The Internet Is Broken, and Shellshock Is Just the Start of Our Woes – BY ROBERT MCMILLAN 09.29.14 | 6:30 AM


cracked2

 WIRED

Brian Fox drove from Boston to Santa Barbara, with two tapes stashed in his trunk.

These weren’t music tapes or video tapes. They were computer tapes—two massive reels loaded with software code and data, the sort you can see spinning on furniture-sized computers in classic movies like Dr. Strangeloveand Three Days of the Condor.

The year was 1987, and as Fox drove cross-country to his new home, the tapes held a software program called Bash, a tool that Fox had built for the UNIX operating system and tagged with a license that let anyone use the code and even redistribute it to others. Fox—a high school dropout who spent his time hanging out with MIT computer geeks such as Richard Stallman—was a foot soldier in an ambitious effort to create software that was free, hackable, and unencumbered by onerous copy restrictions. It was called the Free Software Movement, and the idea was to gradually rebuild all of the components of the UNIX operating system into a free product called GNU and share them with the world at large. It was the dawn of open source software.

Fox and Stallman didn’t know it at the time, but they were building the tools that would become some of the most important pieces of our global communications infrastructure for decades to come. After Fox drove those tapes to California and went back to work on Bash, other engineers started using the software and even helped build it. And as UNIX gave rise to GNU and Linux—the OS that drives so much of the modern internet—Bash found its way onto tens of thousands of machines. But somewhere along the way, in about 1992, one engineer typed a bug into the code. Last week, more then twenty years later, security researchers finally noticed this flaw in Fox’s ancient program. They called it Shellshock, and they warned it could allow hackers to wreak havoc on the modern internet.

Shellshock is one of the oldest known and unpatched bugs in the history of computing. But its story isn’t that unusual. Earlier this year, researchers discovered another massive internet bug, called Heartbleed, that had also languished in open source software for years. Both bugs are indicative of a problem that could continue to plague the internet unless we revamp the way we write and audit software. Because the net is built on software that gets endlessly used and reused, it’s littered with code that dates back decades, and some of it never gets audited for security bugs.

When Bash was built, no one thought to audit it for internet attacks because that didn’t really make sense. “Worrying about this being one of the most [used] pieces of software on the planet and then having malicious people attack it was just not a possibility,” Fox says. “By the time it became a possibility, it had been in use for 15 years.” Today, it’s used by Google and Facebook and every other big name on the internet, and because the code is open source, any of them can audit it at any time. In fact, anyone on earth can audit it at anytime. But no one thought to. And that needs to change.

How the Web Was Built

In digital terms, Fox’s Bash program was about the same size as, say, a photograph snapped with your iPhone. But back in 1987, he couldn’t email it across the country. The internet was only just getting off the ground. There was no world wide web, and the most efficient way to move that much data across the country was to put it in the trunk of a car.

Bash is a shell utility, a black-boxy way of interfacing with an operating system that predates the graphical user interface. If you’ve used Microsoft’s Windows command prompt, you get the idea. That may seem like an archaic thing, but as the internet took off, fueled by web browsers and the Apache web server, the Bash shell became a simple yet powerful way for engineers to glue web software to the operating system. Want your web server to get information from the computer’s files? Make it pop up a bash shell and run a series of commands. That’s how the web was built—script by script.

Today, Bash is still an important part of the toolkit that helps power the web. It’s on the Mac, and virtually any company that runs the Linux operating system, the descendant of UNIX, uses it as a quick and easy way to connect computer programs—web server software, for example—with the underlying operating system.

But the lead developer of the program doesn’t work for any of these big names. He doesn’t even work for a tech company. His name is Chet Ramey, and he’s a coder at Case Western Reserve University in Cleveland. He works on Bash in his spare time.

Article continues:

http://www.wired.com/2014/09/shellshocked-bash/

Ello and the High-Speed Hype Cycle of a New Social Network – By David Marchese September 29, 2014 4:35 p.m.


 

The internet hive mind is good at a lot of things. Telling the future is not necessarily one of them. Late last week, the new social network Ello reached a tipping point, moving from a weird, unfamiliar term you saw popping up on people’s Twitter feeds to the cause of a full-blown FOMO outbreak, with desperate would-be users even attempting to buy entrée into the invite-only site. A self-reported 3,000 to 4,000 new users were signing on per hour, an overload that caused Ello, still in beta, to suspend invitations while it played catch-up to demand. The network had burst fully, virally to life. Then, in the space of, oh, a day or two, it was declared seriously ill. Fruit flies have been allowed more time to come into their own.

