Two weeks ago, it was revealed that there's a nasty flaw inherent in the design of the DNS protocol that underlies almost everything we do on the internet. The implication is that when you're doing your thing on the net, any given bad guy could make your computer go where he wants, instead of where you want, without you knowing about it.

The problem is so bad that the DNS and security experts who were made aware of this all agreed to keep the details quiet for 30 days, in hopes of giving network admins everywhere the chance to mitigate the problem before the bad guys figured out how to exploit it. Meanwhile, one of the recommended workarounds was to use OpenDNS servers if your ISP's servers are vulnerable.

Unfortunately, OpenDNS intercepts failed queries and tries to either correct them or direct them to a search. This breaks some things that rely on knowing whether a lookup actually fails.

Even more unfortunately, OpenDNS intercepts all lookups to www.google.com, and relays them through its own servers. (Apparently this is an attempt to work around some Google-Dell deal that wouldn't otherwise affect people not using Windows on recent Dell desktop computers. Everybody's trying to cash in on invalid web requests.)

So in order to avoid some random bad guys secretly changing where I go when I type something like, say, www.google.com, into my browser, I must use a service that definitely changes where I go when I type www.google.com into my browser. This does not make me feel warm and fuzzy.

Oh yeah, and two days ago the secret leaked early, and everyone now knows how to break unpatched DNS servers. (At least one major ISP I use still hasn't fixed their servers, and apparently many other big ones haven't either.) So, uh, when you go to your bank's website, be sure to click on that little lock icon and make sure the right name shows up before you login to your account.

When my mom recently emailed me about some football player involved in dogfighting, and I had no idea what she was talking about because I get no sports news, I was inspired to make a complete list of where I get my non-technical news:

• Associated Press "Top News", "National News", "Tech News", "Supreme Court News" (via http://my.myway.com, though I now see I can get RSS directly from the AP)
• NPR News / Morning Edition
• NPR's "On The Media"
• Harry Shearer's "Le Show"
• The Daily Show (the only TV news I ever watch)
• Daily Kos
• Pandagon
• The Other Paper, whenever I'm in Columbus and get a chance to pick it up; among other things, it has the some of the best coverage of Ohio government I've seen.

(See also "My Internet", now slightly outdated.)

By the way, the most recent "On The Media" had an interesting story postulating self-perpetuating socioeconomic class differences between MySpace users and Facebook users, due to their origins in the L.A. indie rock scene and the Harvard University scene, respectively. Considering I'm an indie rock fan who hates MySpace but got an account there solely in hopes of more easily tracking indie bands there (didn't work out, see "hates MySpace"), but who's spent almost no time on Facebook, this was kind of interesting to me, and I look forward to reading the source article. Too bad the author didn't cover LiveJournal users.

Update Aug 8: Yeah, OK, I did hear about Barry Bonds breaking the home run record. So much for zero sports news. At least it's a sport I used to follow.

Lately I've been noticing a lot of cases where the successor to a given instance of web technology (specifically within the so-called "LAMP" stack of Linux, Apache, MySQL, and PHP/Perl/Python) isn't necessarily the next version of that instance, but rather something different. "Say what?" Let me explain with the specifics:

( Web Server: Apache 1.3 -> LightTPD )
( Programming Language: PHP4/Perl5 -> Ruby (On Rails) )
( Database Server: MySQL4 -> PostgreSQL ? )
( Operating System: Linux 2.4 -> FreeBSD ? Not much. )

Linux news site LXer has dug up a 1989 article predicting technology in 2001. It's interesting to see where they got things right and where they got things wrong; they seem to overestimate the importance of fax and ISDN, but the ISDN predictions aren't too far from what happened with the Internet.

Turns out that article is on a site (www.AtariMagazines.com) archiving "classic" computer magazines (for Ataris and other 80s computers) such as Antic, Compute!, and Creative Computing, though they don't have my favorite, A.N.A.L.O.G. They're also connected to www.AtariArchives.org, a site archiving the full text of some old Atari books and other resources, many of which I have in my basement along with my 256K Atari 1200XL.

In more current news, the BBC has an article and half-hour RealVideo programme about Google's history and the changes and challenges facing it today.

Just a quick note to point at that Neil Gaiman is right: Pandora is addictive and really cool. It's like getting a personalized streaming radio station, wherever you are on the net.

It uses Flash to give you a streaming music player that plays (a) music you tell it you like (by artist or song title) and (b) music it thinks you'll like based on what you've told it you like. As far as I can tell, it uses musicological attributes rather than Amazon-style "others who like that also like this...", though there may be some of the latter going on as well. I think it may also try to play similar songs from different bands together.

