Someone Is Learning How to Take Down the Internet

Bruce Schneier says Someone Is Learning How to Take Down the Internet:

Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

The attacks are also configured in such a way as to see what the company's total defenses are. There are many different ways to launch a DDoS attacks. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they've got to defend themselves. They can't hold anything back. They're forced to demonstrate their defense capabilities for the attacker.

(Via Schneier on Security)

The Day the Internet Became “internet”

The Day the Internet Became “internet”. Apparently today several style guides are switching to not capitalize Internet. I think this is absurd. I fall into this camp:

Most of those reasons come down to this: In the 1970s, the word “internet” was derived from the word “inter-network,” which was defined as a set of smaller networks that exchanged data using one set of rules. So, in the eyes of the general population (or at least of the engineers who used inter-networks) there were multiple internets, and they were always lowercase. When people started using dial-up internet services, however, the need to disambiguate wedged a the before the word and encouraged capitalizing

And I don't get the counter argument:

“There’s a huge generational divide on this issue,” she said. “Making it have a proper name, made sense. It was the Thing, the Internet. Now, for people who are born after 1990, it’s where you live, and where you exist and any notion of it being a proper name seems very strange.”

I live and exist in Massachusetts not massachusetts.

One reason for this passionate response, according to McCulloch, is that the internet has made casual, informal writing more visible and available to the average person. Whereas written material produced by older generations may have been largely formal — a work memo, or a college paper — texting and chatting is an everyday exercise for most these days. And in participating in this way, people quickly attach a sense of identity to the style of writing they use.

“Even if they’re not consciously aware, people might be subconsciously aware of the trajectories for linguistic change, like which forms seem new, which forms seem associated with young people,” McCulloch said. “If you want to indicate you are a young person and you are with it, then you’re going to use the forms that are associated with people who are more technologically savvy. So if you want to show that you’re someone who really gets the internet I think you’re more likely to use lowercase internet.”

I've been writing informally on the Internet for 35 years. As far as I can tell from "young people texting", no words should ever be capitalized and most are spelled differently than in the dictionary (vowels seem optional, like in Hebrew).

There's one Internet, it's a proper noun. It's not like phonograph or electricity (other counter examples I've seen recently of words that were originally capitalized).

And as far as this comment on the article: "Whenever I see people write it as ‘Internet’ or ‘Inter-net’ or the ‘Web’ or the ancient ‘World Wide Web’ it just made me think that person was old and didn’t really understand how the internet worked." Hah! (or should I say LOL, I'm fine with that), the odds are I understand how the Internet works better than you. "For my peers and I the internet is just a part of life, there was never really a time before it. You use it all the time to help you find a restaurant, watch movies or it teaches you how to tie a tie. You’re part of the internet all the time because you have a social media account and everything you post on Instagram or Twitter is from you." The same can be said for the Earth and we capitalize that when we're not referring to dirt.

Internet Hall of Fame

I did not know there was an Internet Hall of Fame.

History of Telephone Tapping

The Wikipedia page on the history of Telephone tapping is pretty interesting. There's a constant back and forth between new technology and about 10 years later government wanting easy access. There's also a long history of government exceeding legal means to tap private communications. Also this:

In the Greek telephone tapping case 2004–2005 more than 100 mobile phone numbers belonging mostly to members of the Greek government, including the Prime Minister of Greece, and top-ranking civil servants were found to have been illegally tapped for a period of at least one year. The Greek government concluded this had been done by a foreign intelligence agency, for security reasons related to the 2004 Olympic Games, by unlawfully activating the lawful interception subsystem of the Vodafone Greece mobile network. An Italian tapping case which surfaced in November 2007 revealed significant manipulation of the news at the national television company RAI.

