The Latest from Boing Boing

---

• Secret Brooklyn subway station revealed
• SF in SF: Steven Boyett and Dale Pendell this Saturday
• ACTA will force your ISP to censor your work if someone lodges an unsupported trademark claim
• God Watches Mad Men
• Minnesota woman must pay Capitol Records $1.5 million for downloading and sharing 24 songs
• "The Birth of Venus" by Sandro Botticelli, performed by The Smurfs (Boing Boing Flickr Pool)
• Amazon selling HOWTO ebook for "Pedosexuals," TV pundits froth at mouth
• hot dog and cook anything car 1979 - $2300
• The Best Tool Warranties
• Moment of Craiglist zen: Used XBOX 360
• Albert Gonzales' "Great Cyberheist"
• Simple microcontroller loads programs by holding it up to your computer display
• MAKE Ultimate Workshop & Tool Guide 2011
• Free Kinect drivers released; Adafruit pays $3k bounty to hacker, $2k more to EFF
• Tonoharu Part Two: Excellent graphic novel about an English teacher in Japan
• Little Brother, the play, back on in Phoenix, AZ
• We are living in the future, people
• Investing in Detroit by the square inch
• Random baffling math paper title generator
• Anonymous stories, written on found photographs
• White paper on 3D printing and the law: the coming copyfight
• US air war on Afghanistan peaks with 1,000 strikes in October
• Bottle Scraper
• Sam the Cat, at his computer monitor (photo from Boing Boing Flickr Pool)
• Sparkles: The Soldering My Little Pony Unicorn
• Girls are just as good at math as boys
• Of big cats and bezoars
• Creative Commons fundraiser with matching grant from Hindawi
• Password Doesn't Shear Firesheep
• Tom the Dancing Bug: Percival Dunwoody, Idiot Time-Traveler From 1909

Secret Brooklyn subway station revealed Posted: 10 Nov 2010 11:12 PM PST Kalaisha sez, "A once abandoned (or, rather, off limits) subway station from 1908 in Brooklyn is now accessible to the public. And it is beautiful. Beautifully preserved too!" The city closed the station in 1945, mostly because at its height only 600 people a day used it, and because the loop created an unsafe gap at the platform. In 1995 the city vowed to restore the site and turn it into a part of the transit museum, but those plans were scrapped years later. The station is still not open to the public, but there's a trick you can use to see it for yourself. Until recently the MTA would force passengers to get off before the train made the loop, but now passengers are allowed to stay on. So the next time you reach the end of the line, keep going. And check out these amazing photos courtesy of John-Paul Palescandolo. The Abandoned City Hall Subway Stop Now Visible To Tourists (PHOTOS) (Thanks, kalaisha!) (Image: John-Paul Palescandolo and Eric Kazmire) Cincinnati's Secret Subway Niagara Falls's secret tunnel

SF in SF: Steven Boyett and Dale Pendell this Saturday Posted: 10 Nov 2010 11:04 PM PST This Saturday's SF in SF event features Steven Boyett and Dale Pendell. Boyett is the author of Ariel and Elegy Beach -- two of my all time favorites. It's free, starts at 6PM, and it's at the Variety Preview Room Theatre, The Hobart Bldg., 1st Floor (entrance between Quizno's & Citibank), 582 Market St., at 2nd @ Montgomery, San Francisco.

ACTA will force your ISP to censor your work if someone lodges an unsupported trademark claim Posted: 10 Nov 2010 11:01 PM PST New revelations on ACTA, the Anti-Counterfeiting Trade Agreement (ACTA), a secretive global copyright being privately negotiated by rich countries away from the UN: ACTA will require ISPs to police trademarks the way they currently police copyright. That means that if someone accuses you of violating a trademark with a web-page, blog-post, video, tweet, etc, your ISP will be required to nuke your material without any further proof, or be found to be responsible for any trademark violations along with you. And of course, trademark violations are much harder to verify than copyright violations, since they often hinge on complex, fact-intensive components like tarnishment, dilution and genericization. Meaning that ISPs are that much more likely to simply take all complaints at face-value, leading to even more easy censorship of the Internet with nothing more than a trumped-up trademark claim. At first glance, the leak suggests intermediaries such as ISPs and search engine portals may now be liable for trademark infringements by their account holders - unless there are clear exceptions such as the Safe Harbour provisions available under the Copyright Act regulations. Professor Anna George, adjunct professor at Murdoch University and former DFAT negotiator on WTO TRIPS and the digital economy chapters of the US-Australia Free Trade Agreement, believed such a change would potentially be bad news for Australia's trade relations. ACTA: ISPs could be liable for trademark infringements (Thanks, NeilM!) How ACTA will change the world's internet laws USA caves on secret Internet treaty Secret copyright treaty: USA caves on border laptop/phone/MP3 ... Latest leaked draft of secret copyright treaty: US trying to cram ... Secret copyright treaty will sideline the UN and replace it with ... Biggest-ever ACTA leak: secret copyright treaty dirty laundry ...

