I Had No Idea The Fifth Amendment Was This Important

I guess this was boingboinged but I saw it on Crimesift — videos of a law professor and a cop discussing the reasons never, ever to talk to police. For any reason. I had no idea. The Fifth Amendment isn’t a last resort if you’re guilty. It’s a basic operating procedure if you want to minimize your chances of being wrongly convicted if you’re innocent. Not because police are evil or anything like that, but because there is no way to be sure you’re not breaking a law at any given time, and because the system is set up such that there’s no way anything you say to the police can possibly help you (it can be disqualified as hearsay by the prosecutor, no matter how useful it would be to you) and there’s about a dozen ways that it can hurt you.

The videos are long but worth watching. After the defense attorney speaks, the cop gets up and affirms everything the defense attorney has said, with the qualification that while he is willing to lie, mislead, and manipulate people into confessing, he will not have someone in the “interview” room in the first place unless he honestly believes they’re guilty. Of course, if that’s true, then you should assume if you’re being interviewed by the police that they probably already honestly believe you’re guilty of something, wrongly… which means it’s best to shut the hell up, for the reasons given in the previous video by the defense attorney.

Yow. Eye-opening.

Foxconn Motherboards Detect And Sabotage Linux, Apparently at Bill Gates’s Specific Behest … or not

Holy crap, deep evil from Microsoft seems so late-nineties. But this bit just came out. And it references the late nineties! Two parts:

A technically savvy Ubuntu user reverse-engineered the BIOS on his badly-performing Foxconn-brand motherboard. In it he found a program that checked to see if Linux was running on it, and fed it bad information about the hardware (specifically about the ACPI system, which is a standardized system for power management on PCs) so that it would not work correctly. When he contacted Foxconn about it, they said that the motherboard wasn’t “certified under Linux” so who cares? The user, Ryan, pointed out that the board was advertised as supporting ACPI, and its ACPI was intentionally crippled if you ran Linux on it. They blew him off.

This would all be a minor saga in the history of third-rate hardware manufacturers, if it were not for the discovery last year of a Bill Gates email from 1999 where he complained about how Microsoft was working so hard on the ACPI standard, and Linux was reaping the benefits, and wondered if there was some way to make sure that “even if they are open” the ACPI extensions to the BIOS would only work with Windows.



Or maybe it’s all just nonsense and confusion, and there’s nothing sinister about the hardware at all.

Clipperz review

A while back I happened across this article on programming.reddit.com — “Moving the ‘C’ in ‘MVC'” — about web applications whose logic is implemented primarily on the client-side, in javascript, as opposed to the server-side. Interesting stuff, the sort of thing that’d bubbled around my head at one time or another.

That article mentioned clipperz.com and their concept of a “zero knowledge web app.” The idea here is to implement client-side cryptography in javascript and store nothing on the serverside except wads of encrypted data. Data that is encrypted on the client, that is. So it never passes over the wire in the clear, and it’s never decrypted on the other side of the wire.

That’s pretty cool. In fact, clipperz.com hosts their own best shot at a zero-knowledge web app, a password manager. A web-based password manager seems insanely insecure, but not so if you implement it as a zero-knowledge web app. It’s basically like keeping a local HTML with all your passwords and javascript which allows you to click on those passwords and have it launch the appropriate page and log in to the service in question (Google, Facebook, whatever) — except that instead of keeping it locally you’re keeping an encrypted version of it on clipperz.com’s servers.

As far as usage goes, it’s pretty simple, but unusual. In a normal web app, you log in once, after which you are recognized by cookies until some timeout period. That’s because you’re logging in to an app running on the server, and cookies help maintain the illusion of a persistent connection. In clipperz, the app is running in your browser. So if you close the page and come back to it, you have to log in again. But you can leave that page open forever and it never times out, because there’s a real connection between you and the app (an open browser window) so there’s no need for the whole cookie deal.

Adding logins to the app is an unusual process but easy once you get used to it. When you’re on the login page to the service in question (myspace, yahoo, whatever) with your username and password typed in the blanks, you can click on a bookmarklet you’ve previously saved from clipperz, and it will extract a chunk of JSON data from the page you’re on, representing the login form, your username, and password. You cut and paste that into your running clipperz session in another tab or window, and it takes that JSON chunk and adds that to its data store, and now you have a clickable link on your clipperz page which will log you in to that service.

Knowing I’ve got an instant one-click login to a service makes it easier for me to make a habit of logging out of a service when I’m not using it.

It’s also easy to maintain more than one login to the same service using clipperz. Each is just one click away.

Clipperz has a sometimes-friendly, sometimes not-so-friendly competitor named “PassPack,” whose authors consider Clipperz.com’s zero-knowledge thing “fallacious” in some way, though reading through it I’m still not sure exactly what they think is wrong with Clipperz’s way of doing things. I guess the idea is that any privacy and security that Clipperz provides for you that PassPack doesn’t is just silly and you shouldn’t worry your pretty little head about it, for such worrying is a “fallacy.” I don’t know. It sounds like PassPack might be easier to use, and harder to understand what they’re doing. With clipperz you just have a username and passphrase; with PassPack you have a username and password and an additional crypto key. (UPDATE: see comments below, from Tara from PassPack for clarification of what they were getting at.)

In any case, PassPack and Clipperz have each posted a list of the pros and cons with their respective services. Overall I have to say that having actually used Clipperz for a while I don’t see anything about PassPack that encourages me to explore it as an alternative.

Anyway, my review of Clipperz after a couple weeks of use — thumbs up! It’s unusual but worth getting to know.

Rosencrantz and Guildenstern Are Undead

Julian Marsh (Hoffman) is an out of work ladies man who lands a job directing a bizarre adaption of Hamlet. After casting his best friend (Lemche) and his ex-girlfriend (Aoki) in the show, Julian finds himself in the middle of a two thousand year old conspiracy that explains the connection between Shakespeare, the Holy Grail and some seriously sexy vampires. It turns out that the play was actually written by a master vampire named Theo Horace (Ventimiglia) and it’s up to Julian to recover the Grail in order to reverse the vampire’s curse… If only being undead wasn’t so much God-damned fun!

[From Rosencrantz and Guildenstern Are Undead]

Sweet. Now that Zombie is the New Vampire, Vampires have been freed from the heavy burden of hipness and can be part of a whimsical little film.

Via MeFi.