Photo metadata

# get exiftool
sudo apt-get install libimage-exiftool-perl

# get libexif CLI tool
sudo apt-get install exif

# erase all metadata
exiftool -all='' img.jpg

# see what metadata tags your photo has
exif -l img.jpg

# see the values of the included metadata tags
exif img.jpg

EXIF specifications: http://www.exif.org/specifications.html
For PNGs: http://pmt.sourceforge.net/pngmeta/index.html

And now, a demonstration in how ridiculously easy it is to hack stuff with Google

Inspired by this reddit thread (look here for help deciphering the Google syntax).

phpMyAdmin -- inurl:SELECT inurl:FROM inurl:WHERE intitle:phpmyadmin

HP Laserjet printers -- "identify the document you want to print by using either option shown below, then select the apply button."

More printers -- "Web Image Monitor" location comment "device name"

Web cams -- inurl:"viewerframe mode="

And, let's not forget the Google Hacking Database or how to use Google to crack MD5-hashed passwords!

batch: like at, but better

batch is a tool that is identical to at (same manpage even), except it runs a specified job when the load averages are low instead of at a certain time. Very handy if one needs a job to execute on a busy server and doesn't care when it happens, just that it happens.

Stanford students 'better than other people'?

A telling quote from a Stanford student in today's San Jose Mercury News front-page story:

"When they welcome you to freshman orientation," Robbins says, "part of what they tell you is that you're better than other people."

Not smarter, not better at standardized test scores or kissing ass to get ahead, but unequivocally superior human beings than all those proles that attend state schools. I have to say, this quote typifies the holier-than-thou, aristocratic, snub-nosed attitude that runs through a lot of the student body (and faculty).

My .pythonrc.py

#!/usr/bin/python

import sys
import os
import atexit

# color prompt
sys.ps1 = '\001\033[1;36m\002>>> \001\033[0m\002'

# tab completion
# from http://www.doughellmann.com/PyMOTW/rlcompleter/index.html
try:
 import readline
except ImportError:
 # Silently ignore missing readline module
 pass
else:
 import rlcompleter
 readline.parse_and_bind("tab: complete")

# history
# from http://dotfiles.org/~remote/.pythonrc.py
histfile = os.path.join(os.environ["HOME"], ".python_history")
try:
 readline.read_history_file(histfile)
except IOError:
 pass

atexit.register(readline.write_history_file, histfile)
del os, histfile

If running 'python' on the command line does not run the file, you can always alias python to 'python -i ~/.pythonrc.py'

Critique of Laughlin's "The Crime of Reason"

When I saw Robert Laughlin speak at Stanford, I was terribly disturbed by some of his ideas and intrigued by others. As someone who drinks the free software/culture kool-aid, I was always of the opinion that the free flow of information helped humanity, not hurt it. As a follow up on his talk, I decided to pick up a copy of Laughlin's book, The Crime of Reason, to investigate his ideas further. The book, like is talk, contains some very interesting and important ideas but is poorly put together and rather meandering. Writing style aside, the book discusses the following topics, which I will comment on in turn:

The Intellectual Property system is necessary for economic progress

Laughlin states that "Universal access to knowledge is fundamentally incompatible with market economics." (p.45) By this he mostly means that the patent system in the United States is necessary for economic development. He doesn't provide any convincing evidence to back this up, but merely provides a false analogy equating the economy with a game of poker in which everyone has incentives to hide and steal from each other. Perhaps these dynamics apply in certain sectors of the economy (particularly looking through the lens of a physicist who has spent his entire life inside the bowels of the military-industrial complex), but in other cases they do not. The open-source software industry immediately springs to mind as an example in which companies have an interest in freely sharing knowledge with each other.

In any event, the idea of the necessity of a patent system has been completely eviscerated by Boldrin and Levine in their book Against Intellectual Monopoly. Looking at history, the acquisition of a patent in a particular field coincided with a stall of progress in an industry until the patent expired and, not coincidentally, substantially increased patent lawsuits within that industry as the patent holder sought to restrict anyone else from innovating. Patents are a type of monopoly and, as any econ 101 student will tell you, monopolies are a Bad Thing because they deprive both consumers of a low cost for products and also prevent other potential producers from making money by entering the market. Awarding patents is hardly "necessary for living" (p.49) as Laughlin claims.

