended up with $30,000 salary a year later [1994-1996], and stayed in the industry (at prevailing pay). (And we provided health insurance too. Deke being damned Wobbly may have had some small effect.)Third, an innovative business model starting with their terms and conditions:
…
we treated our staff well, gave them credit for work done, paid them actual money, gave raises and bonuses (upon sale of the business, even some fired employees got small bonus checks). TLGnet wouldn’t have existed without its talented staff!
TLGnet exercises no control whatsoever over the content of the information passing through TLGnet. You are free to communicate commercial, noncommercial, personal, questionable, obnoxious, annoying, or any other kind of information, misinformation, or disinformation through our service. You are fully responsible for the privacy of, content of, and liability for your own communications.Jennings explains the business model:
The result was:Essentially, other ISPs restricted use and resale of their connections, in a sort of zero-sum approach. By concentrating on bulk connectivity we at once created a market for our customers to provide the vertical services we didn’t want or couldn’t afford to provide, and built a hard-to-beat solid rep that for a long while locked out direct competitors to our core business; having our prices online and breaking down the leased-line costs and equipment gave us a major one-up economically, technically, and in credible reputation over nearly all other ISPs, big or small.
- Concentrate on bulk, fulltime internet access (leased-line and Frame Relay)
- Keep prices low by providing connectivity only
- Unrestricted use of TLG connectivity
- Encourage resale and vertical-market services
- Full, up-front disclosure of all pricing
- No lock-in contracts
- Unbundle installation costs and eliminate padding
- Full technical disclosure of technical information
Some thought us insane; but in fact our customers didn’t “compete” with us, they provided vertical services we couldn’t or wouldn’t (I guess we did have a business plan). And in fact we set further standards of behavior and policies that other ISPs, including MCI and SprintLink, were obliged to match. Though some, like Alternet and PSI, never did; they skimmed the high-end deep-pockets customers, and we got all the new growth.Gilmore writes:
I would add to the “Busines Model” discussion, that communication costs per-bit dropped dramatically with volume. When you upgraded from 56k bit/sec leased lines to T1 (1,500k bit/sec), you got 24x the bandwidth but it only cost about 4x as much. An upgrade to T3 (45 megabit) provided 30x the bandwidth of a T1, and didn’t cost anything near to 30x as much. So, as your traffic volume grew because you were adding more and more customers, the cost of your basic connection to the rest of the Internet got significantly cheaper (per bit). That economy of scale meant that ISPs who grew could keep affording to upgrade their backbones to handle the traffic growth. Every ISP knew, or figured out, this economics, and they all depended on it. Remember, this was back when there were 2000 ISP’s in the US, mostly local ones. (About 30 of them were getting their Internet service from TLG when we sold it to Best.)There is a fascinating October 29 1996 interview entitled Tim Pozar and Brewster Kahle CHM Interview by Marc Weber. The first part of the interview is all about TLG. In it Brewster Kahle sums up the story (I cleaned up his stream of conciousness a bit):
it took six months of a full-time person to get us on the DARPA net in 1985 … but The Little Garden basically made it so that any old person [could connect] and more than that not just themselves but … enabling other people to create their own ISPs and I don’t know there are 400 ISPs now in the Bay Area in large part because of The Little Garden.
https://blog.dshr.org/2024/04/the-little-garden.html
date: 2024-04-09, updated: 2024-04-09, from: Bruce Schneier blog
US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials.
From the executive summary:
The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations. The Board reaches this conclusion based on:…
date: 2024-04-09, from: Robert Reich’s blog
Here it is
https://robertreich.substack.com/p/more-evidence-that-rfk-junior-is
date: 2024-04-09, updated: 2024-04-09, from: Daring Fireball
https://pokpok.sng.link/Dahqz/tfl2/zk3w
date: 2024-04-09, updated: 2024-04-09, from: Daring Fireball
https://blog.google/products/android/android-find-my-device/
date: 2024-04-08, from: Dan Rather’s Steady
This one could sink him
https://steady.substack.com/p/the-case-trump-is-desperate-to-delay
date: 2024-04-08, updated: 2024-04-05, from: Bruce Schneier blog
This is a newly discovered email vulnerability:
The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible. A phishing email you had to trust because you knew the sender and they even confirmed that they had forwarded it to you.
This attack is possible because most email clients allow CSS to be used to style HTML emails. When an email is forwarded, the position of the original email in the DOM usually changes, allowing for CSS rules to be selectively applied only when an email has been forwarded…
https://www.schneier.com/blog/archives/2024/04/security-vulnerability-of-html-emails.html
date: 2024-04-08, from: Robert Reich’s blog
The cons will end, inevitably
https://robertreich.substack.com/p/the-full-eclipse-of-donald-trump
date: 2024-04-07, from: John Naughton’s online diary
Light, shade and all that rot Quote of the Day ”Musk’s management philosophy for Twitter hasn’t so much been a random walk as a grasshopper lepping around on a hotplate.” Henry Farrell (Nice, especially Henry’s use of the derisive Irish … Continue reading
https://memex.naughtons.org/monday-8-april-2024/39332/
date: 2024-04-07, from: Robert Reich’s blog
My estimate: 3 to 4 months from now
https://robertreich.substack.com/p/when-will-americans-start-crediting
date: 2024-04-07, from: Om Malik blog
Algorithms feed content, not creativity. How the campaign for clicks has drowned true artistry amidst the noise!
https://om.co/2024/04/07/tyranny-of-content-algorithms/
date: 2024-04-07, from: Dan Rather’s Steady
A Reason To Smile
https://steady.substack.com/p/good-morning
date: 2024-04-07, from: Robert Reich’s blog
Friends, Please submit your caption in the Comments section. Winners will be announced next Sunday. For consideration, please post your caption by Monday at 9 pm PT, 12 midnight ET. Last week’s winner: “It’s gotta be Biden — he believes in the Hatch act.”
https://robertreich.substack.com/p/sunday-caption-contest-gallery