FCC's Proposed Wi-Fi Rules Are Crap

Internet Inventor Vint Cerf Thinks the FCC's Proposed Wi-Fi Rules Are Crap

In order to prevent those kinds of modifications., the FCC’s proposals would limit the extent to which users can mess with the software on their routers, including preventing loading popular third-party firmwares like DD-WRT. Naturally, privacy-minded home tinkerers around the world freaked out.

Yes, that would be crap. This is much better:

In an open letter filed with the FCC today, the group has put forwards an alternative framework for how routers would be regulated, with a focus on security and openness. Their rules would require router manufacturers to post source code online, update it against security flaws frequently, and face tough FCC sanctions if they failed to comply.

California Now Has the Nation's Best Digital Privacy Law

Wired reports California Now Has the Nation's Best Digital Privacy Law

California continued its long-standing tradition for forward-thinking privacy laws today when Governor Jerry Brown signed a sweeping law protecting digital privacy rights.

The landmark Electronic Communications Privacy Act bars any state law enforcement agency or other investigative entity from compelling a business to turn over any metadata or digital communications—including emails, texts, documents stored in the cloud—without a warrant. It also requires a warrant to track the location of electronic devices like mobile phones, or to search them.

The legislation, which easily passed the Legislature last month, is the most comprehensive in the country, says the ACLU."

Time for Massachusetts to catch up.

Ad Networks and Video Piracy

iMore is a site that writes about Apple tech. I've gone back and forth if I care for it, but many people do. One thing that seems the case, it has really intrusive ads on the site. Recently, as a result of iOS Safari Extension extensions enabling content blockers on that platform for the first time, some Apple followers have written about the utility of cleaning up some sites with egregious ads and sited iMore as a prime example (I believe the term was "shit-ass"). iMore responded with a good post describing the state of ads and financing for sites such as theirs Content blockers, bad ads, and what we're doing about it.

"Dean's right, Nick's right, and John's right. Of course they are. As I said in the original response, I know that, you know that, and everyone working at iMore and our parent network, Mobile Nations, knows that. Ads in and of themselves aren't bad, and can indeed provide a service where everyone wins, which is why so many sites and so many mediums employ them. But many of the ads—and the services that deliver them—suck. We all know that."

"Currently, ads pay the bills at iMore and Mobile Nations. That hasn't always been the case. Back in the heyday of TreoCentral and CrackBerry, accessory and app sales provided significant revenue. So much so that, for a while, we had zero ads. Now that app stores are built into the operating systems, phone cases are available at every mall kiosk, and Amazon.com sells gear at steep discounts, that revenue has largely gone away."

While we sell premium ads directly to advertisers, that only fills a small subset of the required "inventory" to support the network. Some 85% of ads we served last month were "programmatic"—provided by ad exchanges like Google Adx and Appnexus. Those exchanges are pretty much black boxes. We get a tag, we insert it, and ads appear.

We also have no ability to screen ad exchange ads ahead of time; we get what they give us. We can and have set policies, for example, to disallow autoplay video or audio ads. But we get them anyway, even from Google. Whether advertisers make mistakes or try to sneak around the restrictions and don't get caught, we can't tell. It happens, though, all the time.

When bad ads appear, we report them and ask that they be disabled. Since different people in different geographies see different ads, it can be a challenge to identify them, and it can take a while to get them pulled. It's a horrible process for everyone involved.

There's much more in the article and it's well worth a read. Basically these sites have outsourced their revenue to a third party and have no control over it anymore. You'd think a third party specializing in ads would be able to concentrate on just that and do it well (that's the outsourcing rationale) but of course, they have their own goals and they may be different than yours.

Another Internet problem is a new term for me, "freebooting". Slate describes, Facebook's Privacy Problem. "Freebooting: Stolen YouTube videos going viral on Facebook"

The problem was that Sandlin had never posted it to Facebook, and the version of it that appeared in millions of users’ News Feeds overnight wasn’t his. Rather, a British lads’ magazine called Zoo had apparently downloaded (or “ripped”) his video from YouTube, edited it to strip out references to Sandlin and his SmarterEveryDay channel, and posted the edited version on its own page, using Facebook’s native video player. It was an instant sensation, garnering millions of views and a raft of new followers for Zoo’s page. Sandlin, who puts some of the revenue from his YouTube videos toward his kids’ college fund, got nothing. (Zoo’s parent company, Bauer Media, declined to comment for this story.)

