Techosaurus

But unfortunately I can’t. I can’t use Google+ because I use Google Apps. In case you didn’t know Google Apps is a system provided by Google as a enterprise level mail, calendar, contact, group and document sharing solution. It combines everything you love about Gmail, Google Docs, Google Calendar, etc into a nicely packaged easily administered enterprise solution. I mainly use it because with Google Apps, I can use Google services with my own domain name. So instead of being eric24950 at gmail dot com, my email address is: eric at chomp dot us. Everything about Google Apps has been awesome, up until now.

It seems like Google rolled out a new service called Google Profiles, which goes hand in hand with Google Plus. What they did not do, was roll out Google Profiles for Google Apps users. This means that all of us faithful Google Apps users are now left out in the cold on what appears to be the most exciting beta service to hit the internet since gmail.

I’m pretty upset about it. Every article I read about Google Plus is just gushing with, “Omg it’s so awesome” comments. I even got an un-requested invite from a friend, but it can’t be used .

I’m sad, Google. Please let me use your new cool stuff. Also, don’t remove the age limit, but set it to 17.

For the first time in a long time, I’m worried about my computer security. I’m uneasy about my password re-use on low-level sites. I’m now itching to patch the kernel on one of my servers i’ve been neglecting. Why all of this now? The Lulzsec Hacker Manifesto (I made up that name) came out today. Here it is, in full:

Dear Internets,
This is Lulz Security, better known as those evil bastards from twitter. We just hit 1000 tweets, and as such we thought it best to have a little chit-chat with our friends (and foes).

For the past month and a bit, we’ve been causing mayhem and chaos throughout the Internet, attacking several targets including PBS, Sony, Fox, porn websites, FBI, CIA, the U.S. government, Sony some more, online gaming servers (by request of callers, not by our own choice), Sony again, and of course our good friend Sony.

While we’ve gained many, many supporters, we do have a mass of enemies, albeit mainly gamers. The main anti-LulzSec argument suggests that we’re going to bring down more Internet laws by continuing our public shenanigans, and that our actions are causing clowns with pens to write new rules for you. But what if we just hadn’t released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony… watching… abusing…

Do you think every hacker announces everything they’ve hacked? We certainly haven’t, and we’re damn sure others are playing the silent game. Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn’t silently sitting inside all of these right now, sniping out individual people, or perhaps selling them off? You are a peon to these people. A toy. A string of characters with a value.

This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn’t released something publicly. We’re sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn’t told you? No one would be aware of this theft, and we’d have a fresh 200,000 peons to abuse, completely unaware of a breach.

Yes, yes, there’s always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone’s Facebook picture turn into a penis and seeing their sister’s shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can’t secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.

Most of you reading this love the idea of wrecking someone else’s online experience anonymously. It’s appealing and unique, there are no two account hijackings that are the same, no two suddenly enraged girlfriends with the same expression when you admit to killing prostitutes from her boyfriend’s recently stolen MSN account, and there’s certainly no limit to the lulz lizardry that we all partake in on some level.

And that’s all there is to it, that’s what appeals to our Internet generation. We’re attracted to fast-changing scenarios, we can’t stand repetitiveness, and we want our shot of entertainment or we just go and browse something else, like an unimpressed zombie. Nyan-nyan-nyan-nyan-nyan-nyan-nyan-nyan, anyway…

Nobody is truly causing the Internet to slip one way or the other, it’s an inevitable outcome for us humans. We find, we nom nom nom, we move onto something else that’s yummier. We’ve been entertaining you 1000 times with 140 characters or less, and we’ll continue creating things that are exciting and new until we’re brought to justice, which we might well be. But you know, we just don’t give a living fuck at this point – you’ll forget about us in 3 months’ time when there’s a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle. People who can make things work better within this rectangle have power over others; the whitehats who charge $10,000 for something we could teach you how to do over the course of a weekend, providing you aren’t mentally disabled.

This is the Internet, where we screw each other over for a jolt of satisfaction. There are peons and lulz lizards; trolls and victims. There’s losers that post shit they think matters, and other losers telling them their shit does not matter. In this situation, we are both of these parties, because we’re fully aware that every single person that reached this final sentence just wasted a few moments of their time.

Thank you, bitches.

Lulz Security

Here is a link to the paste: http://pastebin.com/HZtH523f

So I’m worried about my security. It’s interesting, because compared to most people using the internet, I probably have 1000 x more training in computer security, but all I have is a few college courses introducing basic security concepts. That and experience in a secure facility. I’m not trying to sound arrogant, but based on experience I have doing technical support for a living, most of the world is doomed.

Some things you can do to keep yourself compromised:

1. Keep it up to date! UPDATE UPDATE UPDATE! If you see a security update come out, download it ASAP and install. This is doubly true for your CMSs and blogging software. If you use WordPress, subscribe to their updates mailing list: http://wordpress.org/list/ That will notify you when there is an update available. 99% (made up statistic, but seriously, lots) of the updates that come out for WordPress and other CMSs are just security patches.
2. Avoid password re-use like the plague. I know, you probably think you have it all figured out. You have one password that you use for low security sites that you don’t care about, a medium security password, and a high security password that you use for financial stuff. This is still a problem. If you need one, use a password manager. Quit re-using your passwords.
3. Be wary of who you give your credentials to. Never give your password out to anyone. If a technician is assisting you and needs you to login to something, then YOU login for them. DO NOT tell them your password. This also counts for websites. Don’t give so much trust to a site on your first visit.
4. Opt for SSL. Twitter, Facebook and Gmail all have options to force SSL. Use them. There are also browser plugins out there that will try to use SSL everywhere possible. This is a great tool not just because the traffic is encrypted, but because you’re validating with the server and a third party that supposedsite.com is actually supposedsite.com. It prevents man in the middle attacks.

