I got this email from Facebook the other day, and a couple of thoughts struck me as I read it (the bold is my emphasis):

Facebook is sending you this notice of a proposed class action settlement that may affect your legal rights as a Facebook member who may have used the Beacon program. This summary notice is being sent to you by Court Order so that you may understand your rights and remedies before the Court considers final approval of the proposed settlement on February 26, 2010.

This is not an advertisement or attorney solicitation.

This is not a settlement in which class members file claims to receive compensation. Under the proposed settlement, Facebook will terminate the Beacon program. In addition, Facebook will provide $9.5 million to establish an independent non-profit foundation that will identify and fund projects and initiatives that promote the cause of online privacy, safety, and security.

For full details on the settlement and further instructions on what to do to opt out of, object to, or otherwise comment upon the proposed settlement, please go to: BeaconClassSettlement.com.

If you have never heard of Beacon, or the lawsuit against it, check this information out. Not only did they have to shut the service down, but they have to now do the corporate equivalent of Bart Simpson’s chalkboard punishment? This is really great news, but I wonder how effective a deterrent/punishment the ruling really will be. It is one thing to rule in favor of the customers in a large class-action lawsuit and award massive damages in order to prevent a company from engaging in invasive or abusive behavior. But this strikes me as a slap on the wrist, and the punishment of having to fund a non-profit company that essentially duplicates the EFF’s incredible efforts will probably be about as effective as having Steve Ballmer write a two page essay on why monopolies are bad. I doubt Facebook learned a lesson here, in fact the lesson learned might very well be “next time, don’t get caught”.

As more and more ‘private’ information is moved online, it is going to be those companies that demonstrate an unswerving loyalty to the privacy and security of their customers who will be allowed to continue doing business. You had better believe that the day Google is caught exposing or misusing user data, it is going to find itself in deep, troubled waters. Personally, I don’t really put anything on Facebook or other sites that I would be embarrassed or endangered by, were it to leak out. But this case has served as a reminder that you can’t really trust any company to put your rights and expectations above their own need to turn a profit in order to survive.

Behold the Slurpr, a piece of hardware whose practicality is questionable but whose awesomeness is indisputable. This little beauty is capable of accessing up to 6 open WiFi networks simultaneously and joining them together into one mega ultra internet connection. I deeply applaud the creators of this technical masterpiece for their engineering prowess, while wondering at the same time how often you are:

1. Anywhere with 6 WiFi connections.
2. In need of a connection that fast, and not at your office or home where I would assume you have decent internet access already.

Despite the practicality concerns, this is certainly a great project, and the end result looks very clean- most mods like this end up looking like a ball of duct tape and wires, but the Slurpr looks like a somewhat decently manufactured product. Chris gets the A+ for finding and forwarding this one, so thank him, not me.

The above image was just grabbed from the admin panel here at the AV Club Blog. That’s right, in a little over 1 year since we started this particular blog out, it has attracted over 100,000 spam comments. Thank you Akismet, for saving us the hours, if not days of work it would have taken to moderate and delete that many spam comments. Splogs, comment/ referral/ trackback/ registration spam is such a massive problem right now, and it is people like the good folks at Automattic (they make Akismet) who allow us all to continue to function in its gnarly face.

I just found a pretty cool idea in the world of captchas- those necessary evil things that force you to think when all you want is the sweet sweet porn. reCAPTCHA basically takes the time spent deciphering and entering captchas and puts it to good use, namely helping to decode words that OCR (optical character recognition) has failed on. You are presented with two words to decode- one is a word that OCR choked trying to decode, the other is a ‘control’ word that the system knows the answer to. You just type in both quickly and hey presto, you get access to what you want and the world gets one more piece of a scanned book. They also give the same word to multiple people to confirm that it is what you say it is, so there is error trapping involved. I think this is a good way to get some kind of productive use out of all that time we spend entering stupid strings of text. They even make a Wordpress plugin version… so…

File this into that category of things that are completely possible, but almost nobody would actually do; kind of like most of the ideas that nerds come up with. Come to think of it, why are nerds always coming up with hypothetical ways to hurt people or damage their property? Well anyways this certainly fits with that kind of thinking: a ‘decompression bomb’. The idea is pretty simple, you take a massive file and compress it down to a tiny size. When someone goes to uncompress it, the file needs to reside in RAM and virtual memory during the process, and since almost nobody has 100GB of free memory, the file freezes their computer. Simple and mean. Here is the slightly more technical rundown on it from solitude.vkps.co.uk:

The thing is, if you carefully construct an example document, you can get a compression ratio much higher. How much higher? MUCH, MUCH higher. For example, if you created a PNG image containing just one colour repeated over and over then you could easily get a 1000:1 ratio. For a text document containing 1 character repeated over and over, it’s possible to shrink 100Gb to about 6k. Think about that, it is a huge difference: 1.7e7:1.

