Category Archives: internetz

MP3 is Dead; Long Live MP3

If you read the news, you may think the MP3 file format was recently officially “killed” somehow, and any remaining MP3 holdouts should all move to AAC now. These are all simple rewrites of Fraunhofer IIS’ announcement that they’re terminating the MP3 patent-licensing program…

MP3 is no less alive now than it was last month or will be next year — the last known MP3 patents have simply expired…

MP3 is very old, but it’s the same age as JPEG, which has also long since been surpassed in quality by newer formats. JPEG is still ubiquitous not because Engadget forgot to declare its death, but because it’s good enough and supported everywhere, making it the most pragmatic choice most of the time.

AAC and other newer audio codecs can produce better quality than MP3, but the difference is only significant at low bitrates. At about 128 kbps or greater, the differences between MP3 and other codecs are very unlikely to be noticed, so it isn’t meaningfully better for personal music collections. For new music, get AAC if you want, but it’s not worth spending any time replacing MP3s you already have…

Until a few weeks ago, there had never been an audio format that was small enough to be practical, widely supported, and had no patent restrictions, forcing difficult choices and needless friction upon the computing world. Now, at least for audio, that friction has officially ended. There’s finally a great choice without asterisks.

MP3 is supported by everything, everywhere, and is now patent-free. There has never been another audio format as widely supported as MP3, it’s good enough for almost anything, and now, over twenty years since it took the world by storm, it’s finally free. 1

MP3 is Dead; Long Live MP3

Show 1 footnote

  1. We’re assuming her that this means the Fraunhofer codec can now be shipped with free wit all *NIX distros, which should actually improve the quality of MP3s.

Tech Rodeo

Google kick-started it and Mozilla has smoothly implemented it:

An algorithm we’ve depended on for most of the life of the Internet — SHA-1 — is aging, due to both mathematical and technological advances. Digital signatures incorporating the SHA-1 algorithm may soon be forgeable by sufficiently-motivated and resourceful entities.

Via our and others’ work in the CA/Browser Forum, following our deprecation plan announced last year and per recommendations by NIST, issuance of SHA-1 certificates mostly halted for the web last January, with new certificates moving to more secure algorithms. Since May 2016, the use of SHA-1 on the web fell from 3.5% to 0.8% as measured by Firefox Telemetry.

In early 2017, Firefox will show an overridable “Untrusted Connection” error whenever a SHA-1 certificate is encountered that chains up to a root certificate included in Mozilla’s CA Certificate Program. SHA-1 certificates that chain up to a manually-imported root certificate, as specified by the user, will continue to be supported by default; this will continue allowing certain enterprise root use cases, though we strongly encourage everyone to migrate away from SHA-1 as quickly as possible.

Tech Rodeo

Related notes: WordPress now supports Let’s Encrypt (free ssl certs for your blog), as well as Squarespace; Danish government entities using email servers now have to implement STARTTLS and DANE for their SMTP servers. 1 An unprecedented look at SSL implementation in North Korea. Reversing direction,  neverssl.com pledges to stay available over HTTP in order to provide a default URL for Wi-Fi captive portals. And finally in our SSL/TLS round-up, draft 17 and draft 18 of TLS 1.3 have been published.

Tech Rodeo
Oh those fun Germans!

When they crash, self-driving Mercedes will be programmed to save the driver, and not the person or people they hit. That’s the design decision behind the Mercedes Benz’s future Level 4 and Level 5 autonomous cars, according to the company’s manager of driverless car safety, Christoph von Hugo. Instead of worrying about troublesome details like ethics, Mercedes will just program its cars to save the driver and the car’s occupants, in every situation.

One of the biggest debates about driverless cars concerns the moral choices made when programming a car’s algorithms. Say the car is spinning out of control, and on course to hit a crowd queuing at a bus stop. It can correct its course, but in doing so, it’ll kill a cyclist for sure. What does it do? Mercedes’s answer to this take on the classic Trolley Problem is to hit whichever one is least likely to hurt the people inside its cars. If that means taking out a crowd of kids waiting for the bus, then so be it

Tech Rodeo
A reminder; it’s always about the money…

DDoS — distributed denial of service — is an unsophisticated form of attack that overwhelms sites with spam traffic so legitimate users can’t get through. DDoS is a war of economics: whoever has the most computing power, defender or attacker, usually wins.

This makes DDoS a useful tool for censorship of small and mid-level publishers, but major sites usually have defenses in place and aren’t susceptible to these attacks. However, Friday wasn’t business as usual. The series of attacks that took out Dyn, the DNS service that provides the backbone of many major sites, were powered in part by a botnet of hacked DVRs and webcams known as Mirai. Mirai first emerged several weeks ago during a DDoS against Brian Krebs, a cybersecurity journalist who runs his own publication KrebsOnSecurity.com.

The DDoS attack on Krebs, the scramble for protection that followed, and Friday’s massive attack mark a new chapter in DDoS. More and more websites are being forced to seek shelter behind a shrinking number of powerful DDoS protection providers. But that centralization means that, as potent botnets like Mirai become stronger, larger sections of the internet can be knocked offline during attacks.

