#IranElection

I was thinking about Twitter and Iran and identity yesterday while watching activity on Twitter. First, for the benefit of those living in a cave, Iran had an election, and it appears the results are at odds with public perception. Being effectively a Muslim orthodox theocracy, the population is not given a lot of opportunity to voice displeasure with the government. That being the case, Iranians have been flooding Twitter, Facebook, and YouTube with news, videos, protest information, police activity, etc. The Iranian government is doing their best to lock down access to these web services, but it is difficult. Twitter, especially, has a very open API and a number of ways to receive posts.

Question number 1: How do you sort out the good posts from the bad? Apparently Iranian security forces have created Twitter accounts and are posting false information. I have noticed an increase in the number of spammers using the #IranElection hash as well. In addition to that, requests have been made to all Twitter users to change their profile information to show they are in Tehran and their timezone is +3:30GMT. This is supposed to create additional noise so it is more difficult to determine who is actually in Iran.

Question number 2: Where is the SSL in the 3rd party apps? Twitter and Facebook offer the option for SSL login. I haven’t looked into the API, but I’m not sure if Twitter allows 3rd parties to connect via SSL. Even if they do, how often is the feature used? One of the ways people are filtering noise vs data in the Twitter feed is by looking at when the account was created. If Iran owns the backbone leaving the country, what’s to stop them from sniffing the traffic and hijacking known, trusted accounts? I have some concerns posting this, but, honestly, we don’t get a lot of traffic here. Also, if the Iranian security folks haven’t figured this out yet, then they have way bigger problems on their hands.

Question number 3: Why are major news sources publishing account names when quoting Twitter? I can understand wanting to document where the information came from, and perhaps even keeping records of all the details, but do you need to publish names?

AIG Bonuses

Originally written on 3/17/2009. Apparently I need to write more here, as I forgot to hit the publish button…

Lots of people are outraged by the bonuses and perks the executives at AIG have been getting. From what I’ve read, it looks like the AIG execs are getting $165 million in bonuses. Considering they were able to wrangle $170 billion in financing with another $30 billion pending, a .1% reward doesn’t seem like such a bad deal. Really, these guys were able to get effectively $200 billion dollars for a company they had driven into the ground. Who are we to say a commission isn’t in order?

 

Iowa Sen. Charles Grassley has the right idea, though. He’s suggested the AIG execs resign or commit suicide.

Lessons learned?

Dan Kaminsky said something during a discussion panel at defcon last year that still haunts me. To paraphrase:

We need to fundamentally change the way we develop software.

During the panel, I tried to raise the point that the issue is realistically just a people problem. Now it seems that I’m not the only one saying it. This article tackles the issue from an angle that argues that the issue is an age old one: we don’t learn from our history of mistakes.

Something to think about.

Federal Failout

So far we haven’t talked much shit about the federal bailout here at TheDrinkTank. A lot has been posted elsewhere, but today’s news is too much.

The Fed has chosen 4 firms to manage $500 billion. One of them is Goldman Sachs. Yep, they dug this hole and are now expected to blow more money filling it.

On top of that, they are only allowed to purchase loans insured by 3 agencies. One of them being Fannie Mae. Didn’t we already run into trouble here?

Two big strikes. The stipulation that they only purchase fixed rate mortgages is good, although it will still leave a lot of bad paper out there.

Airline Suckurity

Why ship the checked bags with the plane? Why not send them next day to wherever the passenger is going? Drop it off at the curb with an address and ship it. No screening, no worries, take advantage of an existing infrastructure. Fed Ex, UPS, and the USPS have been doing this reliably and cheaply for years. I suspect when all the redundancy is eliminated from the system, and all the extra security measures are dropped, the cost difference would be negligible. This would also cut down on theft. If the bags are sealed up, as the don’t need to be opened to be inspected, it makes it much more difficult to pilfer items from them. Perhaps an industry that isn’t on the ropes may be able to profit by assisting a vital industry that has been in trouble for years.

Social networks, worms, and patriotic acts of war

I’ve been following Gadi Evron’s tweets for the past week, starting out with the Facebook worm and going into detail about the faux cyberwar front with Russia accused of attacking Georgia.

It turns out, while a number of Georgian sites were attacked, there is no proof that it was an offical Russian act, or even that the government had anything to do with it. It started out as an ordinary DDOS, but spread with scripts being distributed en masse. Lots of propaganda type stuff feeding off of people’s patriotic tendencies.

This lead me to the idea that it would be very easy for someone to put together a DDOS app for Facebook, MySpace, etc and distribute it very quickly. Things already spread fast there, even without exploiting the undocumented features. If scripts were included to “punish wrongdoers”, what would the implications be?

This could go way beyond nation/state patriotism. It could be used for political, social, or even hoax reasons.

Let me be the first to introduce Script Kiddies to the Facebook Generation.

Only one thing missing

Just wanted to quickly followup on this post and mention that using the new version of reader specifically designed for safari on the iphone is freaking awesome. It really does feel like I’m using a via the browser on the laptop.

The feature they do need to add is the ability to sort on posts from oldest to new. This is key when trying to follow certain feeds and is probably the reason I will continue to actively choose to use the desktop for now.

Quick thoughts on cleaning windows

Years ago, when the world was young, and the web was a glimmer yet to be realized, there were boot sector viruses. McAfee had this neat feature where you would create a boot floppy and it would scan your machine and clean up these nasty buggers.

 

Today we have neat things like Knoppix. My thought is, where is the Windows Washer distribution of Knoppix? Maybe it’s out there and I’ve missed it. Seems to me the perfect thing for dealing with all the rootkits, spambots, and zombie armies out there.

This article reminded me that there is still a need for these things.
 

 

Twitter Go Crash

Well, within 24 hours of starting to use Twitter I’m seeing what people are talking about with respect to scalability issues. The site crawls when it does serve anything but 404’s and 500’s. Twhirl’s not able to connect to the API backend. And there’s nothing on the twitter blog.

Time to do some digging to figure out wtf’s going on.

Update
It would appear that it’s slowly coming back up. But it’s not just something that’s affecting the web interface. Seems like the message routing that’s going on in the backend is not able to serve messages to the gateways (my terminology for the architecture).

Anyone out there know how I can get Twhirl to give me verbose error messages when request fails?

Update 2

Looks like someone from twitter finally responded to a developer thread about the service being down:

I can confirm that we have been down for some time due to a massive unexpected cache invalidation. We’re working to bring the site back up, although some features will be limited until caches have repopulated.

You can find the entire thread here.

Incidently, my new best friend is IsTwitterDown. Brilliant.

new iphone hotness

My primary interface to Google’s rss client Reader happens to be my iphone. In fact, I imagine that it’s my primary use for the phone as well, since the majority of my time is spent catching up with way too many feeds that I’m following. So I think it’s fucking brilliant that they announced a new version of the site specifically designed for the iphone. From the post:

This new version is designed to offer many of the same features as the desktop, while making it quick and easy to act on items. If you’ve used list view, then it should be familiar to you. Scan the titles for an item that interests you, tap and it expands in place. Starring, sharing, and keeping unread are done in place, so you never have to leave the list view or refresh the page. We think it’s a very fast way to power through your reading list.

More details here.