You’d Think Ashley Madison Would Have Stopped Touting Its Security Features By Now
This is what Ashley Madison's homepage looks like right now, and maybe it's just me, but I feel like those emblems at the bottom right shouldn't be there. (It's not just me.) Let's take a closer look, shall we?
After a highly publicized data breach that affected every part of a site (user data, source code, emails), it feels pretty brazen to continue to advertise strong cybersecurity measures, but Ashley Madison is just rolling with it.
The most problematic icon is probably the one that says "100% Discreet Service," just because it's, you know, categorically false. But even among the two that are just in poor taste there are problems.
Many suspect that the site's "Trusted Security Award" is fake, and even if it's real, Ashley Madison probably won't be winning it for the second year in a row. As for the promise of an "SSL Secure Site," sure, great. Your data will be encrypted as it travels between your browser and Ashley Madison itself. Seeing as Ashley Madison's servers (and all the data on them) are compomised, though, it's not very reassuring in this case.
When Motherboard asked the Impact Team hackers (who released the data dumps and claim responsibility for the breach) about the quality of Ashley Madison's cybersecurity measures, they said, "Bad. Nobody was watching. No security."
There's been a lot of speculation that the attack was an inside job, and at this point that's kind of a best-case scenario for Ashley Madison owner Avid Life Media Inc. At least in that case the company could take the position that it wasn't actually hacked and that its external security is strong. Avid Life Media CEO Noel Biderman told Krebs on Security in July that the culprit “was definitely a person here that was not an employee but certainly had touched our technical services.”
Given everything that's happened, there's really no good way for Ashley Madison to be marketing itself right now, but it could at least update its home page to be a little more humble.
What Ray Bradbury’s FBI File Teaches Us About Science Fiction’s Latest Controversies
If you believe Ray Bradbury’s FBI file, science fiction is a dangerous genre.
When the bureau investigated Bradbury—a man its 1959 records describe as “a free-lance science fiction, television and motion picture scenario writer”—it found little of interest.
Separate FOIA requests by the Daily Beast and MuckRock unearthed Bradbury’s files in 2012. Though they received some coverage at the time, Boing Boing, the Register, and MuckRock have discussed the documents this week, focusing to their charming anachronisms and other period peculiarities. Ultimately, however, those documents stand out most for what they reveal about the state of science fiction today.
The FBI studied Bradbury on two occasions, separated by more than a decade, but it learned less about Bradbury himself than it did about his work. The bureau’s mostly anonymous informants were richly imaginative, none moreso than Martin A. Berkeley, a former Communist Party member who reported extensively to the House Un-American Activities Committee. Berkeley, a 1959 section notes, “declared that a number of science fiction writers have created illusions with regard to the impossibility of continuing world affairs … through the medium of futuristic stories concerned with the potentialities of science.” Speaking in more general terms, Berkeley would tell the bureau “that science fiction may be a lucrative field for the introduction of Communist ideologies.”
Though Bradbury’s files speak to his commercial success, they offer no suggestion that it was driven by the introduction of any ideology, a communist one least of all. Instead, they show that his work was capable of upsetting established dogmas of many kinds. His Martian Chronicles, for example, feature the "repeated theme that earthmen are despoilers and not developers." Elsewhere, the documents note—“without irony,” as MuckRock’s JPat Brown puts it—that Russian authorities had banned “The Fireman,” an early version of Bradbury’s Fahrenheit 451.
Silly as these statements may seem, they feel somehow more resonant now than they did when they were first unearthed three years ago. In a Metafilter thread about the file from Monday, a commenter going by the name “Max Sparber” observes, “Thank goodness weirdo conservatives with a distrust for leftist writers are no longer trying to destroy science fiction.” Sparber is alluding to the failed co-optation of the Hugo awards—one of SF’s highest honors—by groups calling themselves the Sad Puppies and the Rabid Puppies.
As Amy Wallace explains in her thorough account of the saga in Wired, the Puppies’ leaders claim they’re trying to bring SF back to simpler times. Pushing back against what they perceive as an elitist wave of liberal propaganda, they claim they “want sci-fi to be less preachy and more fun.” The Puppies’ brand of “less preachy and more fun” conservatism includes reactionary misogyny, homophobia, and racism, as Wallace and others have documented. At core, however, the Puppy movement was a call for a return to an imagined childhood—perhaps that of the genre, perhaps that of its readers.
