First time accepted submitter rpopescu writes “Thom Yorke of Radiohead fame has pulled his solo album ‘Eraser’ (as well as music made as Atoms for Peace) from the music streaming service Spotify, as a protest at how much it pays the artists. Quote: ‘”Make no mistake. These are all the same old industry bods trying to get a stranglehold on the delivery system.”‘” Read more of this story at Slashdot.
Originally posted here:
Radiohead’s Thom Yorke Pulls Albums From Spotify In Protest of Low Royalties
The Sikorsky prize for human-powered helicopters has been claimed by a Kickstarter-funded startup called Aerovelo. Aerovelo’s founders, Canadians Todd Reichert and Cameron Robertson, won the $250, 000 purse for the 30-second flight of Atlas, a huge quadrotor with a bike in the middle whose flight is an absolute marvel to behold. 
Ars Technica’s Nate Anderson Dan Goodin follows up on Nate Anderson’s excellent piece on the nuts and bolts of password cracking with a further attempt to decrypt an encrypted password file leaked from LivingSocial, this time with the aid of experts. The password file they were working on was encrypted with the relatively weak (and now deprecated) SHA1 hashing algorithm, and they were only attacking it with a single GPU on a commodity PC, and were able to extract over 90% of the passwords in the file. The discussion of the guesswork and refinement techniques used in extracting passwords is absolutely fascinating and really is a must-read. However, the whole exercise is still a bit inconclusive — in the end, we know that a badly encrypted password file is vulnerable to an underpowered password-cracking device. But what we need to know is whether a well-encrypted password file will stand up to a good password-cracking system. The specific type of hybrid attack that cracked that password is known as a combinator attack. It combines each word in a dictionary with every other word in the dictionary. Because these attacks are capable of generating a huge number of guesses—the square of the number of words in the dict—crackers often work with smaller word lists or simply terminate a run in progress once things start slowing down. Other times, they combine words from one big dictionary with words from a smaller one. Steube was able to crack “momof3g8kids” because he had “momof3g” in his 111 million dict and “8kids” in a smaller dict… What was remarkable about all three cracking sessions were the types of plains that got revealed. They included passcodes such as “k1araj0hns0n,” “Sh1a-labe0uf,” “Apr!l221973,” “Qbesancon321,” “DG091101%,” “@Yourmom69,” “ilovetofunot,” “windermere2313,” “tmdmmj17,” and “BandGeek2014.” Also included in the list: “all of the lights” (yes, spaces are allowed on many sites), “i hate hackers,” “allineedislove,” “ilovemySister31,” “iloveyousomuch,” “Philippians4:13,” “Philippians4:6-7,” and “qeadzcwrsfxv1331.” “gonefishing1125” was another password Steube saw appear on his computer screen. Seconds after it was cracked, he noted, “You won’t ever find it using brute force.” Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” 
In an urgent, important blog post, computer scientist and security expert Ed Felten lays out the case against rules requiring manufacturers to put wiretapping backdoors in their communications tools. Since the early 1990s, manufacturers of telephone switching equipment have had to follow a US law called CALEA that says that phone switches have to have a deliberate back-door that cops can use to secretly listen in on phone calls without having to physically attach anything to them. This has already been a huge security problem — through much of the 1990s, AT&T’s CALEA controls went through a Solaris machine that was thoroughly compromised by hackers, meaning that criminals could listen in on any call; during the 2005/6 Olympic bid, spies used the CALEA backdoors on the Greek phone company’s switches to listen in on the highest levels of government. But now, thanks to the widespread adoption of cryptographically secured messaging services, law enforcement is finding that its CALEA backdoors are of declining utility — it doesn’t matter if you can intercept someone else’s phone calls or network traffic if the data you’re captured is unbreakably scrambled. In response, the FBI has floated the idea of “CALEA II”: a mandate to put wiretapping capabilities in computers, phones, and software. As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it’s doing this, it puts you at huge risk when that facility is hijacked by criminals. It doesn’t matter if you trust the government not to abuse this power (though, for the record, I don’t — especially since anything mandated by the US government would also be present in devices used in China, Belarus and Iran) — deliberately weakening device security makes you vulnerable to everyone, including the worst criminals: Our report argues that mandating a virtual wiretap port in endpoint systems is harmful. The port makes it easier for attackers to capture the very same data that law enforcement wants. Intruders want to capture everything that happens on a compromised computer. They will be happy to see a built-in tool for capturing and extracting large amounts of audio, video, and text traffic. Better yet (for the intruder), the capability will be stealthy by design, making it difficult for the user to tell that anything is amiss. Beyond this, the mandate would make it harder for users to understand, monitor, and fix their own systems—which is bad for security. If a system’s design is too simple or its operation too transparent or too easy to monitor, then wiretaps will be evident. So a wiretappability mandate will push providers toward complex, obfuscated designs that are harder to secure and raise the total cost of building and operating the system. Finally, our report argues that it will not be possible to block non-compliant implementations. Many of today’s communication tools are open source, and there is no way to hide a capability within an open source code base, nor to prevent people from simply removing or disabling an undesired feature. Even closed source systems are routinely modified by users—as with jailbreaking of phones—and users will find ways to disable features they don’t want. Criminals will want to disable these features. Ordinary users will also want to disable them, to mitigate their security risks. Felten’s remarks summarize a report [PDF] signed by 20 distinguished computer scientists criticizing the FBI’s proposal. It’s an important read — maybe the most important thing you’ll read all month. If you can’t trust your devices, you face enormous danger. CALEA II: Risks of wiretap modifications to endpoints 
After spending $250,000 worth of anonymously donated money, Mark Post from Maastricht University is ready to go public with his first vat-grown hamburger, which will be cooked and eaten at an event in London this week. Though they claim that it’s healthier than regular meat, one question not answered in the article is the Omega 3/6 balance — crappy, corn-fed, factory-farmed meet is full of Omega 6s and avoided by many eaters; the grass-fed, free-range stuff is higher in Omega 3s. Yet growing meat in the laboratory has proved difficult and devilishly expensive. Dr. Post, who knows as much about the subject as anybody, has repeatedly postponed the hamburger cook-off, which was originally expected to take place in November. His burger consists of about 20,000 thin strips of cultured muscle tissue. Dr. Post, who has conducted some informal taste tests, said that even without any fat, the tissue “tastes reasonably good.” For the London event he plans to add only salt and pepper. But the meat is produced with materials — including fetal calf serum, used as a medium in which to grow the cells — that eventually would have to be replaced by similar materials of non-animal origin. And the burger was created at phenomenal cost — 250,000 euros, or about $325,000, provided by a donor who so far has remained anonymous. Large-scale manufacturing of cultured meat that could sit side-by-side with conventional meat in a supermarket and compete with it in price is at the very least a long way off.“This is still an early-stage technology,” said Neil Stephens, a social scientist at Cardiff University in Wales who has long studied the development of what is also sometimes referred to as “shmeat.” “There’s still a huge number of things they need to learn.” There are also questions of safety — though Dr. Post and others say cultured meat should be as safe as, or safer than, conventional meat, and might even be made to be healthier — and of the consumer appeal of a product that may bear little resemblance to a thick, juicy steak. Engineering the $325,000 Burger [Henry Fountain/New York Times] ( via /. ) 