Two Apps to Ring in the New Year!

New York City's Times Square Alliance is has released a free app that will provide a commercial-free live stream of the Times Square New Year's Eve webcast.  You can check it out on iTunes here.

AgupieWare's exclusive New Year's Eve Nosie Maker app is also available from the App Store.  Bring the noise!

Schneier: "In the coming years we're seeing a lot more power struggles play out on the internet."

From an interview with Vice, Bruce Schneier speculates about how power struggles will play out on the internet in the coming years:
The internet is interesting because it really changes so many things. When the internet was born, there was this belief that it would vastly change the power structure. There's a great quote from John Perry Barlow in the mid-'90s at the World Economic Forum, and he basically says the governments of the world have no business on the internet, that have no power over the internet. You can't legislate it. The internet is it's own thing. It's a really utopian way of looking at the world, but we believed it. We believed the internet would change the world, would give power to the powerless. And it did, for many years. The ability to organize, to coordinate—it made so many things different.
And that changed recently. Governments discovered the internet. So now we're seeing that in China, for example, the internet is a tool of social control, and now both sides are using the internet. The Syrian dissidents are using the internet to organize, the Syrian government uses the internet to round up dissidents. That interplay between the institutionally powerful—the governments and corporations—and the distributively powerful—dissident groups, criminals, and hackers. How they both use the internet to increase their power, how they use the internet against each other, I think is fascinating. It's something that we need to look at. In the coming years we're seeing a lot more power struggles play out on the internet. And I'm just curious how that's gonna end up—it's not at all obvious.

Online Learning: Teach Yourself Python in Less Than 4 Months, Part I

The purpose of this article is to lay out a general time management template for anyone who wants to jump in to programming and computer science with little or no experience in the field.  A future article will flesh out the details, providing links to learning resources and other materials freely available online.  [Edit: See the second article in the series, which covers learning benchmarks for beginner Python programmers.]

For starters, I should say up front that I do not have any formal background in Computer Science. I'm a language teacher by trade and training, and never really considered myself a "computer person."  But some time back, after expressing some interest in programming to a programmer friend, he challenged me to try and pick up a programming language. The gist of his argument was fairly straightforward: if you can understand English, with a bit of effort you can understand a programming language, it's just syntax and semantics.  That made it sound pretty simple, and my interest was piqued, so I set to work. 

After doing a bit of background research, I decided that I would focus on the Python programming language, using MIT's Introduction to Computer Science and Programming course – all the materials for which are available for free online – as my general guide.  I finished that course within three months, supplementing it with tutorials and readings that were more in line with my own particular interests. The skills and knowledge that I acquired in that time have proven to be indispensable in my daily life, for both work and play, so much so that I wonder how it is that I was able to get by for so long without them! 

As stated above, I do not have any formal background in computer science.  However, I have over ten years of experience in planning, developing and teaching natural language learning curricula, from task-based lessons to overarching course goals, in two languages.  This article will lay out a general time-plan for self-guided study of the Python programming language for absolute beginners, using the MIT Introduction to Computer Science class as its overarching framework and scaffold.   

To begin our assessment, let's take a closer look at the MIT course. The class has 26 lectures, each about 50 minutes long, for a total of 1300 minutes, or 21 total hours of time, less than a single day.  In theory, you could easily blow through the whole course's lecture series over a long weekend, if you did it like it was your job, or a marathon of your favorite television series on Netflix.

Obviously, that does not mean you can learn all the material covered in those lectures in a three day period.  The process of learning requires things to sink in, as it were, and that just takes time.  Furthermore, it just wouldn't make any sense to simply blow through all the lectures in this way, because we still have to account for the recitation/discussion sections associated with the course, as well as for the independent study necessary to complete homework assignments, which would be normal for any university course. 

In a serious course of study at any college or university, and even for graduate level work,  disciplined students should expect to devote around ten hours a week to study for each course they take.  Assuming a full time work week of 40 hours, this would make taking four college or university classes the labor equivalent of a full time job. 

To begin working out our time table, let's therefore assume that a person should devote 10 hours a week to this project.  A college semester is about 15 weeks long, so that comes out to 150 hours of total work to successfully complete a course that like offered by MIT.  Assuming you did nothing else except this, as if doing the work for this single course were a full time job at 40 hours a week, you could complete it within a month. This is doable, but very intensive. To finish in 3 months, you'd have to devote 12-13 hours to it a week.  To finish in six months, you would have to spend 6-7 hours on it a week.  To finish it in a year's time, you could spend just 3-4 hours of work on it a week. 

For the sake of simplicity, let's assume that we have 10 hours a week to devote to this project, taking our benchmarks and cues from the syllabus for the MIT course.  (We'll work out alternative time lines at the end of the post.)  What do we do with all this time?  The answer is deceptively simple:  watch the lectures, read, do tutorials and exercises, and begin work on your own individual programming projects.  Let's flesh this out a bit.   

With 26 lectures at 50 minutes each, that comes out to 100 minutes of lectures a week, the equivalent of the time you might spend watching a bad movie you wish you hadn't watched to begin with.  In a university course, each week you are also going to spend around another hour in your discussion/recitation section, reviewing materials covered in the corresponding lectures.  That leaves us with around 7 hours and 20 minutes of time for independent study.  How should one spend that time?  Reading, research and practice. 

Let's assume that in a given week, the professor covers more or less the same materials that can be found in the course textbook, in more to less the same amount of time that it would take you to read those sections of the text(s).  So now we have a ballpark figure of 1.5 hours to devote to reading, leaving us with just under 6 hours of time left for the week. 

Doing the reading is not an end in itself, there are also homework assignments that need to be completed. In the MIT course, the homework and problem sets reinforce the lessons covered in the lectures. However, as you complete such exercises, you will find that there are things in the textbook or from the lecture that you did not understand, or you will come across a problem that requires looking into something that has not yet been covered in the lectures or readings at all, and you will therefore have to inquire into these things a bit more closely. So homework will also necessitate more reading, research and tutorials.

Let's assume that doing the homework requires about as much time as you would normally spend in class including discussion section, around 2.5 hours.  We're now left with 3.5 hours of free study time to do with as we please.  This can be spent doing more background reading, tutorials, exercises, or working on one's own little programming projects. 

So here's our plan for 10 hours of work a week, to complete the course in about 15 weeks:
   • Watch the lectures (2 @ 50 mins): ~2 hours
   • Textbook and background reading: ~2 hours
   • Recitation/discussion video tutorial: ~1 hour
   • Homework problems and exercises: ~2 hours
   • Free study tutorials or reading: 1-2 hours
   • Free study independent projects: 1-2 hours

Let's break this down even further.  For each 50 minute lecture, one should do:
  • 1 hour of reading
  • 30 minutes of recitation/tutorial videos
  • 1 hour of problems or exercises
  • 1 hour of targeted external tutorials
  • 1 hour on your own little project(s)

Assuming you were to devote 90 minutes a day, 3-4 days a week to this project, within 4 months, you will have watched all the lectures from the course, read a couple books, done tens or hundreds of problems, completed a number of tutorials, done a lot of online (re)searching, and created a bunch of your own little programs, putting in 150 hours of work.

