You have email account x@y.com, which is your main email. You have the password XYZ, which you use for everything. You register at paypal with your email address x@y.com and use your normal password. You then register at some obscure webforum using your normal email and password.

Obscure webforum keeps new member details in plain text on their site. Hacker hits obscure webforum and takes thousands of email addresses and site passwords. Hacker then feeds these emails and passwords into paypal, a good proportion of which will actually work.

[Via a comment by Bert9000 in Charles Arthur's post on recent iTunes/Paypal hacks]

into the viral hit “Bed Intruder Song”:

Now, they’re selling the song on iTunes, and it’s flying off the virtual shelves. According to Wired.com, The Gregory Brothers sold 10,571 copies of “Bed Intruder Song” on iTunes in the first two days. What’s more, the tune has made it onto the Billboard Hot 100. In a classy move, The Gregory Brothers split the profits 50/50 with Antoine Dodson:

We’re really breaking “unintentional singing” ground, so we’re trying to set precedents by making it so that Antoine, or whoever that artist might be in the future, has a stake not only as an artist but as a co-author of the song. It’s like you said: He wrote the lyrics, he’s the one who put it out there. What we’re doing on iTunes and on any other sales, we’re splitting the revenue after it gets through Apple down the middle. And that [also applies] if we ever license the song for TV or a movie. Whatever happens to the song, he has a 50 percent writing credit.

Though this is an American example, I think this story is particularly interesting to Canadians, in light of new proposed copyright legislation, which includes a “YouTube clause that allows people to mash up media under certain circumstances, as long as it’s not for commercial gain.” From Bill C-32:

It is not an infringement of copyright for an individual to use an existing work or other subject-matter … in the creation of a new work or other subject-matter in which copyright subsists … if the use of, or the authorization to disseminate, the new work or other subject-matter is done solely for non-commercial purposes

So, C-32 would make it OK for me to remix a local news report, so long as the remix was non-commercial (or covered by C-32′s parody or satire exceptions). But what does “non-commercial” even mean? At what point would a Canadian version of the The Gregory Brothers’ videos become commercial? Would it be after they get millions of views on YouTube? After they start selling the songs on iTunes? And what about the advertising that YouTube runs against “non-commercial” videos? Non-commercial means a lot of different things to a lot of different people. Just read Creative Commons: Defining Noncommercial.

And when it comes to ownership, it’s incredibly muddy to me. My non-commercial remix may be a new work, and I may hold the copyright to it, but am I suddenly infringing copyright if my remix becomes a YouTube hit and the cheques start rolling in? In that situation, what becomes of the Antoine Dodsons of the world? The Gregory Brothers are splitting their piece of the pie with him, but do they have to? Should they have to?

Memetics and remix culture are the lifeblood of the web, and are constantly evolving. The first Auto-Tune the News video showed up 16 months ago. 16 months ago! Can legislation ever catch up with such a wildly moving target?

If you have opinions or (fingers crossed) pointers to some clarification around remixes and ownership under C-32, I’d love to hear about it in the comments.

Here’s what I find particularly scary about this announcement: Facebook Place Tagging. From Jolie O’Dell at Mashable (emphasis mine):

You can add places, check in to places that already exist, and tag people who are with you. If you’re checking in for a group, make sure you tag your friends before you checkin, yourself. For example, I added my house and checked in there. I then opened the Places page for a nearby sushi restaurant, tagged my boyfriend, and checked us both in there.

Wait a minute! Other people can check me in? Yup. According to Facebook’s FAQ:

You can tag your friends who are with you at any given location as long as you are checked-in and they have set their privacy settings so they can be tagged.

The default settings “for any check-ins are to have them visible only to your Facebook friends.” Facebook’s privacy settings let you opt out of Places sharing completely, but as The Guardian points out, if you don’t opt-out, “you will be asked to agree” the first time a friend tries to check you in.

It’s not hard to imagine how this could become incredibly problematic. Personally, I don’t want anyone but me to have the power to share my location. Remember what happened to Plazes CEO Felix Peterson? Or just consider any number of potentially embarrassing Foursquare check-ins. Now, consider that all of your Facebook friends have the ability to create those awkward location-based snafus for you.

Two predictions:

• It’s only be a matter of time before we see a blog dedicated to “embarrassing third-party Facebook Place check-ins”
• The alibi fabrication industry is about to blow right up

The Swell Season covers Neutral Milk Hotel

That’s Joe Doyle (from The Frames) on bass.