How and why technical knowledge becomes illegal

The main thrust of the book has to do with the troubling tendency of modern societies to effectively outlaw knowledge. Laughlin compiles a list of fields today whose study has been criminalized in some form or another:

- cryptography
- circumvention (DMCA)
- physics (nukes)
- genetics
- bioengineering (engineered diseases)
- biology (cloning, chimeras)
- national security related processes
- chemistry
- etc.

He asserts that learning about these fields has been criminalized either in the law itself (which is rarely challenged in open court because of the potential government 'secrets' a trial could leak) or by de facto means such as withdrawal of research funds or public ostracism. This development, of course, is quite at odds with the way that learning is supposed to work in our society, as Laughlin recognizes: "Modern civilization rests on two mutually exclusive kinds of thinking -- one embodied in the free speech guarantees in the First Amendment of the U.S. constitution, the other in the Atomic Energy Act." (p.82) His most effective case in point is that of nuclear physics, in which the U.S. government has led a campaign of a quasi-legal nature to suppress the spreading of knowledge on the subject. He reasons that this censorship "set a precedent that has now led, by small steps, to a significant and growing threat to our freedom to reason and learn." (p.84) This is the most convincing, and consequential, argument of the book, and deserves serious thought by all members of our government and society. Are we really willing to sacrifice our freedoms to pursue intellectually interesting scientific facts for the sake of purported security, morality and order?

The consequences for a society which deems scientific knowledge illegal

In the final chapter, Laughlin conducts a thought experiment: what will smart people do if and when we achieve this nightmare society in which the pursuit of any and all interesting technical knowledge is illegal? Laughlin's suggestion that "The sensible course of action would probably be to give up" (p.144) is deeply unsatisfying. He then postulates that the talented technical folk (that is, everyone that didn't become a doctor or a lawyer or a businessman) will either seek employment in the service of rogue dictatorships that allow science, become 'guerrilla warriors' of a sort within their own country or go somewhere else (in the interplanetary sense) to establish a new society where there is no crime of reason. It's very romantic to think of the creation of a new order by a disgruntled segment of society (a la the emigration of persecuted religious groups to America). If it is necessary, however, is another matter entirely. It's certainly way too early, in my opinion, to 'give up' on our present society. A more enlightened public debate on this topic, if not reform, is not out of reach.

You can read other peoples' opinions on the book on Amazon

Twitter: Good or Evil (or Irrelevant or Same ol')?

Everyone seems to be talking about and using Twitter these days (I'm not on it and have no plans to join in the immediate future). It seems as though Twitter is the newest wave of social media hype, for better or for worse. If you cut through the frenzied enthusiasm about Twitter, however, you get a picture of a service that is just another method of communication, with all the positives and negatives that that provides (albeit with a unique short-message twist).

Twitter has proven itself as one of a number of social media platforms that can be used to report breaking news events faster than traditional news reporters can arrive on the scene. The most important and striking example of this was the coverage of the Mumbai Terror Attacks. Other sites, notably Wikipedia and Flickr, also contained up-to-the-minute details of the attack that mainstream media sites such as CNN cribbed for their stories on the incident. Twitter has also been used by activists to organize and rapidly disseminate information. Consider reporters in Egypt that were able to alert colleagues to their arrest via Twitter. Others recently mounted a campaign to expose Amazon.com's system that placed gay and lesbian-related items lower in the site rankings.

But Twitter not only has the power to educate and organize, it also has the power to misinform. Consider the recent swine flu panic: Twitter users reacted to the global scare by essentially amplifying the pig paranoia rather than providing any useful information about the disease. The 'social' factor of Twitter exacerbates this phenomena: often users post not to communicate substance, but to fit in. The result is a hysterical echo chamber of misinformation. (In fact, the author of the linked Foreign Policy article speculates that Twitter would be a very good medium for someone who wanted to intentionally incite fear in the populace.) Valleywag nicely summarizes this point: "What Twitter actually does is inflate problems out of all proportion, as Twitterers noisily tweet about how with it, on it, and over it they all are, repeating each other's messages without adding anything of value. Any [person looking to inform themselves] would go mad long before he extracted useful information." The desire of many Twitter users to be on the cutting edge of news also enhances their gullibility, and the lack of context inherent in 140 character posts makes it much easier to pull the wool over a reader's eyes. Twitter users fell for the faux news items of Patrick Swaze's death and nefarious items snuck into Obama's stimulus package, to cite only two examples.