Unfortunately, quite a few of my favorite bands are indie bands that aren't in their database, but I've also been surprised at some of the more obscure stuff that is in there, including Manda & the Marbles, Scrawl, and The Eyeliners. It's also interesting that it figured out that I'd like Dire Straits before I told it so.

It would be nice if I could specify albums rather than songs or artists. In some cases I like certain albums but dislike others. Though I can pick representative songs (or all of them) from the favored albums.

If you don't like something, you can skip it. If you skip a band twice it won't play that band again.

Apparently I'll soon start hearing ads in the stream, which will gradually increase in frequency until I decide to pay for a subscription. Sounds fair to me.

It's amusing that a favorite author is not only leading me to new written work, but also new music and new ways of getting my music.

http://www.pandora.com/

Update: According to Pandora, I seem to be rather consistent about liking music with vocal harmonies and mild rhythmic syncopation -- as well as, quite often, major key tonality and mixed acoustic/electic instrumentation. Just about every time I ask it why it chose a song, it tells me those (with varying levels of vocal harmonies), along with some other attributes. And the more I listen and look at those attributes, the more I think it's trying to keep similar songs together.

One of the things I miss about Columbus is CD101. (The closest we have here is WAPS.) At least CD101 provides an internet feed (though it's Windows Media rather than MP3, Xine can play it on Linux), so I often listen at the end of the workday.

And this weekend is an "undercover weekend" -- all covers all weekend. My kind of covers, too, like Too Much Joy and Paul Westerberg. This even beats half an hour of covers every few days on the Coverville podcast.


BTW, I think I've finally recovered from last weekend, just in time for another -- hopefully a less crazy one.

More proof that Google is cool (and, since he pointed it out, that Neil Gaiman/officialgaiman is cool)....

Google SMS - You can now ask Google questions (Where can I get a pizza nearby? How do I get there? When is Revenge of the Sith playing nearby?) by sending a text message from a cell phone to 46645 (GOOGL).

At one time I used the tiny web browser on my phone to get information while out and about, but I gave up because it was too cumbersome, used too many minutes, and there weren't enough sites compatible with my 2002 phone's mini-browser. I like the idea of using text-messages to replace some of that functionality.

I know, most of what I post here seems to be about cool music I've discovered, or am about to go see, or that others should go see. And these days most of it came to me via podcasts. So here's some more....

A band called Mutiny was recently played on The $250 Million Radio Show podcast. They call their music "folk punk for punk folk," while I'd call it "Celtish fiddle-punk." Really cool.


Also, I keep meaning to mention a couple podcasts that reach back to the past...

Old Wave Radio plays "new 80s music" - music that sounds like 80s music, but is current and generally from unsigned bands. It's become a favorite of mine. Of course Manda and the Marbles were on an early show.
The Dorktones.com Podcast, hosted by a Dutch retro-60s band, plays a mix of obscure 60s music and modern music that sounds like 60s music, and it's pretty much impossible to tell the difference.

Every six months for more than five years now, I've been buying the new release of OpenBSD. Yet I haven't actually installed one of those new releases in almost four years, and haven't actually used OpenBSD in over two years.

So why do I keep buying it? Mostly to support three major aspects. (Non-geeks may want to skip to the last one.)

1. Security - OpenBSD's approach to security is one that deserves attention and support. And since their security solutions often find their way out to the world beyond OpenBSD (OpenSSH being the most prominent example), supporting OpenBSD supports security on Linux and other systems.

2. Free Software Activism - With the popularization of binary-only Linux drivers and software, and the concurrent marginalization of the GNU Project, OpenBSD has become the foremost twister-of-arms in the struggle to get not only useful software under completely-free licenses but also the information necessary to run that software on today's hardware. This work on the part of the OpenBSD people benefits Linux people too. (See also #3 below.)

3. Music - How many operating systems include an original song with each release? Thanks to Ty Semaka, OpenBSD has been doing it for eight releases now, and each one has a different style - techno, industrial, lounge (Bond theme-ish), anthemic hard rock, folk balladry with two types of hip-hop mixed in, Pythonic, Johnny Cash-ish, and now Floydian. They started out as theme songs of a sort, but starting with OpenBSD 3.3's "Puff The Barbarian" they became allegorical commentaries on the political issues the project had been facing, usually related to their efforts related to #2 above. The latest song, for the upcoming OpenBSD 3.7 release, is "Wizard of OS", a Pink Floyd style commentary on closed-specification hardware with a chorus of "Ding dong the lawyer's dead / You're off to see the Wizard kid". (The comments alongside those lyrics help explain my #2 above too.) Presumably the Dark Side of the Moon sound is a nod to the idea of that album being used as a soundtrack to The Wizard of Oz.