Bradbury’s FBI file contradicts the still-yipping proponents of Puppygate. It serves as a pointed reminder that science fiction, even popular science fiction, was never just about entertaining. Much as they might whine to the contrary, the Puppies aren’t angry about what science fiction has become—they’re uncomfortable with what it has always been. Science fiction has always made us imagine the world differently. No one knew this better than Bradbury himself, Bradbury whose books—as the FBI notes—sold hundreds of thousands of copies. As he would write in his short story “No News, or What Killed the Dog?” from Quicker Than the Eye, “That's all science fiction was ever about. Hating the way things are, wanting to make things different.”
Of course, wanting to make things different doesn’t always mean making a stir. Isaac Asimov’s FBI file, for example, is mostly dull, even more a testament to overeager informants than Bradbury’s. And Philip K. Dick’s file speaks more to the author’s paranoia about other science fiction writers than to the bureau’s interest in Dick. Still, in their oddities and banalities alike, all of these documents—and especially those that pertain to Bradbury—are important reminders that science fiction invites us to see and think in new ways. It’s not always ideologically inclined, but it has rarely strayed far from the political.
Should Drones Have License Plates So Officials Can Police Them Like Cars?
Consumers and businesses have really been accelerating their use of unmanned aerial vehicles lately, and mo' drones means mo' problems. As officials scramble to vet and implement safety measures, the number of near-miss encounters between UAVs and airplanes is on the rise.
Federal Aviation Administration documents obtained by the Washington Post show that there have been almost 700 dangerously close encounters in 2015 so far, up drastically from 2014. "The documents show that remote-control planes are penetrating some of the most guarded airspace in the country," Craig Whitlock wrote in the Post, including all over airports, even though drones are supposed to stay five miles away.
The Department of Homeland Security has said that drones could play a role in terrorist threats since they are so often observed near critical or sensitive locations. And the FAA documents reveal that drones aren't just hanging out a few hundred feet from the ground. Some have been spotted above 10,000 feet. The Post wrote:
In most cases, rogue drones disappear without a trace. The aircraft are usually too small to be detected by radar and do not carry transponders that would broadcast their locations. Unlike other planes, these drones are not marked with serial numbers, and their owners are not required to register them.
The FAA is still ironing out guidelines about who can fly drones and where. For now, recreational drone pilots just have to avoid airports and flying above large crowds of people, plus stay under 400 feet. Businesses need special approval from the FAA to operate drones. And as safety concerns grow, the agency is considering identification systems so it can enforce its growing framework of rules.
Michael Huerta, who heads the Federal Aviation Administration, talked to NPR Sunday about options for identifying drones. "One of the things that I've asked our industry partners to look at is are there technological solutions that would enable us to be able to tie a particular drone or unmanned aircraft with a specific operator?" He added that there is ongoing debate over requiring that people register drones in a centralized database at time of purchase, much like a car. "That might also provide the opportunity to ensure that we're reinforcing the message of what the rules are," Huerta said.
There are already some identifcation options in development. At the University of California, Berkeley, researchers are working on a type of "license plate" that uses multicolor LED lights blinking in unique patterns, rather than letters and numbers, to show which drone is which. The project, called Lightcense, uses a special app and optic sensors to decipher the blinks, thus identifying different drones.
Inventor Aislan Foina, who is the director of the Cal Unmanned Aviation Research Lab at UC–Berkeley, told MIT Technology Review last week that Lightcense would enable local police to quickly ID drones. “If a drone is bothering people, they’re going to call the police, not the Air Force or FAA,” he said.
It took 17 years (1901–1918) for every state to require car registration and license plates. Hopefully the process will move a bit more quickly with drones.
Is this Skeletal 3-D Printed Violin the Future of Musical Instruments?
This video of Laurent Bernadac, an engineer and lifelong musician, playing the violin looks and sounds very little like a person playing the violin. For one thing, he’s also using a looper and effects pedals to jam out something funkier and jazzier than you’d expect from an instrument more commonly associated with classical and country. But, more ostensibly, Bernadac is playing something that looks more like an avian skeleton than a stringed instrument. It’s like the ghost of a violin.