The fact that entries on Twitter are limited to 140 characters apiece makes it difficult to convey much useful insight in one post. Many use Twitter for precisely that reason -- they have little or nothing to say. Glenn Greenwald nails it: "About Twitter messages, John says 'they all read like cell phone text messages between 12 year olds,' and indeed, the only purpose I can discern is that it provides a format for expressing thoughts that are too inconsequential to merit a stand-alone article or post. For precisely that reason, it is unsurprising that Twitter has become a huge hit among our media stars, for whom triviality is a guiding principle." Appropriately, a vast cult of celebrity Twitter worship has emerged, with eager fans eating up every last tasteless morsel that is tossed to them by their gods. The fact that Twitter is often an outlet for the mundane is hammered home by spoof sites such as MyLifeIsAverage.

Quite possibly the most devastating critique of Twitter is not that it incites fear or inhabited by vapid users, but that there is simply nothing special about it -- that it is more of the same. Seth Finkelstein maintains that Twitter is just another sucker's game that only serves the needs of a tiny elite: 'After I saw Twitter in use, I realised the difference was that, while IRC had all participants equal, Twitter implements a distilled version of many problematic aspects of blogging. Namely, a one-to-many broadcasting system that serves the needs of high-attention individuals, combined with an appeal to low-attention individuals that the details of one's life matter to an audience... Twitter is low-level celebrity for the chattering class. And the pathologies of celebrity are all on display, including the exploitative industries that prey on the human desire to be heard and noticed. My answer to Twitter's slogan of "What are you doing?" is: 'Not playing a sucker's game.'" Twitter, in other words, is just another way for the powerful to broadcast their message and for advertisers to blast users with pitches for their newest products and peer into consumers' minds, all the while deluding the average user that it's an empowering service.

Clearly, Twitter is many things to many people. Perhaps that's the only conclusion that one can draw from such a myriad of uses. Twitter is a communication medium and, like any other one, can be used and abused for just about any purpose. Although Twitter encourages its own unique kind of communication from being a 140-character accepting social media service, many of these sites' quirks are simply a reflection of their users, and it's wrong to blame the tool for having too much influence in shaping what people do with it. As one responder to Greenwald put it, "Criticizing the form [of Twitter] is like criticizing haiku as a form."

UPDATE:

• TechCrunch takes a pessimistic viewpoint, in the context of the Fort Hood Massacre.
• Valleywag lays down the rules for the manipulate-the-gullible-public-into-believing-someone-is-dead-when-they're-not game
• Joel Spolsky also has some unkind words for Twitter
• Study: Men follow Men and Nobody Tweets
  

I finally caved. danny_colligan is my twitter handle.

.gdbinit file

Personal settings for gdb -- nothing too elaborate

# color prompt
set prompt \001\033[1;36m\002(gdb) \001\033[0m\002

# history across invocations
set history save on
set history filename ~/.gdb_history

How NOT to recruit software engineers

After going through Stanford's recruiting process for a summer internship for the first time (and having been contacted sporadically by headhunters for quite some time), I've been genuinely disappointed in a select few of my interactions with recruiters. A certain subset of recruiters commit some boneheaded errors that one might think would be precluded by an iota of common sense. These missteps waste my time and give the recruiters' respective companies a bad reputation with the students. Additionally, I have no reason to think my experience is unique amongst my fellow engineering student peers. Since my blog is actively read by thousands of recruiters worldwide (well, maybe not, but I'll pretend like it is anyway) I have resolved to better their recruiting process by providing them a few helpful tips on what NOT to do when trying to gather talent:

Schedule appointments unilaterally
Remember, the applicant's life already revolves around your company, so have no qualms about telling him when an interview will be. Never take his schedule or conflicts into account. Never ask if he can make an appointment, simply assume he can.

Don't keep appointments
If you schedule an appointment with a recruit, make sure you do not show up. Optionally, show up at a different time and/or place. The same goes for phone calls: try calling at a different time than which you promised.

Don't follow up after interviews
Feel free to cut off contact with the recruit at any time, for any reason or without reason. Resist closure for the applicant. Never tell him if or why he was or was not accepted for the position.

Strive for an inconsistent message
Make sure the recruit has multiple contacts at the company, and make sure each of them is sending him a different message. Give him the impression that working for your company will entail functioning within a hopelessly mismanaged bureaucracy.

Be annoying
Clog the recruit's inbox with as much irrelevant information as possible. Send multiple copies of the same email. Send the same message over several different mediums (phone, email, pager, carrier pigeon, etc.). Ensure that mandatory forms are filled out multiple times. Redouble your efforts after the recruit says he is not available or not interested.

