Q: These researchers have discussed their desire to maintain secrecy so that the hammer of legal action couldn't be used to prevent publication. Does VeriSign intend to sue these researchers?

A: Security researchers who behave ethically have no reason to fear legal action from VeriSign. Since its inception VeriSign has been one of the world's leading forces for online security, and the company has consistently used its resources and expertise to assist online security's progress. In fact, VeriSign is itself a white-hat security research firm (through our widely respected iDefense Labs), and we understand the concept of "ethical hacking." We're disappointed that these researchers did not share their results with us earlier, but we're happy to report that we have completely mitigated this attack.

Apparently the researchers disclosed to MS and Mozilla but refused to talk to Verisign for fear of preemptive legal action. I have to say that I can't blame them for being skittish. There is plenty of evidence in general that large companies will use their resources to go after security researchers making claims they want to silence. Microsoft and Mozilla are the exceptions. They are among the few companies who really do get security and deal with it very responsibly and professionally. I'm not sure Verisign's association with iDefense puts them in the same category.

The Sitefinder debacle was an absolutely outrageous abuse of power that sort of overshadows any good they might have done in the past. They made it absolutely clear in the midst of that incident that they don't care what technical professionals think about their company. I believe their CEO Stratton Sclavos used the word "zealots" in a news media interview to refer to people who disagreed with their actions. I'm pretty sure a frivolous lawsuit against a handful of "hackers" that has no basis in law would cause a less widespread outcry. If you are willing to do the one there is no reason why you wouldn't do the other.

Sclavos may be gone, but its going to take a hell of a lot more than complaining about not being in the loop before the sort of people he called "zealots" will be willing to trust the company he used to operate.

Tim Callan's SSL Blog - Online Security

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

MD5 considered harmful today

The press was the filter. And the press came to believe its own PR and it conflated size with authority: We are big, therefore we have authority; our authority comes from our bigness.

But the press, of all parties, should have seen that this didn’t give them authority, for the press was supposed to be in the business of going out to find the real authorities and reporting back to what they said.

This blog post is a good example of an ongoing dialog among the twitteratti that echos many of the questions we wrestled with when creating MemeStreams.

I've been thinking that Twitter is in fact solving the problem that MemeStreams sought to solve, moreso than Digg or the blogosphere have... Its the closest thing that has come along.

1. Smart people are using it.

2. Its people focused. You can see who the people you are following follow. Like our Audience and Sources.

3. Its uniform. There is a good chance that a link someone posted to twitter came from one of the twitter feeds they follow. Because you know what they are following and how to parse it, you can find out where things came from. This is different than the blogosphere, where you don't know what people are reading and chances are they are reading sources that post with different formats and software than they use.

4. Like MemeStreams, its a social network based on interest rather than relationship - you can follow anyone and they don't have to follow you back, or even know who the hell you are.

There are some things that you want that it doesn't have, such as automatic source attribution, but what it does have is a lot of people on it, the value of which cannot be overstated. It is also highly apied and programmable.

Twitter may be the most powerful tool that has come along for actual memetic analysis of Internet discussion.

Something interesting is about to happen here. There may be opportunities to create very powerful tools out of this.

Attention + Influence do not equal Authority

dc0de wrote:
I hate to say it, but if you want to work for Large Corp, you get the stable job, with the stable pay, and the stable benefits.

Stable Job? Stable Benefits? Frankly, big companies have been slashing healthcare benefits systemically for years and various big company management fads such as reorganization, outsourcing, and offshoring have completely killed the notion that corporate jobs are stable. My friends who aren't allowed to wear jeans to work still fear layoffs.

I honestly think the big difference between working in small versus large organizations is that the former offers freedom but demands flexibility... to be effective at a startup you have to be a generalist... whereas the later provides a more conformist environment but allows people the space and time to dig deeply into single, highly specialized areas that small companies can't afford to devote entire headcounts to.

I don't think the one should really look down its nose at the other. They are doing different things. Big companies tend to gravitate toward academic research because it suits them - they have money to allow people to devote their lives to developing a deep understanding of narrow technical subjects - the value of which is applied by other people - by teams of people. There is something to be said for digging that deep into a technical matter without having to be concerned with its short term contribution to revenue. But big companies are not good at going after new opportunities, because they have all these specialized people who are organized in a system to mine the old opportunity. It is easier sometimes to build a new system to pursue the new opportunity than it is to try to change the way an entrenched system works.