God Watches Mad Men Posted: 10 Nov 2010 09:40 PM PST One might be tempted to ask: Can God make a signboard so big that even He can't illuminate it? Spotted in the Fremont neighborhood of Seattle, otherwise known as the Center of the Universe. I am the photographer, and I approve this use of my image.

Minnesota woman must pay Capitol Records $1.5 million for downloading and sharing 24 songs Posted: 10 Nov 2010 07:56 PM PST A jury in Minneapolis decided that Jammie Thomas-Rasset, who has been battling the RIAA for four years, must pay Capitol Records $1.5 million: that's $62,500 for each of 24 songs she downloaded and shared in 2006. Hollywood Reporter, CNET. (via Submitterator, thanks cstatman)

"The Birth of Venus" by Sandro Botticelli, performed by The Smurfs (Boing Boing Flickr Pool) Posted: 10 Nov 2010 06:38 PM PST The Birth of Smurfette, based on Botticelli's The Birth of Venus. Contributed to the Boing Boing Flickr pool by BB reader xomiele (blog) of Phoenix, Arizona.

Amazon selling HOWTO ebook for "Pedosexuals," TV pundits froth at mouth Posted: 10 Nov 2010 08:28 PM PST I expect more than one cable news channel to devote mega time over the next 24 hours to "The Pedophile's Guide to Love and Pleasure," a Kindle download which purports to be a HOWTO guidebook for "pedosexuals." Oh, there you go, just as I'm composing this, Anderson Cooper tweets that Dr. Phil will be on tonight for that very purpose. From the product description, such as it is: This is my attempt to make pedophile situations safer for those juveniles that find themselves involved in them, by establishing certian rules for these adults to follow. I hope to achieve this by appealing to the better nature of pedosexuals, with hope that their doing so will result in less hatred and perhaps liter sentences should they ever be caught. Liter sentences! Presumably, Apple's digital bookstore would never allow this to happen, or so the sales pitch goes. Is that a good thing or a bad thing? (When) will Amazon remove the book from sale, and/or should they? Amazon said in a statement that it "believes it is censorship not to sell certain books simply because we or others believe their message is objectionable." Discuss. Update: Welp, now folks are loading /b/-type images to the product page. One screengrab below...

hot dog and cook anything car 1979 - $2300 Posted: 10 Nov 2010 05:02 PM PST Imagine yourself in the driver's seat of this post-apocalyptic, semi-armored, customized hot dog vending vehicle. im selling a hot dog car well u can do watever u want on it it has a grill so u can cook wat u want not only hot dog and well is good for business it has the grill to cook nd storage it is place on a cushman car to transport it anywere u like really good car good on busines but need to sell cuz need money asap hot dog and cook anything car 1979 - $2300 (Thanks, Katie!)