It’s a 3Dvarius, a 3-D printed electric violin. It’s based on the renowned Stradivarius violins crafted by the Stradivari family in the late 1600s and early 1700s, but you’d have a hard time sleuthing out the shared DNA between the two machines. It is, as Bernadac says, “a new kind of musical instrument,” one with an algorithmically optimized weight and a digital sound. It also may well be a harbinger of what’s to come for musical instruments.
3-D printed instruments have similar advantages to 3-D printed automotive parts, or even 3-D printed body parts: if you can design them with algorithms and digitally iterate on them again and again, you can trim excess weight and wind up with something that’s all function before you’ve even created a resin prototype. The 3Dvarius violin, Bernadac says, is optimized as such and lets its player move more freely.
Instruments made from synthetic materials are also more durable. Luis Leguia is the inventor and founder behind Luis and Clark, a Massachusetts company that’s paved the way for carbon fiber cellos and violins. Leguia was a symphony cellist for years and saw the potential for a new material in the early 1990s, while sailing his catamaran alone. Turns out, you hear things when you’re alone. Near the hull, he says, the water swirls around and creates a vortex that emits a low, musical hum when it comes in contact with the fiberglass. With that observation in mind, he later made three prototypes. The carbon fiber design proved better than fiberglass, and he soon started production. After 15 years and some 1,500 instruments, Leguia says he’s had to make just four repairs. Traditional violins and cellos, typically made of spruce and maple, aren’t quite so durable. “In fluctuating climatic conditions—hot, cold, damp, dry—those will sometimes come apart,” Leguia says.
Still, there are traditions, and the fact Stradivarius instruments are renowned for their sound (even if blind tests and acoustical analysis has found no significant differences between Strads and instruments of comparable quality). For years scientists and luthiers have speculated on what exactly makes a Stradivarius sound like a Stradivarius. The wood has a special resonance, but theories have also bubbled up about the varnish used, or the effect that imperfections and modifications can have on a violin’s sound. A few years ago a radiologist in Minnesota decided to run one from 1704 through a CT scan to find out more about the instrument’s anatomy. Each was, like people, unique.
Recreating the acoustics of a Stradivarius violin isn’t as simple as cherry-picking its core components and re-rendering them in software. In a 2013 talk at TEDxAmsterdam, violinist Joanna Wronko tries to prove that by soloing on a 3-D printed model, and then playing her traditional violin. You can hear the difference: the plastic model pales in comparison to the sound of the traditional instrument. Wronko describes the 3-D printed model as “missing a certain vibration.”
While at MIT’s Media Lab in 2011, Amit Zoran and a research team 3-D printed a flute. It was, Zoran admits, a dud. “It’s not a good flute,” he says, “because in order to achieve a new flute you need more than putting the keys in place.” In other words: simply replicating an instrument in another material won’t produce the timber and harmony you’d expect from the Philharmonic. Superlative instruments depend upon the skill of a craftsman, who might spend months on a single instrument. “When we design something with the computer,” Zoran says, “we are losing something of this unique signature.”
Since then Zoran, now a professor in computer science department at Hebrew University of Jerusalem, has produced a portfolio of other experimental instruments. They all harness emerging technologies—like his guitar with a sensor-laden soundboard—but he’s skeptical of the notion that traditional methods of craft will ebb as digital fabrication takes over. “I’m not sure a fully automatic process controlled by a computer is the holy grail of making instruments,” he says. That, he says, would lead to digitally cloned instruments and the loss of sonic character that makes music, well, music.
In his Journal of New Music Research report on the 3-D printed flute, Zoran writes, “in traditional musical instrument making, the importance of merging traditional designs and methods with the ability to use new technologies has always been a major theme.” He believes the same is true now, and that engineers and designers should be looking for hybrids. That’s what he did for his Chameleon Guitar design, another MIT-era project, which preserves the wood body of a guitar but incorporates a digital resonator under the guitar bridge. The result, he writes, is a more flexible range of sound than you would typically find in an acoustic guitar.
Likewise, Bernadac’s 3Dvarius combines a single piece of stereolithographic printed plastic with traditional violin strings and tuning pegs adapted from a guitar. It allows for a new kind of sound that Bernadac says he hopes other musicians will experiment with.