But my favorite OpenBSD song remains the second one, OpenBSD 3.1's "Systemagic", with its vampire-slayer motif, goth-industrial sound, and verses like:

Cybersluts vit undead guts
Transyl-viral coffin muck
Penguin lurking under bed
Puffy hoompa on your head

Oh yeah, and if I ever need to set up a secure web server quickly, I always have the install CDs on hand, though for long-term maintainability I still prefer Debian.

Today I got up early and joined some Canton friends for a seven-hour excursion for lunch in Columbus. Why?
We went to meet Duane Groth, president of the CAcert board.

CAcert is a project intended to apply a strict form of the PGP-style "community web of trust" model to SSL-style (X.509) certificates, rather than paying someone like Verisign or Thawte to sign your certificates. CAcert uses a point system: people get points by being "assured" (having their identity verified) by someone with enough points to have that power. Normally you get up to 35 points for being assured by one person, and once you accumulate 150 points you can assure other people. (There are also certificate-related benefits available depending on the number of points you have.)

Duane is on an extended leave from Australia to tour the U.S. promoting CAcert and seeding the system by creating new Assurers. As a board member, he has the power to award 150 points to a person all at once, immediately making that person an authorized assurer, who is then able to award up to 35 points per authenticated person. (I like to think of it as a bit like getting your PGP key signed by Phil Zimmerman, though the web-of-trust models work a bit differently. Which made me wonder, stega did you ever get a PGP key signed by Zimmerman before fleeing his company?)

So now I am authorized to authenticate people and award up to 35 points to them, as are the other people I went with. (As I write this I am among a total of 1775 authorized CAcert assurers in the world, and 23260 verified users in the system.) I can also create assured client certificates, code signing certificates, and server certificates. The only problem is that today's SSL client software does not yet trust CAcert by default; the CAcert root certificate must be imported and trusted. Apparently it would cost $75000 plus $10000/year to get it into Internet Explorer (far outside CAcert's budget), but they are working on getting it into Mozilla/Firefox.

Do you need to build a hyperspace bypass? Or are you just feeling remarkably antisocial? Well, you might find this feasability study to be useful.

I've now been listening to some podcasts for about a month, and I've found some great stuff, some of which I've already mentioned.

( My Favorite Podcasts )
( How I get them )


Update: I haven't listened to it yet, but The Dragon Page ("Literary Concepts in Fantasy and Sci-Fi") looks like something a lot of my friends might enjoy. They also have a nice nontechnical introduction to podcast listening for the uninitiated.

Update 2: AP just put out a story on podcasting. Also, I forgot to mention BandTrax earlier, so that's now on the list.

Lately I've been hearing about the phenomenon of "podcasting", which is sort of audio blogging with RSS feeds used for downloading the audio to portable MP3 players, particularly iPods. (The latest way it caught my attention was a discussion on NPR's "On The Media".) One interesting side aspect of the whole thing is one of the main promoters and enablers of podcasting is a former MTV VJ, Adam Curry, through his ipodder web site and software.

So this evening I decided to take a look at what sort of podcasts are available. I started at ipodder, found the directory of podcasts, went to the category listing, chose Music, Independent Music, and Alt/Modern Rock, and saw a list of three podcasts. "IndieFeed Alternative/Modern Rock Channel" sounded most interesting to me, so I loaded that into my RSS reader and found 15 entries. I clicked on the latest one, and found.... Manda & The Marbles, a favorite Columbus band that I used to go see play in the basement of Donato's when they were just The Marbles.

It was quite odd to go from hearing an NPR discussion on podcasting to downloading my first podcasting feed and discovering that it's a band I know personally.

Now to figure out the best way to (auto-)download and listen to podcasts with Linux and without an iPod. Maybe (with the help of CD-RWs) it'll be another reason to get an MP3/CD player in my car....

Update: Podcast Alley seems to be an easier place to find podcasts than ipodder is.

The Internet is big, really big. That's obvious. But what isn't necessarily so obvious is that it actually looks different to different people. (I'm not talking about browser differences, that's a separate issue.) Everyone has a different set of sites that they frequent, and for each person the Internet looks like that collection of sites.