The article goes on to describe how Facebook and Google deal with copyright enforcement and how Facebook is basically attacking YouTube (which plays ads in front of videos to generate revenue) to gain marketshare (so that in the future they can monetize viral videos).

Code Specialists Oppose U.S. and British Government Access to Encrypted Communication

Code Specialists Oppose U.S. and British Government Access to Encrypted Communication

"On Tuesday, the group — 13 of the world’s pre-eminent cryptographers, computer scientists and security specialists — will release the paper, which concludes there is no viable technical solution that would allow the American and British governments to gain ‘exceptional access’ to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger."

Article Dump

Here are a few technical articles that have been in my Instapaper that I've been meaning to blog.

• Dan Froomkin wrote in The Intercept in May 2015, Speech Recognition is NSA's Best-Kept Open Secret

• Ross Anderson wrote Meeting Snowden in Princeton.

• Wired wrote The Untold Story of Silk Road in two parts, Part 1 and Part 2

• Carnegie Mellon Today wrote a nice history of the Net Neutrality debate.

• Caraig Timberg wrote in The Washington Post The real story of how the Internet became so vulnerable. "The Internet’s founders saw its promise but didn’t foresee users attacking one another."

• If you have access to The Wall Street Journal, The Inside Story of How the iPhone Crippled BlackBerry was a pretty good read.

A couple of older pieces from late 2013:

• Wired posted How Steve Jobs Made the iPad Succeed When All Other Tablets Failed adapted from Dogfight: How Apple and Google Went to War and Started a Revolution

• From Dec 2013, How I Built Emojitracker

How the NSA Converts Spoken Words Into Searchable Text

Tuesday The Intercept explained How the NSA Converts Spoken Words Into Searchable Text "Top-secret documents from the archive of former NSA contractor Edward Snowden show the National Security Agency can now automatically recognize the content within phone calls by creating rough transcripts and phonetic representations that can be easily searched and stored. The documents show NSA analysts celebrating the development of what they called “Google for Voice” nearly a decade ago."

So it's probably ok (at least to us) that they do this for foreign phone calls. It's debatable if it's between a US citizen and a foreigner but we know under current guidelines the NSA would say that's fair game. The problem is, they're doing this not just for traditional phone calls but also for voice over the Internet, for example, Skype and probably most other popular VOIP systems. So once you accept that they do that (which makes sense because traditional phone use is declining) I'm sure they start to argue that it's difficult to intercept voice communication knowing that it's not purely domestic, so they collect it all and only scan what they need. Or maybe they have a computer scan everything and only report calls that have at least one foreign endpoint, unless they're really suspicious or something. So now you have to assume they're collecting every "voice call on the Internet". Are you ok with that? Are you okay with that program being authorized in secret, with no serious oversight?

Verizon Wireless Customers Can Now Opt Out of 'Supercookies'

The NY Times reports Verizon Wireless Customers Can Now Opt Out of 'Supercookies' "Verizon Wireless customers now have the ability to completely opt out of the phone carrier’s controversial ad-targeting program that tagged users with undeletable tracking codes, which critics called ‘supercookies.’"

To disable the header tracking, users can opt out of the program called Relevant Mobile Advertising. When that happens, Verizon stops inserting the header, according to the company. Users can unsubscribe from the program on Verizon’s website or by calling 1-866-211-0874.

The Independent Discovery of TCP/IP, By Ants

The Independent Discovery of TCP/IP, By Ants.

Neat article. It turns out that the way harvester ants determine if it's safe to look for food is very similar to the way TCP deals with network congestion.