This need for hybridized craft doesn’t necessarily render 3-D printed instruments totally irrelevant. Kelland Thomas is the associate director of the University of Arizona School of Information, a jazz musician, and a recent recipient of a DARPA grant that will fund his work on developing an intelligent computer system that can play an improvised jazz solo. To do that, Thomas needs as much information as possible on what happens in the human brain during musical improvisation. The best way to discern that is through MSRI scans, but you can’t send a person through one of those machines with a metal instrument. A plastic saxophone, however, would work.
“If we can print a saxophone,” Thomas says, “we could get pictures of [player’s] brains playing music while written down, and then while improvising, to point out different parts of the brain that are activated. We’re just at the beginning of understanding how rich and complex a behavior improvisational is.”
In a less quantitative way, digitally fabricated machines like the 3Dvarius also can teach musicians and scientists about human creativity. Consider the advent of the Moog synthesizer, and how it took only a few decades to launch an entirely new genre of music. It’s too early to make grandiose proclamations about the 3Dvarius—the fledgling company has one prototype now, and is pursuing production methods—but Bernadac is idealistic about its potential. “I hope violinists will create new sounds and new playing techniques, and a new musical repertoire.”
Also in Wired:
Fallout From Ashley Madison Breach Includes Extortion and Possible Suicides
There were bound to be consequences after hackers posted two extensive Ashley Madison data dumps last week. Canadian police said Monday that they have confirmed reports of extortion in which criminals threatened to expose someone whose name is on the user list if they didn’t pay to keep it quiet. Authorities have reported two alleged suicides among Ashley Madison users, though they have not confirmed whether they are connected to the data breach.
The Associated Press reports that Toronto Police Acting Staff-Superintendent Bryce Evans said, "This hack is one of the largest data breaches in the world. ... This is affecting all of us." He described the breach as having an "enormous social and economic fallout" and noted that the police are also investigating a link between the breach and some recent hate crimes.
Avid Life Media Inc., which owns Ashley Madison and is a Toronto-based company, is offering a $500,000 Canadian (about $379,000) reward in an attempt to get information about the identity of the hackers. The AP reports that Canadian police are working with the FBI to try to identify the culprits.
At least one company is using the whole unfortunate situation as a PR opportunity. Travel group CheapAir.com is offering $50 vouchers for anyone who sends the company a message from an email address that was disclosed on the leaked user list. "If your relationship is in ruins and you’re thinking about heading out of town, we have a solution for you," the company wrote. "You may have made some mistakes, but a vacation may be just what you both need right now." Tasteful.
Though most of the damage has already been done, there is one thing people can do to mitigate further loss: Remember that the Ashley Madison data is already public (if slightly tricky to access). Don't believe anyone who says they can remove your information for a fee. It's too late.
Twitter Shutters Accounts That Log Politicians’ Deleted Tweets
The cool thing about Twitter is that most of the things posted on it are public. You can see what anyone is thinking about, whether they're friends you know IRL, celebrities, or professionals you admire. But this quality isn't just a "cool thing," it's ... the whole point of Twitter, a fact that Twitter has possibly forgotten.
On Friday night, Twitter blocked 31 accounts owned by the Open State Foundation (a digital transparency group) that logged deleted tweets from politicians and diplomats around the world. We already knew that Twitter didn't take fondly to these types of accounts, because it removed the Sunlight Foundation's Politwoops U.S. account (which monitored the gaffs and revisions of American politicians) in June.
The company told the Open State Foundation that it had considered its decision carefully and said in a statement, “Imagine how nerve-racking—terrifying, even—tweeting would be if it was immutable and irrevocable? No one user is more deserving of that ability than another. Indeed, deleting a tweet is an expression of the user’s voice.”
This is an extension of the statement Twitter gave in June about its decision to suspend Politwoops U.S. The company told Gawker:
We strongly support Sunlight’s mission of increasing transparency in politics and using civic tech and open data to hold government accountable to constituents, but preserving deleted Tweets violates our developer agreement. Honoring the expectation of user privacy for all accounts is a priority for us, whether the user is anonymous or a member of Congress.
But there is extensive precedent—legally, journalistically, and generally—that public figures have a lower expectation of privacy than average people, especially when it comes to actions carried out in a public forum like Twitter.
