Skip to main content

Home/ Future of the Web/ Group items tagged Code

Rss Feed Group items tagged

Paul Merrell

Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth - 0 views

  • Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”.It looked like just another bug report. "When I start Chromium, it downloads something." Followed by strange status information that notably included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes".
  • Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.A brief explanation of the Open-source / Free-software philosophy is needed here. When you’re installing a version of GNU/Linux like Debian or Ubuntu onto a fresh computer, thousands of really smart people have analyzed every line of human-readable source code before that operating system was built into computer-executable binary code, to make it common and open knowledge what the machine actually does instead of trusting corporate statements on what it’s supposed to be doing. Therefore, you don’t install black boxes onto a Debian or Ubuntu system; you use software repositories that have gone through this source-code audit-then-build process. Maintainers of operating systems like Debian and Ubuntu use many so-called “upstreams” of source code to build the final product.Chromium, the open-source version of Google Chrome, had abused its position as trusted upstream to insert lines of source code that bypassed this audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised. We don’t know and can’t know what this black box does. But we see reports that the microphone has been activated, and that Chromium considers audio capture permitted.
  • This was supposedly to enable the “Ok, Google” behavior – that when you say certain words, a search function is activated. Certainly a useful feature. Certainly something that enables eavesdropping of every conversation in the entire room, too.Obviously, your own computer isn’t the one to analyze the actual search command. Google’s servers do. Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by… an unknown and unverifiable set of conditions.Google had two responses to this. The first was to introduce a practically-undocumented switch to opt out of this behavior, which is not a fix: the default install will still wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement. But the second was more of an official statement following technical discussions on Hacker News and other places. That official statement amounted to three parts (paraphrased, of course):
  • ...4 more annotations...
  • 1) Yes, we’re downloading and installing a wiretapping black-box to your computer. But we’re not actually activating it. We did take advantage of our position as trusted upstream to stealth-insert code into open-source software that installed this black box onto millions of computers, but we would never abuse the same trust in the same way to insert code that activates the eavesdropping-blackbox we already downloaded and installed onto your computer without your consent or knowledge. You can look at the code as it looks right now to see that the code doesn’t do this right now.2) Yes, Chromium is bypassing the entire source code auditing process by downloading a pre-built black box onto people’s computers. But that’s not something we care about, really. We’re concerned with building Google Chrome, the product from Google. As part of that, we provide the source code for others to package if they like. Anybody who uses our code for their own purpose takes responsibility for it. When this happens in a Debian installation, it is not Google Chrome’s behavior, this is Debian Chromium’s behavior. It’s Debian’s responsibility entirely.3) Yes, we deliberately hid this listening module from the users, but that’s because we consider this behavior to be part of the basic Google Chrome experience. We don’t want to show all modules that we install ourselves.
  • If you think this is an excusable and responsible statement, raise your hand now.Now, it should be noted that this was Chromium, the open-source version of Chrome. If somebody downloads the Google product Google Chrome, as in the prepackaged binary, you don’t even get a theoretical choice. You’re already downloading a black box from a vendor. In Google Chrome, this is all included from the start.This episode highlights the need for hard, not soft, switches to all devices – webcams, microphones – that can be used for surveillance. A software on/off switch for a webcam is no longer enough, a hard shield in front of the lens is required. A software on/off switch for a microphone is no longer enough, a physical switch that breaks its electrical connection is required. That’s how you defend against this in depth.
  • Of course, people were quick to downplay the alarm. “It only listens when you say ‘Ok, Google’.” (Ok, so how does it know to start listening just before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A company stealth installs an audio listener that listens to every room in the world it can, and transmits audio data to the mothership when it encounters an unknown, possibly individually tailored, list of keywords – and it’s no big deal!?) “You can opt out. It’s in the Terms of Service.” (No. Just no. This is not something that is the slightest amount of permissible just because it’s hidden in legalese.) “It’s opt-in. It won’t really listen unless you check that box.” (Perhaps. We don’t know, Google just downloaded a black box onto my computer. And it may not be the same black box as was downloaded onto yours. )Early last decade, privacy activists practically yelled and screamed that the NSA’s taps of various points of the Internet and telecom networks had the technical potential for enormous abuse against privacy. Everybody else dismissed those points as basically tinfoilhattery – until the Snowden files came out, and it was revealed that precisely everybody involved had abused their technical capability for invasion of privacy as far as was possible.Perhaps it would be wise to not repeat that exact mistake. Nobody, and I really mean nobody, is to be trusted with a technical capability to listen to every room in the world, with listening profiles customizable at the identified-individual level, on the mere basis of “trust us”.
  • Privacy remains your own responsibility.
  •  
    And of course, Google would never succumb to a subpoena requiring it to turn over the audio stream to the NSA. The Tor Browser just keeps looking better and better. https://www.torproject.org/projects/torbrowser.html.en
Gonzalo San Gil, PhD.

