Israel has acknowledged that its recent airstrikes against Hamas were a
real-time response to an ongoing cyberattack. From Twitter:
CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the
Hamas cyber operatives work.
I expect this sort of thing to happen more — not against major countries, but by larger countries against smaller powers. Cyberattacks are too much of a nation-state equalizer
otherwise.
I doubt that this is actually the first “kinetic” retaliation to a cyber attack; however it’s probably the first one to be openly acknowledged by either of the parties
involves. Schneier’s observation that cyberwarfare is an equaliser is correct and it’s exactly why a savvy nation-state would consider this kind of response… but let’s not forget that
such cyberattacks are only as viable as they are because nation-states favour cyber-offense over cuber-defence in the first place: they’re interested in building 0-day weapons that they
can use against their enemies (and their own citizens) and this entire approach runs counter to the idea of improving defensive security.
The plan was very simple. We would put a small banner above the video player that would only show up for IE6 users. It would read “We will be phasing out support for your browser
soon. Please upgrade to one of these more modern browsers.” Next to the text would be links to the current versions of the major browsers, including Chrome, Firefox, IE8 and
eventually, Opera. The text was intentionally vague and the timeline left completely undefined. We hoped that it was threatening enough to motivate end users to upgrade without
forcing us to commit to any actual deprecation plan. Users would have the ability to close out this warning if they wanted to ignore it or deal with it later. The code was designed
to be as subtle as possible so that it would not catch the attention of anyone monitoring our checkins. Nobody except the web development team used IE6 with any real regularity, so
we knew it was unlikely anyone would notice our banner appear in the staging environment. We even delayed having the text translated for international users so that a translator
asking for additional context could not inadvertently surface what we were doing. Next, we just needed a way to slip the code into production without anyone catching on.
…
The little-told story of how a rogue team of YouTube engineers in 2009 helped hasten IE6‘s downfall by adding a deprecation warning
to the top of the site’s homepage… without getting the (immediate) attention of the senior developers and management who’d have squashed their efforts.
In the future, media organizations might have to do away with the “film” and “TV” tags entirely, if indeed there are media organizations as we currently think of them.
…
Based on my own experience chronicling both art forms, I’m increasingly convinced that film and TV started merging a long time ago, before most of us were aware of what was going
on. Some of us have accepted the change. Others are in denial about it. But as my grandfather used to say, there’s no point trying to close the barn doors after the horses have
already escaped.
…
Interesting article summarising the ongoing changes to the concepts of what we consider “film” versus “television” and the increasingly blurred distinction, and an exploration of how
that’s embodied by phenomena like Avengers: Endgame and the final series of Game of Thrones. Spoilers about the former and about the first three episodes of the
latter, obviously.
Hi @avapoet, I’m the author of the JavaScript for the WorldWideWeb project, and I did read your thread on the user-agent missing and I thought I’d land the fix ;-)
The original WorldWideWeb browser that we based our work on was 0.12 with screenshots from 0.16. Both browsers supported HTTP 0.9 which didn’t send headers. Obviously unintentional
that I send the `request` user-agent, so I spent some painful hours trying to get my emulator running NeXT with a networked connection _and_ the WorldWideWeb version 1.0 – which
_did_ use HTTP 1.0 and would send a User-Agent, so I could copy it accurately into the emulator code base.
So now metafilter.com renders in the emulator, and the User Agent sent is: CERN-NextStep-WorldWideWeb.app/1.1 libwww/2.07
This comment on the MetaFilter thread, which I only just noticed, is by Remy Sharp, who was part of the team that reimplemented WorldWideWeb as part
of that hackathon (his blog posts about the experience: 1, 2,
3, 4, 5),
and acknowledges my contribution. Squee!
My 17 year old daughter generously sat down with me to talk about consent — her personal experiences with it, humor of it, nonverbal versions, and how to respond to rejection. We
talked about her thoughts on the Dear Boy Who Likes My Daughter episode, how she perceives my romantic relationships, what makes a good cuddle partner, and being resourceful after
trauma. There’s laughing and crying and lots of proud mama.
I’ve been gradually catching up on Dr. Doe‘s Sexplanations podcast; I’m up into the 30-somethings now but my favourite so far might have been
episode 25, which presents a very authentic and raw look at Lindsey and her daughter Des’s thoughts on sex, romance, and consent. Adorable.
My 12th favourite and my 27th favourite YouTubers just did a collaboration and it’s brilliant. Also: I totally knew seven out of the twelve terms Dr
Doe brought to the table and would have been able to guess at least one more (as well as, of course, knowing what TomSka meant by his
British slang), so this video made me feel clever.
Last year, Robin Varley and his friend Sergio thought it would be an
amusing challenge to pedal the 50-odd mile gap between Brixton and Brighton using only London’s colloquially-named Boris Bikes. The trip lasted just over 10 hours, including a
brief photo op with Gatwick police, and set the
pair back a modest sum of 40 GBP.
This year Robin enlisted the help of fellow adventure-seeker Magnus Mulvany, and while the duo kept the alliterative theme of the campaign they opted for a significantly more
daunting circuit.
Cyberattacks don’t magically happen; they involve a series of steps. And far from being helpless, defenders can disrupt the attack at any of those steps. This framing has led to
something called the “cybersecurity kill chain”: a way of thinking about cyber defense in terms of disrupting the attacker’s process. On a similar note, it’s…
Bruce proposes a model to apply the cybersecurity kill chain to the problem of thwarting information operations of the types that we’re seeing day-to-day in the cyberwar landscape. Or
at least, to understand it. Interesting reading, but – and call me cynical – I don’t know if it’s possible to implement some of the kill-stops that would be required to produce
a meaningful barrier.
