Web Design: Going 3D with CSS

HTML 5 is going to change the way we code pages – and the way they look – but there are still whole unexplored worlds already available to us in CSS. Among them is a ready-made 3D engine, beautifully exploited in Steve Witten’s Acko.net website. Read an interesting article on the effect at http://www.webmonkey.com/2012/01/visually-stunning-redesign-showcases-the-3d-power-of-css/.

For full effect, you’ll need to view this site in a browser built on WebKit, meaning Chrome or Safari. You get a degraded version in other browsers, which is a factor to consider with advanced sites. And on my Mac, the processor utilization goes way up, turning on the cooling fans. It will be interesting to see how this kind of effect works in more advanced browsers. There’s plenty more to come….

Web Design: Scrolling Sites

The way pages are built for the web is in transition, from the old HTML 4 and newer XHTML standards to the rising HTML 5. This is going to open up whole new areas of page design, which I for one applaud.

But we in the business have long relied on a print paradigm that involves, well, pages. Pages that you “turn” and go “back” to. What happened to the good old scroll? There are some advantages to the way it presents information.

See this excellent TheNextWeb.com article, “9 Excellent examples of scrolling websites for designers” for some beautiful examples of the form.
(And Thanks once more to SubnetD!)

Welcome to Anonymous-OS

Good morning, and welcome to a brand new day in the world of OSs: Anonymous-OS, brought to you by … uh … somebody.

“Anonymous”, you see, is far too easy a mask for literally anybody, anywhere to assume. This a a sword with at least two edges, because it’s simultaneously necessary and deadly.

It’s apparent that there do in fact seem to be good reasons for protest by those not so blessed by a 14,000 point Dow. The rich and in some cases the conniving are doing just dandy. The huddled masses, not so much. Everyone sub-millionaire is feeling cautious at the very least, and just the caution in itself suppresses the economy. But even more, people start looking for someone to blame, giving rise to the Tea Party, Occupy, Anonymous and so forth.

The solution doesn’t lie in suppressing these groups, or blaming them, though ignorance can be grievous to watch (and I spread that critique to all sides). The only solution is correcting the conditions that cause the grievances in the first place. This can be quite uncomfortable, since those who have gained ownership of everything are reluctant to give it up, and those who now have nothing to lose become extremely dangerous. And in the mean time, there’s collateral damage.

Witness the release of Anonymous-OS. Hooray! What a cool idea! Check out the LifeHacker article “Anonymous Releases Their Own Operating System, Complete with Hacking Tools Galore” at
http://lifehacker.com/5893421/anonymous-releases-their-own-operating-system-complete-with-hacking-tools-galore. (The download page is http://anonymous-os.tumblr.com/download.)

Oh wait! Isn’t it weird for Anonymous to release an OS? As the writer of the above, Whitson Gordon, calls it, “a very strange move”? An operating system based on … political activism?

And uh-oh! Anonymous itself has been pwned, and recently
(http://gizmodo.com/5890130/anonymous-members-hacked-during-their-own-ddos-attacks) when their own attack tool was swapped with a trojanized version. There are some spectacular trust-analysis issues right here, because knowing whom you’re dealing with is the principal step in security, which is to say, trust.

As if in confirmation of my fears this appears: “Anonymous OS is fake, ‘wrapped in trojans’ says AnonOps Twitter account” at
http://www.theverge.com/2012/3/15/2873669/anonymous-os-fake-trojan-anonops. Hmm. Whom to believe, whom to believe…. If two men say they’re Jesus, one of them must be wrong! If two people say they’re Anonymous, and directly contradict each other, exactly which one is the true spokesperson?

Okay, I’ll stop being coy and admit I’m downloading it as I type. But I’ll take it into a tightly protected, secure and air-gapped environment to fire it up. I wouldn’t recommend you touch it unless you can provide a similar environment. In other words, it’s not for the hobbyist. Researchers, however, are going to be highly interested in the traffic that emanates from this OS.

Because none of us trust it a bit.

The Feds can’t legally spy on you. But Google can.

The deeper I dive into trust analysis, the more I realize it involves seeing the world through different lenses. I have to accept that some things I learn about trust aren’t gratifying to know, but they are indeed true. And I have to analyze trust relationships not just at the surface, but layers and layers deep.

Let me use Google as an example (again). Trust research confirms that one of the parameters on which we base trust is renumeration: what am I getting in return for giving you my trust? It is absolutely valid to say that renumeration is an invalid basis for trust, because if you’re paying me to trust you, that is an unhealthy relationship from the very start. Unfortunately, I could see the value of the many things Google that I use as quite high. I like Google Maps. Gmail seems like a nice free service. Google Documents are a fine way to share documents with clients and customers. Google+ is, well, a community, I guess.

Compared to what Google gives us, we give Google fabulous treasure. Treasure that a health insurance company can use, perfectly legally, to deny you coverage for an illness simply because you searched for information online. Using Google. Treasure that advertisers and hawkers of every description, ethical and otherwise, can use to sell us stuff. Treasure about our personal lives that the U.S. Government can’t legally collect – but Google can.

