too much coffee, too little time.

This was my overarching impression of my first year as a Ph.D. student: too much reading, too much coursework, too much busy work, for any real reflection outside of class sessions. Forget integration with preexisting or current research, or time spent with the subject of research. There was too much insistence on fast turnaround and constant production, the same old reliance on the inescapable “publish-or-perish” adage, with the added pressure to present at conferences, seek out internships and future funding opportunities, collaborate, research, endure.

This is what I found so startling, this emphasis on endurance over enjoyment, on gritting your teeth through coursework to reach the relief of quals and the dissertation process, what should ostensibly be the most depressing, isolating portion of the Ph.D. experience. But the most repeated (and dare I say soundest) piece of advice I received all semester was the vague encouragement that “it does get better.” I’m still not convinced.

Continue reading

Reflections on Censorship, Occupy Wall Street, and the 99%

By now I’m sure we’ve all heard about Union Square, Washington Square Park, the Brooklyn Bridge, and other city sites that have been marched on; we’ve all seen the video clips circulating on the Internet, read about the original July call put out by AdBusters, and the supposedly unintentional or accidental censorship of emails and Tweets with the Occupy Wall Street phrase or hashtag. It does seem ridiculous that with the Occupy movement spreading to Washington D.C., the White House lawn, Los Angeles, Detroit, and banks and other corporate institutions everywhere, Twitter is currently trending #PeopleWhoAreOverrated and #moviebands.

Vibe, on the other hand, is overrrun with messages from Anonymous, the hive mind, bagpiper, and other similarly (un)identified individuals updating each other on Occupy Wall Street and the other Occupy movements springing up around the country and worldwide.

Continue reading

anti-censorship in network infrastructure

With AntiSec—and attendant censorship countermeasures—in full swing, Telex seemed like an appropriate subject.  In a nutshell, Telex offers a response to online censorship by placing anti-censorship technology into the Internet’s core network infrastructure, rendering it easy to distribute and difficult to detect and prevent. Governments tend to use firewalls in their network to block traffic or access to forbidden sites. Telex is different from previous anti-censorship systems in that it operates within the infrastructure at ISP points and non-blocked portions of the Internet, as opposed to network end points.

This “end-to-middle” proxying makes the system robust against censorship countermeasures. Furthermore, it emphasizes evading detection so that a censor may be circumvented without being alerted, complementing proxy and relay services like Tor. Telex employs and repurposes deep-packet inspection in its anti-censorship measures. Telex also does away with individual encryption keys or IP addresses that need to be communicated to users in advance, since the censor can block the system if it discovers this information. Telex is described, in short, as a “state-level response to state-level censorship” (Telex.cc).

Continue reading

Tricksters, 50 Days of Lulz, Effecting Change.

On June 26th, LulzSec faded back into the woodwork, ending their hacktivity with “50 days of lulz,” in which they leaked internal data from AOL, AT&T, the FBI, gaming forums, NATO bookshop, and navy.mil, among others. The leak marked the end of the Lulz Boat’s “planned 50 day cruise,” leaving its 6-member crew to “now sail into the distance, leaving behind–we hope–inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere.  Anywhere” (LulzSec).

This begs the question I’ve been dodging forever: does spectacle, ultimately, constitute impact? What did X, Y, or Z actually do? Apart from gathering numerous followers, supporters, and participants, LulzSec’s antics have impacted the way organizations view cybersecurity, drawing statements from NATO and prompting the Obama administration to propose stricter anti-hacking laws. (This is one year after the Australian government proposed that DDoS and script hacks be termed “cyber-terrorism” following Operation Titstorm, so that their import could be easily recognized. Notably, these attacks were performed in response to ISP-level censoring measures proposed by the government that year.)

Continue reading

Digital Dead Drops: Public P2P File-Sharing

Public, offline, anonymous file-sharing, now available in crevices near you:

Berlin-based media artist Aram Bartholl started the Dead Drops project while working as an artist-in-residence in NYC in 2010.  Dead Drops functions as a P2P file-sharing network in public spaces, such as this one, where anonymous users can plug their laptops in and out of USB sticks secured in walls, holes, and other nooks and crannies with cement.  The database lists locations of and directions to USB drops worldwide, installed and maintained by anyone who wants to become involved.  The idea comes from traditional “dead drops,” points where information is exchanged between two intelligence agents without them ever meeting face-to-face.  This becomes more unwieldy on public city streets, where information could potentially be shared between thousands of people, making private drops difficult if not impossible (more thoughts on this below).

Continue reading

LulzSec, Anonymous, and AntiSec: Thoughts on Lulz and Ethical Hacking

By now I think most people are familiar with LulzSec, Anonymous, and other anonymous hacking groups, as they are receiving more and more media coverage in mainstream outlets as well as tech-only reporting sources.  I’ve hesitated to blog about this, namely because I have yet to comprehend everything that is happening, but the longer I wait, the more I realize I’m never going to fully understand it.  Like much of the stuff I’m interested in, it’s too big to judge or sum up in a single blog post.

So instead, I’m going to try to break down my observations and thoughts about this phenomenon in a very basic sense.  I may have attempted in previous posts to make a distinction between malicious hacking and DDoS (distributed-denial-of-service) attacks, but I would like to refine that further using more appropriate terminology.  For some time now, the term hacker has been reclaimed in a positive or at least neutral usage, while “cracking” has been used to describe malicious hacking attempts.  A better classification system, and the one more popular with the hacking groups themselves, runs from “black hats,” or straight-up computer criminals, to “white hats,” or computer security experts.  Most pertinent to this discussion are “gray hats,” those hacking not for personal gain or out of malicious intentions but who technically commit crimes during their hacking endeavors.  Gray hats may seek improved security by breaching the cybersecurity of various organizations, or may leak internal governmental data in order to promote awareness of and accountability concerning human rights abuses by those nations.