Arjan El Fassed, the director of the Open State Foundation, told the Guardian, "What politicians say in public should be available to anyone. This is not about typos but it is a unique insight on how messages from elected politicians can change without notice."
There are still ways for the Open State Foundation or anyone to continue recording deleted tweets. Twitter can't stop people from watching politician's accounts in real time—the company can only block access to its application program interface, which was allowing Politwoops accounts to automate the process of monitoring for deleted tweets. The Guardian notes that the British Politwoops, formerly @deletedbyMPs, is continuing on its website.
Philip Bump wrote in the Washington Post in June that "the rationale for shuttering Politwoops is flawed." But Twitter seems set on enforcing it, at least for now.
Should Cops Be Allowed to Take Control of Self-Driving Cars?
A few lines in a seemingly routine RAND Corp. report on the future of technology and law enforcement last week raised a provocative question: Should police have the power to take control of a self-driving car?
Here’s a hypothetical scenario from the report’s introduction:
The police officer directing traffic in the intersection could see the car barreling toward him and the occupant looking down at his smartphone. Officer Rodriguez gestured for the car to stop, and the self-driving vehicle rolled to a halt behind the crosswalk.
That seems like a pretty plausible interaction. Human drivers are required to pull over when a police officer gestures for them to do so. It’s reasonable to expect that self-driving cars would do the same. To look at it another way: Self-driving cars are programmed to stop at red lights and stop signs. Surely they should also be programmed to stop when a police officer flags them down. It is, after all, the law.
It’s clear, then, that police officers should have some power over the movements of self-driving cars. What’s less clear is where to draw the line. If a police officer can command a self-driving car to pull over for his own safety and that of others on the road, can he do the same if he suspects the passenger of a crime? And what if the passenger doesn’t want the car to stop—can she override the command, or does the police officer have ultimate control?
A brief section on connected and autonomous cars later in the report outlined other ways police could take advantage of the technology:
Imagine a law enforcement officer interacting with a vehicle that has sensors connected to the Internet. With the appropriate judicial clearances, an officer could ask the vehicle to identify its occupants and location histories. … Or, if the vehicle is unmanned but capable of autonomous movement and in an undesirable location (for example, parked illegally or in the immediate vicinity of an emergency), an officer could direct the vehicle to move to a new location (with the vehicle’s intelligent agents recognizing “officer” and “directions to move”) and automatically notify its owner and occupants.
Again, that all sounds benign enough, in itself. But if police have the capability to glean personal information from a sensor-equipped car, who will ensure that they have the appropriate clearances before doing so? And what if police want to direct the movements of a self-driving car when it does have humans inside?
The RAND study, commissioned by the National Institute of Justice, did not attempt to answer those questions directly. Rather, it asked a panel of 16 experts in criminal justice and technology to identify imminent changes in information technology that might have an impact on law enforcement policies and procedures. What control police should have over self-driving cars was just one of numerous questions raised in the 32-page report, and it merited only a few paragraphs of discussion. Still, it’s clearly an issue that is on the radar of law enforcement already. And it’s likely to become more urgent in the coming years as self-driving cars attempt to cross the bridge from research project to commercial reality.
The report acknowledged that “the dark side to all of the emerging access and interconnectivity is the risk to the public’s civil rights, privacy rights, and security.” It added, “One can readily imagine abuses that might occur if, for example, capabilities to control automated vehicles and the disclosure of detailed personal information about their occupants were not tightly controlled and secured.”
You don’t even have to imagine it, really: Hackers are already taking control of cars via their onboard computers even without a built-in mechanism designed to allow it.
I asked the report’s lead author, RAND Corp. operations researcher John S. Hollywood, whether he got the sense that the law enforcement representatives on the panel were eager to push for law enforcement control of Internet-connected and self-driving cars. He told me they weren’t. Rather, in ranking their priorities, they put “developing policies and procedures for self-driving unmanned and automated vehicles” at the top of the list. Among the policy and procedure questions they may ponder: Will they need a warrant before accessing a self-driving car’s data? John Frank Weaver discussed that issue in more depth in a recent Future Tense post.
The panelists’ lowest-ranked priority: “Develop an interface for officers to directly take control of unmanned vehicles.”