(via Merlin)

According to researchers at Georgia Tech, GPU-accelerated brute-force password cracking techiques are getting really good:

“Right now we can confidently say that a seven-character password is hopelessly inadequate,” said Mr [Richard] Boyd, “and as GPU power continues to go up every year, the threat will increase.”

Instead, Boyd recommends “a 12-character combination of upper and lower case letters, symbols and digits.”

That’s good advice. But alas, we live in a world where 75% of the population uses the exact same password for their email and social networking accounts, and the 5 most popular passwords go like this:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou

Personally, I use 1Password¹ to generate and manage strong passwords, and I love it. I have to say, there’s a special warm, fuzzy, geeky feeling that goes along with knowing you’re using good passwords. It’s not unlike the feeling I get when I know my family photos are redundantly backed up.

My next CBC tech column (Tuesday on CBC R1 afternoon shows across Canada) is all about generating good passwords. It’s good advice to hear anytime, but if you use the same password for more than one site, seriously, change it now.

But here’s what I’m really wondering: aside from legit textbook sources like CourseSmart, how will the new breed of tablet computers affect ebook piracy? There’s certainly no shortage of textbooks on Bittorrent sites, Usenet indexes, and Gigapedia.

Stateside yesterday, the Pew Internet & American Life Project published a new report on home broadband, with some surprising results:

By a 53%-41% margin, Americans say they do not believe that the spread of affordable broadband should be a major government priority. Contrary to what some might suspect, non-internet users are less likely than current users to say the government should place a high priority on the spread of high-speed connections.

Seems like the majority agrees with The Thrill.

[Via David Weinberger]

You know how every Twitter app on the iPhone has its own built in browser? And how each embedded browser works almost, but not quite like, all the other embedded browsers? With each embedded browser having different buttons, different scaling strategies, different rules for rotation? All of this exists to prevent you from having to leave your Twitter app and go to Safari, which would render the link properly. Going from TweetDeck to Safari is a big deal. After you switch to Safari, when you are done reading the link, looking at the picture, whatever, then you are stuck at a precipice — you want to go back to TweetDeck right where you left off. How do you do that? Home. Restart TweetDeck. Hope it is written such that you pick of where you left off. But traversing through the Home key and the Springboard is incredibly interruptive. Indeed, leaving TweetDeck or any other app in order to go to Safari feels like a huge step on the iPhone.

Contrast that with the Android Way: just click on the link, and whatever app you set as the default handler for that action springs open. Noise around, read it, whatever. Then just hit the back button and you are right where you left off. No barrier. It truly blurs the line between applications.

I know I’ve linked to it before, but it’s really worth repeating: The In-Between Stuff Matters.

there should be a new, enforceable prohibition against discriminatory practices. This means that for the first time, wireline broadband providers would not be able to discriminate against or prioritize lawful Internet content, applications or services in a way that causes harm to users or competition.

Taken alone, this seems like a boon for net neutrality. But, Google and Verizon continue:

we both recognize that wireless broadband is different from the traditional wireline world, in part because the mobile marketplace is more competitive and changing rapidly. In recognition of the still-nascent nature of the wireless broadband marketplace, under this proposal we would not now apply most of the wireline principles to wireless

So, Matthew Lasar at Ars says, “Wireless network operators can discriminate and prioritize to their heart’s content.”

This news is particularly interesting for Canadians, because it comes at a time when the CRTC is actively soliciting comments as part of its open consultation on basic service. Among the questions that the CRTC poses:

Do you think that wireless services (e.g. Wi-Fi, 3G networks or satellite) can be substitutes for landline services to connect to the Internet? Explain why or why not.

Given than in the US, under Google-Verizon’s proposal, wireless internet providers would be exempt from net neutrality principles, this could set the stage for a tiered internet system in Canada. I suspect this question is particularly relevant for underserved rural Canadians. According to recent numbers, 1 in 5 rural Canadian homes does not have access to broadband internet service. Based on its questions, the CRTC seems to be considering wireless technology as a possible way to ensure broadband to all Canadians.

In addition, the CRTC asks the following internet-related questions:

• For what activities do you use or expect to use your Internet service?
• what role, if any, should the CRTC play in ensuring that all Canadians have access to broadband Internet service?

This week, my CBC Radio tech column is all about the CRTC’s open consultation. It airs Tuesday on afternoon shows across the country. The consultation runs until August 20 (not August 10, as the FAQ indicates), and you can particpate at o2s.publivate.ca.

The 1,135-square-foot home is about 40 years old and includes a high basement

No kidding.