Coding is fun! Europe Code Week is back | 08 Oct 14 Robin Muilwijk | Opensource.com - 1 views

  •  
    Interview with Alja Isakovic of Europe Code Week "Europe Code Week is organized by Neelie Kroes' Young Advisors with the support from DG Connect at the European Commission and runs from October 11 - 17 this year. It's a program all about teaching kids and adults how to code and understand more about technology."
  •  
    Interview with Alja Isakovic of Europe Code Week "Europe Code Week is organized by Neelie Kroes' Young Advisors with the support from DG Connect at the European Commission and runs from October 11 - 17 this year. It's a program all about teaching kids and adults how to code and understand more about technology."
Paul Merrell

Web Hypertext Application Technology Working Group Demos from September 2008 - 0 views

  • HTML 5 demos from September 2008
  • The demos and segments of this talk are: <video> (00:35) postMessage() (05:40) localStorage (15:20) sessionStorage (21:00) Drag and Drop API (29:05) onhashchange (37:30) Form Controls (40:50) <canvas> (56:55) Validation (1:07:20) Questions and Answers (1:09:35)
Paul Merrell

HTML presentation markup deprecated - 0 views

  • Prior to CSS, nearly all of the presentational attributes of HTML documents were contained within the HTML markup; all font colors, background styles, element alignments, borders and sizes had to be explicitly described, often repeatedly, within the HTML. CSS allows authors to move much of that information to a separate stylesheet resulting in considerably simpler HTML markup. Headings (h1 elements), sub-headings (h2), sub-sub-headings (h3), etc., are defined structurally using HTML. In print and on the screen, choice of font, size, color and emphasis for these elements is presentational. Prior to CSS, document authors who wanted to assign such typographic characteristics to, say, all h2 headings had to use the HTML font and other presentational elements for each occurrence of that heading type. The additional presentational markup in the HTML made documents more complex, and generally more difficult to maintain. In CSS, presentation is separated from structure. In print, CSS can define color, font, text alignment, size, borders, spacing, layout and many other typographic characteristics. It can do so independently for on-screen and printed views. CSS also defines non-visual styles such as the speed and emphasis with which text is read out by aural text readers. The W3C now considers the advantages of CSS for defining all aspects of the presentation of HTML pages to be superior to other methods. It has therefore deprecated the use of all the original presentational HTML markup.
Paul Merrell

First Look Publishes Open Source Code To Advance Privacy, Security, and Journalism - Th... - 0 views