Doing 90 minutes a day, 2 days a week, it would take 50 weeks, just under a year, to complete the course.  Doing 60 minutes a day, 3 days a week is the same, of course.    

Doing 90 minutes a day, 3 days a week would take 33 weeks, about 8 months.

Doing 90 minutes a day, 5 days a week would take 20 weeks, or 5 months.

Doing 90 minutes a day, every day, would take 3.5 months. 

Doing 2 hours a day, 3 days a week would take about 6 months. 

Doing 1 hour a day, every day, would take just over 5 months. 

In the next article in this series, I'll detail specific textbooks, video and text-based tutorials, and other assorted learning materials to help put some muscle on the skeleton framework presented in this post.  

See the second article in the series, which covers learning benchmarks for beginner Python programmers.

New Year's Apps: Clock Watchers, Noise Makers and Resolution Keepers

As noted the other day in our post on New Year's apps, New York City's Times Square Alliance is has released a free app that will provide a commercial-free live stream of the Times Square New Year's Eve webcast.  You can check it out on iTunes here.  And AgupieWare's exclusive New Year's Eve Nosie Maker app is also available from the App Store for just $0.99.  Bring the noise!

Over at CNET, Sarah Mitroff  profiles five apps to help keep your New Year's resolutions:
Lose weight, stop smoking, save for a new house, organize your life: Your resolutions are set, and you have every intention of keeping them -- at least until life gets in the way. Don't give up on your goals before February, instead download a few apps that can nudge you in the right direction and coach you to stay on track.

Snapchat Vulnerable to Data Hack

Hackers have made sure that popular photo sharing app Snapchat got a hearty lump of coal for Christmas.  After having its security disclosure go ignored since August, Gibson Security has published Snapchat's previously undocumented developer hooks (API) and code for two exploits that allow mass matching of phone numbers with names and mass creation of bogus accounts.  on the GibSec Twitter account on Christmas Eve — which by time difference is Christmas Day in Australia.
The Australian hackers announced its publication of Snapchat's API and the two exploits 

Target Data Hack Worse than Initially Reported

It's almost like they painted a target on themselves.  Oh wait . . . from the NYT:
After hackers stole credit and debit card records for 40 million Target store customers, the retailer said customers’ personal identification numbers, or PINs, had not been breached. Not so. On Friday, a Target spokeswoman backtracked from previous statements and said criminals had made off with customers’ encrypted PIN information as well.

Two Apps to Ring in the New Year

New York City's Times Square Alliance is has released a free app that will provide a commercial-free live stream of the Times Square New Year's Eve webcast.  You can check it out on iTunes here.

AgupieWare's exclusive New Year's Eve Nosie Maker app is also available from the App Store for just $0.99.  Bring the noise!

How to Scrub Your Online Presence . . .

It is by now common wisdom that once you put something up on the internet, it is there forever, or at least as long as the internet still exists.  However, it is possible to change your digital footprint enough to hide your tracks.  A small primer on doing so from Make Use Of:
If you’re looking to drop from the Webosphere completely in an attempt to remain anonymous, we can help. The process is arduous and there are several key steps you’ll need to take along the way. But in the end, if you value your online privacy, it’ll be worth it . . .

Glenn Greenwald to Speak at Chaos Communication Conference

From ZDNet:
The world's oldest and largest global hacker organization The Chaos Computer Club (CCC) has announced it will open next week's conference, the 30th Chaos Communication Congress (30c3), with a December 27 opening keynote by Glenn Greenwald.

Glenn Greenwald's keynote tops our list of must-see talks at the legendary event. 30C3's schedule shows that the compelling keynote won't be the only explosive presentation at 30C3.

Mr. Greenwald's keynote will be webcast live on this page. If you miss it, all of 30C3's talks will be archived on the offical CCC media website. CCC's archives go online astonishingly fast.

Researchers Hack RSA with Acoustic Cryptanalysis

Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer and, in particular, leak sensitive information about security-related computations. In a preliminary presentation, we have shown that different RSA keys induce different sound patterns, but it was not clear how to extract individual key bits. The main problem was the very low bandwidth of the acoustic side channel (under 20 kHz using common microphones, and a few hundred kHz using ultrasound microphones), many orders of magnitude below the GHz-scale clock rates of the attacked computers.

Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts . . .

Tens of Millions of Credit and Debit Cards Compromised in Target Hack

If only there were an alternative global payment processing system, one that did not rely on the shady practices of banks and corporations.  From the Chicago Tribune:
Target Corp said data from about 40 million credit and debit cards might have been stolen from shoppers at its stores during the first three weeks of the holiday shopping season.
The data theft, unprecedented in its ferocity, took place over a 19-day period that began the day before Thanksgiving. Target confirmed on Thursday that it identified and resolved the issue on Dec. 15 . . .

Target said the breach, second-largest hack at a U.S. retailer, might have compromised accounts between Nov. 27 and Dec. 15, a period of nearly three weeks.

China Turns Against Bitcoin: Price Drops

From FT:
China has blocked the country’s Bitcoin exchanges from accepting new inflows of cash, a move that imperils the much-hyped virtual currency in its biggest market.  The head of BTCChina, the world’s largest Bitcoin exchange by trading volume, said he had received word at midday on Wednesday that his platform would no longer be able to accept renminbi from would-be Bitcoin buyers.
The price of Bitcoin has since dropped by 50%.  In related news, the price of Bitcoin is still over 100% higher than it was just a month and a half ago.  

Duolingo: Apple's App of the Year

From the Pittsburgh Post-Gazette:

Apple has named Pittsburgh-based language learning smartphone application Duolingo as the iTunes App Store App of The Year.  Apple announced today that Duolingo, created by Carnegie Mellon University computer science professor Luis Von Ahn, was the editor's choice for 2013 App of the Year. The free iPhone app, described in Apple's App Store as "fantastically well-designed and easy to use," beat out San Francisco-based photo editing app VSCO Cam and San Francisco-based educational game Endless Alphabet.

Judge Finds Dragnet Surveillance "Indiscriminate" and "Arbitrary", Allows It to Continue Anyway

Like the executive and legislative branches of government, the judiciary is an active opponent of basic constitutional rights and liberties in the United States.  Even when judges recognize the dangers posed by government action, they rarely act to stop it.  From Reuters:

The U.S. government's collection of massive amounts of data about telephone calls, a program revealed in June after leaks by former National Security Agency contractor Edward Snowden, is likely unlawful, a judge ruled on Monday.
U.S. District Judge Richard Leon stayed his own ruling pending an expected appeal by the government, but in a significant challenge to U.S. spying authority, he wrote that the program likely violated Americans' right to be free of unreasonable searches.

"I cannot imagine a more 'indiscriminate' and 'arbitrary invasion' than this systematic and high-tech collection and retention of personal data on virtually every single citizen," Leon wrote, citing earlier court precedent.