Treat the applicant like a number, not a person
Make sure the recruit knows that he is just another anonymous cog in the corporate machine. Send out obviously templatized emails that start with things such as "Dear $applicantName." Never make exceptions for an individual's extenuating circumstances.

Never apologize
No matter how badly you screw up, never acknowledge that you did anything wrong. Refuse to apologise. Stand your ground, especially in the case of overwhelming evidence to the contrary.

On a related note, if you are a recruiter/interviewer and wondering what you should be doing, please read the authoritative documents on recruiting and interviewing from the Joel on Software blog.

Dispelling Google Latitude Privacy Hysteria

Google recently came out with a new service called Latitude which allows people to share their locations with each other via a Google Maps interface. [1] Almost immediately, talk about privacy concerns dominated the dialogue concerning Latitude. These fears, upon closer scrutiny, are largely baseless. Latitude does not present a significant danger to users' privacy; any suggestion otherwise is mere technophobia and headline-grabbing Google-bashing.

The most important point in this entire conversation is that your cell phone is already a tracking device in and of itself. Carrying around a cell phone surreptitiously exposes more personal information than Latitude could ever dream of doing. The GPS, wireless Internet, and cell phone signals that emanate from your phone can be used to locate you any time your phone is on. The cell phone companies, obviously, know your location because they need it to deliver you service; the government can get it via Triggerfish or by just asking the phone companies. But a phone can be used as more than just a locator -- it can also be used as an eavesdropper. Consider the well-known NSA surveillance program that slurps up cell phone conversations, or the ability of the government to listen to whatever noise a cell phone picks up even when it is powered off. If you are seriously worried about your privacy, you won't even be carrying around a phone in the first place.

Google Latitude can not honestly be called a privacy threat because it is opt-in at every level and gives one the opportunity to leave or disable the service at any time. For another person to have access to your location, you must 1) explicitly enable Latitude 2) request the other person to receive your location via Latitude or accept a similar request from him 3) not turn the service off. Disabling the service can come in the form of either opting out of Latitude entirely or hiding your location temporarily. You can even enable a 'city-level-only' location option, which only shares your location to the town level of granularity, or set a manuallocation that doesn't move. (Your mobile location can be exactly determined only if you install Latitude on your mobile phone as opposed to using the stationary option.) Again, no one besides the group of people you explicitly agree to share your location with can see your location.

The example scenarios that have been raised by Privacy International with regard to Latitude's purported privacy degradation that have captured headlines are pretty far-fetched. All of the scenarios involve a malicious user creating a Google account, enabling Latitude on a phone and giving the phone to someone else with the intention of tracking them (without, of course, informing them that Latitude is enabled on the phone). Any reasonably competent person would quickly discover that Latitude was enabled on the phone, if he had not inspected the phone in the first place when he initially received it. There are many other major invasions of privacy taking place elsewhere, and Privacy International would do well to raise a stink about those issues rather than chase windmills at the Googleplex.

There is a legitimate privacy concern that Google will store the history of a user's location, which could be used to construct a profile of where a user was at certain points in time. However, Google states in the Latitude FAQ that this is not the case: "Google Latitude only reports your last updated location and does not keep a history of previously reported locations." As long as Google keeps its word in this regard, and I believe that to be a reasonably safe assumption, there is no privacy danger here.

It is unfortunate that so much ado has been made about a service that is essentially a useful visualization of your friend group. [2] Google Latitude is a service that you should have no qualms about using, provided that carrying around a cell phone does not make you queasy.

============================
Footnotes:
[1] As several other commentators on Slashdot pointed out, Google is not the first company to offer this kind of service (Brightkite, Loopt, and Mologogo to name just a few).

[2] One could imagine other use cases: giving truckers cell phones to track their shipments, planning visits to friends based on their proximity to a certain destination, serendipitousmeetup opportunities with nearby friends, etc.

iPhone App Pyramid Scheme Plan

Where is the next fertile soil for a pyramid scheme? Why, the iPhone Application store, of course! Following these few easy directions, you can scam millions of yuppies for fun and profit.

How: First, create an iPhone Application with some kind of cheesy social-networking appeal (e.g. 'How many friends do you REALLY have?'). It doesn't really matter what the functionality of the app is as long as each install of the app is assigned a unique identifier. The buyer will enter the id of the person who referred them to the app. In this way, an n-ary tree can be constructed (with you at the root) of subsequent referrals and installs of the app. Motivate the spread of the app by promising some amount of money to a user every time someone else buys the app and enters the his or her 'promo code.' Price the app such that you net the difference of the cost of the app and the amount you are paying out on each install.