So what, exactly, is Ello? The creators positioned it, explicitly, as the “anti-Facebook.” They shared a high-minded manifesto (and actually called it a manifesto), in which they explained their belief that “a social network can be a tool for empowerment. Not a tool to deceive, coerce, and manipulate — but a place to connect, create, and celebrate life.” Ello, unlike the social network that shall not be named, would never have ads, it would never sell your data, it wouldn’t even make you use your real name. It would, in its enlightened state, respect your privacy. As if on cue, Ello got a nice lift when it became an alternative for those eager to ditch Facebook after the latter had deep-sixed the accounts of drag artists who’d tried to use pseudonyms rather than their real names. Here, finally, was the humane counter to the Facebook Borg.

It didn’t seem to matter that the actual uses of Ello were less intuitive and easy to parse than its anti-marketing, pro-privacy positioning. After signing up, you can designate other users as friends, and their images or text appears in your feed. Designate them as “noise” and their posts show up in a separate feed. The layout is spacious and clean, with lots of white space. It seems better suited for images than text. The whole thing scans like a prettier, more schizophrenic and personally curated Tumblr feed. There are, of course, no ads. The vibe is less evocative of an impassioned revolutionary meeting place than it is, say, a Scandinavian espresso bar with a delightfully robust community corkboard. But aside from the privacy and the ideological eff-you to Facebook, it’s hard to see what Ello can do for you that other social networks — where your friends are already hanging out — can’t.

Ello utopianism lasted about a day. Ello’s stance was hypocritical. (Founder Paul Budnitz created an account for his bicycle company.) Ello’s privacy controls were insufficient. (It did not, at least initially, allow users to block unwanted or abusive followers.) Ello was a sell-out. (VC firm FreshTracks Capital had given $435,000 in seed money.) Companies like Sonos and Netflix quickly created Ello accounts. There went the neighborhood.

Who’s right, the yays or nays? Obviously, no one knows. Twitter used to be the thing where narcissists shared what they had for breakfast. Then Instagram took that role, and Twitter became a breaking-news wire. Before Facebook was Facebook, it was a Hot or Not for Harvard kids. There’s no way the Defense Department geeks fiddling with ARPANET had any inkling that their creation would reshape how we communicate with each other, let alone the vastness of our desire for cute sloth videos. These things, Ello included, take on lives — and deaths — of their own.

The real lesson of Ello, then, is a lesson in public posturing. People want to be on Ello so they can have an opinion about Ello. And on the off-chance that Ello is the next big social network, best to put down a stake early. It’s the need to perform a stance, pro or con, which compelled the attention. It’s the same impulse that, for example, drove millions of people who very likely did not have a particular prior interest in coprophagic porn to check out 2 Girls, 1 Cup—content matters less as content than as an occasion to expound. (And God forbid you find yourself in the shameful position of not knowing about something.) Same goes, so far, anyway, for Ello. We came, we saw, we chattered. But social networks must grow rapidly or die, and unless Ello can find a way to convert this burst of attention into something that Facebook isn’t already supplying, soon we’ll move on. After all, there’s something coming, just over the horizon, and we are going to have to talk about it.

http://nymag.com/daily/intelligencer/2014/09/ello-and-the-hype-cycle-of-a-new-social-network.html

The Creepy Language Tricks Taco Bell Uses to Fool People Into Eating There


What can you tell about a restaurant from its menu? A lot more than what’s cooking. That’s what linguist

Taco Bell

 Jurafsky, a professor of linguistics at Stanford, looked at hundreds of examples of food language—from menus to marketing materials to restaurant reviews. Along the way, he uncovered some fascinating patterns. For example: In naming foods, he explains, marketers often appeal to the associations that we already have with certain sounds. Crackers and other crispy foods tend to have names with short, front-of-the-mouth vowels (Ritz, Cheez-Its, Triscuits), while rich and heavy foods have longer vowels that we form in the back of our mouth (Rocky Road, Jamoca Almond Fudge). He also describes the shared linguistic heritage of some of the most common food words. Take salad, sauce, slaw, and salsa: All come from the Latin word sal, meaning “salted.”

But it’s Jurafsky’s menu analysis that really stands out. Where most of us see simply a list of dishes, Jurafsky identifies subtle indicators of the image that a restaurant is trying to project—and which customers it wants to lure in. I asked Jurafsky to examine the menus of Taco Bell and its new upscale spinoff, US Taco Co., whose first location just opened in Southern California.