SteamOS to Released Tomorrow

From Ars Technica:
PC gamers who are champing at the bit to build their very own "Steam Machines" won't have to wait long to start tinkering, as Valve has revealed that its recently announced SteamOS will be available this Friday.
The announcement comes alongside word from Valve that its prototype Steam Machines, along with the companion Steam Controller, will be shipped out to 300 randomly selected US beta testers on Friday. Valve plans to notify the lucky testers via e-mail at 2pm Pacific today, and beta participants will get a special badge on their Steam accounts so journalists and fellow players can start bugging them for their impressions incessantly.

Harlem to Become Nation's Largest Public Wifi Zone

Mayor Michael R. Bloomberg today announced the launch of a new outdoor
public WiFi network in Harlem accessible to all users at no cost. The Harlem WiFi network will extend 95 city blocks, from 110th to 138th Streets between Frederick Douglass Boulevard and Madison Avenue making it the largest continuous free outdoor public wireless network in the nation. The network, which will be rolled out in three phases in coordination with the city’s Technology Development Corporation and the Department of Information Technology and Telecommunications, will increase digital access for approximately 80,000 Harlem residents, including 13,000 public housing residents, as well as businesses and visitors in the area.
The free public network will serve the community for an initial five-year term and is funded through a generous donation from the Fuhrman Family Foundation to the Mayor’s Fund to Advance New York City. The first phase, extending from 110th to 120th Streets between Madison Avenue and Frederick Douglass Boulevard, is underway and the remaining phases will be complete by May 2014. The Mayor was joined at the announcement by Chief Information and Innovation Officer Rahul Merchant, Glenn and Amanda Fuhrman, Mayor’s Fund to Advance New York City President Megan Sheekey, Chief Digital Officer Rachel Haot, New York City Housing Authority Chairman John Rhea and Harlem Children’s Zone President and Chief Executive Officer Geoffrey Canada.
“Our new Harlem wireless network brings critical connectivity to residents and visitors, giving them 24/7 access to everything from education materials for kids, to information about Harlem’s rich history and attractions, to everyday needs like paying bills, checking library hours – or even just keeping tabs on the Knicks and Nets,” said Mayor Bloomberg. “In 2013 being successful requires being connected; thanks to the Fuhrman Family Foundation and the Mayor’s Fund, we are wiring nearly 100 blocks in Harlem and giving 80,000 New Yorkers another tool for success.”

Big Business and Big Government: Dragnet Surveillance Already the Norm from the FBI to the Local Police

If only there were some kind of document that outlined the established powers of government, and provided for reasonable and rational limits to what that government is legally allowed to do, and if only it were faithfully enforced and adhered to, we would live in a very different world. The war on the Fourth Amendment continues apace.  From Wired:
The nation’s mobile phone carriers received more than 9,000 requests last year for cell-tower dumps, which identify every mobile phone at a particular location and time, often by the thousands.

The revelation, revealed in a congressional inquiry, underscores that domestic authorities, from the FBI to the local police, are performing a massive amount of surveillance on Americans on domestic soil, sometimes without probable-cause warrants.

Figures provided by the nation’s largest carriers, T-Mobile, Sprint, Verizon and AT&T, and smaller companies, like C-Spire and Cricket, show that the carriers overall got as many as 1.1 million requests for customer cellular data last year. They’ve earned tens of millions of dollars processing the data, the records show. . . .

But the most startling figures show that the authorities are obtaining information on the whereabouts of perhaps thousands of people at once, often by a judge’s signature based on assurances from the authorities that the data is relevant to an investigation.

Tech Firms Call for International Ban on Dragnet Surveillance

From the Guardian:
The world's leading technology companies have united to demand sweeping
changes to US surveillance laws, urging an international ban on bulk collection of data to help preserve the public's “trust in the internet”.
In their most concerted response yet to disclosures by the National Security Agency whistleblower Edward Snowden, Apple, Google, Microsoft, Facebook, Yahoo, LinkedIn, Twitter and AOL have published an open letter to Barack Obama and Congress on Monday, throwing their weight behind radical reforms already proposed by Washington politicians.
“The balance in many countries has tipped too far in favour of the state and away from the rights of the individual – rights that are enshrined in our constitution,” urges the letter signed by the eight US-based internet giants. “This undermines the freedoms we all cherish. It’s time for change.”

"Don't Go Fishing While Your House is on Fire" and Other Go Proverbs for Bitcoiners

It would be interesting to find out if there are many Go players in the Bitcoin community.  As a casual Go (i.e. Baduk) player, I often find that traditional proverbs on the game's strategy and tactics are applicable to other aspects of life, the world and everything. And that includes Bitcoin.  So I thought I'd share some Go proverbs that may be helpful to other Bitcoiners out there.  Here are nine Go proverbs and some thoughts on their application to Bitcoin.  You can find more Go proverbs over at Sensei's Library.

"If it has a name, know it."

In Go, this of course does not mean that we should just pick up some fancy jargon and start throwing it around. Rather, the idea is that if something is important or common enough to have a name, you should know what that thing is, and study it – whether it is an opening move, a pattern, a trade-off, or a protocol.  One of the more interesting aspects of Bitcoin is that it requires a non-trivial amount of inquiry to gain a basic understanding of what Bitcoin is, how it works and how to use it, let alone how to improve it.  For the average person, there are a lot of new things to learn or understand before you can comfortably and competently navigate the conceptual and practical aspects of Bitcoin, same as on the Go board.  Simply put, this means: do your research and your due diligence!

"Lose your first 50 games as quickly as possible."

There is a significant learning curve to Go, but you can learn all the rules in a few minutes.  You are going to make beginner mistakes (sometimes even the pros make them!).  It is better to make those mistakes quickly, in a low stakes environment, and learn from them.  With respect to Bitcoin, just think of how many people have gotten tripped up by the way in which the original client handles the change from one address when you make a fractional transfer to another!  If only they had tested the waters early on with a small transaction, they wouldn't have been caught off guard when there was more on the line. 

"Play urgent moves before big moves."

In Go, it is a grave error to attack a strong position from a weak base, or to expand to new territory before consolidating your current position.  Build your defenses before you go on the attack.  Planning on buying a bunch of bitcoin? or moving a bunch of currency around? or investing a ton of money in hardware?  Make sure you've got a strong and secure base from which to make your move.  Secure your wallet. 

"Don't go fishing while your house is on fire."

This is a more colorful version of the previous proverb, but the redundancy emphasizes the importance of the lesson.  Make sure your base is covered before taking off on flights of fancy!  Consider also that the study and research advised in the first proverb above are themselves necessary to properly secure your base in practice.

"A rich man should not pick quarrels." 

On the Go board, this means if you find yourself in a strong position with a big lead, don't take needless risks at your opponent's expense or your own.  Others will react violently when their survival is threatened, and you may inadvertently risk your own survival by opening yourself up to attack.

"The greedy do not get success."

This proverb is closely related to the previous one, and again re-enforces the lesson.  The notion of greed is a central concept in the psychology of Go.  Greed can cloud one's judgment and cause an otherwise rational person to make rash decisions or take excessive and needless risk with little forethought.  Don't invest more than you can afford to lose.