While the ranking is reassuring, it’s a little unnerving that such an interface would register as a priority at all. It shouldn’t come as a surprise, however. Given how hard the federal government and its spy agencies have pushed for backdoor access to our social networks and email servers, there’s little doubt they’ll want the same with our cars.
Previously in Slate:
Mozilla Wants All Your Favorite Chrome Extensions for Firefox
Whether you want to see even more cats on the Internet or you think Alphabet should just go back to calling itself Google, there's a Chrome extension to help. You can even get every website to refer to millennials by their proper name. Though developers also make extensions for Web portals like Safari and Opera, your favorite tool may not exist for your preferred browser. Mozilla wants to change that.
At about 6.6 percent market share, Mozilla's Firefox browser isn't exactly ubiquitous, but it is known for being at the fore of Web trends. (Google took a lot of cues—and Mozilla developers—from Firefox when it originally designed Chrome.) So a Friday announcement that Firefox is going to make extensions cross-compatible on different browsers could help spark a new fad.
Kev Needham, a Firefox engineer who works on search and add-ons, wrote in a blog post that:
We’ve noticed that many Firefox add-on developers also maintain a Chrome, Safari, or Opera extension with similar functionality. We would like add-on development to be more like Web development: the same code should run in multiple browsers according to behavior set by standards, with comprehensive documentation available from multiple vendors.
Needham points out that even though the change is supposed to make things easier for third-party extension developers, it will also create more work for some of them at first. For those who already develop for other browsers like Chrome, it will be easier to maintain extensions and add new features because everything will come from single codebase. But developers who have created extensions specifically for Firefox will have to put work into revising their add-ons for the new setup. "We feel the end result will be worth that effort for both Firefox’s users and developers," Needham wrote.
If it means we can have all the extensions we want on any browser, it certainly sounds worth it.
UK Orders Google to Censor Links to Articles About “Right to Be Forgotten” Removals
The “right to be forgotten” has always been a double whammy of a disaster: an awful policy based on terrible ideas. Under the right, implemented in 2014 by the European Court of Justice, private citizens can petition search engines to hide results that pertain to their pasts. As a policy, the right to be forgotten is bad because companies like Google have legitimate free speech interests in presenting their results as they see fit. As an idea, it’s bad because it bars search engines from publishing truthful information about a matter of public concern—a troubling precedent which, taken to its logical end, could lead to serious censorship.
That process has already begun in the United Kingdom, where the Information Commissioner’s Office recently pushed Google further down the memory hole. In an enforcement notice, the ICO demanded that Google take down links to articles about right-to-be-forgotten removals. The trouble began after Google actually complied with a right-to-be-forgotten request made by an individual who committed criminal acts nearly 10 years ago. The removal of all links detailing his actions became itself a news story detailed in several publications. Google retained links to those articles, and they still appear when you search the individual’s name. So he complained—and now the ICO has ordered Google to remove the newer articles, too.
Feeling Nostalgic? Floppy Disk Drives Can Play Classic Jams.
Let's go on a quick journey together. Take a deep, calming breath. It's 1996. You're looking fly and drinking Surge. You're playing solitaire on a Gateway 2000 PC, but you know you need to get some stuff done. You try to get a floppy disk out of the drive so you can put a different one in, but it's stuck. You can hear the eject mechanism whirring and grinding. You hear it, right?
Now researcher James Willis has turned that gravelly whine into music. But instead of using one or a couple of floppy drives to do it, he programmed a whole 16-drive orchestra spotted by Gizmodo.
Willis, who is an electrical engineering student at Cardiff University and has been doing field work at National Instruments in the United Kingdom, used the floppy drives plus Musical Instrument Digital Interface, or MIDI, and a miRIO controller for synchronizing everything. And even though it's an old-school rig, he can still control it wirelessly with an iPad. "The myRIO effectively plays the drives like musical instruments, by stepping the disk drive's integrated motors at specific frequencies," Willis wrote.
For the demo above, the floppy drive orchestra plays "Eye of the Tiger," "The Imperial March" from Star Wars, the Super Mario Bros. theme, "Get Lucky" by Daft Punk, and "The Final Countdown." Not a bad set for a DJ made of gears.