The Best Tool Warranties Posted: 10 Nov 2010 05:23 PM PST Here at Cool Tools we love things that really work. But what happens when a great tool ceases to function? Do you just throw it away and buy a new one? Given how expensive this can be it is often a better investment to find a company that stands behind their product for life. For example, I recently had a great experience with Patagonia. I bought an expensive ice climbing jacket from them several years ago. It was my favorite jacket: light, windproof, water resistant, and warm. But in the past year I found it no longer blocked the wind effectively, and didn't fare well in the elements. So I wrote to Patagonia, and asked what they could do about it. They asked me to send in my jacket for inspection along with a list of what I felt were suitable replacements. Within two weeks they had sent me a brand new jacket that is as nice if not nicer than the one I originally owned. This kind of commitment is admirable in any company and I believe deserves to be rewarded. So we at Cool Tools are asking our readers to submit companies with stellar customer service, lifetime warranties, and a commitment to their products. Have you ever been impressed by a company's customer service or warranty? If so, we want to hear about it. Help us compile a list of great companies so that we can make informed decisions and support those that stand behind their products. Leave your recommendations and stories in the comments, submit them through this link, or send us an email at editor@cool-tools.org. Here are a few to get the list started: Patagonia- Yvon Chouinard's company honors an Iron-Clad Guarantee. Simply call customer service or drop into a store in order to get your product repaired or replaced. REI- The legendary no questions asked return policy remains one of the biggest reasons why I shop at REI. It gives me the confidence to try out new tools, and is well worth the slight premium you pay over other online retailers. Costco- Costco has a fantastic lifetime return policy that has unfortunately been abused by many. The updated policy sets a 90-day limit for returns on high-end electronics, but almost everything else you can purchase in store is covered. LL Bean- My parents recently returned a set of 10-year old luggage to LL Bean because of malfunctioning zippers. Customer service credited them the full purchase price within minutes. Needless to say, my parents are life-time LL Bean customers. Check out what others are saying at Cool Tools.

Moment of Craiglist zen: Used XBOX 360 Posted: 10 Nov 2010 04:28 PM PST Craigslist ad: XBOX 360 WITH WIFI WITH 2 ANTENA 60GB 2 GAMES. One of these photos is not like the other. (thanks, Mikael Jorgensen!)

Albert Gonzales' "Great Cyberheist" Posted: 10 Nov 2010 03:47 PM PST The New York Times' James Verini wrote up the misadventures of hacker Albert Gonzales, who was apparently giving up his black hat past to help the Secret Service snare other criminals. He wasn't. Over the course of several years, during much of which he worked for the government, Gonzalez and his crew of hackers and other affiliates gained access to roughly 180 million payment-card accounts from the customer databases of some of the most well known corporations in America His 20-year sentence is the longest handed to an American for computer crimes, according to the piece. [NYT Mag]

Simple microcontroller loads programs by holding it up to your computer display Posted: 10 Nov 2010 03:21 PM PST Aniomagic's Schemer is a small microcontroller that doesn't need a cable to program it. Instead, you write the simple code on a website, then hold the Schemer up to your computer's display. The code is converted to flashing lights on the display, which is read by the Schemer. Schemer is a tiny programmable button that helps you easily make interactive art and craft. You can quickly make: • a bracelet that changes color in response to your heartbeat • a heat-seaking boat • a painting that sings only when somebody is standing in front of it • a pet collar that blinks in the dark • a dress that twinkles when you get a phone call • a light-following robot Instead of using wires or bluetooth, you program it by holding it in front of a computer screen. You only need your web browser. No wires, and no extra hardware or software to install. Schemer cost $16, or you can get a complete bracelet kit for $50. (Via Make: Online)

MAKE Ultimate Workshop & Tool Guide 2011 Posted: 10 Nov 2010 03:08 PM PST The MAKE Ultimate Workshop & Tool Guide 2011 has hit the stands. We are really proud of this special one-shot magazine. If you have a toolshop or would like to make one (even if you only have a kitchen table's worth of real estate) I think you'll find this guide very useful. It reveals the top tools and tricks for today's DIY "maker" workshop -- not just woodworking but metalworking, electronics, robotics, computerized milling, 3D printing, and more. Whether you need a gift for the do-it-yourselfer who loves technology, or you want to rev up your own workshop in 2011, this guide shows you how. Get your copy of MAKE Ultimate Workshop & Tool Guide 2011 in the Maker Shed.

Free Kinect drivers released; Adafruit pays $3k bounty to hacker, $2k more to EFF Posted: 10 Nov 2010 02:15 PM PST The swell hackers at Adafruit Industries have declared a winner in their cash-prize contest to reverse-engineer the Microsoft Kinekt controller and release a free/open library that would let hardware hackers incorporate it into their own projects. The winner is a fine gent named Hector, who says, "Here's my take on the Kinect driver. Supports depth and RGB images and displays them on an OpenGL window. It's very hacky right now but it does prove the concept :)" To commemorate Hector's achievement, Adafruit is giving him $3,000 (he's vowed to spend it on more hacking tools), and will donate a further $2,000 to the Electronic Frontier Foundation. WE HAVE A WINNER - Open Kinect driver(s) released - Winner will use $3k for more hacking - PLUS an additional $2k goes to the EFF! $2K bounty for free/open Kinect drivers (Microsoft thinks this is ... Microsoft Launches Kinect for Xbox 360 Xbox Kinect through night vision goggles - youtube Kinect Disconnect: How to take apart the Xbox Kinnect

