Porn trompe l'oeil

By Xeni Jardin at 11:45 pm Sunday, Oct 24 • Comments • Share

It's not what you think. WARNING: THIS SITE CONTAINS IMAGES. Link (Thanks, Bruce).

Identity Theft: What it is, How to Prevent it, and What to Do if it Happens to You

By Cory Doctorow at 11:45 pm Sunday, Oct 24 • Comments • Share

I finished Rob Hamadi's Identity Theft: What it is, How to Prevent it, and What to Do if it Happens to You yesterday, and am feeling vaguely freaked out today.

Hamadi assembles dozens of identity-theft cases in short narrative form, like little cautionary tales, and then strings them together with some interconnecting material to show you who commits identity theft, who falls victim to it, how identity thieves work, and what steps are most likely to mitigate the threats. Also, and importantly, he describes which steps won't make an appreciable difference in identity theft -- like biometric ID systems -- and how companies' imperiousness (demanding you identify yourself at every turn and taking copies of your ID) negligence (throwing those copies out unshredded) and foolishness (demanding easily forged documents like gas bills as proof of ID) make us all more vulnerable.

My take-away from this is that there are some steps that we can individually take to improve our security against identity theft -- buy a good shredder for your credit-card receipts, don't recite your account numbers aloud into your mobile phone on a crowded bus, make up something other than your mother's maiden name to use when asked to give it as a security password -- that the main identity theft risk needs to be addressed by calling companies and agencies that compromise our identities to account. When the hotel you've checked into takes a photocopy of your driver's license, you can storm out in a huff, but that's not a sustainable way of behaving, especially when they all start doing it. Link

Kids online turn into creators

By Cory Doctorow at 11:20 pm Sunday, Oct 24 • Comments • Share

Foe Romeo reports on fascinating research suggesting that the Internet turns kids into creators, not consumers, of media.

Even more interestingly, the study found that 17% of young people have sent pictures or stories to a website and "online creativity can be encouraged through the very experience of using the internet." That is, the more time kids spend online, the more likely they are to produce their own content. And interaction breeds interaction. Does that mean we can safely assume that as internet usage increases its media timeshare, more and more people will become creative producers as well as consumers?

And does online game play in particular have any connection to this increased propensity to create? Nathan Combs recently suggested in his Socially Charged Software post that multiplayer games have a "MODder dimension", where "content is more than just accumulated and integrated, it is the product of collaboration and a shared value system of production: from inspiration through validation." (See Habbo Hotel's fan sites, for example.)

Link (via Plastic Bag)

Why market-forces can't correct DRM

By Cory Doctorow at 11:18 pm Sunday, Oct 24 • Comments • Share

Advocates of DRM talk about the ability of the market to find a balance between features and restrictions, because people whose freedom has been unduly restricted will make future purchase decisions that will put the overly draconian DRM systems out of business. But check out this cautionary tale of a guy who bought a home-media centre, started recording his favorite shows to DVD, and then:

Turns out that a couple of days ago, HBO started encrypting all of its programs with CGMS-A. They allow you to "copy" a program that you record from their signal once. The trouble is that they consider that one-time copy to be recording the program onto your hard drive, not taking it from the hard drive to a DVD. THAT SUCKS OUT LOUD and I am extremely angry, as you can imagine. The files are HUGE and, even though I have a 200 gb hard drive, I can't keep them there forever. MediaCenter records tv shows with a dvr.ms extension.

When he bought the media centre, it did the thing he wanted it to do with the shows he wanted to do it to: it's like buying a VCR to record the World Series, taking it home and satisfying yourself that it works. It worked.

Then, months later, it stopped working. He could no longer record his favorite shows. Why? Well, because the cablecaster decided to remove a right from him. And because Gateway, the company who sold him the equipment, decided to collaborate with the cablecaster in screwing him out of that right.

When this guy goes back to the store, what should he do to protect his next investment? Say he buys an HP device next, having concluded that Gateway won't look out for his interests. He takes it home and finds that it works fine for his purposes (maybe HP has a "better" deal with HBO that will let him burn more-restricted DVDs from his HP media-centre), then, a couple months later, the cablecaster switches on another flag and suddenly his video won't work.