Why it will work: People who purchase iPhones have a proven record of buying a lot of iPhone applications with their disposable income. It is perfectly reasonable to believe that many of them would not mind spending a few bucks more to purchase another novelty application (indeed, some have proven that they will spend a great deal for a novelty application / status symbol). Second, sites like Facebook have proven users' insatialbe thirst for social applications that connect them to their friends/coworkers/strangers/etc. Many of these applications exploit some kind of emotional dynamic (for instance, who are your 'Top Friends'?) to appeal to users. The sucess of these applications leaves no doubt that other appeals of the same kind would find an audience. Third, the iPhone App store provides a quick and easy means of distribution and, presumably, payment. Finally, every pyramid scheme exploits people's motivation for profit, a powerful motive indeed.

Variables: The setting of a reasonable price and payout is critical. Ask too much and nobody will buy the app; ask too little and you won't make much money. Promise too much as a payout and you won't make much money, promise too little and the app will not virally spread. Another important decision is the appeal of the application -- how are you going to convince uses to buy the application in the first place? What is the most compelling social/emotional/psychological/whatever message that you can send to them that makes them want to buy? Going hand in hand with that, what does the application actually do? Does it simply redirect to a web page showing some statistics of who has recruited the most people to the scheme, or does it have something more sophisticated?

Unknowns: Apps need to be approved by Apple and can be yanked by Apple at any time, with or without explanation. The app needs to be written in such a way that it does not appear to be something that Apple would find questionable. The legality of these practices is another issue. Depending on what the function of the application is, you might be able to make a case that you are actually delivering a product to the user. Another unknown is the most effective way to move many small payments of money between people, and what kind of cost is incurred for those services.

Funny UNIX tricks from Slashdot

There was a recent story on slashdot about useless (or useful) things one can do in UNIX. Being a command line junkie, I read through virtually every comment (all 2300+ of them) to learn some new tricks. Here are some of the better ones:

Bash History

• history -c # clear history (good for preserving privacy/passwords, or check out the more precise -d option)
  
• In vi command mode, type /query and hit Enter to search history, n to keep searching backwards, N to search forwards

vimdiff

• vimdiff original_file patched_file
  
• unified format: open original file, then :vertical diffpatch path/to/diff

Encryption

• openssl aes-256-cbc -a -e -salt -in INPUT_FILENAME -out OUTPUT_FILENAME # encrypt
• openssl aes-256-cbc -a -d -salt -in INPUT_FILENAME -out OUTPUT_FILENAME # decrypt
• echo Oe lbh pna vzcyrzrag UK tbireazrag fgnaqneq rapelcgvba jvgu ge | tr a-z n-za-m # Rot 13 encrypt/decrypt
  

Others:

• sleep 8h; cat /dev/urandom > /dev/dsp # alarm clock
  
• eject -T # close cd tray if open, open if closed (useful to find out which physical machine you are logged into)
• sl # punish users who accidentally type 'sl' instead of 'ls'
  
• eposd && say 'hello' # make the computer talk
  
• :(){ :|:& };: # forkbomb (space required between { and :) (protect against this with ulimit -u)
  
• for I in $(seq 1 100) ; do echo $I; sleep .25; done | dialog --gauge "PIZZA" 6 50 100 # Pizza timer via dialog

New MTV Video Site's Censorship -- Bleeping out Names of File-Sharing Software

MTV has just launched a new online video site. While I won't go through the trouble of mocking the site (or the TV network) for its irrelevance (please visit this slashdot thread for plenty of that), it is worth noting that it does have one feature that other video sites do not: in-video censorship! As this observant slashdot commenter says:

I was perusing this yesterday, and came across the Weird Al video "Don't Download This Song". One line in the original song goes:
o/~ Like Morpheus or Grokster or Limewire or KaZaA o/~

But the version on the new MTV site goes:
o/~ Like *beep* or *beep* or *beep* or *beep* o/~

Does anyone know if it was aired on MTV/VH1 this way, or is this unique to the web version?

MTV: http://www.mtvmusic.com/video/?id=108884 [mtvmusic.com]
Youtube: http://www.youtube.com/watch?v=Yz-grdpKVqg [youtube.com]

Update
More coverage: Slashdot Techdirt

Interesting New Perspective on DRM

While browsing a Slashdot thread about a purported "open-source DRM" product I came across an interesting comment by a guy named Sancho. While I had always viewed DRM as a uniquely new development, he ties it to practices that have been occurring in the recording industry for some time:

I tend to think of it as ensuring repeated sales of their art throughout their lifetimes.

