Tim Cook on Apple

Time Cook’s vision of Apple

“We believe in the simple, not the complex. We believe that we need to own and control the primary technologies behind the products that we make and participate only in markets where we can make a significant contribution. We believe in saying no to thousands of projects so that we can really focus on the few that are truly important and meaningful to us. We believe in deep collaboration and cross pollenization of our groups, which allow us to innovate in a way that others cannot. And frankly. we don’t settle for anything less than excellence in every group in the company and we have the self honesty to admit when we’re wrong and the courage to change.”

Nice.

there is simply ‘safety.’

Report: biggest online threat to kids is other kids

“Overall, the report generally concludes that the general public may have an impression that the Internet is awash in predatory pedophiles, but that picture is simply unsupported by the research that’s available. Those risks that do exist don’t appear to be specific to the online world, as the report suggests, ‘the risks minors face online are complex and multifaceted and are in most cases not significantly different than those they face offline.’ As one of the participants stated, ‘the truth is that there is no ‘Internet safety,’ there is simply ‘safety.””

foaf builder – it was all going so well and then

(update: on the other hand, it appears to have worked… My spiffy FOAF URI is http://foafbuilder.qdos.com/people/gwking.myopenid.com/foaf.rdf)

I was trying to add myself to FOAF builder (just because). It was slick. It was nice. It was using OpenID. But then:

Fatal error: Call to undefined function sparql_put_string() in /usr/local/src/foafbuilder/application/controllers/WriterController.php on line 295

sign. computers. still. suck.

using MD5 in certificates is well and truly broken

A nice description of Certificate Authorities and the web of trust along with details on how researchers broke it in the case of MD5 signed certificates.

Theoretical attacks yield practical attacks on SSL, PKI: “In so doing they showed once and for all that the theoretical attack had practical value; chosen prefixes are enough to undermine systems built using MD5.”

when hashes collide – about time we found a use for PS3s

200 Sony PS3s Harnessed To Crack Secure Site Certification (InformationWeek)

“Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash,” theresearchers said on their Web site. “This is known as an MD5 ‘collision.’ Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the Web to realistic threats.”