Where's the market-force here? Should he stop being an HBO customer? A cable customer? A customer for only those PCs that he builds himself and installs a copy of GNU/Linux on?

What purchase-decision can he make or avoid in order to signal to the market that this kind of restrictiveness is unduly harsh and he won't pay for it any longer? Link (via Hack the Planet)

Knitting patterns under Creative Commons licennse

By Xeni Jardin at 11:15 pm Sunday, Oct 24 • Comments • Share

Knitting geek and BoingBoing reader Rose says,

Knitty is a web-published knitting magazine that normally comes out quarterly. They've done a special issue for breast cancer awareness that's just come out, and they've published it under a Creative Commons license. (see the last page of the special issue for details). This is the very first time I've seen knitting patterns published under a CC license, and I think it's splendid!

Link (PDF)

Funny jokes from Defective Yeti

By Cory Doctorow at 11:07 pm Sunday, Oct 24 • Comments • Share

Defective Yeti did a "funny jokes I heard recently" post and invited more from readers. As with any list of jokes, there's a certain proportion of unfunny, offensive or dumb jokes, but there are at least a dozen that made me laugh aloud.

Person 1: Knock knock.
Person 2: Who's there?
Person 1: Control freak.
Person 1: Now you say "control freak who?"

Q: Why can't engineers tell jokes timing?

How many kids with ADD does it take to screw in a lightbulb?
LET'S RIDE BIKES!

A duck goes into a bar and asks the bartender, "Got any grapes?" The bartender says, "No. This is a bar and we don't sell grapes." The duck leaves.

The next day, the duck goes back to the bar and asks, "Got any grapes?" The bartender says, "I told you yeaterday. This is a bar and we don't sell grapes."

The following day, the duck returns and asks,"Got any grapes?" The bartender loses it. He grabs the duck by the neck, and yells, "I already told you twice! This is a bar! I don't have any grapes! If you ask me again, I'll nail your beak to the floor!"

The next day, the duck goes in the bar and asks, "Got any nails?" The bartender sighs and says, "No, we don't have any nails." The duck says, "Good. Got any grapes?"

Link (via Waxy)

Updated: Nielsen: User-education won't fix security

By Cory Doctorow at 10:56 pm Sunday, Oct 24 • Comments • Share

Jakob Nielsen's AlertBox is a good source of cranky, well-structured rants about what's wrong with the interaction design online. This week's is about security, and why user-education is not the answer. Our tools conspire against us to make us less secure, and if we're to be made more secure, our tools will have to be enlisted to work on our behalf. I'm particularily enamoured of recommendation number one: I think that "Encrypt Everything" should be the watchword of the security movement.

So many systems -- from Yahoo's login screen to most ISP-provided POP mail to iChat/AIM to all those reg-required news-sites -- default to you sending your password in the clear or even require you to do it, it's a crine shame.

Especially given how many passwords we need to generate these days and the concomittant inevitability of recycling passwords, which means that your throwaway NYT-LAT-WashPo password, which you send in the clear every time you login to one of those sites, may suddenly become associated with your credit-card number when you buy access to an article out of the NYT archive. Now you're sending a password that unlocks limited spending authority on your credit-card in the clear, potentially several times a day. Gee, thanks, NYT.

# Encrypt all information at all times, except when it's displayed on the screen. In particular, never send plaintext email or other information across the Internet: anything that leaves your machine should be encrypted.

# Digitally sign all information to prevent tampering and develop a simple way to inform users whether something is from a trusted source. This might, say, replace current stupid security warnings that people don't understand because they expose the guts of the technology. ("The security certificate has expired or is not yet valid." Aha. And what does that mean to a normal person?)

# Turn on all security settings by default since most people don't mess with defaults. Then, make it easy to modify settings so that users can get trusted things done without having to open a wide hole for everybody.

# Automate all updates. Most virus software downloads new virus definitions in the background, which is a good first step. The automated patching introduced with Windows XP's SP2 is also an improvement.

# Polish security features' usability to a level far beyond anything we've seen so far. Security is inherently complicated, and it's something users don't care about (until it's too late). The user interface requires the ultimate in simplicity. Heavy user testing and detailed field research are a must.