Tonoharu Part Two: Excellent graphic novel about an English teacher in Japan Posted: 10 Nov 2010 02:11 PM PST See my review of Tonoharu Part One Tonoharu is Lars Martinson's 3-volume graphic novel about a young American who gets a job as an English teaching assistant in a small Japanese town. It's a story of isolation, frustration, and mystery, with just the right amount of black humor to keep it from being depressing. Dan Wells, the main character, is a recent college graduate who gets a job at a junior high school in the town of Tonoharu. The teachers and staff at the school are mostly standoffish, and because his contract requires him to stay on campus all day even when he has nothing to do, the resulting boredom combined with the language and cultural barrier are at times almost unbearable. The few foreigners that Dan gets to know are too weird to connect with in a meaningful way. And an American girl he meets and becomes smitten with seems to want to have as little to do with him as possible. As time goes on, Dan establishes something of a social network (including an affair with a female teacher at his school who visits his apartment to have sex with him), and he is introduced to a baffling family of seemingly wealthy Europeans living in an old Buddhist temple. I'm happy to be able to show you the following exclusive excerpt from Tonoharu Part Two, which is now available. The preview is made up of two sections of the book: pages 31-35 and pages 49-56. Some pages in the middle have been omitted because they didn't relate to the year-end party scene. Lars Martison: Page 50, Panel 1 shows a Japanese teacher wearing a santa suit and a black man mask. This was based on something I witnessed at a year-end party, where a Japanese teacher wore a mask in the likeness of Bob Sapp, a popular K-1 fighter in Japan. Party stores in Japan sell masks in the likeness of popular celebrities, both Japanese and foreign; I'm sure there was no racist intent. Lars: Page 52 -- I wanted to use real Japanese pop song lyrics, but after doing a bit of research, I decided it wasn't worth the risk of getting sued, or the hassle of trying to secure the rights (especially since most readers wouldn't know the difference anyway). Maybe I'm paranoid, but a lawsuit is the last thing I need. So I created original "parody" lyrics based on the songs I wanted to use. Page 52, Panel 2 was based on "UFO" by Pink Lady, and panel 3 is based on "Chase the Chance" by Namie Amuro. Both seemed like songs female Japanese teachers in their 30s might sing. For panel 4, I really wanted to use the theme from "Ghostbusters". I don't know why, it just somehow seemed like the perfect song for a reluctant Dan to solemnly sing. But again, I was afraid of getting sued, and a parody version in this case would have just been distracting. So I very reluctantly settled with the public domain song "She'll Be Comin' 'Round the Mountain." Lars: Page 53 -- I really wanted the sad song the teacher sings to be real (even though, again, most people wouldn't know the difference). It was really hard finding an appropriate song with lyrics that are in the public domain, but after much searching I finally did. [Ed. Note: YouTube took down the video that Lars linked to.] Buy Tonoharu on Amazon: Part One | Part Two

Little Brother, the play, back on in Phoenix, AZ Posted: 10 Nov 2010 02:11 PM PST A high-school in Phoenix, Arizona is mounting a production of the theatrical adaptation of my novel Little Brother (this is the same script that was mounted for the 2008 performances in Chicago, written by Bill Massolia). They're doing a three-night run, starting tomorrow -- tickets are still available.

We are living in the future, people Posted: 10 Nov 2010 03:58 PM PST Construction Begins on America's First Commercial Spaceship Factory — This is possibly the most amazing headline I have ever read. I don't even care about the nuance. I just want to throw up some devil hands and party with the Jetsons. Heck, Xeni wrote more in-depth about this yesterday. Still don't care. That headline just makes me so happy.