For a while there, ensuring this was as easy as making sure that your music was released on the format du jour. Records, 8-tracks, cassettes, CDs.... With the advent of digital music sans a physical medium, this trend of rebuying all of your albums is at risk. Suddenly, you're faced with customers never having to rebuy the White album, and you see your sustained profits going down the tubes.

DRM solves that. Now, rather than coming out with a new format every few years, you just have to come up with a new DRM scheme and turn off the old servers. Because the devices playing the music are somewhat general purpose, it's easy to move quickly--you don't have to worry about market penetration for the players, because it's just a free software update away.

One small point: in the old days, format upgrades, say from tape to CD, often brought with them added benefits (better sound quality, more convenient access to songs, larger storage space, etc.) so there were actually justifiable reasons to upgrade. Now, switching from one DRM-encumbered format to the next offers no such incentives for the consumer.

wmctrl and friends

wmctrl seems like an awesome utility. I first read about it in Kyle Rankin's Linux Journal column here. The wmctrl project page also has links to a bunch of other desktop-automation and related utilities. This is all going in the "to learn when I have some spare time" file along with screen.

Critique of Zittrain's "The Future of the Internet and How to Stop It"

One book that the technorati have been talking about recently (ok, not so recently... it took me a while to write this article) is Jonathan Zittrain's The Future of the Internet and How to Stop It. For a book written by a co-founder of the Berkman Center and someone who is a remarkably good speaker, I found the work to be disappointing. The book's argument is not convincing and the writing seems to lack discipline, often wandering from one loosely related subject to another.

Zittrain's main point is that the security failings of generative technologies will push consumers to buy more restrictive, and supposedly safer, devices. This claim has a number of problems with it. The first is that tethered devices are not safer or more secure than generative ones -- in fact, normally the opposite is true. Compare the number of vulnerabilities in the Windows operating systems vs the number in Linux or BSD operating systems. Or bugs in Internet Explorer vs bugs in Firefox. This claim is even more dubious the more control the manufacturer has over the device: Richard Stallman points out in his response to Zittran that the iPhone's remote kill-switch makes the iPhone "designed for remote attack by Apple."

The second problem with Zittrain's principal claim is that a consumer has no incentive to prefer a non-generative device. Since non-generative devices are less secure than generative ones, any purported advantage that the non-generative device manufacturer could claim is lost. There is empirical evidence to support the belief that consumers prefer generative devices --Stallman cites the number of jailbroken iPhones as an example. Roger Grimes adds in his response: "It’s hard to say that closed systems are taking a more prominent role when open examples abound. Even the 'closed' systems he mentions are becoming more open thanks to competition and customer demand."

Even if, for the sake of argument, locked-down devices were somehow more secure than generative devices, consumers wouldn't necessarily migrate to non-generative appliances because users rarely make purchasing decisions based on security. Most computers are purchased because the user is comfortable with the platform or because he thinks that the computer is pretty or because that particular computer is necessary to run some type of software. Rarely will a run-of-the-mill consumer take into account a record of operating system vulnerabilities or the pros and cons of different systems architectures when deciding between OSX and Windows.

There are other shortcomings of the book besides the weakness of the main argument. For one, Zittrain mistakes generativity as being a zero-sum game: something is either generative or it isn't. There is a continuum of generativity: for instance, Linux is more generative than Windows XP, but Windows XP is more generative than Windows Vista. It is a fallacy to simply assume that all products fall into one non-generative bucket or the other generative one.

For a book whose title suggests solutions to the problems with the Internet, Zittran's ideas underdeliver. Virtual machines, extra-legal incentives, data portability and network neutrality are all things that are familiar, and have been, to policymakers and programmers for a while. In a book such as this which only worries about theoretical overtures and not about the detailed technical implementation, more out-of-the-box, grander thinking and proposals would have been welcome.

The book has a couple of chapters that feel decidedly out of place. The final chapter regarding privacy and the chapter exploring Wikipedia both don't seem to fit in to the framework of the book. That being said, both are certainly worthy of scholarship on their own merits. I particularly found the chapter on privacy engaging, if not particularly relevant to the rest of the book.

