Scribd and HTTPS Everywhere

I found recently that Scribd, the document hosting service, is incompatible with the Electronic Frontier Foundation's HTTPS Everywhere browser plugin. I was using Firefox (while Google Chrome and Opera successfully uploaded files). I first suspected Flash, and so closed my browsers and reinstalled Flash Player, with no change in behavior. Uploading a document with HTTPS Everywhere enabled failed in the following cases:

1. From the Activity Feed's AJAX popup uploader: "(1333979476481): Security Error"
2. From the Upload page: "Upload failed: (1333982598581): Security Error"
3. Using the HTML upload page: page reloads with no error message and no success message when you try to upload a file.

HTTPS Everywhere is a plugin that not only uses an SSL connection whenever the web server supports it but also protects against a false sense of security by imposing rigorous standards for checking that the certificate is sufficiently trustworthy, based on the Certificate Authorities that signed it, as well as the particular cryptographic algorithms used, and the versions of SSL software and supported SSL protocols enabled on the remote server. Head over to the EFF website for more information.

Apparently, Scribd's certificates do not stand the test and the solution is to disable HTTPS Everywhere for the Scribd domain, using the toolbar drop-down menu as pictured below:

 
 Hope that helps relieve some of your frustration! Happy computing!

Registered Linux User #370740 (http://linuxcounter.net)

Blackout against SOPA/PIPA

The biggest news in Internet policy and legislation these days are the twin Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA), introduced in the House of Representatives and the Senate, respectively. Tomorrow, January 18, 2012, for the 24 hours beginning at midnight EST, the English Wikipedia and many other websites will execute a blackout in protest of this legislation. The blackout was chosen because it is effectively what will result when the government executes the censorship for which these bills provide - entire websites and services will become unavailable.

I will participate in the blackout, and all websites on my pnguyen.net domain will be entirely offline, replaced by a simple statement of my opposition and a link to the Electronic Frontier Foundation's informational page on SOPA and friends.

Catch up on SOPA/PIPA via the EFF or my post from last month.

See you on the other side!


Registered Linux User #370740 (http://linuxcounter.net)

The Legal Battle for the Internet

With recent issues like Net Neutrality (preventing content providers from gaining an unfair advantage over each other via carrier-level agreements) and the debate over the use of unallocated wireless radio frequencies after the switch to digital television, the developments over the last 6 weeks on the Internet front are not surprising. The Stop Online Piracy Act (SOPA) floated to the top of tech and art news, backed by MPAA on intellectual property and licensing grounds, opposed by leading Internet companies at the forefront of information sharing and content delivery.

Claims made by both sides are valid in their motivations, but the bill (H.R. 3261) does not seem to serve either camp well. POPVOX has some good information about what each side says on this particular bill. Also check out some of the news and positions that have developed via the links below:

Advocacy Groups

• American Censorship
• Public Knowledge  
• Don't Censor the Net

Blog Posts from Significant Stakeholders, against SOPA

• Electronic Frontier Foundation on recent developments. December 16, 2011.
• Internet Engineers' Letter to Congress on SOPA. December 15, 2011.
• Mozilla on progress of SOPA. December 14, 2011.
• Creative Commons on progress of SOPA. December 14, 2011.
• Wikimedia Foundation on progress of SOPA. December 13, 2011.
• Open Letter From Mozilla, Google, Facebook, Twitter, Yahoo, Ebay, etc. November 15, 2011.
  

Blog Posts from Significant Stakeholders, for SOPA

• On MPAA response to opposition. December 13, 2011.
• MPAA: Pros. December 12, 2011.
• Open Letter from SAG, AFM, et al. October 26, 2011.

Commentaries

• At Ars Technica: Sen. Reid pushes censorship bill. December 19, 2011.
• At TechDirt: Courts have ruled similarly already. December 19, 2011.
• At TechDirt: Arguments in favor are flawed. December 6, 2011. 
• At C|NET: Sandia Labs against SOPA on cybersecurity grounds. November 17, 2011.

Significant Stakeholders

These companies and organizations are at the forefront of discussions opposing SOPA.

• Electronic Frontier Foundation
• Free Software Foundation
• Creative Commons
• Mozilla Foundation
• Wikimedia Foundation

These companies and organizations are at the forefront of discussions supporting SOPA.

• Motion Picture Association of America - Issue page
• Screen Actors' Guild

Update: Scribd is hosting a collection of SOPA/PIPA documents.


Registered Linux User #370740 (http://linuxcounter.net)

WiFi network usage over holidays

US-CERT has published a bulletin advising caution when using wireless-enabled devices as you travel over this holiday season. Read the full article at the US-CERT website.

This link is provided for informational purposes only and does not represent an endorsement by or affiliation with the Department of Homeland Security (DHS).

Registered Linux User #370740 (http://linuxcounter.net)

C|NET Download.com Malware

Fyodor of the nmap project at insecure.org announced this week that C|NET has been wrapping the proper nmap software installer in a malware-installing application that in turn downloads and installs nmap. The collateral effects of what users download from C|NET include all sorts of adware/spyware toolbars, and the suspicious point is not only that users download something other than what they expect and have expressly requested, but the C|NET download is crafted so as to have the same file size as the legitimate installer, which would be verifiable elsewhere for vigilant users.

This is an outrage to the open source community, which is built on trust and openness, and severely undermines the reputations of security software vendors, whose products may be misunderstood by more novice users as being "viruses" or the like. What it amounts to is a man-in-the-middle attack (though not in the cryptological sense of the phrase), which may or may not be perceived as such by ordinary users.

What is more disheartening is that this is a blanket policy - that C|NET actually wraps all software downloads with this malware.

Let's make some noise and rally for integrity of values and for those who have tremendous influence as distributors of software to stand up for praiseworthy computing practices at a time in our collective history that is so very much necessary.

Find Fyodor's email and the Nmap project's Download.com Fiasco page on www.insecure.org.


Registered Linux User #370740 (http://linuxcounter.net)