Investing in Detroit by the square inch Posted: 10 Nov 2010 12:34 PM PST Over a year ago, my friend Jerry Paffendorf showed up at a party with a picture of a ruler on his shirt and the words, "Iʼve got twelve inches in Detroit." He explained his new project, Loveland, describing it as a series of micro-hoods made of inches that he would sell for $1 each. Some of the people stood around looking puzzled or skeptical about the prospect of a bicoastal urban techno-hipster moving into Detroit to sell tiny parcels -- and for what? Iʼve worked extensively in blighted cities before, though, and the idea that we should avoid them because theyʼre suffering is, at best, no different than ignoring a sick friend. At worst itʼs contributing to the decay and neglect eroding many American cities. I became the first "inchvestor" in Loveland on the spot. Plymouth, the first Loveland micro-hood, shown above on the ground in Detroit. Inches are a powerful metaphor for units of measurement in a shrinking city. The project is a collaborative hybrid-reality experiment, with the idea being that the crisis faced by Detroit is so massive that an inch is a simple platform on which to build, the same way a seed can become a tree. I own 1000 inches in the first micro-hood, Plymouth. 588 people from around the world share space there. The inches, however, started growing more quickly than anyone had anticipated. By the time I made my first trip to Detroit after becoming an inchvestor, two new properties had already become a part of the project. The first time I saw the Corktown houses, one destroyed by arson and the other shuttered with squatters living inside, I knew that it would only be a matter of time before the collective vision for the spaces became real. The house on the left has since begun its transformation with massive volunteer effort and brainpower into an art space and the one on the right is becoming a media literacy center. The campus is now known as the Imagination Station. Two artists have already installed works in the space. Marianne Burrows painted "Reclamation" on the charred walls and Catie Newell recently installed "Salvaged Landscape," a gorgeous piece that creates a new perspective from destruction. The point of Loveland is to start somewhere, together, to connect with people, amplify the awesome and see where it goes. And so far, as the mayor of Loveland, I find the inchventure tremendous, for all its ostensible tiny-ness. Stay tuned for more as it develops.

Random baffling math paper title generator Posted: 10 Nov 2010 12:44 PM PST As requested by BB reader Arborman on the comment thread for "Math papers with complicated, humbling titles," here is a random baffling math paper title generator. Refresh the page for a new periodical.

Anonymous stories, written on found photographs Posted: 10 Nov 2010 12:15 PM PST I'm absolutely fascinated by Ransom Riggs' ongoing series at mental_floss called Talking Pictures—themed collections of found photographs that happen to have writing on them. They're sort of the multimedia equivalent of those 25-word or 100-word ultra-short fiction stories. Usually, there's just enough written here to make each image more powerful, and leave you wanting to know more. The current Talking Pictures theme: Hard Times. And nothing says "hard times" quite like a plague of locusts. Except, maybe, a couple of horses struck by lightning. Or a woman facing down the camera on the day she was laid off from work. Or a little girl with a split lip, trying to smile in front of a Christmas tree. All of which you can see in the Talking Pictures gallery. This is why you should always caption your Flickr posts, people. Think of tomorrow's bloggers.

White paper on 3D printing and the law: the coming copyfight Posted: 10 Nov 2010 11:37 AM PST Public Knowledge's Michael Weinberg has a new white paper: "It Will Be Awesome if They Don't Screw it Up: 3D Printing, Intellectual Property, and the Fight Over the Next Great Disruptive Technology" -- the title says it all, really. Traditional patent infringement is not necessarily well suited to a world in which individuals are replicating patented items in their own homes for their own use. Unlike with copyright infringement, the mere possession or downloading of a file is not enough to create infringement liability.[36] In order to identify an infringer, the patent owner would need to find a way to determine that the device was actually replicated in the physical world by the potential defendant. This would likely be significantly more time and resource intensive than the monitoring of file trading sites used in copyright infringement cases. In light of this, following in the wake of large copyright holders, patent owners may turn to the doctrine of contributory infringement to defend their rights.[37] This would allow patent owners to go after those who enable individuals to replicate patented items in their homes. For example, they could sue manufacturers of 3D printers on the grounds that 3D printers are required to make copies. They may sue sites that host design files as havens of piracy. Instead of having to sue hundreds, or even thousands, of individuals with limited resources, patent holders could sue a handful of companies with the resources to pay judgments against them. In addition to attacking the companies that make 3D printing possible, patent owners may try to stigmatize CAD filetypes in much the same way that copyright holders stigmatize the bittorrent file transfer protocol (or even MP3 files). Successfully equating CAD files with infringement could slow the mainstream adoption of 3D printing and imply that anyone uploading CAD files to a community site is somehow infringing on rights. It Will Be Awesome if They Don't Screw it Up: 3D Printing, Intellectual Property, and the Fight Over the Next Great Disruptive Technology Shapeways 3D printing by Internet: 500 free beta signups 3D printing with ice NYT on 3D printing Hard-to-burn, lightweight 3D printing goop can be used to print ... 3D printing comes to ceramics Shapeways interviews Makerbot: 3D printing ahoy! 3D printing in bulk with the Makerbot Automated Build Platform ... 3D printing with glow-in-the-dark plastic