  • today we’re excited to contribute back to the open source community by launching First Look Code, the home for our own open source projects related to privacy, security, data, and journalism. To begin with, First Look Code is the new home for document sanitization software PDF Redact Tools, and we’ve launched a brand new anti-gag order project called AutoCanary.
  • AutoCanary A warrant canary is a regularly published statement that a company hasn’t received any legal orders that it’s not allowed to talk about, such as a national security letter. Canaries can help prevent web publishers from misleading visitors and prevent tech companies from misleading users when they share data with the government and are prevented from talking about it. One such situation arose — without a canary in place — in 2013, when the U.S. government sent Lavabit, a provider of encrypted email services apparently used by Snowden, a legal request to access Snowden’s email, thwarting some of the very privacy protections Lavabit had promised users. This request included a gag order, so the company was legally prohibited from talking about it. Rather than becoming “complicit in crimes against the American people,” in his words, Lavabit founder Ladar Levison, chose to shut down the service.
  • Warrant canaries are designed to help companies in this kind of situation. You can see a list of companies that publish warrant canary statements at Canary Watch. As of today, First Look Media is among the companies that publish canaries. We’re happy to announce the first version of AutoCanary, a desktop program for Windows, Mac OS X, and Linux that makes the process of generating machine-readable, digitally-signed warrant canary statements simpler. Read more about AutoCanary on its new website.
  •  
    The internet continues to fight back against the Dark State. On the unsettled nature of the law in regard to use of warrant canaries in the U.S. see EFF's faq: https://www.eff.org/deeplinks/2014/04/warrant-canary-faq (it needs a test case).
Gonzalo San Gil, PhD.

APIs, not apps: What the future will be like when everyone can code | Opensource.com - 1 views

  •  
    Navigating a world that that demands APIs, not apps "... Despite this hype, I do think that coding will become a more widespread and routine skill in the years to come. Programmable technology will continue to pervade more parts of our life, computers will continue to become more accessible to a wider population, and the world will continue to become more complex. Understanding coding (and debugging) will naturally go with it. ..."
  •  
    Navigating a world that that demands APIs, not apps "... Despite this hype, I do think that coding will become a more widespread and routine skill in the years to come. Programmable technology will continue to pervade more parts of our life, computers will continue to become more accessible to a wider population, and the world will continue to become more complex. Understanding coding (and debugging) will naturally go with it. ..."
Paul Merrell

Google Open Source Blog: Bidding farewell to Google Code - 1 views

  • Beginning today, we have disabled new project creation on Google Code. We will be shutting down the service about 10 months from now on January 25th, 2016. Below, we provide links to migration tools designed to help you move your projects off of Google Code. We will also make ourselves available over the next three months to those projects that need help migrating from Google Code to other hosts. March 12, 2015 - New project creation disabled. August 24, 2015 - The site goes read-only. You can still checkout/view project source, issues, and wikis. January 25, 2016 - The project hosting service is closed. You will be able to download a tarball of project source, issues, and wikis. These tarballs will be available throughout the rest of 2016. Google will continue to provide Git and Gerrit hosting for certain projects like Android and Chrome. We will also continue maintaining our mirrors of projects like Eclipse, kernel.org and others. How To Migrate Your Data Off Google Code
Gonzalo San Gil, PhD.

Home | SiteCheckr | Firefox Validator Addon - 1 views

  •  
    "Home SiteCheckr is a Firefox-Addon, which analyzes websites with your custom ruleset. When to use SiteCheckr You can use SiteCheckr when other validators do not fulfill your needs. Strict or lax checking - it's in your hands: create your own rules as XPath or CSS-selector. Enforce strict codestyle: Use SiteCheckr when the official W3C validator isn't strict enough - e.g. when you want to enforce a special coding style. Grant exceptions: Use SiteCheckr when you have to allow code, that does not conform to standards - e.g. you have to embed some code snippets provided by third party."
Gonzalo San Gil, PhD.

Get started with open source without writing any code | opensource.com - 1 views

  •  
    "My experience tells me there are a lot of people interested in trying open source, but they don't know where to start. And the perception that you have to write code to contribute to is a barrier to that curiosity. So, I've outlined 10 ways that anyone can get started with open source-no code writing involved. I welcome your ideas and additions, there are without a doubt more than 10 ways-let's get started."
Gonzalo San Gil, PhD.

