A point worth making here: antisurveillance technology like TACK does more than make it harder for NSA to MITM TLS. As we've apparently discovered, it also makes it possible for us to detect TLS subversion. It is, right now, a major news story if someone has obtained a malicious root certificate; we need to know when that happens and to which CAs those certs chain (which is discoverable from the certificate).

If you don't pay much attention to how TLS works, you should know that NSA (presumably) does not have a magic ability to inject new certs into your root cert repository. If you remove every CA cert from your browser and selectively allow certs, they can't MITM that. The CAs aren't baked into TLS! They're a software configuration detail. And when MITM certs appear on the wire, for them to be honored, they have to somehow chain to a specific CA.

What things like pinning and TACK do is give us the opportunity to discover MITM certificates and start tracing them. If that capability becomes widespread enough, it can potentially foreclose on dragnet TLS MITM attacks, because there will be too much of a risk that deploying a dragnet MITM net will result in the death penalty for the implicated CA.

TACK (and the related efforts) are hugely more important than I think most people think they are. If you want to advocate for something in the wake of the NSA debacle, I think TACK is a great choice.

Your WiFi password is only useful for someone who is within 100 feet of your house. If you have federal agents surveilling you from 100 feet away you have way bigger problems than your WiFi password.

Advertising.

Three of the largest, most influential and defining technology companies of our lifetime (Google, Facebook, Twitter) make money pretty much solely through advertising. Is there no other way companies can use this data to generate revenue other than to sell ads? I don't have anything against ads, but I'm just trying to understand how (if at all) this could change in the near future. What is the future of advertising? Will it continue to remain relevant 10 or 20 years down the line in its current form, allowing so many massive companies to be built on its back?

"You still have stuff like chat, commit messages, code reviews, cases, Trello boards, etc. Be a little paranoid for this time about showing your work. It will help you feel good about your time, and us feel good about granting it."

Run through a de-weaselizer, this reads:

"Be a good little pet, and do an extra set of tricks when we take you out to the park, so you feel good about running around in the park and we feel good about granting you the privilege to go out once a week."

Yeah, bullshit. Place where I work operates on a culture of complete trust, period. Example: Once, a guy on my team had to go to his parents' house out in the country and was stuck with a slow internet connection. No problem, he did some stuff, stuck it out for as much as he could and then shelved it. I bet he enjoyed his time there much more than he would have sitting in a bunch of chatrooms anyway, and he did it on company time. He was much happier when he came back, and probably did twice the usual amount of work when he did on average.

As his co-worker who was working when this guy was at his parents' house, did I feel slighted or angry at him? No, for heaven's sake -- he was seeing his family, and enjoying a few choice, uninterrupted hours with them. Webapps can fucking wait. I was perfectly happy doing his share of the work.

The culture in the American software industry glorifies ass-in-seat hours (directly or indirectly -- this notion of "exhibiting your productivity" is just another version of ass-in-seat hours) at a cost to actual productivity, happiness, and general well-being by waving the distant promise of some sort of vague payout in front of you, and getting you to constantly compete with your co-workers at "putting in more time". Reject this sort of rubbish unconditionally if you have even the slightest choice.

I'm very much reminded of these:

http://www.cracked.com/blog/5-things-nobody-tells-you-about-...

http://www.cracked.com/blog/the-5-stupidest-habits-you-devel...

http://www.cracked.com/blog/4-things-politicians-will-never-...

Especially the last one.

EDIT: Fixed last link

I have to disagree with those who say this isn't news. It was news to me and will, I believe, be news to most others as well. The only time before this that I heard about using EZ pass for anything other than tolls was a few years ago when I read about some feasibility work on the concept of traffic flow optimization being done around Ithaca, NY.

I do wonder why they haven't been used yet to track speeding violations. Speed cameras are being installed in Manhattan. EZ passes are supposed to be used in one car only so it can't be lack of ability to isolate the user that's stopping it.

For years I've been keeping my EZ pass in a static electricity bag when I'm not anticipating going through tolls. I'll definitely continue to do so. At least until it becomes illegal.

Subtitle: reporter tries and tries to remain mean in the face of the Watsis, but finds he just can't do it.