"Sacrifice plums for peaches."

In Go, it is not wise to be greedy, but you still have to take profit if you want to come out ahead.  And oftentimes you have to sacrifice something – big or small – to get something more in return, or to get anything at all. 

"Use go to meet friends."

Visit your local go club, meet new people and learn from them, and teach people in your circle of friends.  Check out your local Bitcoin meetup group or start one yourself.

"Don't follow proverbs blindly."

This meta-proverb is one of my favorites.  Don't be rigid in your thinking or in your play.  Always be skeptical and think for yourself!

Any other Go playing Bitcoiners or Bitcoining Go players out there?  What are your favorite Go proverbs?

The Threat of Government

The longer a government views people in general and its citizens in particular as a threat, the more people will come to understand that government is a threat to them.  From ZDNET:
While Microsoft's recent move to encrypt user data made the most headlines, the reasoning underlying its new data protection strategies classify the US government in the same category as a cyber-criminal group.
Brad Smith, Microsoft's EVP of Legal and Corporate Affairs, labeled the American government as an "advanced persistent threat" in a December 4 post on The Official Microsoft Blog.
The term advanced persistent threat (APT) refers to an attacker, usually an organized group of malicious attackers, that should be considered harmful and dangerous — and an overall method of attack that plays a "long game."

Two Major Internet Data Breaches

Someone's been rerouting traffic from the internet information fire hose.  From Wired:
In 2008, two security researchers at the DefCon hacker conference demonstrated a massive security vulnerability in the worldwide internet traffic-routing system — a vulnerability so severe that it could allow intelligence agencies, corporate spies or criminals to intercept massive amounts of data, or even tamper with it on the fly.
The traffic hijack, they showed, could be done in such a way that no one would notice because the attackers could simply re-route the traffic to a router they controlled, then forward it to its intended destination once they were done with it, leaving no one the wiser about what had occurred.
Now, five years later, this is exactly what has occurred. Earlier this year, researchers say, someone mysteriously hijacked internet traffic headed to government agencies, corporate offices and other recipients in the U.S. and elsewhere and redirected it to Belarus and Iceland, before sending it on its way to its legitimate destinations. They did so repeatedly over several months. But luckily someone did notice.
What the surveillance state security hysterics fail to understand is that any breach of informational security in the name of security makes everyone less secure on the internet. In related news, 2 million passwords have been compromised from some of the biggest names in the tech industry:
Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.

The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.

FCC Chair Open to Class-Based Internet Access

From Public Knowledge:
Yesterday, new FCC Chairman Tom Wheeler delivered his first formal public address.  After a prepared speech that explained his regulatory approach, he moved to a Q&A session.  In that session, he appeared to endorse the opposite of net neutrality: allowing ISPs to charge websites and services in order to reach that ISP’s subscribers.   In other words, giving ISPs the power to pick winners and losers online.

French Government Seeks Powers for Live Dragnet Internet Surveillance

From CIO:
A wide variety of government officials could gain access to live data concerning users of ISPs and online services including content-hosting sites, without the approval of a judge, under a draft law approved by members of the French National Assembly on Friday.

The measure, a rider on the 2014-2019 defense appropriation bill, would require ISPs and content hosting companies to provide government officials with access to details of their users' activity without judicial oversight. Law enforcement officials can already ask a judge for an order to access such data.
If the bill becomes law, it will no longer be necessary to go via the courts to obtain such access, and the number of government officials who could access the data would be much broader, potentially including those responsible for collecting taxes.

Tech Firms Work to Counter Appearance of Impropriety in Dragnet Surveillance

From USA Today:
Google, Facebook, Microsoft and Twitter are engaged in a costly tech arms race, with their businesses and cultures at stake. Not against one another, mind you, but a common foe: the National Security Agency.

The tech juggernauts are investing in security technology, lobbying efforts and good old-fashioned PR to thwart U.S. government snooping of their data systems, often without their cooperation or knowledge.

For months, the narrative has focused on data breaches and spying as tech's biggest players quietly stewed over a sense of government betrayal, while assessing threats to their brands because of consumer outrage over invasion of their privacy.

Thefts Rise with Price of Bitcoin

How secure are your bitcoins?  From Information Week:
That rise in value has driven hackers to attack online wallet services that store bitcoins. "Each of these companies had been operating officially for only a few months, yet already had entrusted to them millions of dollars that are now in the hands of cybercrooks," Paul Ducklin, head of technology for Sophos in the Asia Pacific region, said Tuesday in a blog post.
Malware writers have also taken a keen interest in bitcoins, with some -- especially Russian gangs -- modifying their crimeware tools to identify and steal any bitcoins found on infected PCs. "There are numerous malware families today that either perform Bitcoin mining or directly steal the contents of victims' Bitcoin wallets, or both," according to a blog post from Robert Lipovsky, a researcher at security firm ESET.

The World's Most Honest Apple Picker

From the UK Metro:
A pickpocket surprised his victim when he posted him a handwritten note of the 1,000 contacts on his stolen iPhone.  Zou Bin received the 11-page letter after sending a series of threatening texts demanding his Apple handset to be returned.
He was allegedly robbed after sharing a taxi with a man in the central province of Hunan in China, the Xinhua state news agency reported. ‘I know you are the man who sat beside me. I can assure you that I will find you,’ he wrote in the text message. ‘Look through the contact numbers in my mobile and you will know what trade I am in.  ‘Send me back the phone to the address below if you are sensible.’  Zou said he was ‘astonished’ when he received a package containing the note days later, although the thief did not return the stolen iPhone.

Bitcoin Passes $1000 Mark

From USA Today:
Happy Thanksgiving Bitcoin.  The value of the so-called cryptocurrency surged above $1,000 as it becomes easier to use as a way to pay and easier to access for investors looking for an alternative to gold.
One Bitcoin was briefly worth $1.073 on Wednesday, up from less than $100 earlier this year, according to Mt. Gox, which hosts and operates a popular Bitcoin trading platform. Later in the day it dropped back to $930.
"Bitcoin is just starting to break out into the mainstream," said Eric Tilenius, executive-in-residence at Scale Venture Partners, who has a small percentage of his investment portfolio in the digital currency.

Bitcoin Black Friday Shopping

The Bitcoin community is gearing up for a holiday shopping spree by hosting its own Black Friday event.

Hundreds of merchants will be joining "Bitcoin Friday" on Nov. 29, selling everything from Christmas trees to clothes, to web domains.

Bitcoin Friday deals include unlocked phones from GSM Nation and discounted plane tickets from OKCupid, which has been accepting bitcoins since April, will be participating as well.

Media outlets are jumping into the Bitcoin deals bandwagon too: GOOD Magazine is giving away $5 discounts for subscriptions and the Free Press is slashing shipping costs. Reddit is also offering a deal on "Reddit Gold."