One of the problems that we have in our economy is that opportunities that are developed by these people who have devoted their lives to the deep exploration of a technical matter are often prevented from being realized by intellectual property laws that tie them to the interests of large companies who are ill suited to pursue them. A legal system that is more devoted to the vigorous defence of property rights than to the promotion of innovation is going to produce more centralized wealth at the expense of technological progress and overall standard of living/overall wealth. The fundamental idealogical fallacy in our society is the idea that maximizing property rights makes people in general more wealthy. In fact, a society can achieve its greatest wealth potential by maximizing innovation, which is a different value than property rights and the two are not always aligned.

RE: The Innovation Problem

Congrats to Rattle and his lovely new bride!!:) Many Best wishes!!

CONGRATS NICK AND YUN!!!!!

In her San Francisco dining room lab, for example, 31-year-old computer programmer Meredith L. Patterson is trying to develop genetically altered yogurt bacteria that will glow green to signal the presence of melamine, the chemical that turned Chinese-made baby formula and pet food deadly.

The associated Slashdot thread includes an alarming post:

Take botulism toxin: the DNA encoding it is well known, and short enough that one could order it directly from a DNA synthesis company.... That entire process could be done with someone with basic college level biology and about $5k... I could produce enough to kill my entire university, starting from scratch, in about 2 weeks, give or take, maybe faster.

If this is correct, significant steps may need to be taken to accelerate the process of developing regulations in this area. Unlike Bill Joy, my preference is a regulatory regime that is focused on controlling access to raw materials and tools, rather than one that focuses on controlling access to information. It remains to be seen whether the former is workable, but Joy's perspective seems to be that this isn't a question worth asking.

The article juxtaposes these experimenters with a voice that seems rather shrill:

Jim Thomas of ETC Group, a biotechnology watchdog organization, warned that synthetic organisms in the hands of amateurs could escape and cause outbreaks of incurable diseases or unpredictable environmental damage.

ETC Group has the following to say about biotechnology:

ETC group is not fundamentally opposed to genetic engineering, but we have profound concerns about the way it is being foisted upon the world. In the current social, economic and political context, genetic engineering is not safe, and involves unacceptable levels of risk to people and the environment. For ETC group, the fundamental issue is control.

Am I being unreasonable in retranslating that as follows: "We're not opposed to genetic engineering outright, we're just opposed to capitalism and modern liberal democracy, and so we're opposed to any and all genetic engineering while we live under a capitalist/democratic system."

Such perspectives are self-discrediting. Genuine concerns about the risks posed by amateur biology labs aren't going to turn into practical regulations unless they are voiced in a serious way by serious people who are not also interested in destroying the entire social order of the modern world.

There seems to be a vaccum here that is begging to be filled by a voice that is less arrogant that Joy, less partisan than ETC Group, and more urgent that the slowly moving idustry process in the biological materials supply business.

Amateurs are trying genetic engineering at home - Yahoo! News

I think that was a neurontin I swallowed. Used to take those. Boy that was really stupid. Santa came. He brought a gun.

Having awoken to Christmas morning from a strange, alcohol fueled nightmare involving CIA agents who control people with heroin, I found my sister still sleeping and so I popped on to twitter to kill some time. Blurry eyed and having absolutely no idea what neurontin is and no context for this tweet because I hadn't seen your earlier comment about your foot hurting, I imagined wanton Christmas carnage had occured at your home under the influence of randomly selected psychedelics. The sort of Christmas story you'd get from a tag team of Quentin Tarantino and William S. Burroughs. So, thanks, I guess, for the strange mental image which I hope is the furthest thing from the truth. :)

Twitter / skullaria: I think that was a neuront ...

"What was it?" asked mamma. "Saint Nicholas?" She smiled.

"Yeah," I said.

She sighed and turned in the bed.

"I saw him," I said.

"Sure."

"I did see him."

"Sure you saw him." She turned farther toward the wall.

Delightful. The history of the original poem linked at the end is also interesting.

A Visit from Saint Nicholas In The Ernest Hemingway Manner by James Thurber

ubernoir wrote:
merry christmas

Well, you could have AT LEAST bothered to capitalize that! :) Are you already up for Christmas morning there? Its 8PM on Christmas eve where I am. I hope everyone is having a good holiday.

RE: 25th December

A collection of brief "vision statements" for government funded computing research.

Computing Research Initiatives for the 21st Century