Applied mathematics at its… best? After predicting statistically that it would take 400-500 packets of Skittles before you’d expect to find the same permutation of colours, an
experiment finds empirical backing for this answer at pack number 464.
This week on Twitter, Maxime Euzière asked why people choose large frameworks over vanilla JS. There are quite a few reasons. Some of them are really valid. Many of them aren’t.
Here are the ones I see most often (with commentary). Vanilla JS is harder. No, it’s often not. Modern vanilla JS has taken many…
Like many people who were already developing for the Web when Javascript first reared its (ugly) head, I would later be delighted when libraries like Prototype and later jQuery would arrive and start doing the “heavy lifting” for me. Not having to do DOM parsing or (especially) Ajax the “long way” (which was particularly long given
the workarounds that needed to be done for cross-compatibility) was a huge boon and made it possible for me to write applications that I wouldn’t otherwise have been able to.
But in recent years, I’ve really been enjoying “vanilla” JS. As a language, JavaScript has really grown-up lately, and with modern (and evergreen) browsers dominating the
landscape, everybody benefits from these new features relatively soon after they become available. Of course, it’s still important to see any JavaScript as a progressive
enhancement that not everybody will experience, but it’s still true, now, that the traditional barriers to writing excellent
code in the language are rapidly evaporating.
I no longer add jQuery to a project as a matter of course (and in fact I think it’s been over a year since I deliberately added it to a new project), and that’s great.
He announced yesterday his new secondary Twitter account, @TailsteakAD
(the “AD” is for “After Dark”) and was delighted from the very top tweet onwards:
That’s the spirit.
Anyway: a short while later I found a 20-page comic he’d made called The Escape Room: read it on
Twitter or via Threadreader. It might be exactly the comic you’ve always been
looking for, assuming that the comic you’ve always been looking for combines B/D, gay sex, and escape room puzzle mechanics.
NSFW, obviously.
Suddenly I feel like the escape rooms I go to aren’t quite as good as I thought.
At last week’s Rocky Mountain Poly Living conference in Denver, Leanna Wolfe — a poly
anthropologist and sexologist active in the movement almost since its birth in the 1980s — spoke on what she called the three historical stages of polyamory in Western culture.
Her Stage 1 was mostly male-centric (my paraphrase). She described it as running through the Oneida Colony and other utopian communities of the 19th century through the free-love
beliefs and attitudes that exploded in the 1960s.
Stage 2 has been what we call the modern poly movement: strongly feminist in its origins and growth, born in the mid-1980s and running until more or less now. Its founders,
organizers, media spokespeople, bloggers, podcasters, book authors and opinion leaders have been mostly women (the ratio by my count is about 3 to 1). Its ideology has been
gender-egalitarian, communication-centric, and consent-based since before consent culture was a thing. Like Stage 1, Stage 2 has been something of a counterculture that sees itself
apart from mainstream society.
The current Stage 3 is the mainstreaming of consensual non-monogamy (CNM) in its many forms, including polyamory, into the general culture. This shift is well under way and bodes to
take over the conversation in coming years — for better and for worse, as I’ve been speechifying about since 2008.
…
Does this make those of us who’ve been doing polyamory for ages “poly hipsters”?
The Bodleian Digital Comms team is no stranger to developing out of the ordinary content. Want to represent all of the varied and gruesome deaths in Shakespeare in a fun and
engaging way? We’re on it!
We manage almost all of the Libraries’ public facing digital ‘stuff’, from our main websites to social media and digital signage. When we tot it all up, it’s over fifty websites, a
similar number of blogs, the full range of social media platforms, more than twenty digital screens, a handful of interactive experiences a year, plus…well, not actually a partridge
in a pear tree, but there areunicorns in arks.
From ambush to war crimes, a chance to delve into death in Shakespeare’s works, and to think about how it differed from
the reality
Whatever the platform, our team’s focus is on finding ways to engage the Libraries’ audiences — whether students, researchers, tourists or those around the globe who can’t actually
visit in person — with our work and our collections.
From a G7 meeting of interior ministers in Paris this month, an “outcome document“:
Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities
to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, without imposing any particular technology and while ensuring that assistance
requested from internet companies is underpinned by the rule law and due process protection. Some G7 countries highlight the importance of not prohibiting, limiting, or weakening
encryption;
There is a weird belief amongst policy makers that hacking an encryption system’s key management system is fundamentally different than hacking the system’s encryption algorithm.
The difference is only technical; the effect is the same. Both are ways of weakening encryption.
The G7’s proposal to encourage encryption backdoors demonstrates two unsurprising things about the politicians in attendance, including that:
They’re unwilling to attempt to force Internet companies to add backdoors (e.g. via legislation, fines, etc.), making their resolution functionally toothless, and
More-importantly: they continue to fail to understand what encryption is and how it works.
Somehow, then, this outcome document simultaneously manages to both go too-far (for a safe and secure cryptographic landscape for everyday users) and not-far-enough (for law enforcement
agencies that are in favour of backdoors, despite their huge flaws, to actually gain any benefit). Worst of both worlds, then.
Needless to say, I favour not attempting to weaken encryption, because such measures (a) don’t work against foreign powers, terrorist groups, and hardened criminals and (b)
do weaken the personal security of law-abiding citizens and companies (who can then become victims of the former group). “Backdoors”, however phrased, are a terrible idea.