DDoS attacks, which flood a server with so much data that the website is forced to go down, are considered gray-hat tactics.  I think I’ve stated previously my belief that DDoS attacks serve as modern-day peaceful protest.  However, I do think the gray area becomes even grayer for some when you take into consideration the motives behind these attacks.  Taking down and even defacing the Zimbabwe government’s website to protest its oppressive regime, for instance, seems more morally upright than taking down cia.gov for anti-establishment lulz.  But ultimately, neither attack is harmful, especially when compared to black-hat(?) tactics such as leaking 62,000 random logins into the hands of Twitter users, who promptly used the information to gain access to innocent individuals’ email, gaming networks, PayPal, Amazon, Twitter, Facebook, MySpace, and so on.

Despite this, I’m having a hard time condemning LulzSec.  I tend to be more supportive of them when they are targeting governments and corporations—i.e., institutions, whatever those may be—rather than when they are targeting individuals.  At the same time, if you use the same email/password for everything, can you really complain when everything is hijacked?

It’s not so simple, I realize, and the ends don’t justify the means, IRL or online.  In fact, I probably stated earlier that I support Anonymous for their ethical selection of targets, so it should be easy for me to write off LulzSec for their apparent lack of morality.  In conversations with friends and colleagues, however, I find myself against the wall trying to defend (or at least objectively view) hacker activity that can be plausibly likened to hurling bricks through a shop window IRL—damage for the sake of damage, breaking things because they can.  They have hacked, obtained, and disseminated databases from Sony, PBS, Fox, X Factor, Bethesda and other gaming servers (at the request of callers, according to them), pron.com, Infragard Atlanta (an FBI affiliate) and Senate.gov; they’ve dropped dox on Karim Hijazi, CEO/President of Unveillance and member of Infragard; they have played with the websites of individuals who exhibit unwarranted self-importance (e.g., claiming to be #1 hackers or hacker-proof).

At the same time, LulzSec has gained more media notoriety in a month or so than Anonymous has since it first entered the fray (Anon has been hacking for years, but as an ethical hacking group it really came together in 2010 during the height of WikiLeaks controversy).  And you can bet your ass Sony employees were chained to the desk toughening their defenses after being hacked multiple times in fairly rapid succession.  LulzSec has utilized “simple SQL injection and Local File Inclusion vulnerabilities, and botnet-powered Distributed Denial of Service attacks” (Ars Technica) that, to some, are too low-level to qualify as hacking.

But the Internet truly exploded on June 17, around 5:48, when LulzSec DDoS’d cia.gov.  By around 6:10, the main page had reappeared but as a facade, but none of the links were working. Immediate Twitter posts tagged #LulzSec include statements ranging from “oh shit they ddos’d the CIA” to “we’ll see who’s laughing when the FBI comes for them.”  Minutes later, th3j35t3r tweeted to LulzSec, “Gloves off […] expect me.”  And at that moment and only that moment, apparently, shit got real.

Continue reading

Gay Porn, Literacy Skills, and Julian Assange: the Affinity Spaces of Rule 34 on /y/

Yes, I know: no matter how you spin it, Rule 34 on Julian Assange just sounds wrong.

At any rate, I was sorting my files yesterday and came across a series of screencaps from a December thread on Yaoi – /y/ titled “Julian Assange,” in which OP rather shamefacedly requested Rule 34 on Assange.  Part of the Anon-authored Rules of the Internet, Rule 34 expresses the notion that if something exists, pornography of it also exists, no exceptions.  OP’s request caused other Anon to admit to similar desires, whether long-term or prompted by OP’s request.  What resulted was a three-part thread of epic proportions, in which writefags and drawfags mass-mobilized to create pornographic material and discuss WikiLeaks, Bradley Manning’s imprisonment, Jacob Appelbaum, and the actions of the federal government.  After maxing out 3 threads, Anon formed its own kink meme with most of the written content from the original three threads.  This in and of itself is not a new phenomenon; the Axis Powers Hetalia fandom has long had a kink meme that overlaps with /y/ threads, and participatory culture across 4chan occurs most around requests for and sharing and creation of pornography.  But the types and magnitude of communal authorship and mentoring taking place in these threads caught me off guard.  And so, despite having my childhood raped several times by Rule 34, I began giving it some serious thought.

Continue reading

Game on, game off.

Sent to me via comment on my previous post on WoW as a form of prison labor in China, here is Cory Doctorow’s short story “Anda’s Game,” from his collection Overclocked.  The story prefigures the RL system of gold farming for real-world currency.  While the writing itself may leave something to be desired, it’s worth a read, especially if you’re into sci-fi/feminist literature and the meatspace/cyberspace binary.

Continue reading

Prison Labor, version Warcraft

China Used Prisoners in Lucrative Gaming Work

No pun intended, but…WoW.  Just wow.

The Guardian reports that Chinese prisoners were forced into World of Warcraft gold farming at labor camps in place of physically intensive labor.  For those of you not in the know, gold farming is the process of earning online credit inWorld of Warcraft.  The credit may then be sold to gamers for real-world cash.

China’s labor camp ideology is “re-education through labor,” remembered by one inmate as “backbreaking mining toil,” hand-ruining carving, and forced memorization of Communist literature to “pay off his debt to society” (Vincent).  These chores were performed during the day; World of Warcraft occurred at night, after which the gold was exchanged for real money by the prison guards.

Continue reading