Tuesday, November 29, 2016

Tuesday, November 22, 2016

Lurking Malice in the Cloud

It is often claimed that the cloud is more secure than on-premises IT:
If you ask Greg Arnette if the cloud is more secure than on-premises infrastructure he’ll say “absolutely yes.” Arnette is CTO of cloud archive provider Sonian, which is hosted mostly in AWS’s cloud. The public cloud excels in two critical security areas, Arnette contends: Information resiliency and privacy.
But even if the cloud provider's infrastructure were completely secure, using the cloud does not free the user from all responsibility for security. In Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service, a team from Georgia Tech, Indiana U., Bloomington and UCSB report on the alarming results of a survey of the use of cloud services to store malware components. Many of the malware stashes they found were hosted in cloud storage rented by legitimate companies, presumably the result of inadequate attention to security details by those companies. Below the fold, some details and comments.

Friday, November 18, 2016

Asymmetric Warfare

Asymmetric warfare is where the attack is cheap but the defense is expensive. It is very difficult to win in this situation; the attacker can wage a war of attrition at much less cost than the defender. Similarly, one of the insights in our 2003 SOSP paper was that services were vulnerable to denial of service if handling a request was significantly more expensive than requesting it. We implemented two mitigations, "effort balancing", making requesting a service artificially expensive, and rate limits on services. Both were ways of cheaply denying requests, and thus decreasing asymmetry by adjusting the relative cost to the attacker. Below the fold, the most recent example of asymmetric warfare to come my way.

Thursday, November 17, 2016

Fake News

In Fake News, Ben Thompson at Stratechery argues (and I agree) that:
The reason the media covered Trump so extensively is quite simple: that is what users wanted. And, in a world where media is a commodity, to act as if one has the editorial prerogative to not cover a candidate users want to see is to face that reality square in the face absent the clicks that make the medicine easier to take.

Indeed, this is the same reason fake news flourishes: because users want it. These sites get traffic because users click on their articles and share them, because they confirm what they already think to be true. Confirmation bias is a hell of a drug — and, as Techcrunch reporter Kim-Mai Cutler so aptly put it on Twitter, it’s a hell of a business model.
No feet on the street
But, as I pointed out in Open Access and Surveillance using this graph (via Yves Smith, base from Carpe Diem), there is another problem. Facebook, Google et al have greatly increased the demand for "news" while they sucked the advertising dollars away from the companies that generated actual news. The result has to be a reduction in the quality of news. The invisible hand of the market ensures that a supply of news-like substances arises, from low-cost suppliers to fill the gap.

Thompson concludes:
I am well aware of the problematic aspects of Facebook’s impact; I am particularly worried about the ease with which we sort ourselves into tribes, in part because of the filter bubble effect noted above (that’s one of the reasons Why Twitter Must Be Saved). But the solution is not the reimposition of gatekeepers done in by the Internet; whatever fixes this problem must spring from the power of the Internet, and the fact that each of us, if we choose, has access to more information and sources of truth than ever before, and more ways to reach out and understand and persuade those with whom we disagree. Yes, that is more work than demanding Zuckerberg change what people see, but giving up liberty for laziness never works out well in the end.
Its hard to disagree, but I think Thompson should acknowledge that the idea that "each of us ... has access to more information and sources of truth than ever before" is imperiled by the drain of resources away from those whose job it is to seek out the "sources of truth" and make them available to us.

Tuesday, November 15, 2016

Open Access and Surveillance

Recent events have greatly increased concerns about privacy online. Spencer Ackerman and Ewan McAskill report for The Guardian that during the campaign Donald Trump said:
“I wish I had that power,” ... while talking about the hack of Democratic National Committee emails. “Man, that would be power.”
and that Snowden's ACLU lawyer, Ben Wizner said:
“I think many Americans are waking up to the fact we have created a presidency that is too powerful.”
Below the fold, some thoughts on online surveillance and how it relates to the Open Access movement.

Thursday, November 10, 2016

More From Mackie-Mason on Gold Open Access

Back in May I posted Jeffrey Mackie-Mason on Gold Open Access, discussing the Berkeley Librarian and economist's blog post advocating author-pays open access. In September and October he had two more posts on the topic worthy of attention, which they get below the fold.

Tuesday, November 8, 2016

The Exception That Proves The Rule

Chris Bourg, who moved from the Stanford Libraries to be library director at MIT, gave a thoughtful talk at Educause entitled Libraries and future of higher education. Below the fold, my thoughts on how it provides the exception that proves the rule I described in Why Did Institutional Repositories Fail?.

Tuesday, November 1, 2016

Fixing broken links in Wikipedia

Mark Graham has a post at the Wikimedia Foundation's blog, Wikipedia community and Internet Archive partner to fix one million broken links on Wikipedia:
The Internet Archive, the Wikimedia Foundation, and volunteers from the Wikipedia community have now fixed more than one million broken outbound web links on English Wikipedia. This has been done by the Internet Archive's monitoring for all new, and edited, outbound links from English Wikipedia for three years and archiving them soon after changes are made to articles. This combined with the other web archiving projects, means that as pages on the Web become inaccessible, links to archived versions in the Internet Archive's Wayback Machine can take their place. This has now been done for the English Wikipedia and more than one million links are now pointing to preserved copies of missing web content.
This is clearly a good thing, but follow me below the fold.