Did I Get Socially Engineered on PATH?

hacks, wtf?

(Short version: prolly not.)

I ride the PATH almost daily to get to work at NYU. Yesterday, a curious thing happened. At first, it made me pretty angry. Later, I realized I might have been the victim of (a rather insignificant form of) social engineering.

Background: Most commuters use PATH's smartcard-based token system -- SmartLink -- that you can fill with "rides" and simply touch the card to a reader in order to go through PATH's turnstiles. (Many commuters like myself use the before-tax WageWorks program to buy monthly unlimited-rid passes.) On weekday mornings, the flow of people through the dozen or so turnstiles can be hectic with everyone trying to get through as efficiently as possible to make the next train to NYC. Naturally, small lines -- 3 or 4 people long -- form as people wait to present their SmartLink card to the reader device and pass through.

The Sitch: So, yesterday, I was waiting my turn in line. The guy in front of me touches his wallet to the reader and pushes through. BTW, it takes some significant amount of time between when the card is read and when the turnstile is unlocked. I put my card up to the reader and only at the last second see that the guy before me got a "read error" on his card. Usually, you just back up a bit, put your card back on the reader and it lets you through. However, because I had just put my card up to the reader, it read my card. It unlocked the turnstile with my card and the guy in front of me went through.

Full story »

FB's Software Doesn't Seem Worth Billions

wtf?, privacy, usability

Not, of course, that their billion-dollar IPO filing is solely based on the quality and value of their software.

(warning: usability rant.)

I recently re-joined Facebook after leaving two years ago. I left at the time out of frustration with their frequent privacy stumbling. The days of proudly saying, "I'm not on Facebook, I'm a privacy researcher." have ended for me; I can't work in privacy research and not know how almost a billion Earthlings interact.

My return is not without some gnashing of teeth. I don't get Facebook's software... the freakin' iOS client keeps logging me out every 5 minutes. Maybe that's not a bad thing; "You've been dicking around with FB for 5 minutes... that's too long." I uninstalled and reinstalled, changed my FB password and all that; no dice.

As for the web experience: I can't seem to figure out how to "turn on" Timeline; maybe it takes a while for Timeline to activate for new accounts? If so, it would be awesome if their Help docs stated that so I don't spend 30 minutes trying to figure out the source of the problem ("it's not you, it's me"). Plus, there are privacy settings everywhere (not just in "privacy settings" where you'd expect them, but also in "account settings" and, as was relevant in this case, in "Edit Profile"); so ubiquitous that I didn't even notice that I was publicly sharing my birthdate (or what I told FB it was) until a friend told me. And I have three old friend requests in "Find Friends" that won't go away or hide themselves; that just seems broke.

Neither Safari or Chrome on the Mac seem to play well with FB; lots of the "notifications" content goes missing or appears stale, and it can take 30-45 minutes for a notification to appear in the web client (after it shows up via email).

I can't help but think there's some cruft lying around on the server-side of FB from my old account (although that's probably not it as I used a berkeley.edu address for that one and this one is gmail.com).

Anyway, point is: this is not the software experience I expect from the latest and greatest.

Going to EVN? Go to Epazote.

accessibility

aps at epazote If you're going to the Election Verification Network (EVN) conference next week in Santa Fe, NM, you have to go to Epazote.

Epazote is Mayan-inspired latin american food with 6 different kinds of molé and amazingly creative scrumptious food overseen by Chef Olea, who has an almost child-like artistic fascination with good food. It's located inside what used to be an old convent and the property is till owned by the archdiocese (they pay rent to the church!). The rest of their ample floor plan includes some seriously breathtaking art work, including egg tempra pieces that will blow your mind.

I just talked to them and they're only lightly booked for next Thursday and Friday. Yum!

Munging CSV with Emacs regexp

hacks

(This post is mostly for me, as I end up doing things like this infrequently and tend to forget how to do it.)

I recently found myself with a CSV file that looked like so:

First,Last,Affiliation
....

and wanted to get it into a form for emailing:

First Last (Affiliation)
...

Emacs' replace-regexp is my tool of choice, so I messed around a bit and constructed the following regexp (should be all one unbroken line in emacs regexp minibuffer):

\([[:alnum:] ]+\),
\([[:alnum:] ]+\),
\([[:alnum:] ,\.\"\&\/\)\(]+\)

and replaced it with:

\1 \2 (\3)

The regexp does the following:

  • \(...\) is a regexp container, that you can reference in the replacement with \1 (and for successive containers, use \2, \3, etc.)
  • [[:alnum:] ]+ says find any sequence of characters containing A-Z, a-z or 0-9 or whitespace.
  • [[:alnum:] ,\.\"\&\/\)\(]+ does the same but also includes a number of non-letter characters that people seem to use in their affiliations when presented with free-text entry, specifically [,."/)(]. (The comma doesn't need to be escaped... and we want to include it as someone may have an affiliation like "Univ. of Ca., Berkeley" where there's a comma inside the quoted string that's not a CSV delimiter.)

So, this is a long-winded way of saying: grab the first chunk of stuff before a comma, remember it; grab the next chunk of stuff before a comma, remember it; grab the rest of the stuff to the end of the line; remember it. And the replacement says, put the first chunk down then a space then the second chunk and a space then an open parenthesis, then the final chunk and finally a close parenthesis.

Explaining Tor to Non-Technical Students

privacy, education

A few months ago, the German police raided a German Tor operator and seized all of his computing equipment. To get his stuff back, this operator explained to the police how Tor works using envelopes within envelopes to describe onion routing (the method Tor uses of encrypting content in "onion layers" and routing amongst multiple nodes).

When I heard of this, I had a rare moment of inspiration in a coffee shop discussing this case with a friend... we thought that something like this could be a great basis for teaching non-technical folks -- such as the students in my undergraduate privacy class -- a bit about how Tor works. I sat down and drafted a lesson plan for an in-class demonstration of Tor, using envelopes within envelopes.

If you're an educator and know a bit about Tor, I could use your feedback. Below is the first draft of this lesson plan and there are a few issues I'd like to improve:

  1. The instructor as a central node is not an accurate description of how Tor clients build circuits through successive tunneling to nodes on the circuit path. I designed it like this because I wanted to avoid popular people in the class getting a bunch of creepy messages from other students and I also wanted each student to have something to do. I'm wondering if there's not a better way to do this with rolling dice or something (suggested in passing by the badass EKR).

  2. Currently, this scheme doesn't explain very well what, exactly, Tor is doing here. Maybe it makes sense to do it like this and then have a "denouement" where I explain that the demo isn't accurate and here's what Tor does.

Anyway, I'd love feedback! (Thanks to Eland for collaborative inspiration!)

https://josephhall.org/tor/tor-exercise.html
https://josephhall.org/tor/tor-exercise.text (Markdown source)

Learning About Tor: Hands-On With Anonymous Communication

Joseph Lorenzo Hall; NYU Media, Culture & Communication
Time-stamp: <2012-03-03 10:43:48 josephhall>, v0.2

Full story »

Contact / Help. (cc) 2018 by Joseph Hall. blog software / hosting.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.
And a few words about the structure of the eye . Everyone " retina ". Especially often we hear it buy clomid online in the phrase " retinal detachment ." So what is the retina ? This - the front edge of the brain, the most distant from the brain part of the visual analyzer. The retina receives light first , processes and transforms light energy into irritation - a signal that encodes all the information about what the eye sees . The retina is very complex and in their structure and function . Its structure resembles the structure of the cerebral cortex. The shell of the retina is very thin - about 0.14 mm.