We started with Taco Bell’s breakfast menu. Of course, everyone knows that the Tex-Mex fast food chain isn’t exactly fine dining, but Jurafsky pointed to some hidden hallmarks of down-market eateries’ menus.

The first thing that Jurafsky noticed about Taco Bell’s menu was its size: There are dozens, if not hundreds of items. “The very, very fancy restaurants, many of them have no menu at all,” Jurafsky says. “The waiter tells you what you’re going to eat, kind of. If you want, they’ll email you a menu if you really want it.”

Next, Jurafsky picked up on descriptors. “So there’s all of those adjectives and participles,” he says. “‘Fluffy. ‘Seasoned.'” That’s one thing that’s common on cheaper restaurant menus—as if the restaurant feels the need to try and convince its diners of the quality of the food. A fancier restaurant, he explains, would take it as a given that the diner expects the eggs to be fluffy and the pico de gallo to be freshly prepared.

“Notice the word ‘flavorful,’” Jurafsky says. “The cheapest restaurants use these vague, positive adjectives. ‘Delicious.’ ‘Tasty.’ ‘Scrumptious.’ Wonderful. Again, more expensive restaurants take all that as a given.”

Article continues:

Everything You Need To Know About Hong Kong’s Umbrella Revolution by Igor Volsky Posted on September 29, 2014 at 10:26 am Updated: September 29, 2014 at 5:01 pm`


Hong Kong Democracy Protest

CREDIT: AP

Riot police in Hong Kong are deploying tear gas and rubber bullets against at least 13,000 protesters demanding greater democratic reforms. The movement — dubbed the “Umbrella Revolution” for the demonstrators’ use of umbrellas to protect themselves from tear gas — is capturing the world’s attention and leading some analysts to wonder if the event could escalate into a broader push for greater democracy in the region.

A civil disobedience movement modeled on Gandhi and Martin Luther King.

In January of 2013, constitutional expert Benny Tai, frustrated with what he saw as the Chinese government’s reluctance to grant Hong Kong the political independence it had promised, called on residents to join a massive act of civil disobedience in Central, Hong Kong’s business and financial center. Joined by sociology professor Chan Kin-Man and the Rev. Chu Yiu-Ming, the trio sought to model the movement, they called Occupy Central, on Mahatma Gandhi and Martin Luther King Jr.

Hong Kong Democracy ProtestCREDIT: AP

The push for greater autonomy and independence began after the United Kingdom transferred sovereignty over Hong Kong to the People’s Republic of China in 1997. Under British rule, Hong Kong became a wealthy manufacturing center, with limited democratic freedoms unseen in mainland China. As part of the transfer-of-power negotiations, China agreed to a “one country, two systems” deal. Under those terms, Hong Kong can develop its own democracy without interference from the central government and in 2017 Hong Kong citizens are permitted to democratically elect their top leader who is currently appointed by Beijing.

The Chinese government, however, has repeatedly reinterpreted this agreement. In July, it released a White Paper reaffirming its “complete jurisdiction” over Hong Kong, adding that “the high degree of autonomy of [Hong Kong] is not an inherent power, but one that comes solely from the authorization by the central leadership.” In August, Beijing announced that “while citizens would be allowed to vote for the chief executive, the candidates for the election would have to be approved by a special committee just like the pro-Beijing committee that currently appoints the chief executive.”

Article continues:

http://thinkprogress.org/world/2014/09/29/3573172/everything-you-need-to-know-about-the-umbrella-revolution/

Data divulges racial disparity in Chicago’s issuance of gun permits – By Kelly Riddell – Monday, September 29, 2014


Wealthier whites get 90 percent of licenses in Illinois

Proponents and opponents of Illinois' concealed carry gun law are weighing in on how it will affect the relative safety of Chicago, the homicide capital of the nation. (Associated Press)

In Chicago’s South Side earlier this month, a 16-year-old boy was shot dead, the seventh person killed this year in the West Garfield Park neighborhood.

The boy was able to give his name and reportedly pleaded with the responding police officers, “Please don’t let me die.”

If you live in 60624, the ZIP code where the shooting took place, you don’t expect your streets to be safe. In the last 30 days, that neighborhood has recorded more homicides, robberies, assaults, thefts and narcotics charges combined than any other ZIP code in Cook County when measured on a per capita basis. Its population is 98 percent black and averages a median income just above the poverty line.