US air war on Afghanistan peaks with 1,000 strikes in October Posted: 10 Nov 2010 11:37 AM PST Noah Shachtman of the Wired blog Danger Room tells Boing Boing, The U.S. and its allies have unleashed a massive air campaign in Afghanistan, launching missiles and bombs from the sky at a rate rarely seen since the war's earliest days. In October alone, NATO planes fired their weapons on 1,000 separate missions, U.S. Air Force statistics provided to Danger Room show. Since Gen. David Petraeus took command of the war effort in late June, coalition aircraft have flown 2,600 attack sorties. That's 50% more than they did during the same period in 2009. Not surprisingly, civilian casualties are on the rise, as well. Read Noah's full report here. (Photo: USAF)

Bottle Scraper Posted: 10 Nov 2010 11:29 AM PST I first used this bottle scraper twenty years ago when boarding with a family in the Netherlands. At the time, Dutch pudding came in glass jars similar to traditional milk bottles and this spatula was the only way to get out the last drop. Since then, I have thought wistfully about the bottle scraper every time I have tried to get gooey foods (think sauces or peanut butter) out of a bottle or jar. Unlike most spatulas, the long handle reaches the bottom of long bottles. The small silicone head bends to enter small openings, then pops open inside. The curved head makes a snug fit against a bottle's interior walls, making it easy to pull the contents out. On a recent trip to The Netherlands, I made sure to purchase one for my home kitchen. Online, it can be purchased at Fante's Kitchen Wares Shop. -- Debora Dekok Silicone Bottle Scraper $5 Comment on this at Cool Tools. Or, submit a tool!

Sam the Cat, at his computer monitor (photo from Boing Boing Flickr Pool) Posted: 10 Nov 2010 11:29 AM PST "Sam," a photograph contributed to the ever-expanding Boing Boing Flickr Pool by BB reader Brett O'Connor (blog) of Denver, Colorado.

Sparkles: The Soldering My Little Pony Unicorn Posted: 10 Nov 2010 11:19 AM PST Earlier this year I had a dream. Last night at the Crash Space (Los Angeles hackerspace) weekly meeting, that dream became a reality, thanks in part to the dedication and follow through of Matt Pinner. Go team.

Girls are just as good at math as boys Posted: 10 Nov 2010 09:52 AM PST Overall, girls and boys perform equally well at math. Gender is a predictor of math performance, but a very weak predictor.

Of big cats and bezoars Posted: 10 Nov 2010 09:50 AM PST Oh, sure, trespassers will be eaten. But they'll just be vomited up again 20 minutes from now. And intentionally vomited up, no less. In case you weren't aware, it is not an accident when your cat pukes up a hairball. Instead, cats induce vomiting—usually by eating grass or houseplants. It's just a normal part of cat life. First, they ingest a lot of hair and dirt by licking themselves clean. Then, they have to get it back out again. Even big cats, like the ones this sign warns you about, produce hairballs. That's right. Pity the zookeepers. Photo taken by Antony Bennison. Found in the BoingBoing Flickr Pool.

Creative Commons fundraiser with matching grant from Hindawi Posted: 10 Nov 2010 09:16 AM PST Creative Commons is in the midst of its annual fundraising drive, and Hindawi, the open access scholarly journal, will match your contribution, up to $3,000. Creative Commons is an astonishingly clever and effective legal hack, a way of allowing people to choose to work with the Internet and its innate capacity to share culture, even if our governments continue to pass laws in the service of old economy thugs who think that universal access to human knowledge is a bug, not a feature. Here's Wikipedia founder Jimmy Wales's pitch for why you should support CC: Why do you support CC and why do you use it on your sites? I have always been a fan of CC's approach as a "middle way." For a long time, we were stuck in a debate about copyright that focused only on two categories of people: the creators who want to maintain their work under traditional copyright, and the "pirates" who want to steal that work and undermine it. What was lost in that dialogue first became obvious in the world of free, open source software: many people are creators but aren't interested in, nor helped by, traditional copyright. CC recognized that the solutions being created in the world of software had broader applicability to culture. What, in your opinion, are the challenges that lie ahead for CC? Billions of people benefit in some way from the work of Creative Commons, but I fear that it is too often overlooked because the work is by nature free of charge, and because it is "infrastructure." At Wikipedia, we are able to fund-raise directly from small donors because we are huge, public, and visible, and our community builds something that everyone uses every day. With Wikipedia, we can always know that there will be lots and lots of $30 donors from the heart and soul of the Wikipedia donor community. It's harder for Creative Commons. I'm a donor to Creative Commons, and I encourage other people to be donors as well. Creative Commons will always have a smaller group of donors, but one that digs deeper because they know how important the work is.