That’s all well and good as an interesting experiment, but what does it mean for an average user? Imagine I had constructed one of those zip files that had shrunk 100Gb down to 6k and I sent you that file. If you trusted me, you might try to open it. There inlies the problem: while you can readily accept the zipped file, the chances that you have the 100Gb of free memory (including virtual memory) to accomodate the decompressed file are bloody slim. When you try to open one of these files, your computer will quickly become overwhelmed and stop responding; all of the free memory having been used up, it can’t do anything else. You effectively suffer a denial of service attack.

There is another factor that could cause problems for people who are careful when opening files: well-meaning programs can open them anyway. If the file arrives on your system (either by explicit downloading or by, say, a mail program fetching it), it’s likely that anti-virus software installed on your system would then want to check if the file contained any viruses. To do this, it pretty much has to decompress the file in memory, leading to the same problem. Oh dear.

Via Militantplatypus.

Mini USA, manufacturers of the delightful Mini Cooper, have stumbled on a novelty advertising idea of dubious security. Using information stored on and broadcast from the key fobs of Mini owners driving past, these billboards deliver personalized messages to them. I wonder if there are really enough drivers with these RFID chips to make these signs an effective campaign, but its only in four cities so I suppose they aren’t spending too much on it. More importantly, every Mini owner is broadcasting personal information so far around them that a sign dozens of yards away can pick it up as they fly past at freeway speeds. Anyone else have no desire whatsoever to own a car that does this? I really want to know what info is on those keys, and why in God’s name they decided to do this is beyond me. Via Swismiss.

Am I going blind? The above captcha was presented to me by Ticketassmaster just now, and I really cannot solve it at all. Anyone have a guess as to how you’re supposed to be able to read this? This is by far the worst of my least favorite things on the web.

This is an interesting story from BoingBoing: apparently several defense contractors have discovered coins on their person that contain tiny tracking devices. This is so James Bond.

Canadian coins containing tiny transmitters have mysteriously turned up in the pockets of at least three American contractors who visited Canada, says a branch of the U.S. Department of Defence. Security experts believe the miniature devices could be used to track the movements of defence industry personnel dealing in sensitive military technology.

It seems that these coins were used to track the contractors as they moved around and met with various people in Canada. It is unknown who planted and tracked the coins, but whoever it was, we salute you. I guess not really actually; screw you big brother [eh]!

Before I get too far into this, I would like to clearly state that I have not used or seen the following product used, so this is speculation on my part. The NYC Subway system is allowing riders with RFID-enabled Citibank cards to use them to quickly and easily pay for train fare. Apparently all you have to do is walk through the turnstile, pressing the button to let it know that you have the RFID card on you. Now here is where I see problems:

1. Doesn’t RFID’s 30 foot operating range make it really hard for it to know which card its looking to charge if several are within the zone? They aren’t using clipped tags, since they aren’t even shipping yet, so how does it work this?
2. Can’t you jump in line just in front of or behind someone with the card and press the button, effectively charging them for your fare?
3. Any safety concerned person would put their RFID credit card in a tin foil sleeve to prevent it from transmitting their private info all over the place, so you’d have to remove it anyways, thus rendering any time saving benefits pretty much moot.

I love anything that makes life easier, but not at the cost of massively compromising private data. I say booooo to this. Via Consumerist.

You just have to love this: IBM has figured out a way to make RFID tags safer from a security standpoint- they cut off the antenna built into the chip. DUH! I mean it took this long for someone to do this? The whole problem most people have with RFID is that you can access the chips from up to 30′ away- doesn’t decreasing that range for certain uses make sense? We have been carrying around magnetic striped credit cards in our wallets and purses for years- my entire life in fact, so why not make short range RFID? I don’t need to swipe my credit card from 30 feet away, I am okay with swiping it over a pad from an inch away or less; that’s fine with me. And I do not want my passport readable from great distance- I want the person requesting that information to be right there, standing in front of me. Now, I think that the long range ‘normal’ RFID chips are great for tracking inventory and all kinds of things, but let’s have these two flavors of chip available. Called “clipped tags”, these new more secure chips are rolling out this week, so anyone with any say on the matter, let’s get these swapped into places where RFID is being used but security is required. Let’s start with those new passports. Via Engadget.