PHOTOS: Best concealed carry handguns


It also is one of the ZIP codes that registers the fewest active concealed carry firearms permits per capita in the county, according to concealed carry numbers obtained under the Freedom of Information Act by The Washington Times.

Ditto for the crime-ridden neighborhoods of Englewood and West Englewood. Combined with West Garfield Park, out of their 114,933 total residents, only 193 concealed carry licenses have been issued — less than 0.17 percent of the population.

It’s a completely different story in affluent Palos Park, located in southwestern Cook County. The 60464 ZIP code boasts a negligible crime rate: Only one homicide has been committed in 10 years, according to the most recent state police data. Ninety-six percent of its residents are white, earning an average income of $121,000.


SEE ALSO: D.C. proceeds with plan for concealed weapon permits to avoid contempt


It also has the most concealed carry licenses in Cook County this year, with 1.24 percent of its residents authorized to carry a gun.

The majority of Illinois’ 73,714 active concealed carry licenses — 90 percent — have been issued to white people, demographic data shows. Only eight percent of African-Americans have secured licenses, according to the FOIA information.

Within Cook County, the top five concealed carry ZIP codes per capita are all predominately white, middle class and are in areas that have low crime rates. However, the most violent neighborhoods within the county — all of which are on the South Side of Chicago — are predominately black, where residents earn less than $48,000 annually and hold the fewest concealed carry licenses as a percentage of the population.

If the same data trends occurred in banking and insurance, there might be outcries of “redlining,” denying a group of people access to goods or services because of the color of their skin or income levels. But there’s little public concern expressed so far about the possibility that poor blacks are being disenfranchised from the right to carry a concealed weapon.

“You really need to ask whether or not politicians are consciously trying to disarm certain groups of people,” said Dr. John Lott, a Second Amendment expert and president of the Crime Prevention Center. “Why do they want a law that primarily disarms blacks and gives guns to only well-to-do whites? Don’t they think it should be equal for everyone to protect their lives?”

Illinois residents say the disproportionate statistics all boil down to cost. Of right-to-carry states, Illinois has the highest registration and training fee, costing an applicant about $650 on average for fingerprinting, taxes and logistics — excluding the price of the gun.

“In these gangbang neighborhoods, people can’t afford the license. They’re making choices between food and medicine, and they can’t even guarantee they’ll get even that,” said Shawn Gowder, 49, who lives in Chicago’s Auburn Gresham neighborhood on the South Side, where two homicides have taken place in the last 30 days. “We need to arm ourselves and protect ourselves from these gangbangers, but we just can’t afford to do it.”

Illinois also has the longest training requirements of right-to-carry states, requiring potential licensees to take a 16-hour course that includes range time. There are no gun ranges within the city of Chicago, and carrying an unlicensed gun on public transportation is a crime.

“There are a lot of systematic and economic barriers that make it difficult for South Side of Chicago residents, many of whom are African-American, to obtain concealed carry permits,” said George Mitchell, president of the NAACP Illinois State Conference. “Some of the barriers include the high costs, time commitment, bureaucracy and the community’s distrust of the police.”

http://www.washingtontimes.com/news/2014/sep/29/chicago-concealed-carry-gun-permit-law-disarms-poo/

Hong Kong police try and fail to clear protesters with tear gas – By William Wan September 28 at 11:35 PM


 After clashes between police and protesters that lasted into the morning, Hong Kong awoke Monday to a city in chaos — with roads closed and several areas still littered with crowds of sleeping pro-democracy demonstrators.

Some still clutched umbrellas and masks that they had used to fend off tear gas lobbed by police in a failed attempt to disperse them.

The overnight clashes between thousands of protesters and police marked the latest escalation in the battle between Hong Kong’s pro-democracy activists and the territory’s rulers in Beijing.

In recent weeks, the democracy movement had appeared to be flagging after a summer of simmering dissent. But this past week, a boycott by students galvanized the cause over the weekend and prompted thousands to join the students’ nonviolent siege of Hong Kong’s government headquarters.

Their protests yielded scenes of unusual chaos over the weekend in the usually staid Asian financial hub.

http://www.washingtonpost.com/world/asia_pacific/hong-kong-police-try-and-fail-to-clear-protesters-with-tear-gas/2014/09/28/442d4918-4714-11e4-b72e-d60a9229cc10_story.html?hpid=z4