Zittrain's book is still worth a read: it addresses areas of concern in today's Internet and references much interesting material. The end result, however, is unconvincing and disappointing -- keep a few grains of salt handy when reading.

=========================================
REFERENCES / FURTHER READING

Jonathan Zittrain
http://bostonreview.net/BR33.2/zittrain.php
"Protecting the Internet Without Wrecking It"

Richard Stallman
http://bostonreview.net/BR33.2/stallman.php
"The root of this problem is software controlled by its developer"

Bruce M Owen
http://bostonreview.net/BR33.2/owen.php
"As long as flexibility has value to users, suppliers will have incentives to offer it"

Roger A Grimes
http://bostonreview.net/BR33.2/grimes.php
"Fixing Web insecurity requires more than a caring community"

Hal Varian
http://bostonreview.net/BR33.2/varian.php
"Ultimately, the best protection is an informed buyer who demands openness"

Susan Crawford
http://bostonreview.net/BR33.2/crawford.php
"In the eyes of many exiting institutions, security isn't a problem -- it's an opportunity"

David D. Clark
http://bostonreview.net/BR33.2/clark.php
"We need to develop a socially embedded online experience"

Jonathan Zittrain
http://bostonreview.net/BR33.2/zittrainresponse.php
"The best solutions don't assume a zero-sum tradeoff between security and generativity"

Coverage on BoingBoing

Ars Technica review and interview

Watch High Quality YouTube Videos by Default

Explained here. Man, I missed the boat on this one... it's been out for half a year!

Cool Gmail Feature -- Periods do not Matter

It's true: john.doe@gmail.com is the same email address as johndoe@gmail.com as far as Gmail is concerned. And to think that everyone makes such a big fuss about making sure you have that period in the right place when they give out their emails...

This feature is documented in Gmail help here. Gmail even idiot-proofs this feature by having a link to the docs when you receive an email at a different address from the one you registered (see photo).

Some have used this feature to their advantage to reduce spam or create multiple accounts on a web service that all send mail to the same Gmail address.

Thoughts on Facebook and Privacy (or Lack Thereof)

After watching a DEFCON 16 presentation about the vulnerabilities in social networks, I reflected further upon Facebook and the privacy it offers you and me, which is close to nil. Your guarantees to privacy on Facebook depend on a multitude of assumptions, all of which are quite poor. [B]

First, you are trusting that the Facebook developers have implemented the privacy controls correctly such that there is no inadvertent information leakage on the site as a result of bugs. I write code for a living, and let me tell you, bug-free code does not exist. Facebook, like other applications, has had its share of bugs to scramble to fix in the past (including at least one truly amateur mistake) and the future will be (and the present is) no different.

Second, you are assuming that you can configure the myriad privacy options correctly such that every piece of information on your site is accessible to only those that you want it to be. Are you really sure that marking one person as only being allowed to see your limited profile and specifying that picture as globally viewable, for example, will turn out the restrictions you desire for the correct people? How can you tell which preferences override which? It would certainly be tedious to register other accounts (or use friends') and test various combinations of privacy features against their profiles and I am not aware of anyone that does this.

Third, anyone that can see your information is capable of leaking it to the public. [A] With the addition of every friend you are increasing the chance that your pictures, contact info, videos, etc. will be posted and shared outside of the Facebook walled garden. It is simply not possible that each of your 500 friends is not susceptible to give away information that you thought was just between you and them, especially when they have some kind of (monetary or otherwise) incentive to do so. The scenarios of a rival political party digging up dirt on a candidate and gossip magazines researching what someone did last night both come to mind.

Fourth, all of your information can be accessed by any Facebook engineer or executive who choses to do so. The engineers likely need access to real-world pages to debug their code, and the managers can order information from a compliant underling (if Facebook doesn't have internal tools set up already for them to access this information). And let's not forget everyone else that works there (sales, PR, HR, etc.) who can request your personal information as a favor from an engineer friend.

Fifth, just as with any other website, information on Facebook can be subpoenaed in a trial. Facebook, needing to comply with the law, will gladly turn over your personal information to any judge who so wishes.

Sixth, let's not forget the countless ways Facebook could involuntarily compromise your information. A malicious hacker could slurp down personal data off the site. A Facebook employee could negligently leave an unencrypted disk drive with your information on it in a public place. Etc.

The only conclusion is this sound advice: don't put anything on Facebook that you don't want to be exposed to the world. Because chances are, sooner or later, it will be.