Password Doesn't Shear Firesheep Posted: 10 Nov 2010 03:16 PM PST Firesheep sniffs unsecured connections with major Web sites over local networks and lets a user with the Firefox plug-in installed sidejack those sessions. A trope has spread that the way to solve this problem is to password protect open Wi-Fi networks, such as those run by AT&T at Starbucks and McDonald's. The technical argument is that on a WPA/WPA2 (Wi-Fi Protected Access) network in which a common shared password is used, the access point nonetheless generates a unique key for each client when it connects. You can't just know the network password and decode all the traffic, as with the broken WEP (Wired Equivalent Privacy) encryption that first shipped with 802.11b back in the late 1990s. Steve Gibson, a veteran computer-security writer and developer, suggested this the moment Firesheep was announced. A blog post at security consultant Sophos makes the same suggestion. But it won't work for long. Gibson notes the key problem to this approach in the comments to his post: every user with the shared key can sniff the transaction in which another client is assigned its unique key, and duplicate it. Further, if you join a network with many clients already connected, you can use the aircrack-ng suite to force a deauthentication. That doesn't drop a client off the network; rather, it forces its Wi-Fi drivers to perform a new handshake in which all the details are exposed to derive the key. Thus, you could defeat Firesheep today by assigning a shared key to a Wi-Fi network until the point at which some clever person simply grafts aircrack-ng into Firesheep to create an automated way to deauth clients, snatch their keys, and then perform the normal sheepshearing operations to grab tokens. I would suspect this might be dubbed Firecracker The way around this is to use 802.1X, port-based access control, which uses a complicated system of allowing a client to connect to a network through a single port with just enough access to provide credentials. The Wi-Fi flavor of choice is WPA/WPA2 Enterprise, and the secured method of choice is PEAP. Even if every 802.1X user logs in using PEAP with the same user name and password, the keying process is protected from other users and outside crackers. Update: Reader Elmae suggests "Little Bo PEAP" instead of Firecracker. Even though 802.1X is built into Mac OS X since about 2004, Windows starting in XP SP2, and available at no cost for GNU/Linux, BSD, Unix, and other variants (as well as for older Mac/Win flavors), it's got just enough overhead that hotspots haven't wanted to use it. While hotspots aren't liable for people sidejacking with Firesheep or simply sucking down and analyze traffic on their networks (disclosure: IANAL), 802.1X is cheap and easy to implement when there's a single user account and password. It's possible we'll see some uptake. The long-term solution is for all Web sites that handle any data to encrypt the entirety of all user sessions. Update: Commenter foobar pokes a hole, pun intended, in my suggestion for using 802.1X with a single user name/password: Hole196. This vulnerability, documented by AirTight, afflicts 802.1X networks. It allows a malicious party to spoof the access point for sending broadcast messages, and allows ARP and DNS poisoning. Thus Firecracker could become fARPcracker, and, once again, Firesheep emerges victorious. (I wrote about Hole196 for Ars Technica; it's not that big a deal for the enterprise, but it's perfectly easy to use in a hotspot.) Thus, sites securing all their connections with SSL/TLS becomes the only practical method to ensure privacy and prevent sidejacking. Photo by Magic Foundry, used via Creative Commons. Liar, Liar, Sheep on Fire Baa, Baa, BlackSheep, Have You Any w001?

Tom the Dancing Bug: Percival Dunwoody, Idiot Time-Traveler From 1909 Posted: 09 Nov 2010 09:48 PM PST

You are subscribed to email updates from Boing Boing To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610