Mirai is irritating for the American internet users who couldn’t access their favorite websites Friday, and a thorn in the side of companies that are now forced to recall their easily hacked IoT devices — but the botnet is also influencing the market for DDoS protection.

Tech Rodeo

Show 1 footnote

  1. Though unless you read Danish, you’ll just have to take our word for it.

No Apple Watch For You

Apple is releasing their watch today.

However, no Apple watch for you (in person) unless you live in one of the following places: Tokyo, Berlin, London or (of course) LA. 1

So there’s no sense running down to the Plaza today to be all hip n’ stuff – the Apple stores don’t have any of the timepieces in stock. Instead you’re supposed to order them online from the Mothership.

Which sorta puts a damper on things: why buy one unless everyone can see you standing in line to be one of the first to do so?

Show 1 footnote

  1. It looks like these stores won’t sell you one online. Because, ya know…bakelite!

The Great Cannon

On March 16, GreatFire.org observed that servers they had rented to make blocked websites accessible in China were being targeted by a Distributed Denial of Service (DDoS) attack.  On March 26, two GitHub pages run by GreatFire.org also came under the same type of attack.  Both attacks appear targeted at services designed to circumvent Chinese censorship.  A report released by GreatFire.org fingered malicious Javascript returned by Baidu servers as the source of the attack.1  Baidu denied that their servers were compromised.2

Several previous technical reports3 have suggested that the Great Firewall of China orchestrated these attacks by injecting malicious Javascript into Baidu connections.  This post describes our analysis of the attack, which we were able to observe until April 8, 2015.

We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the “Great Cannon.”  The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.

The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users. Specifically, the Cannon manipulates the traffic of “bystander” systems outside China, silently programming their browsers to create a massive DDoS attack.  While employed for a highly visible attack in this case, the Great Cannon clearly has the capability for use in a manner similar to the NSA’s QUANTUM system,4 affording China the opportunity to deliver exploits targeting any foreign computer that communicates with any China-based website not fully utilizing HTTPS.

The Great Cannon

Selfie Shoes

At Miz Mooz, we understand the importance of looking great without giving up the comfort our women on-the-go have come to love about our footwear. Introducing the Selfie Shoes.

No matter where you go, you’ll always be camera-ready. Just insert your phone into the port at the front of either your right or left shoe, raise it to the perfect angle and click the internal button with a tap of your toe to take the photo. With the Selfie Shoes, you no longer have to use your arm, so now both hands are free to be in the photo.


Selfie Shoes

Underboob Selfies

BANGKOK (Reuters) – Thailand’s military government warned women on Monday against posting ‘selfie’ photos of the lower half of their breasts – a social media trend that has gone viral – saying their actions could violate the country’s computer crime laws.
The culture ministry said offenders faced up to five years in jail, but did not say how they would identify the culprits.

“When people take these ‘underboob selfies’ no one can see their faces,” ministry spokesman Anandha Chouchoti told Reuters. “So it’s like, we don’t know who these belong to, and it encourages others to do the same.

“We can only warn people to not take it up. They are inappropriate actions.” 1

Underboob Selfies

Show 1 footnote

  1. Swear to Thor, guys – didn’t there used to be a Saturday morning cartoon hero named Underboob?

4chan

I founded 4chan eleven and a half years ago at the age of 15, and after more than a decade of service, I’ve decided it’s time for me to move on.

4chan has faced numerous challenges over the years, including how to continuously satisfy a community of millions, and ensure the site has the human, technical, and financial resources to continue operating. But the biggest hurdle it’s had to overcome is myself. As 4chan’s sole administrator, decision maker, and keeper of most of its institutional knowledge, I’ve come to represent an uncomfortably large single point of failure.

I’ve spent the past two years working behind the scenes to address these challenges, and to provide 4chan with the foundation it needs to survive me by bolstering its finances, strengthening its infrastructure, and expanding and empowering its team of volunteers. And for the most part, I’ve succeeded. The site isn’t in danger of going under financially any time soon, and it’s as fast and stable as ever thanks to continued development and recent server upgrades. Team 4chan is also at its largest, and while I’ve still been calling the shots, I’ve delegated many of my responsibilities to a handful of trusted volunteers, most of whom have served the site for years.

That foundation will now be put to the ultimate test, as today I’m retiring as 4chan’s administrator. From a user’s perspective, nothing should change. A few senior volunteers—including 4chan’s lead developer, managing moderator, and server administrator—have stepped up to ensure a smooth transition over the coming weeks.

4chan

Enigma Machine

One of the best non-technical descriptions I’ve read about how the Enigma Machine functioned: great diagram.
Enigma Machine
Plus! IEEEE reviews The Imitation Game. 1
Enigma Machine

Show 1 footnote

  1. Bet you thought the membership (as well as a certain percentage of Go players) hadn’t seen a movie since π, n’est-ce pas? You wouldn’t be far off.