Beware the NSA Botnet

From Tech Dirt:
Over the weekend, the Dutch media operation NRC published yet anhad infected 50,000 computer networks with malware. The only really new thing here is the number. We already knew the NSA's TAO (Tailored Access Operations) group was infecting computers around the globe using packet injection, via a system it calls "quantum injection", and that it's used these to install malware on key computers inside Belgacom, the Belgian telco giant. However, the latest report basically shows that the NSA has been able to compromise computers and networks in the same manner all around the globe . . .
other Ed Snowden slide, showing how the NSA

Bitcoin Gets Galactic Boost

From The Verge:
Richard Branson believes in Bitcoin, and he's putting his money where his mouth is. The billionaire CEO has announced that his commercial space startup Virgin Galactic will now accept payment from future astronauts in the virtual currency.
"Virgin Galactic is a company looking into the future, so is Bitcoin," Branson writes in a blog post on the Virgin site. "So it makes sense we would offer Bitcoin as a way to pay for your journey to space."

Google Exec: "Encrypt Everything!"

From The Verge:
Since revelations of the NSA's widespread data collection and monitoring earlier this year, Google has staunchly denied working with the government agency and has taken it to task on a number of occasions. After calling the NSA surveillance "outrageous" earlier this month, Google executive chairman Eric Schmidt has come out against the agency again in an interview with Bloomberg News. "The solution to government surveillance is to encrypt everything," Schmidt said in a speed at the Johns Hopkins University School of Advanced International Studies. "We can end government censorship in a decade."

The Surveillance Industry Index

Privacy International has released a Surveillance Industry Index.  From PI:
Privacy International is pleased to announce the Surveillance Industry Index,
the most comprehensive publicly available database on the private surveillance sector.
Over the last four years, Privacy International has been gathering information from various sources that details how the sector sells its technologies, what the technologies are capable of and in some cases, which governments a technology has been sold to. Through our collection of materials and brochures at surveillance trade shows around the world, and by incorporating certain information provided by Wikileaks and Omega Research Foundation, this collection of documents represents the largest single index on the private surveillance sector ever assembled. All told, there are 1,203 documents detailing 97 surveillance technologies contained within the database. The Index features 338 companies that develop these technologies in 36 countries around the world.
This research was conducted as part of our Big Brother Incorporated project, an investigation into the international surveillance trade that focuses on the sale of technologies by Western companies to repressive regimes intent on using them as tools of political control.
What we found, and what we are publishing, is downright scary . . .

Police Pay Cryptolocker Ransom

From The Herald News:
A computer virus that encrypts files and then demands that victims pay a “ransom” to decrypt those items recently hit the Swansea Police Department.
The department paid $750 for two Bitcoins — an online currency — to decrypt several images and word documents in its computer system, Swansea Police Lt. Gregory Ryan said.
“It was an education for (those who) had to deal with it,” Ryan said, adding that the virus did not affect the software program that the police department uses for police reports and booking photos. . . .

CryptoLocker, a new Windows ransomware virus sweeping across the country, hit the Swansea Police Department on Nov. 6. The virus encrypted several files that could only be decrypted through the purchase of Bitcoins, an unregulated digital currency, to pay for the special “decryption key.” A countdown clock appeared on a computer screen showing how much time the department had to buy the key before all the files were deleted.

Bitcoin Blows Past $600

From CNBC:
Bitcoin touched a fresh all-time high on Monday as the digital currency continued to gain favor with investors.  The virtual currency rose to just under $619 on Mt. Gox exchange Monday afternoon in Asia, up by over 25 percent from the same time on Sunday.
Its latest gains come as the potential for regulation hangs over the market. The U.S. Senate Committee on Homeland Security and Governmental Affairs (HSGAC) is set to begin a hearing at 3.00 p.m. Washington time on Monday. The event will bring representatives from different federal agencies and representatives from the bitcoin community to discuss virtual currencies.

Executive Computer Illiteracy a Threat to Consumer Data Security

Here's an interesting new study from Threat Track Security, a "blind survey of 200 security professionals dealing with malware analysis within U.S. enterprises."  From the release:
ThreatTrack Security today published a study that reveals mounting cybersecurity challenges within U.S. enterprises. Nearly 6 in 10 malware analysts reported they have investigated or addressed a data breach that was never disclosed by their company.

These results suggest that the data breach epidemic - totaling 621 confirmed data breaches in 2012, according to Verizon's 2013 Data Breach Investigations Report - may be significantly underreported, leaving enterprises' customers and data-sharing partners unaware of a wide array of potential security risks associated with the loss of personal or proprietary information. Moreover, the largest companies, those with more than 500 employees, are even more likely to have had an unreported breach, with 66% of malware analysts with enterprises of that size reporting undisclosed data breaches. 
Despite their gravity, the reasons behind these breaches are rather funny:
malware analysts revealed a device used by a member of their senior leadership team had become infected with malware due to executives:
  • Visiting a pornographic website (40%)
  • Clicking on a malicious link in a phishing email (56%)
  • Allowing a family member to use a company-owned device (45%)
  • Installing a malicious mobile app (33%)

Wikileaks Obtains Draft Text of TPP Copyright Agreement

From the Guardian:
WikiLeaks has released the draft text of a chapter of the Trans-Pacific Partnership (TPP) agreement, a multilateral free-trade treaty currently being negotiated in secret by 12 Pacific Rim nations.
The full agreement covers a number of areas, but the chapter published by WikiLeaks focuses on intellectual property rights, an area of law which has effects in areas as diverse as pharmaceuticals and civil liberties.
Negotiations for the TPP have included representatives from the United States, Canada, Australia, New Zealand, Japan, Mexico, Malaysia, Chile, Singapore, Peru, Vietnam, and Brunei, but have been conducted behind closed doors. Even members of the US Congress were only allowed to view selected portions of the documents under supervision.

HTTPS: Toward a Secure Internet

There seems to be strong consensus to increase the use of encryption on the Web, but there is less agreement about how to go about this. The most relevant proposals were: 
A. Opportunistic encryption for http:// URIs without server authentication -- a.k.a. "TLS Relaxed" as per draft-nottingham-http2-encryption.

B. Opportunistic encryption for http:// URIs with server authentication -- the same mechanism, but not "relaxed", along with some form of downgrade protection.

 C. HTTP/2 to only be used with https:// URIs on the "open" Internet. http:// URIs would continue to use HTTP/1 (and of course it would still be possible for older HTTP/1 clients to still interoperate with https:// URIs).

In subsequent discussion, there seems to be agreement that (C) is preferable to (B), since it is more straightforward; no new mechanism needs to be specified, and HSTS can be used for downgrade protection. (C) also has this advantage over (A), and furthermore provides stronger protection against active attacks. The strongest objections against (A) seemed to be about creating confusion about security and discouraging use of "full" TLS, whereas those against (C) were about limiting deployment of better security.

Keen observers have noted that we can deploy (C) and judge adoption of the new protocol, later adding (A) if neccessary. The reverse is not necessarily true.

Shielding Yourself from Prying Eyes and Algorithms on Google, Facebook and Twitter

A quick how-to on shielding yourself from online tracking by Google, Facebook and Twitter, from Mashable:
Many sites, apps and browsers are using your information in ways you might not entirely comply with if you'd take the time to read their privacy policies. Often, opting out is only a click away, though it may be difficult to find out where exactly to click. We've compiled this list of ways various Internet companies are tracking and using your data — plus, given you the tools to opt out, if you wish . . .