Reading this article was like watching someone try to break into a really secure system. The reporter tried every trick in the book, and none worked. I went back and counted the number of different avenues along which he tried to attack, and there were no less than 11: Watsi's office, Chase's language, neocolonialism, race, the focus on patient care, Silicon Valley, California idealism, Watsi's investors, how real the connection is between donor and patient, why they don't fund patients in the US, and the realism of Chase's dreams. The dude is like a cynicism machine.

What's interesting about this guy though is that he's not unique in this respect. He merely represents the default/lazy reporter m.o. taken to such an extreme that it becomes a caricature. Controversy generates page views, and it's really easy to create. In his case I'm sure this is not an act, but an instance of someone's personality being naturally well suited to the work he's doing. But those of you who might one day have to deal with the press might want to keep this article in mind as an example.

I was the project lead on this, which involved converting the Feynman Lectures from LaTeX to HTML. I'd be happy to answer any questions.

Update: Most of the questions center on cost. I've answered in more detail below, but the short version is simple: no off-the-shelf converter was remotely sufficient for our needs, so we had to write lots of custom software, and writing custom software is hard.

Two words: fiduciary duty.

Whenever a megacorporation decides to act like a total shitburger, we are told their executive team has no choice, they are compelled by law to act like total shitburgers if it maximizes shareholder value. Keep workers part time to avoid giving benefits? Fiduciary duty. Export jobs to countries with no environmental or labor protections? Fiduciary duty. Charge customers a daily overdraft fee when an undeclared fee for checking their balance from a foreign ATM puts them in the red? Fiduciary duty. Lobby to change laws so they can act like even bigger shitburgers, legally? Fiduciary duty. Don't judge them, we are told, they have no choice. They are not bad people, they are just bound by fiduciary duty to maximize shareholder value. You should feel sorry for them, really.

And then a complex, perhaps admittedly fraudulent scheme (the mortgage crisis) comes along and kills giant megacorporations, wiping out shareholder value entirely. Any WAMU shareholders in the audience? What happened to this fiduciary duty? What happened to these terrible consequences which would arise if shareholders were not appeased? Shareholder value has been minimized ... and nothing happened.

Wall Street wants it both ways. A bailout with bonuses. Reward with no risk. License to act like a shitburger.

Fine, don't prosecute people for bad decisions. But don't pretend like you have no choice but to act like a shitburger, that doing so is anything but screwing the rest of us for personal gain.

See also "Falsehoods Programmers Believe About Names": http://www.kalzumeus.com/2010/06/17/falsehoods-programmers-b... (This falls under point #6)

> the 0.01% outlier who has seven different names, each consisting of some kind of personal scribble that changes depending on the phase of the moon?

I cannot adequately express my dislike for this kind of mockery. Seriously, fucking stop it.

Witness, if you will, a perfect example of the fourth estate performing its function. The article that brought about this result was a modern masterpiece of journalism.

Now ask yourself what would have happened if those in power had a bunch of warrantless "dirt" on these particular journalists and decided that they'd really rather just keep the gravy train rolling.

We all have something to hide and something to fear.

If this is true, and that NSA has been MITMing providers like Google, they are undermining the already shabby trust the US cloud-industry has attempted to build. I doubt Google and friends are very happy about that, since that's their one big basket where all the money comes in.

NSA in their eagerness to do rampant spying on everyone have had quite some collateral. They have decided to compromise the one thing which allows us to communicate securely on the internet: trust.

Right now we need to find out which (root?) CAs are compromised by the NSA. Long term it would probably be a very wise decision to revoke any US-based CA from the default trusted-list of browsers and OSes.

We cannot have untrustworthy CAs in a system based on trust. That's simply not an option.

Edit: As I've been pondering for a while (and which was also pointed out on reddit) we now have a situation where self-signed certs are more secure than CA-issued ones. They are the only ones you know can't be faked. How backwards is that?

The NSA is ruining the internet one piece at a time. The NSA needs to be dismantled.

Original email from this morning to give some color:

Dear Feynman Lectures Forum Members,

Have you ever wished there was a high-quality up-to-date version of The Feynman Lectures on Physics available online? One that could be read with a browser so you could study FLP on your smartphone, tablet, notebook or desktop computer, whenever you felt like it? For free? Well, now there is, and you are among the first to hear about it!