Just by doing those four things, you’ve become a more difficult target than the next person. That is really all you have to do. Become a more difficult target. These hackers and script kiddies aren’t looking for you personally, they are looking for easy targets.. So don’t be one.

Seriously… Flash is dying. I don’t understand why Adobe doesn’t just drop the product and quit wasting resources on it. Adobe has so much awesome stuff already. Like Dreamweaver and Photoshop. The only platform flash works well on is Windows, and Microsoft wants to replace flash with Silverlight anyway. Their only good platform wants it gone.

Flash on Linux and Mac blows because of the resource usage. Flash is slow, laggy and made my browser crash more than once on Android. It’s not even on iOS. Furthermore the content itself blows. Ever used an all flash website? IT SUCKS. none of the scrolling features work right with the native scroll wheel or two finger scroll. You can rarely select text right. Tabbing through the buttons doesn’t work. Finally, if you’re using flash for your whole site you probably had an over-zealous designer, so everything moves all over the place and is annoying.

The only real uses I can see for flash currently:

1. Browser based games.
2. Ads

The latter of which I don’t care about, so that’s really just one. With things like QEMU being ported to javascript, and an NES emulator written entirely in javascript it doesn’t sound like browser based games really need Flash anymore either.

It’s just a matter of time.

The Internet is huge. It’s so incredibly big, containing so much constantly changing information that one can’t possibly expect to find something new, novel or interesting every day. It’s not that there aren’t new, novel interesting things out there, it’s just that there is so much non-interesting information to sift through in order to find the real gems. Around 2005, services started to pop up which provided users with online content communally regarded as interesting. These services are called link aggregators. A link aggregator, is a website on which users can submit links to interesting articles, and others can vote on these links. Users are armed with both a positive and negative vote. The higher a positive vote, the closer to the “front page” the link gets. Some very common link aggregators are Digg, Reddit and Delicious. All three of the most popular sites allow users to comment as well as vote on the links. These sites have some problems that are starting to push me away.

I have been a member of Reddit for about a year and a half now, and have been studying it fairly closely (normally a few hours per day). The duration of this article will focus on problems with context to Reddit, however the same problems plague almost all other social link aggregation sites.

Content Quality Degradation

The quality of the links as well as the comments on the site degrades at a rate nearly parallel to the growth-rate of the site’s user base. When I first joined Reddit, I was amazed at the sheer number of interesting articles that were on the front page. I immediately made a user-account and started voting on links that I enjoyed. The comments on the site were also very informative. There were many long, well thought out comments which were balanced by funny or ironic comments. Comments can also be voted up or down by the users. This was a good user experience, although I rarely contributed with more than my vote. If you take a sampling of the current links on the default main page as well as the top 50 comments on those links you’ll find three main things: Uninteresting content; repeat posts/comments (namely, memes); artificially influenced links.

Marketer Influence

This is probably the part about popular link aggregators that bothers me the most: Marketer Influence. If an item isn’t popular because the users on the site think it’s good, then it shouldn’t be popular, and I don’t want to read it. Take a look at some major freelance job sites, and you’ll find items like this:

I need 200 Reddit accounts created with different proxies and emails.
The accounts should not get banned for a 30 day period and should not be used. If the accounts get banned within 30 days, then you should recreate them for free.

To understand the appeal, put yourself in a marketer’s shoes. A popular item on Reddit gets a massive amount of exposure. Thousands of organic page views in just a short time at a low cost. A large ad company could easily pay an intern to make a few hundred accounts per hour and a programmer to write a script that controls all of these accounts. Once the agency has something to promote, they have one account post it on reddit, and have the thousands of bot accounts vote it to the front page. Provided the link is semi-interesting, the article will start to get organic votes and the marketing effort will be successful. Projects like this can result in a monetary net gain on ad views alone. It’s a win-win for any marketing agency. Marketed posts can sometimes be interesting, however it undermines the whole reason I’m there. I’m there because I want to see things that have been deemed interesting by a community, not by an ad agency. If the system can be so easily gamed, then I don’t want to be a part of it. If I wanted to read articles put there by the highest bidder, then I would read Gawker sites.

Communal Stupidity

Reddit commenters used to be known for their quality content and well formed arguments. On today’s site, it’s tough to find a quality, well formed comment that offers any substance at all. Most of the top comments on today’s Reddit are simply stupid, obvious and offer nothing to what could be an intelligent conversation. Here is an example from a post that is currently on the front page in the main section of Reddit (/r/reddit.com). The link is to this article from the Huffington Post. This is the third highest rated comment right now:

That’s it… in its entirety. The comment has 95 positive votes while offering absolutely nothing to the conversation. It’s not deep or insightful. Granted, this isn’t as bad as examples you could find from YouTube commenters, however it’s still something that doesn’t belong in an intelligent discussion. The comment above is the third highest comment on this particular article while a three paragraph comment, made around the same time as the above, offering good conversation and an interesting viewpoint has only 25 positive votes. The community as a whole is now opting for dramatic appeals to emotion instead of conversation.

So I’ve moved on…

I no longer treat Reddit as my number one source for news. In fact, I rarely get on Reddit at all anymore. I’ve fallen back to blog RSS feeds, and a newer less-popular hacker-specific link aggregator site. I won’t link to it specifically because I don’t want it to grow in popularity, but you’ll probably be able to find it fairly easily. If anyone else has a good news site suggestion, please tell me.