Sunday US Mail Delivery for Amazon

From the Washington Post:
Amazon is teaming up with the U.S. Postal Service to deliver packages on Sundays.  The Seattle company says Sunday delivery will be available this week to customers in the New York and Los Angeles metropolitan areas. Amazon and the Postal Service plan to roll out service to “a large portion of the U.S. population” next year, including the cities of Dallas, Houston, New Orleans, and Phoenix.
Mail on Sunday?!

Online Learning: Three Free Intro to PHP Video Lecture Series

Learning your first programming language, or jumping in to a completely new programming language, can seem like a daunting task.  Where does one even begin?  The first step, of course, is to see what materials are freely available online.  There are a plethora of sites like Code Academy and Tutorials Point which offer text-based coding tutorials for free, but these can only take one so far, and may not provide answers to seemingly obvious questions a beginner may have.  In addition, there are many people whose learning style simply does not jive with a purely text-based format.  Fortunately, there is no lack of free online video series.  But even then the same question arises, where does one even begin, given the sheer quantity of such video lectures and tutorials?  In this post, we'll take a look at three free online video series devoted to beginning PHP programming . . . 

Harvard CS 75: Building Dynamic Websites
This course is from Harvard University's Computer Science curriculum, and provides all course materials for free online, including video of all lectures and discussion sections.  From the course description:
This course teaches students how to build dynamic websites with Ajax and with Linux, Apache, MySQL, and PHP (LAMP), one of today's most popular frameworks. Students learn how to set up domain names with DNS, how to structure pages with XHTML and CSS, how to program in JavaScript and PHP, how to configure Apache and MySQL, how to design and query databases with SQL, how to use Ajax with both XML and JSON, and how to build mashups. The course discusses issues of security, scalability, and cross-browser support and also discusses enterprise-level deployments of websites, including third-party hosting, virtualization, colocation in data centers, firewalling, and load-balancing. 
The list of lectures can be found here.  Ironically, the course video lectures do not always load properly in Firefox or Safari, but there appear to be few problems when using Chrome.  

Carl Herold's Live Stream Programming Sessions
Carl Herold is the operator of Computer Science for Everyone, which provides programming lessons and tutorials on the C programming language with a beginner audience in mind.  On his Youtube Channel, however, Carl provides video from two different series of live programming sessions where he builds a PHP-based web app from scratch using a Model-View-Controller type framework.  These video tutorials demystify numerous aspects of the programming process that may confuse the beginner.  Afterwards, you may find yourself wondering what you found so confusing to begin with.  This is the first video from a four part series on Building a PHP MVC Web Application Framework:

See also his related video series, LiveStream Startup, in which he programs "a real-world web application from scratch" in real time.

Eli the Computer Guy's PHP Programming Video Lectures
While the Harvard course and Carl Herold's live streams mentioned above provide an overview of the web app programming process – and thus touch upon XML, MYSQL, and so on –, Eli the Computer Guy's series of videos on PHP programming is much more targeted toward the nitty gritty of beginning programming in PHP itself.  This 11 part series covers basic syntax, form handling, flow control, and redirection.  His site also offers introductory video tutorials on a variety of other tech topics, from computer repair to networking and data security.  Well worth a view. 

NYT Endorses Secret Economic and Political Treaty

From the EFF:
The New York Times' editorial board has made a disappointing endorsement of the Trans-Pacific Partnership (TPP), even as the actual text of the agreement remains secret. That raises two distressing possibilities: either in an act of extraordinary subservience, the Times has endorsed an agreement that neither the public nor its editors have the ability to read. Or, in an act of extraordinary cowardice, it has obtained a copy of the secret text and hasn't yet fulfilled its duty to the public interest to publish it.

Without a publicly available agreement, readers are forced into the uncomfortable position of taking official government statements at face value. That's reflected in the endorsement, which fails to note the myriad ways in which TPP has been negotiated undemocratically, shutting out public oversight while permitting corporate interests to drive the agenda. Given these glaring issues, it is disconcerting that the Times would take such a supportive stance on an agreement that is likely to threaten innovation and users' digital rights well into the 21st century. DDoS Tools Spread Online

From Ars Technica:
Researchers have uncovered software available on the Internet designed to overload the struggling website with more traffic than it can handle.
"ObamaCare is an affront to the Constitutional rights of the people," a screenshot from the tool, which was acquired by researchers at Arbor Networks, declares. "We HAVE the right to CIVIL disobedience!"
In a blog post published Thursday, Arbor researcher Marc Eisenbarth said there's no evidence has been subjected to any significant denial-of-service attacks since going live last month.

Los Angeles Plans Ambitious Broadband Project

Is the internet a utility? From Ars Technica:
Los Angeles is about to unleash one of the most ambitious city-led broadband projects to date, with the goal of bringing fiber to all of its 3.5 million residents and all businesses.
Next month, the city plans to issue an RFP (request for proposals) "that would require fiber to be run to every residence, every business, and every government entity within the city limits of Los Angeles," Los Angeles Information Technology Agency GM Steve Reneker told Ars today. The City Council this morning unanimously voted to move forward with drafting the RFP and will vote again in a few weeks to determine whether it's ready for release, he said.

Lavabit's Darkmail Kickstarter Campaign

From Kickstarter:
The goal is to cleanup and release the source code that was used to power Lavabit as a f/oss project with support for dark mail added.  There is an audible pause in our analog lives; a preverbal squelch on the digital line that defines the very privacy everyone expects, but is rarely guaranteed.
That audible pause, that digital squelch carries with it a subtle promise that someone is reading, or listening, or cataloging and (ab)using every footprint we each press into the digital landscape. No one can guarantee that a third-party is or is not eavesdropping on a series of communications, but Dark Mail can guarantee that when a third-party does gain access, or demands access, the privacy users rightfully deserve is maintained without fail.
The Summer of Snowden may have taken the Lavabit email service offline, but the lifeblood of the service is still alive and relevant to Dark Mail. The goal is to perfect and release its source code as a free and open-source software (F/OSS) project. The "magma" daemon supports access via SMTP, POP3, IMAP4 and HTTP. Magma can be clustered and transparently encrypts user data before storing it on disk. It includes a Javascript webmail system that uses a JSON-based API to provide secure mail access via the web.
Along with preserving existing functionality, the team will build in support for the Dark Mail protocol. Dark Mail, a newly developed messaging protocol, is designed to provide end-to-end encryption of both the message itself and the email in transit. Because encryption will be integrated into the protocol itself, it will be invisible to the user. Dark Mail users will get the security of PGP without the cognitive burden; if someone can use email today they will be able to use Dark Mail tomorrow.
The project will also include building, and releasing as F/OSS, the first Dark Mail compatible clients. We are planning to launch with clients for the desktop (Win, Mac, Lin), smartphones and tablets (iOS, Android).  Provide the funding and you'll get access to the source code and binaries before the general public. Be one of the first service providers to support the new Dark Mail protocol!