A few words about the free HTML edition of FLP (New Millennium Edition)

It was an idea conceived many years ago, when through FL website correspondence I became aware of the many eager young minds who could benefit from reading FLP, who want to read it, but for economic or other reasons have no access to it, while at the same time I was becoming aware of the growing popularity of horrid scanned copies of old editions of FLP circulating on file-sharing and torrent websites. A free high-quality online edition was my proposed solution to both problems. All concerned agreed on the potential pedagogical benefits, but also had to be convinced that book sales would not be harmed. The conversion from LaTeX to HTML was expensive: we raised considerable funds, but ran out before finishing Volumes II and III, so we are only posting Volume I initially. (I am working on finishing Volumes II and III myself, as time permits, and will start posting chapters in the not-too-distant future, if all goes as planned.)

When you read our HTML edition you will notice a floating menu in the top right corner with Twitter, Facebook, and email buttons (to tell your friends about it!), navigation buttons ('last chapter,' 'table of contents', and 'next chapter'), a "contact us" button (that sends email to me), and a "Buy" button that links to a page of advertising for our books and ebooks, with links to retailers' web pages. To support our effort in producing and maintaining the HTML edition, and to help us keep it free, I would appreciate it very much if you would take some time to explore the retailer's pages through the links on our "Buy" page.

Enough said!

You can access the free HTML edition of FLP either by going to the home page of www.feynmanlectures.info and clicking on "Read," or you can go directly to it at either of two servers:

www.feynmanlectures.info/flp or www.feynmanlectures.caltech.edu

(So what's the difference between the servers? I maintain the site at feynmanlectures.info, so changes are reflected there immediately. On the other hand, feynmanlectures.caltech.edu is generally faster and more responsive. The entire edition is mirrored from feynmanlectures.info to feynmanlectures.caltech.edu every day, so the latter is current within 24 hours.)

- hope you enjoy the new edition! If you like it, please tell your friends.

Best regards,

Mike Gottlieb Editor, The Feynman Lectures on Physics, New Millennium Edition

P.S. If you've received this email more than once, I apologize. We're having some problems with our mail servers this morning!

Well, it's only 11 000 lines of js... Plus Backbone, plus jQuery, plus underscore, plus ace. Loading the source page takes about 15s on my computer... I'm not sure I would like my index.html to like this https://github.com/ojjs/ojjs.github.com/blob/master/index.ht...

The sales page [1] has a bit more info on what these actually do.

[1] http://int3.cc/collections/frontpage/products/usbcondoms

Like lots of folks I drink a bit, and I smoke the occasional celebratory cigar. I'm fortunate to not have found myself addicted to anything though (that I'm aware of at least).

However, I have family members who have deep addiction problems. Life affecting. One thing that I've noticed is that even when they get off of the substance, the addictive personality traits are still there -- years later.

One of my relatives, for example, managed to get herself off of drinking and smoking completely and was in counseling. The addictions, and the kinds of behaviors that come with maintaining addictions (all kinds of dissociative, anti-social, manipulative weirdness) were ruining her life. Strange thing was, after removing the substance, the behaviors persisted.

Many months later, after quitting drinking and smoking, we found that she was latching onto other activities in an addictive way. For example, she found a puzzle game on her phone that she would play obsessively* -- forgetting to eat, sleep, show up for work, having basic human interaction and even requiring physical therapy at one point for the muscle strain of sitting in the position to play the game for hours on end. Crippling physical pain wasn't even enough to get her to stop -- it was what was providing her "fix". She would sit, literally for days straight and play it. Counseling eventually got her to recognize this addiction, but it was harder for her to stop since she had her phone on her at all times.

Then one day she stopped and we all breathed a sigh of relief -- she started sending emails again and generally became more communicative. A few weeks later the behaviors started again, but it wasn't with her phone. Turned out she had just found a computer game she liked more and switched off the phone game.

Today she manages a bit better, but she went through a smoking binge for a while. She's "quit" again, but now just habitually chews nicotine gum. Apparently the nicotine helps keep her off of other more destructive behaviors (like playing phone games obsessively). When she feels stressed, she just chews some nicotine gum and that seems to get her through the craving. She's back working a regular job now and doing okay, but the idea that she'll find some other, better, satisfier, scares everybody.

* - obsession is outright scary when you see it in another human for real. It makes a mood swing look like a flat affect. A person who's addictively obsessed with something is almost feral, operating on instinct -- except with human level brain power to alter their environment to maintain the obsession.