Individual harvester ants would forage for seeds to bring back to the colony. Once they’d left, they would not come back until they found something. As you might imagine, this didn’t work out for some ants: ants would often perish before ever finding food, or carrying a seed back to the nest, particularly on the hottest and driest of days. Gordon had noticed that colonies had adapted to their desert environment by not “sending out” as many foragers on extremely hot and dry days, subsisting on the seeds they had stored up instead.

Through careful observation and experimentation, Gordon discovered that would-be foragers wait at a narrow tunnel entrance to the colony. Whenever another forager ant returns with food, it drops off its load, and touches antennae with waiting ants. Whether or not any individual forager sallies forth depends on the number of interactions it has with returning foragers, and the timing of those interactions -- so a complex collective behavior is governed solely through simple individual interactions.

That's one of the important points, there's no "manager" that everyone reports to that determines how many ants to send out. TCP works the same way, there isn't a special manager computer on the network (since it would be bad if that one machine crashed). Instead they all work via a set of rules so that they collectively figure out a good thing to do.

Transmission Control Protocol, also known as TCP, is a big part of what makes the Internet possible. The Internet involves a lot of machines sending each other files including websites, videos, text documents, audio -- over a vast network of hardware including routers, cables, satellites, cellphone towers, and of course computers. The problem is that sometimes parts of the network fail -- hardware can break, or become overloaded and slow down dramatically.

If a source hosting a file is using TCP, it breaks the file down into smaller chunks, called “packets”. It sends out a bunch of packets to the requester, and monitors the acknowledgements of receipt, called “acks”, to calibrate how quickly to send the rest of the packets.

The article also includes this table of other technical problems we've solved in a similar way to low level biological systems:

This Is How We Will Ensure Net Neutrality Wins

FCC Chairman Tom Wheeler wrote in Wired, This Is How We Will Ensure Net Neutrality

"That is why I am proposing that the FCC use its Title II authority to implement and enforce open internet protections.

Using this authority, I am submitting to my colleagues the strongest open internet protections ever proposed by the FCC. These enforceable, bright-line rules will ban paid prioritization, and the blocking and throttling of lawful content and services. I propose to fully apply—for the first time ever—those bright-line rules to mobile broadband. My proposal assures the rights of internet users to go where they want, when they want, and the rights of innovators to introduce new products without asking anyone’s permission.

All of this can be accomplished while encouraging investment in broadband networks. To preserve incentives for broadband operators to invest in their networks, my proposal will modernize Title II, tailoring it for the 21st century, in order to provide returns necessary to construct competitive networks. For example, there will be no rate regulation, no tariffs, no last-mile unbundling. Over the last 21 years, the wireless industry has invested almost $300 billion under similar rules, proving that modernized Title II regulation can encourage investment and competition."

The Verge comments, "The proposal still needs to be voted on by the FCC on February 26th, but with only two Republican opponents on the five member commission it faces no serious threat of failure internally. Congress, on the other hand, may attempt to undermine the FCC's authority with legislation."

One of the biggest science breakthroughs of 2014 never really happened

Vox reports One of the biggest science breakthroughs of 2014 never really happened "Although it's never encouraging to see scientific misconduct, the speed with which this was caught shows how researchers are now using social media to unearth shoddy science. For example, PubPeer, which basically hosts comments sections for papers, played a huge role in picking these papers apart, as did Knoepfler's blog."

Net Neutrality News

Ars Technica reported Verizon admits utility rules won’t harm FiOS and wireless investments. "Internet service providers have consistently told the government that utility regulation of broadband would harm infrastructure investment. AT&T has (not very convincingly) claimed that it can't consider any new fiber upgrades while the Federal Communications Commission debates whether to impose utility rules on broadband under Title II of the Communications Act. But Verizon struck a blow to that narrative [Tuesday] when Chief Financial Officer Francis Shammo said utility rules will not influence how Verizon invests in its networks."