Has the Fight for Net Neutrality Already Been Lost?

The corporations already own the parties, and the parties own the courts.  From Wired:
Net neutrality is a dead man walking. The execution date isn’t set, but it could be days, or months (at best). And since net neutrality is the principle forbidding huge telecommunications companies from treating users, websites, or apps differently — say, by letting some work better than others over their pipes — the dead man walking isn’t some abstract or far-removed principle just for wonks: It affects the internet as we all know it.
Once upon a time, companies like AT&T, Comcast, Verizon, and others declared a war on the internet’s foundational principle: that its networks should be “neutral” and users don’t need anyone’s permission to invent, create, communicate, broadcast, or share online. The neutral and level playing field provided by permissionless innovation has empowered all of us with the freedom to express ourselves and innovate online without having to seek the permission of a remote telecom executive.
But today, that freedom won’t survive much longer if a federal court — the second most powerful court in the nation behind the Supreme Court, the DC Circuit — is set to strike down the nation’s net neutrality law, a rule adopted by the Federal Communications Commission in 2010.

iGoogle Goes the Way of Reader

From The Next Web:
RIP another Google service: iGoogle, the company’s personalized Web portal product, finally bit the dust today, some eight months after its shutdown was announced.
iGoogle has slipped into the darkness quietly: there’s no final blog post marking its demise and the URL for the service — — now navigates directly to Google’s regular search page.
While it wasn’t as successful or well-used as Google Reader, the RSS service that went offline in July, iGoogle was popular with some who appreciated the ability to customize the Google search page with news feeds, games, widgets and other information that was easy to glance at and digest over the course of a day.

Coursera to Open Learning Centers Around the World in Partnership with State Department

From Businessweek:
Coursera Inc. will offer free online courses in more than 30 locations around the world, mostly in third-world countries, bringing instruction to students who lack computer access. 

Under an agreement with the State Department, courses will be available at some U.S. embassies, the Mountain View, California-based company said today. All but one of the sites are outside the U.S., including Baghdad; Port au Prince, Haiti; and Hanoi, Vietnam.
Students can take the courses, have reliable Internet access and learn from local course facilitators, Coursera said. Along with the State Department, the University of Trinidad and Tobago and Overcoming Faith Academy, an orphanage in Kenya, are among the groups hosting the space. Of the more than 5 million students who have signed up for the free courses, about 1.2 million are from emerging markets, said Yin Lu, who leads the company’s growth and international outreach efforts.

RIAA Complaint Demonstrates Their Incomprehension of Technologies They Oppose

Really, laugh out loud.  From Torrent Freak:
The RIAA alerted the U.S. Government to several notorious pirate websites this week, including The Pirate Bay. While the inclusion of the infamous torrent site doesn’t come as a surprise, the RIAA did raise a novel issue. The music labels point out that The Pirate Bay has embraced the cryptocurrency Bitcoin, which they believe makes it harder to seize and trace the site’s funds. While the former is certainly true, a quick look at TPB’s Bitcoin wallet easily reveals where the donation money is being spent.

An Interview With Al Sweigart, Author of Three Introductory Books on Python

Albert Sweigart is a software developer who lives in San Francisco.  To date he has published three introductory books on Python, all of which can be downloaded for free from his website Invent With Python.  Readers may recall the review of his most recent book, Hacking Secret Ciphers with Python, that I posted here last month, which was one of the most popular posts to date here at the aGupieWare blog.  Over the weekend, Al was kind enough to answer a few questions via email for an interview.  

Q: First, thanks for taking the time for this interview. Could you tell us a bit about yourself and your programming background? 

A: I started programming in BASIC when I was in the 3rd grade, which I always hate to say because it makes people believe that you have to start programming at a young age to become proficient in it. All of my programs up until college were pretty much variations of the same program. I didn’t really teach myself all that much, and these days anyone could do in a few months what I did in those several years.

Q:  You've published three introductory books on Python, all of which are available on your website  The first two, "Invent Your Own Computer Games with Python", and its sequel, "Making Games with Python and Pygame," are geared toward kids, while the third, "Hacking Secret Ciphers with Python," seems to be intended more for an adult audience.  How have the three books been received? 

A: Altogether, the books seemed fairly well received. I was surprised that people liked my first book, which led me to continue writing. The Amazon reviews are almost exclusively 5 and 4 stars, and I get an occasional Thank You email from readers. “Hacking Secret Ciphers with Python” is probably a bit much for young kids, but I think teenagers and adults would be able to digest it.

Q: Do you see the cryptography book as a step in a different direction, or as an extension of the puzzles and games introduced in the earlier works? 

A: I saw it as a different direction. Video games are a great way to get people involved in programming, but I wanted something else as well. I noticed that there were a lot of code and cipher books that talked about the classical ciphers the book covers, but very few that explained how to break them and none about how to write programs to break them. I saw it as an opportunity to reach a broader audience. The book itself is also aimed at people with absolutely no prior programming or cryptography experience.

Q: What has drawn you to python?  What do you think are its strengths and weaknesses?   
A: Python is a very readable scripting language. Unlike Perl which has very obtuse use of punctuation characters for different language features, and unlike Java which has an overwhelming amount of boilerplate code, Python seems to be a very direct, “get it done” language. It also has a very gentle learning curve. I’ve written a blog article before about how Python isthe new BASIC.  I use Python for both my own software projects and for teaching programming. At this point, I’ve become so accustomed to Python and its idioms that I’m afraid I’ve become blind to its weaknesses, so I really couldn’t think of any.

Q: What are your favorite python modules?

A: Pygame is excellent for creating games and 2D graphical applications. I’ve written a couple modules that work on top of Pygame called Pygcurse and Pyganim, which add a curses-console for text games and sprite animation, respectively. Lately I’ve started using Requests and Beautiful Soup for downloading and parsing web pages for my Python script. (I’ve written a simple Reddit bot that automatically checks several different web comics and posts them to the r/comics section of the site.) I have some experience with wxPython for creating GUIs for traditional desktop apps, but I’ve heard good things about Qt bindings for Python as well.

Q: Do you currently have any new python books in the works?

A: I’m writing a new Python-for-beginners book with NoStarch Press, which tentatively has the title “Automate with Python”. I’ve described it as “a programming book for people who don’t want to become software developers”. I noticed a lot of office workers, administrators, and academics do a lot of computer-based tasks that involve a lot of mindless, repetitive clicking or compiling of data. This book aims to teach them just enough programming so that they can automate these tasks. It covers basic Python, and then goes into several different modules for text parsing, web scraping, moving and renaming large amounts of files, updating spreadsheets, or sending automated emails and text message alerts. I’m hoping to have it available by summer of 2014.

Q: You accept bitcoin donations through your website.  Have you worked on, or are you currently working on, any Bitcoin related projects?  Can you speak to the intersection of Bitcoin and Python? 