The value of open source is the open development process: Scott Wilson OSS Watch | Open... - 0 views

  •  
    "Scott Wilson agrees that open source matters because of open code, but just as important is the process in which the code is made. Open development of code is in the social nature of many programmers, hackers, documentors, and project managers. So, what is it about open development? "
Gonzalo San Gil, PhD.

scancode-toolkit · GitHub - 0 views

  •  
    "ScanCode is a tool to scan code and detect licenses, copyrights and more. This open source code scanning tool helps you find and discover open source and third-party components in your code. "
Gonzalo San Gil, PhD.

Open source as a tool of cultural change | Opensource.com - 0 views

  •  
    All Things Open interview with Kaitlin Devine, 18F "Keep an eye on govcode.org-it pulls GitHub issues from lots of government repos, and it's a great place to get started if you want to contribute. Also follow @newgovrepos if you want to see new government repos as they appear on GitHub. Don't forget that repos aren't just for code-you can file issues and give feedback on government services even if you don't code."
  •  
    All Things Open interview with Kaitlin Devine, 18F "Keep an eye on govcode.org-it pulls GitHub issues from lots of government repos, and it's a great place to get started if you want to contribute. Also follow @newgovrepos if you want to see new government repos as they appear on GitHub. Don't forget that repos aren't just for code-you can file issues and give feedback on government services even if you don't code."
Paul Merrell

Offline Web Applications - 0 views

  • Abstract HTML 5 contains several features that address the challenge of building Web applications that work while offline. This document highlights these features (SQL, offline application caching APIs as well as online/offline events, status, and the localStorage API) from HTML 5 and provides brief tutorials on how these features might be used to create Web applications that work offline.
Gonzalo San Gil, PhD.

Save, Create and run your own pirate bay - 0 views

  •  
    [... Create and run your own pirate bay We, the team that brought you Isohunt.to and oldpiratebay.org, are bringing you the next step in the torrent evolution. Open Pirate Bay source code. History of torrent sites such as Isohunt and The Pirate Bay gives us a lesson that would be a crime not to learn. The era of individual torrent sites is over. That is why we created Pirate Bay open source. It's free for everyone. Now you can create your own copy of The Pirate Bay! Update and change this code to make it better for everyone. We give you three simple options: ...] [# ! While... # ! … there were Pe@ple, computers and #networks, there is #hope. # ! #Life is #Share.]
  •  
    [... Create and run your own pirate bay We, the team that brought you Isohunt.to and oldpiratebay.org, are bringing you the next step in the torrent evolution. Open Pirate Bay source code. History of torrent sites such as Isohunt and The Pirate Bay gives us a lesson that would be a crime not to learn. The era of individual torrent sites is over. That is why we created Pirate Bay open source. It's free for everyone. Now you can create your own copy of The Pirate Bay! Update and change this code to make it better for everyone. We give you three simple options: ...]
Gonzalo San Gil, PhD.

Highly critical "Ghost" allowing code execution affects most Linux systems | Ars Technica - 1 views

  •  
    ""A lot of collateral damage on the Internet" The glibc is the most common code library used by Linux. It contains standard functions that programs written in the C and C++ languages use to carry out common tasks. The vulnerability also affects Linux programs written in Python, Ruby, and most other languages because they also rely on glibc."
  •  
    ""A lot of collateral damage on the Internet" The glibc is the most common code library used by Linux. It contains standard functions that programs written in the C and C++ languages use to carry out common tasks. The vulnerability also affects Linux programs written in Python, Ruby, and most other languages because they also rely on glibc."
Gonzalo San Gil, PhD.

Wix gets caught "stealing" GPL code from WordPress | Ars Technica UK [# ! Note] - 0 views

  •  
    "In which Wix forgets what happens when you add GPL code to your closed-source app. Sean Gallagher (US) - Nov 2, 2016 6:10 am UTC"
Gonzalo San Gil, PhD.