Also, Ignoring AT&T and Verizon protests, FCC says “broadband” has to be 10Mbps. "Internet service providers that use government subsidies to build rural broadband networks must provide speeds of least 10Mbps for downloads and 1Mbps for upload, the Federal Communications Commission (FCC) decided [Thursday]. "That is an increase reflecting marketplace and technological changes that have occurred since the FCC set its previous requirement of 4Mbps/1Mbps speeds in 2011," the FCC said."

Gizmodo wrote, A Ton of Tech Companies Just Came Out Against Net Neutrality. "More than 60 huge tech companies including Intel, Qualcomm, Cisco, and IBM have written a letter to leaders in Congress and the FCC opposing net neutrality. The free and open internet isn't going to happen without a fight."

Court difficult to read on Facebook threats: In Plain English

SCOTUSblog on Monday's arguments, Court difficult to read on Facebook threats: In Plain English "It is often hard to make predictions about how a case will turn out based on the oral arguments.  That was particularly true today, in Elonis v. United States.  At issue in the case is whether a Pennsylvania man’s conviction for making threats on Facebook should stand when he claims he was just ‘venting’ about his personal problems and did not actually mean to threaten his ex-wife and an FBI agent.  Although the Roberts Court has been consistently supportive of free speech, even when the substance of that speech is unpopular or even downright offensive, it wasn’t clear this morning that Anthony Elonis can count on the same kind of support.  At the same time, there was no obvious path to victory for the federal government either, and the end result could be a decision that neither side likes.  Let’s talk about today’s argument in Plain English.

As I explained in my preview last week, the case before the Court boils down to what test a court or jury should use to figure out whether threatening statements like the ones that Elonis made on Facebook are “true threats” that are not protected by the First Amendment. The government argues that the test should be an objective one that looks at whether an average person (in legal parlance, a “reasonable person”) would interpret the statement as reflecting a serious intent to harm someone. By contrast, Elonis argues that the test should be a subjective one: did he personally intend to threaten anyone?"

Lyle Denniston provides his Argument analysis: Taking ownership of an Internet rant.

Kickstarter: Lunar Mission One

I find this remarkable. LUNAR MISSION ONE: A new lunar mission for everyone. by Lunar Missions Ltd — Kickstarter "Now is your chance to participate in this global project from the start, by pledging a donation at this early stage and helping us to move the project into the next phase of development."

Seriously. They're trying to fund a 10 year robotic mission to the moon, ON KICKSTARTER! For only $940,000! And they're already a third of the way there. Amazing.

Let’s Encrypt: Bringing HTTPS to Every Web Site

Freedom to Tinker describes Let’s Encrypt: Bringing HTTPS to Every Web Site. Sounds like a great idea.

Obama's Plan for Net Neutrality

Today Obama made a strong statement on Net Neutrality. President Obama's Plan for a Free and Open Internet. "So the time has come for the FCC to recognize that broadband service is of the same importance and must carry the same obligations as so many of the other vital services do. To do that, I believe the FCC should reclassify consumer broadband service under Title II of the Telecommunications Act — while at the same time forbearing from rate regulation and other provisions less relevant to broadband services. This is a basic acknowledgment of the services ISPs provide to American homes and businesses, and the straightforward obligations necessary to ensure the network works for everyone — not just one or two companies."

I totally agree.

Kottke has collected a few comments on the statement, Obama's plan for "a free and open internet".

Happy 45th Birthday, Internet!

Yesterday was the 45th birthday of the Internet. Happy 45th Birthday, Internet! "How do we define the invention of the internet? It's a question that scholars and armchair historians have debated for decades. Did it start with the birth of the web? Did it start with the adoption of TCP/IP? You could make a case for either. But one seminal moment in the creation of the internet cannot be denied: the first host-to-host connection of the ARPANET between UCLA and Stanford on October 29, 1969. At 10:30pm."