A: I had only added it to the site after other people on the internet suggested it, but I’m glad I did. As with many people, bitcoin had been in my periphery for a while. But setting up the wallet for the donation link forced me to learn more about it. Although as of yet I haven’t worked on any bitcoin projects (if anything, the Tor Project will get my focus once I’ve finished the next book). But for all the negative publicity that bitcoin gets regarding its use to buy drugs and illegal things (all of which, by the way, can apply to cash) I’m really excited about it. It allows minors and people in third world countries to conduct commerce over the internet, and that is a Big Deal.

As to Bitcoin and Python, I think that having a new ability to receive and send money over the internet without middlemen (e.g. Visa) along with open source software like Python really lowers the barrier-to-entry for software development outside of America and traditional software-producing strongholds.

Q: Like your other works, the cryptography book can be read online or downloaded for free.  But if a reader purchases it, you donate all proceeds of the book to the Electronic Frontier Foundation, Creative Commons and the Tor Project.  Why did you decide to donate the proceeds for the book on cryptography?

A: It was the suicide of Aaron Swartz, to whom the book is dedicated to, that made the decision for me. I hadn’t met Aaron, though I have friends who were friends of him. His passing was a tragedy, but also a wake-up call for myself. Looking at his life really made me start looking at mine and how I wanted to make contributions like he had. At the time I was, after two years of off-and-on writing, a couple months away from finishing “Hacking Secret Ciphers with Python”. The other books were selling well, and I had a day job that gave me a comfortable middle-class lifestyle. So I decided that I would turn the proceeds from the books over to help organizations that are doing some really wonderful and necessary things to protect the internet.

Q: What advice would you give to young and not so young beginning programmers?  

A: My main piece of advice is that you suck at coding and will continue to suck for the rest of your life. Once you’ve accepted that, you’ll be able to move on and write some interesting software. Don’t worry about the nagging feeling that you aren’t good enough or know enough, because that feeling will be permanent no matter what you do. And if it doesn’t, it’s because you’ve given up on forcing yourself to learn new things (which is the real danger.)

Also, you’re never too old or too bad at math to learn to code. Most programming doesn’t even require mathematical knowledge beyond arithmetic, and unless you’re in your sixties or seventies you aren’t even too old to become a professional software developer. Programming isn’t something that requires you to be a super genius to do. More than anything, having an interest and motivation to act on that interest is all you need to be set on the right path.

Q: Thanks for taking the time to answer our questions!

Are US Broadband Customers Bein Gouged?

From Ars Technica:
A new study confirms what you might have expected: US customers are getting hosed when it comes to broadband speeds and prices.  The annoying trend holds true in both wired and wireless service. In the Cost of Connectivity 2013 report being released today by the New America Foundation's Open Technology Institute, researchers note that "in larger US cities, we continue to observe higher prices for slower speeds. … In the US for example, the best deal for a 150Mbps home broadband connection from cable and phone companies is $130/month, offered by Verizon FiOS in limited parts of New York City. By contrast, the international cities we surveyed offer comparable speeds for $77 or less per month, with most coming in at about $50/month. When it comes to mobile broadband, the cheapest price for around 2GB of data in the US ($30/month from T-Mobile) is twice as much as what users in London pay ($15/month from T-Mobile). It costs more to purchase 2GB of data in a US city than it does in any of the cities surveyed in Europe." The analysis compares costs across countries by using purchasing power parity exchange rates.

Firefox Add-on Helps Users Watch the Watchers

From Lightbeam:
Using interactive visualizations, Lightbeam enables you to see the first and third party sites you interact with on the Web. As you browse, Lightbeam reveals the full depth of the Web today, including parts that are not transparent to the average user. Using three distinct interactive graphic representations — Graph, Clock and List — Lightbeam enables you to examine individual third parties over time and space, identify where they connect to your online activity and provides ways for you to engage with this unique view of the Web.

NSA Website Bumped Offline By Alleged DDoS Attack

What goes around comes around.  From NBC:
The official website of the National Security Agency,, is offline and has been for several hours. Not only that, but the rumor being jubilantly spread around the net is that it is a deliberate denial-of-service attack.  Downtime-tracking service reports that the site has been unavailable since about 2 p.m. ET.

Large government webpages don't tend to go down for hours for no reason, but it has not been confirmed yet whether this is an attack or simply a technical problem.

Chrome Auto-Complete May Be Undermining Your Data Security

From Yoast:
Today at Pubcon Matt Cutts of Google once again promoted the use of autocomplete-type, a new property for web forms that works in Chrome (and possibly other browsers, I haven’t checked). Google first introduced it back in January 2012 in this post. I wanted to do this quick post to tell you to turn off autocomplete in your browser.

This test URL will show you why quicker than I can explain it in words. Please try it and come back. If you’re using autocomplete to, for instance, sign up for an email newsletter, you might have just provided that website with your full address and/or (even worse) your credit card details too.

Court Rules that Constitutional Protections Do Not Apply to "Hackers"

Are you keeping up with today's newspeak?  From Digitalbond:
The US District Court for the State of Idaho ruled that an ICS product developer’s computer could be seized without him being notified or even heard from in court primarily because he states on his web site “we like hacking things and don’t want to stop”. . . .

Apple to Offer iWork Suite for Free on New Macs

From CNET:
Apple showed off revamped versions of its iLife and iWork apps Tuesday at its event in San Francisco. Both suites of apps, which include Garageband, iPhoto and Pages, are now free with any Mac computer or iOS device purchase.  Apple is calling this the biggest update to iWork ever, though some of the changes are subtle. The most notable change, is a brand-new sharing feature that marries iWork on your Mac or iOS devices with the iWork for iCloud beta, Apple's office apps for the Web. You can now start a document or project on one device and pick up where you left off on another. Files that you share via iCloud can be opened by up to 20 people at once and edited in real-time. You can also edit documents from the web, through the iCloud website, which challenge's Google's cloud-based and web-based Google Drive, which offers word processing, spreadsheets, and presentation apps. iWork for iCloud is still in beta and works on Safari, Chrome, and Internet Explorer.

Senate Makes Another Push for Internet Censorship

From Mother Jones:
This summer, when Edward Snowden dropped his bombshell about PRISM, the NSA's vast Internet spying program, the House had recently passed a bill called the Cyber Intelligence Sharing and Protection Act (CISPA). Widely criticized by privacy advocates, CISPA aimed to beef up US cybersecurity by giving tech companies the legal freedom to share even more cyber information with the US government—including the content of Americans' emails, with personal information intact. CISPA supporters, among them big US companies such as Verizon and Comcast, spent 140 times more money on lobbying for the bill than its opponents, according to the Sunlight Foundation. But after Snowden's leaks, public panic over how and why the government uses personal information effectively killed the bill. Now that the dust has settled a bit, NSA director Keith Alexander is publicly asking for the legislation to be re-introduced, and two senators confirmed that they are drafting a new Senate version.
"I am working with Senator Saxby Chambliss (R-Ga.) on bipartisan legislation to facilitate the sharing of cyber related information among companies and with the government and to provide protection from liability," Sen. Dianne Feinstein (D-Calif.) told Mother Jones in a statement.
With both Democrat and Republican support, we can safely presume this legislation will be doubly bad.