Technology

I’ve got a couple of websites of hierarchically organized links that I’ve maintained for quite some time, though I haven’t really worked on them much lately. I currently get more spam link submissions than genuine link submissions to each, so I’d like to request contributions of legitimate entries. One is my skeptical links site, which is fairly extensive, especially on a few topics such as Scientology, creationism, the websites of skeptical groups, and critiques of organized skepticism. The other is my security links site, which is much less extensive, but still has some useful links, mostly on security and hacking tools and security standards. Contributions are welcome–just go to the appropriate area and click the “add a site” link at the top of the page. ...

During my long plane flights this week, I used some of my time to catch up on reading back issues of The Economist. Here were a few of the stories I found particularly interesting in the January 6-12, 2007 issue: “Medicine at the Top of the World” (p. 65): LYING in an intensive-care ward is a world away from climbing Everest, but a connection will be drawn this spring when 45 scientists and 208 volunteers tackle the mountain to bring back information about oxygen deprivation. The reason they are going is that hypoxia (a lack of oxygen in cells, which can lead to death) is the one thing that links practically all patients in intensive-care wards—and there is no better place to study it than in the thin air of the world’s highest mountain.The story describes the Xtreme Everest expedition, which will take 250 people up Mount Everest, setting up mobile labs at various elevations to study hypoxia. The volunteers will climb up to 5,300 meters, and 16 climber-scientists will ascend to the summit to become the first to have blood drawn at the top of the world’s tallest mountain. The research will be used to try to identify the genetic basis of people’s ability to handle hypoxia, which couldn’t be easily be conducted on patients in intensive care due to not having enough of them in one place at the right time. “The logic of privacy” (pp. 65-66): ...

The blogosphere was in an uproar about Section 220 of Senate Bill 1, on the basis of a press release from astroturf organization GrassRootsFreedom, run by conservative political activist Richard A. Viguerie. This press release claimed that this section of the “Legislative Transparency and Accountability Act of 2007” would require all bloggers with audiences of 500 or more people to register with the government. Slashdot promoted the press release with its typical inaccuracy, with very few commenters actually bothering to read what Section 220 actually said. In fact, the bill only required registration for bloggers with audiences of 500 or more people who are paid. And not just paid, but paid at least $25,000 per quarter. And not just paid at least $25,000 per quarter, but paid at least $25,000 per quarter by a client to promote lobbying on a political issue. Specifically, Section 220 required “paid grassroots lobbying firms” to register and file reports, and defined those as a person or entity that “is retained by 1 or more clients to engage in paid efforts to stimulate grassroots lobbying on behalf of such clients; and receives income of, or spends or agrees to spend, an aggregate of $25,000 or more for such efforts in any quarterly period." The Captain’s Quarters blog was one of those that correctly identified the misinformation from Viguerie. Viguerie has been a major player in U.S. politics for a long time, and is described as follows in my “Fundamentalism is Nonsense” pamphlet (6th edition, 1986): Richard A. Viguerie, of the Richard A. Viguerie Company of Falls Church, Virginia, runs one of the largest direct mail fundraising companies in the country. He has raised money for such organizations and individuals as the Panama Canal Truth Squard, Gun Owners of America, the American Security Council, Citizens for Decency Through Law, Terry Dolan’s National Conservative Political Action Committee (NCPAC), the Conservative Caucus, and the Committee for the Survival of a Free Congress, Senators Jesse Helms (NC), Jim McClure (ID), Orrin Hatch (UT), William Armstrong (CO), John Warner (VA), and Representatives Philip Crane (IL), Mickey Edwards (OK), Larry McDonald (GA), and Phil Gramm (TX). Viguerie also publishes the magazine Conservative Digest [Conway 82, pp. 83-84, 87].The reference is to Flo Conway and Jim Siegelman’s 1982 book, Holy Terror: The Fundamentalist War on America’s Freedoms in Religion, Politics, and Our Private Lives (Doubleday). Viguerie’s efforts were successful, and Section 220 was removed from S. 1 by Senate Amendment 20. ...