Anti-Piracy Group Uses 'Pirated' Code on its Website - TorrentFreak - 1 views

  •  
    " By Ernesto on November 5, 2016 C: 15 Opinion The Business Software Alliance, a trade group representing Adobe, Apple and Microsoft, is well known for its aggressive anti-piracy campaigns. The organization actively encourages people to snitch on software pirates, luring them with big cash rewards. Amusingly, however, the page where people can report unlicensed software is using 'unlicensed' jQuery code."
  •  
    " By Ernesto on November 5, 2016 C: 15 Opinion The Business Software Alliance, a trade group representing Adobe, Apple and Microsoft, is well known for its aggressive anti-piracy campaigns. The organization actively encourages people to snitch on software pirates, luring them with big cash rewards. Amusingly, however, the page where people can report unlicensed software is using 'unlicensed' jQuery code."
Gonzalo San Gil, PhD.

How to use GitHub organizations to grow your code club | Opensource.com - 0 views

  •  
    "For anything involving code, programming clubs often turn to GitHub, which has become the standard for open source project hosting for thousands of projects all over the world. "
  •  
    "For anything involving code, programming clubs often turn to GitHub, which has become the standard for open source project hosting for thousands of projects all over the world. "
Paul Merrell

Protocols of the Hackers of Zion? « LobeLog - 0 views

  • When Israeli Prime Minister Benjamin Netanyahu met with Google chairman Eric Schmidt on Tuesday afternoon, he boasted about Israel’s “robust hi-tech and cyber industries.” According to The Jerusalem Post, “Netanyahu also noted that ‘Israel was making great efforts to diversify the markets with which it is trading in the technological field.'” Just how diversified and developed Israeli hi-tech innovation has become was revealed the very next morning, when the Russian cyber-security firm Kaspersky Labs, which claims more than 400 million users internationally, announced that sophisticated spyware with the hallmarks of Israeli origin (although no country was explicitly identified) had targeted three European hotels that had been venues for negotiations over Iran’s nuclear program.
  • Wednesday’s Wall Street Journal, one of the first news sources to break the story, reported that Kaspersky itself had been hacked by malware whose code was remarkably similar to that of a virus attributed to Israel. Code-named “Duqu” because it used the letters DQ in the names of the files it created, the malware had first been detected in 2011. On Thursday, Symantec, another cyber-security firm, announced it too had discovered Duqu 2 on its global network, striking undisclosed telecommunication sites in Europe, North Africa, Hong Kong, and  Southeast Asia. It said that Duqu 2 is much more difficult to detect that its predecessor because it lives exclusively in the memory of the computers it infects, rather than writing files to a drive or disk. The original Duqu shared coding with — and was written on the same platform as — Stuxnet, the computer worm  that partially disabled enrichment centrifuges in Iranian nuclear power plants, according to a 2012 report in The New York Times. Intelligence and military experts said that Stuxnet was first tested at Dimona, a nuclear-reactor complex in the Negev desert that houses Israel’s own clandestine nuclear weapons program. While Stuxnet is widely believed to have been a joint Israeli-U.S. operation, Israel seems to have developed and implemented Duqu on its own.
  • Coding of the spyware that targeted two Swiss hotels and one in Vienna—both sites where talks were held between the P5+1 and Iran—so closely resembled that of Duqu that Kaspersky has dubbed it “Duqu 2.” A Kaspersky report contends that the new and improved Duqu would have been almost impossible to create without access to the original Duqu code. Duqu 2’s one hundred “modules” enabled the cyber attackers to commandeer infected computers, compress video feeds  (including those from hotel surveillance cameras), monitor and disrupt telephone service and Wi-Fi, and steal electronic files. The hackers’ penetration of computers used by the front desk would have allowed them to determine the room numbers of negotiators and delegation members. Duqu 2 also gave the hackers the ability to operate two-way microphones in the hotels’ elevators and control their alarm systems.
Gonzalo San Gil, PhD.

Full list of Facebook Emoticon Shortcut codes for status updates or chat - 0 views

  •  
    "Full list of Facebook Emoticon Shortcut codes for status updates or chat."
  •  
    "Full list of Facebook Emoticon Shortcut codes for status updates or chat."
1 - 20 of 174 Next › Last »
Showing 20 items per page