So here's what the Internet looks like to me.... ( Read more... )

Wired has a great article about BitTorrent. Besides interviewing the author and briefly explaining how BitTorrent works, I like that the article spends a lot of time on the issue of using BitTorrent for TV show timeshifting -- "the Internet becomes a giant TiVo." That's the most interesting aspect of BitTorrent for me, but it's one that normally gets ignored in the press because the movie and record industries draw so much attention.


BTW, thanks to the Blogdex RSS feed (aka blogdex on LJ, though that's not how I read it) for pointing this article out to me. Blogdex is great for keeping up with what stories are making the rounds of the "blogosphere". (The right-wing warblogs do hold a bit too much sway in the index for my taste, but then the rest of us probably hold too much sway for their taste, so it's fair.)

It seems that Hollywood has finally noticed BitTorrent. In case you're unaware, BitTorrent is a peer-to-peer file sharing system that allows you to get high download speeds and low upload speeds by sharing upload bandwidth among all downloaders, many-to-one. (This works out best if people stick around uploading for a while after they've finished receiving the whole file.) This contrasts with most peer-to-peer file sharing systems, which share searches but actual file transfer is one-to-one. And BitTorrent doesn't handle searches at all.

Anyway, the story implies that those using BitTorrent to download movies may be the next lawsuit targets, since the protocol makes no attempt to make users anonymous. They even mention the popular torrent site SuprNova as a source for movies and such.

Of course, BitTorrent has plenty of legitimate non-infringing uses, just like VCRs.

I'm on a lot of email lists. Some of them (mostly technical or pagan) I specifically chose to subscribe to, and others (mostly political) I ended up on through one affiliation or another and never bothered to unsubscribe. I also include status emails from my computers in the list category (at least that's the way my filtering/sorting system works). The way work's been going lately, I've had trouble keeping up with my list mail, so by this evening I had over 800 unread messages in that mailbox, going back to early October. So I spent much of the evening attempting to catch up.

Meanwhile, earlier this evening on a whim I read a bit out of a book on internet routing protocols. This may not seem immediately relevant.....

Anyway, going through this email from October (I haven't gotten up to November yet) was a bit surreal. Lots of messages about how well various Democratic senate candidates were doing (most of them lost, of course), lots of messages about Kerry and Edwards doing so much better than Bush and Cheney in the debates, and so on. Not good for post-election depression, though a sense of humor helps.

One message mentioned Bush's debate gaffe referring to the "internets", which every net-savvy person laughed at. But that routing protocol book reminded me that the truly net-savvy people are aware of other internets besides The Internet, whether small private inter-networks or large projects like Internet2. So maybe Bush was more right than he knew, though I still think it was a true mistake.


BTW, I'm heading to Columbus this weekend to help my grandmother recover from a stroke....

Hey cool, my friend Jeff got a story about his run for Congress in the latest Cleveland Scene!

Jeff got hardly any quotes in there though; looks like they mostly talked to his communications director and other staff.
My favorite lines:

"The vast majority of the people don't even use the internet or pay attention to it." - Ralph Regula, Jeff's 32-year incumbent opponent (and a client of my new employer)

"Someone pointed out: Ohio's close to Canada." - Carl Manaster, a new member of Jeff's campaign, when asked what happens if neither Jeff nor John Kerry wins

I was just looking for some info on kiosk Linux installations that might help with a local coffeeshop's public internet terminals. I soon found myself at the web site of DNA Lounge, a San Francisco nightclub run by Netscape/Mozilla/XEmacs hacker Jamie Zawinski (aka jwz); he has a nice writeup of how he set up internet terminals there.

He also has an interesting writeup of the "labyrinthine" issues involved in legally providing free internet webcasts; it ends up costing $20,000/year! (However, that writeup is nearly two years old now, so I don't know how much of the info still applies.)

Anyway, the webcasting is particularly interesting to me. I like this:

Our goal is simple: if it goes out over the club's sound system, it goes out over the web as well.

I don't make it out to San Francisco very often and have never been to DNA Lounge (I believe stega has mentioned going there though), but now I discover that I can hear whatever's currently playing there (taking into account the three-hour time difference), or a choice of sounds from any evening in the past two weeks.

Considering all the performers who have played there and will play there, as well as the music the DJs play there, I think this is pretty damn cool.

It'd be really great if other venues would do the same. I'd love to get Little Brother's or Bernie's streaming to my home.

I might have to write a SlimServer plugin to make it easier for me to access the various DNA Lounge streams at my living room stereo. Yet another thing to add to my list of projects.