At Slate, Jack Shafer argues for the abolition of the FCC, drawing heavily from Peter Huber’s book, Law and Disorder in Cyberspace. For a critique of Huber, see Tom W. Bell’s “The Common Law in Cyberspace” from the Michigan Law Review (1999, vol. 97, pp. 1746ff). (Hat tip to Jesse Walker at the Reason blog.)

Those of you who read this previous blog entry about Gapminder may be interested to see that Google has collaborated with Gapminder to produce this tool. (Hat tip to Radley Balko.)

The second clue in Microsoft’s “Vanishing Point” puzzle to launch Microsoft Vista will be unveiled at 4 p.m. Saturday in Phoenix, which they say was chosen for “high visibility and clear skies.” Promised is “a stunt that everyone in the Valley [will] be talking about by Saturday night." Perhaps a UFO flying over South Mountain with the Microsoft logo on it? UPDATE (January 13, 2007): It was supposed to be simultaneous sky-writing in Phoenix, Los Angeles, Miami, and Sydney, but I’m not sure if it happened in Phoenix as scheduled–today was a very overcast and cold day.

I got a call from the fraud department of my bank this morning, asking me whether I had used my debit card this morning at The Sports Basement in San Francisco for a $71.00 charge. I said that I hadn’t, and they said there was a debit prenotification, which they’ve seen as a prelude to withdrawals from around the globe using cloned cards or electronic access to accounts. They had already blocked further use of my card information, and under my banking agreement I would not be liable for any loss in any case. When I asked how my information got out, they indicated that they believe the miscreants are just using brute force–changing numbers based on a known card to find new valid card numbers. The only alternative I could see based on my card habits would be if I inadvertently used an ATM with a skimmer attached to the front of it somewhere or fell victim to an ATM with a tapped phone line connection. I rarely use ATMs these days; this may provide me with some incentive to do so even less frequently.

This was allegedly an internal Kodak video that was so popular with employees it has been “released for external viewing.” I’m sure I have some Rochester, NY readers who can confirm. It definitely shows a company willing to acknowledge and poke fun at its past mistakes. (Hat tip to Dave Palmer on the SKEPTIC mailing list.)

For the second time this year, Microsoft has issued a notice of a remote code execution vulnerability in Word for which there is no patch. Their suggested workaround is “Do not open or save Word files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file.” If you rely on exchanging Word documents for your business, this means shut down your business or risk infection with zero-day malware that can compromise your systems. Secunia has rated this as “extremely critical," their most serious vulnerability rating. The last time this happened was in May, and it took Microsoft 26 days to come up with a patch, during which time there were attacks on various enterprises from systems in China. This problem affects Word 2000, 2002, and 2003 for Windows, Microsoft Works 2004, 2005, and 2006, Word Viewer 2003, and Word 2004 for Macintosh. I recommend switching to OpenOffice and Macintosh. If you must use Windows in a business environment, this presents a strong argument for not giving users administrative rights on their own machines (or at least not on the user they login as to use Word) in order to limit what damage can occur from the exploitation of a vulnerability like this. UPDATE (December 15, 2006): There have now been three such Word vulnerabilities discovered in the last two weeks! ...

Declan McCullagh reports on the FBI using remote activation of cell phone microphones to eavesdrop on nearby conversations. He comments on a few models that are particularly vulnerable to exploitation: Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. “They can be remotely accessed and made to transmit room audio all the time,” he said. “You can do that without having physical access to the phone."Nextel says that they didn’t participate in the eavesdropping on a couple of mobsters who were allegedly listened in on using this technique–both using Nextel cell phones. The same story reports that a 2003 lawsuit revealed similar monitoring of conversations occurring in cars featuring OnStar. UPDATE (December 5, 2006): Bruce Schneier has commented on this story, and his readers have some interesting comments.