Link

Update: In fact, if you look at the source code for login.yahoo.com (for the "standard" security) you'll see that the form uses:<form method=post action="https://login.yahoo.com/config/login?cm3nqsgq0mv6j" autocomplete=off name=login_form onsubmit="return hash(this,'http://login.yahoo.com/config/login')"> What that does is if you have javascript enabled, it creates an MD5 hash of your password (plus an included challenge) and sends that along with your userid. If you don't have javascript, it defaults to sending everything via https. Effectively your password is never broadcast in the clear, only your userid, which is public information anyway.

MMO based on Disneyland

By Cory Doctorow at 10:21 pm Sunday, Oct 24 • Comments • Share

UPDATED: Disney is working on a massively multiplayer game based on Disneyland. Oh please oh please oh please let this rock like the Pirates of the Caribbean movie and not blow diseased animals like the Haunted Mansion movie!

Disney also is working on something called Virtual Magic Kingdom, an online version of California's Disneyland built on the same technology as multiplayer online games.

Rasulo didn't say when the cyberpark would open, but he promised it would be "almost as magical as visiting one of our parks in person."

Link (via Ambiguous)

Update: A Disney insider writes, "Virtual Kingdom is a proposed MMORPG that Disney might launch. I've seen the storyboards and heard the pitch. Think Kingdom Hearts as an MMORPG, not Disneyland, visiting the various 'worlds' of Disney. Possible innovations include visiting physical locations (theme parks) and watching TV or listening to radio for special codes that unlock perks inside the game. Yes, they know Persistent World games are hard. Yes, they know grief players and powergamers will have to be controlled. No, it's nowhere close to being released or even in alpha code."

Cat-tossing in Zero-G -- Seekrit Air Force Movie

By Xeni Jardin at 11:50 am Sunday, Oct 24 • Comments • Share

UPDATED. Moments such as this make the thankless, burdensome toil of bloggerhood worthwhile. BoingBoing reader Vann says, "I wish I'd stumbled across this clip before your zero-G flight." I couldn't agree more.

Link to quicktime movie of some people throwing a live cat around in zero gravity on a "vomit comet."

The file is linked from an Air Force website for an online education class called " COCKPIT PHYSICS: Physics Instruction for the Twenty-First Century." The website doesn't appear to be a joke, nor does the cat-tossing QuickTime clip, presumably intended to illustrate the science that governs cruelty to fluffy, innocent housepets in reduced gravity environments.

While you're visiting the Air Force website, don't miss this equally invaluable physics lesson (Link):

#1 If you are outside in a lightning storm, you may notice that your hair starts to stand on end. Why do you think this happens? Some good advice is to stay indoors during a lightning storm. If your hair is standing up, then you are in extreme danger.

Words to live by.

UPDATE: The Air Force website where this was first spotted has removed the cat-toss video. New download location details in this update post: Link

Awesome figurative art from drinking straws

By Xeni Jardin at 11:38 am Sunday, Oct 24 • Comments • Share

I don't know much about the source of these images, reposted on a Portuguese language blog, but they depict a man creating amazing sculptural scenes from ordinary drinking straws. Throw forty million and some rotoscope at it, and who knows? You may end up with something that could kick Shark Tale's ass. Link (Thanks, Jose Luis Orihuela)

Smart swatches

By David Pescovitz at 9:51 am Sunday, Oct 24 • Comments • Share

MIT researchers are developing fabric swatches outfitted with sensors, microprocessors, and conductive velcro. The "electronic patches" can be quickly slapped together to provide different functionality in various form factors. From New Scientist:

To make a bag that prevents people forgetting things, (the inventors) have equipped a module with a radio antenna and receiver. The unit is programmed to listen for signals from radio frequency identification (RFID) tags on objects like cellphones, keys and wallets.

A sensor module in the bag’s handle detects when the bag has been picked up, indicating that the owner might be leaving. This triggers the reader to check through the objects the computer module has been programmed to look for. If it does not detect a required item, it uses a voice synthesiser module in another patch to warn: “Cellphone, yes! Wallet, yes! Keys, no!”

Link