Footnotes:

[A] This is, of course, assuming that your group of Facebook friends can not be considered 'the public.' With the amount of friends some have, and especially one's willingness to accept any request that comes their way and fire out friend requests at random, this distinction begins to blur.

[B] I was going to add this post to my Facebook Sucks article but it became too long and I thought it deserved a post of its own.

Updates:

Here is a post for those that want a HOWTO for micromanaging their privacy settings on Facebook. (Even Schneier likes it).

Here is a Slashdot story about a court demanding Facebook information pursuant to a case

DEFCON 16

DEFCON 16 was awesome, as expected. Some highlights:

• The first presentation I went to was called "Hacking in the Name of Science." Here a bunch of University of Washington grad students and a professor discussed the sweet research they are doing, almost all of which has been in the news (Implicating 'downloading' printers to the RIAA monitors, RFID ghost proxies, TCP information leakage, voting machine vulnerabilities, TrueCrypt vulnerabilities, implantable medical device hacking, ISP injected ads, etc.). They discussed the difference between just hacking and what you need to do in an academic setting to study what anyone else would call hacking. They encouraged attending academic security conferences, such as ACM CCS, NDSS, IEEE Security + Privacy, HotSec and Woot
  
• A talk entitled "Satan is on my Friends List" detailed the security vulnerabilities in OpenSocial-enabled websites. These guys demonstrated some hilarious things, including using a CSRF DOS attack: using an img tag placed in an html-enabled form that displays on a page, you can automatically logout anyone that sees that img by pointing the img's src attribute to the logout page. The speakers talked about how the socnet widget applications space is essentially a security free-for-all: apps hacking personal information, apps hacking other apps, etc. An opt-in security model for javascript safety in apps exacerbates the problem. An amusing conclusion to the talk was the speakers' impersonation of another security researcher on social networks which fooled his colleagues and family alike.
• Locksport enthusiast Eric Schmedl gave a talk that had some amusing anecdotes about cloak-and-dagger spying. Mary Lou McFate (NRA infiltrator of anti-gun groups), reconstructing passwords from audio of keystrokes, and multiple phone bugging technologies were discussed.
• Fyodor gave a talk on nmap, the tool he created and how he used it to scan a large subset of the Internet. He also presented some new features of the tool, including traceroute, ping, and netcat-like functionality... what can't it do?
• I briefly stopped in on a talk called "Taking Back Your Cellphone" which plugged the site HowardForums as an excellent resource for phone modification.
• The activity that I took part in for a fair share of my time there was the Lockpicking Village. I bought a set of lockpicks, and tried my skills on a variety of locks lying about the room. I also listened to talks on how to crack certain types of locks, including masterlocks (use coke can shiv, patterns for figuring out combo).
• Probably the most interesting thing that happened at DEFCON nobody got to see: a judge ordered a group of MIT students not to talk about hacking the Boston Subway system. This was rather pointless because 1) the presentation was distributed on CD before the gag was ordered 2) the ban was lifted after the conference 3) MIT's student newspaper put the presentation up on its site
• Other cool things: the badge, the mystery box
• Didn't see these presentations, but I looked at them on the CD:
• "The Death of Cash" features a preview of a world without cash. People are turning to credit because it is more convenient, banks love it because of better profit margins, government loves it because it makes you easier to track. (Note: Illegal to transfer $10,000 in/out of the country without declaring it). This is getting worse with stupid legislation (Patriot Act). Also, national security risk: electronic outages now mean that people can't get access to cash (even more troublesome as electric grid becomes less reliable). Strong crypto might be the basis of a future E-payment system. Advice: keep some cash on hand for emergencies, use non-cash as little as possible. thowlett@netsecuritysvcs.com says the presentation can be downloaded at www.netsecuritysvcs.com/presentations/defcon16/ but I don't see it there...
• An introduction to ham radio called "Ham for Hackers"
• A presentation on Javascript obfuscation that goes over the following methods: ASCII/Unicode escapes, XOR (ASCII/encoding), string splitting, simple encryption, non-obvious variable and function names, member enumeration, whitespace encoding/decoding
• Another presentation on SCADA systems that made me have nightmares
• A HOWTO on SSL cookie hijacking by Tor developer Mike Perry: insert an img tag with src mail.yahoo.com into an unencrypted connection and read their cookie, then save that cookie to cookies.txt and read their email (over SSL, if you want!)
• OCR tools: tesseract, jocr, ocrad
• A presentation similar to "Satan is on my Friends List" for Google Gadgets

Update:
Good photos of the event can be found here