January 19, 2010Our Cellphone Conversations Are No Longer Private
I just finished going through Karsten Nohl's presentation and project notes on cracking the A5/1 encryption key used to protect GSM networks. Usually mobile phones and base stations quickly and randomly change their radio frequencies across a spectrum of 80 channels to prevent eavesdroppers from picking off and assembling a conversation floating through the air waves. With his team's new channel hopping crack, software can now be used to control radios that makes the frequency changes at precisely the same time, and in the same order, that the cellphone and base station do. Karsten's presentation above describes a practical means to capture calls for under $5000 USD. Although the current software still requires the use of pre-calculated decryption keys, it is only a matter of time before they finish calculating the rainbow tables required to deduce any unique key that encrypts a call and eavesdrop in real-time. At that point, I will probably want to build one for myself. It would be kinda cool to build a GSM base station (advertising itself on an unused GSM frequency band) and have it intercept and route outgoing calls from home or from the office through the Internet via Asterisk. Maybe then I can keep the dropped calls to a minimum.
“What a man hears he may doubt, what he sees he may possibly doubt, but what he does himself he cannot doubt. ”
Seaman Knapp
SEO Friendly Stocking Stuffer
After announcing our updated blog importer back in September, we got a lot of positive comments about how we seamlessly (301) redirect requests for existing URLs of imported content to their new home on Squarespace. This ensured that all the Google link juice users have gathered over time was transferred over in a SEO friendly way. This feature mainly lived in the deep recesses of our backend routing code, but starting today, we're bringing this feature out of the dark and letting our users create SEO friendly shortcuts.
Until today, users were only allowed to create URL shortcuts to their site's content via a simple URL rewriting method. It allowed users to create shorter, perhaps even more user-friendly URLs than the ones Squarespace generates. Requests for the friendly, shortcut URL loaded the contents of the existing URL while preserving the requested URL in the browser navigation bar. Unfortunately, when search engines crawl other sites that link to either of these URLs, this technique ends up splitting the page rank and other measures of link value between the two URLs. Not very good for SEO. One way to alleviate this problem would be to use the "canonical link rel" element to tell search engines to focus on indexing a new page for the content it encounters. Originally intended for duplicate content within the same domain, Google is now supporting its use for cross-domain content duplication. It is only seen as a hint and not an absolute directive, though. It is intended to supplement and not replace a 301 redirect. Yahoo and MSN have yet to follow suit, though there have been grumblings that they have agreed to support it.
In addition to the URL rewriting method, we have added the ability for a user to choose between on-domain 301 and 302 redirects. A 301 redirect will signal to a search engine that the requested URL has moved permanently to a new URL. All three major search engines handle the 301 redirect directive the same way. They ignore the original URL and instead index the destination URL. The link value of any keywords contained in the original URL will be transferred over to the new URL.
A 302 redirect is treated differently depending on the search engine. It essentially tells a search engine that the move is only temporary, and that the content at the original URL might still be valid in the future. When Google encounters a 302 redirect it maintains all link value with the original URL. MSN/Bing, on the other hand, treats 302 redirects exactly how it treats 301 redirects, it will always ignore the original URL and instead indexes the destination URL. With the current Yahoo-Microsoft search deal, it follows that Yahoo's indexing behavior will soon be the same as Microsoft's.
So how do you decide between our default URL rewrite method, our on-domain 301 redirect or the often misunderstood on-domain 302 direct? If you don't care about SEO, then the default URL rewrite method will probably be a good, no-hassle choice. It loads content the fastest among our three shortcut navigation methods. Also, it is the only method that preserves the shortcut URL on the browser address bar. The 301 redirect is the best all around option if you want consistent results across all search engines. If you're not sure what to do, pick the 301 redirect. The real question is when to use the 302 redirect. The on-domain 302 redirect should be used if you want a URL to recycle among different posts/pages. For example, a news blog following Tiger Woods' growing harem collection might use a 302 redirect to funnel readers to the latest news by creating a shortcut from
"http://www.tigersden.com/ladies-of-tiger-woods"
to
"http://www.tigersden.com/news/2009/12/10/tiger-woods-bones-waitress.html"
on one day and then update the url with some new content scribed at
"http://www.tigersden.com/news/2009/12/14/tiger-woods-bones-call-girl.html"
a few days later. A 302 redirect will allow a reader to google for "tiger woods ladies" and land on the page with Tiger's most recent conquest. A contrived example, yes. But illustrative nonetheless. Anyway, Santa doesn't have any more feature enhancements in store for 2009. More fun features will be coming in the new year. Happy Holidays!
“If you set your goals ridiculously high and it’s a failure, you will fail above everyone else’s success.”
James Cameron, Man of Extremes
Apple Finally Approves Squarespace iPhone App
The Squarespace iPhone App had been sitting in Apple's approval process for months. It took a while but it's officially out there. The most noteworthy features are the live site statistics view and a very well integrated content editing mode. More screenshots are available from Teddy, one of the UI designers responsible for developing the app.
“Think with your hands, build something or try something, then talk about it, not the reverse.”
David Kelly, Founder, IDEO
When Launching an Operating System Was Cool
Launching a new operating system used to be an event. It used to represent the latest and greatest set of productivity enhancing technologies that would change the way we did things. It usually meant a shopping trip to buy a new computer and a bunch of other toys. The operating system has maxed out. It has gotten so good (or good enough) at what it does that even large scale changes are cosmetic and evolutionary in nature. The operating system has been relegated to the back seat, powering our web browsers and the docking stations on our mobile phones. Tomorrow, when Microsoft officially launches that new service pack they call Windows 7, I doubt it will make much of a splash unless there is a new device or web service that goes along with it.
“Success is just like being pregnant. Everybody congratulates you, but nobody knows how may times you were fucked.”
Ji Lee, via @pleaseenjoy
Throwing It Down Old School
The deal hasn't even closed yet and Oracle is already picking a fight with IBM. You gotta love Larry Ellison's competitive spirit. I miss the good old days of the technology industry when this was a semi-regular occurance and the one upsmanship was carried out publicly by most companies in the Valley. Ever since Google decided to take the koombaya approach and Internet started going social, startups have lost their taste for a good, old fashioned flame war. The last friendly fight I remember being waged was between Microsoft's Internet Explorer team and Netscape. That was 1997. Maybe I need to start trolling around the newgroups (Google Groups) again to see nerds go at it with their holy wars and watch Linus represent.