We can trust Google, though, right? Well, on the trust metric of consistency, not so much. Google has frequently and repeatedly turned over information on citizens not just of the United States, but of China and other countries, to their governments.

Let me refer you back to a 2009 ComputerWorld.com article, “Cyberwarfare’s First Casualty: Your Privacy” at
http://www.computerworld.com/s/article/9131042/Cyberwar_s_first_casualty_Your_privacy:

Those who fight cyberwars will mine vast amounts of data in an attempt to find nuggets of information. They’ll look for patterns of use and relationships that otherwise would escape notice.

To find those patterns and information requires massive and constant data gathering, on a scale likely not being done by the government. Constantly gathering that kind of information would probably be illegal.

That’s why you’ll see government outsourcing its intelligence gathering to companies that already do the work legally — and primarily that means Google.

I’m not saying that Google will purposefully gather information for the federal government. Instead, the government will legally tap into Google’s already in-place information gathering, by issuing subpoenas on a regular basis.

Does this put any trust in Google in a different light?

It does for me. I’m forced to wonder if the only defensive move Internet users can make is to spread a gray cloud of disinformation about themselves. Or perhaps develop utterly segregated multiple personae on the Internet. Or simply hide, as one analyst acquaintance suggests, like a roach.

“The enemy can and will readily exploit the one thing in our society that we think has made us so advanced and civilized: trust.”

“And when someone can influence your decisions by manipulating what you trust, then that’s someone attacking you via a trust.”

-Pete Herzog, ISECOM
http://www.infosecisland.com/blogview/20607-What-They-Dont-Teach-You-in-Thinking-Like-the-Enemy-Classes.html

Check out Pete’s latest article on infosecisland.com, “What They Don’t Teach You in ‘Thinking Like the Enemy’ Classes”. He makes some very good points: those who want to exploit us will go remarkably far to do so; our society teaches us trust, which makes us exploitable; attackers have far more resources at their disposal than we think.

An email from Herbbie on Google’s policy changes

On 3/2/12 5:31 AM, Herbbert J Rabinowicz wrote:

In case you missed it…

//  Signed  //

Herbbie Rides Again ………..

Dear Google user,

We’re getting rid of over 60 different privacy policies across Google and replacing them with one that’s a lot shorter and easier to read. Our new policy covers multiple products and features, reflecting our desire to create one beautifully simple and intuitive experience across Google…….


I respond:

HA ha ha as if I’d miss this! Of course I know you’re being ironic.
Oh boy does this get deeply, deeply under my skin. People just shrug it off but you and I know freedom is stolen in inches.

Have you seen the story about Target knowing a teenager was pregnant before her father did? It’s real. (http://news.yahoo.com/video/opinion-15749653/target-knew-teen-was-pregnant-before-her-dad-28415092.html)

How about people being denied health insurance based on their Googling a disease or being a member of one of the disease-cause groups? Nothing prevents this. (http://www.nytimes.com/2012/02/05/opinion/sunday/facebook-is-using-you.html?_r=1&pagewanted=2&tntemail0=y&emc=tnt)

I have stripped all things Google out of my site except a script that generates a site map for search engines, and I’m pondering even that. But I do have Google accounts, which I guess are one now. The trick is avoiding logging in. But Facebook has been busted now three times for using tracking cookies even when users are logged out. So of course I trust Google on this, right?

 

Interpol Hacks Anonymous

They’ve arrested 25 hackers in Argentina, Chile, Colombia and Spain who were allegedly involved in exploits in Columbia and Chile, and who are allegedly members (wearers?) of Anonymous. In response, Anonymous has brought down Interpol’s web site.

Yawn.

Has Anonymous advanced beyond web site DDOS attacks? They might; it does look like they may have a working DNS weapon capable of doing major damage to the Internet. Personally, I’ll believe it when I see it.

One article: http://www.theinquirer.net/inquirer/news/2155944/interpol-swoops-anonymous-hackers

Some light reading from Stratfor’s emails

How about establishing as a tactic “Admit nothing, deny everything and make counter-accusations”?

Or how about one assessment:

“The difference between an intelligence service and a company like Stratfor is that they know how to focus their resources and assess information by separating the wheat from the chaff. By all accounts of the Wikileaks Stratfor emails, their clients are getting nothing but a lot of chaff.”

And another:

Forrester Research information security analyst John Kindervag said that Stratfor should have paid attention to its own IT problems–namely, its failure to encrypt its own, sensitive emails. “They would have saved themselves a ton of embarrassment–not to mention all of the costs associated with the breach–had they deployed encryption on their toxic data stores,” he said.

Now there’s a phrase I have to love: toxic data stores. As well, the idea that a company providing “expert analysis” would fail to protect plus encrypt its confidential data. Please note: email is confidential data. (Are you still using Gmail?)

Read this excellent analysis at http://www.informationweek.com/news/security/attacks/232601656.