Oh dear. Folks at the British Medical Journal have released a report that slams the World Health Organization’s pandemic plan and the declaration of the H1N1 pandemic – the authors/experts appear to have conflicts of interest with vaccine manufacturers. At the same time, it questions the value of Tamiflu (oseltamivir) and Relenza (zanamivir) and notes that neither drug proved effective during FDA testing.
It’s worrisome that (a) it took a specialist journal like the BMJ to track down the conflicts of interest, (b) the WHO is circling the wagons in the face of this criticism, and (c) there’s no coverage of the story in Canadian media (as of the evening of Sunday, June 6).
Debugging cyphered connections is a hassle, but Wireshark can occasionally help. I recently spent a few hours trying to debug a Jetty server that insisted on speaking HTTPS.
First, I had to convert the Java Key Store to something Wireshark could consume: a PEM file. A fairly simple tutorial, should have been enough, but a GUI-based key store manager proved to be indispensable. Then I realized that Diffie-Hellman is the sworn enemy of network monitors everywhere, as illustrated by Wireshark’s SSL debugging output:
ssl_generate_keyring_material not enough data to generate key (0×16 required 0×37 or 0×57)
dissect_ssl3_hnd_srv_hello can’t generate keyring material
Of course, if you’re in control of the Jetty server in question, then you can use org.mortbay.jetty.security.SslSocketConnector.setExcludeCipherSuites() to prevent pesky DHE. Then it’s Wireshark all the way!
In case you’re looking for some podcast action, here’s the Pie Palace endorsed list:
Highly recommended:
Planet Money (by NPR) – I can’t recommend this podcast enough. It’s a lay-person’s economics show, covering current issues relating to the US economy. The hosts are to economics what ninjas are to kicking ass. And they do it without being boring.
The Age of Persuasion (by CBC and Pirate Radio) – An insider’s view of advertising. Given that it’s produced by an advertising writer, it’s not surprisingly that it’s really, really fun to listen to. A little short on content, but the production value makes up for that.
Recommended:
Search Engine (by TVO) – A current affairs show dealing specifically with internet-related issues. It’s pretty geeky, which is probably why CBC dropped it, but the host is knowledgeable and (kind of) funny.
This American Life (by NPR) – A general interest show. Each podcast features four or five stories relating to a theme. It’s kind of humorous, but occasionally dips into serious topics. About half the episodes are too saccharine for my taste.
White Coat, Black Art (by CBC) – A current affairs program about health related issues. The host, an ER doctor, interviews doctors and other health professionals for their perspective on various issues. The show is interesting, but rarely looks at the public policy side of medicine (such as lowering cost, improving quality of service). Worth listening to, nonetheless.
Recommended with reservations:
Shot of Jaq – A show about open source from a couple of Ubuntu employees. Each show covers a specific topic, and is intended to get listeners talking on the show’s website. The shows are quick (which is probably the best thing about them) but tend to ramble. The hosts rarely offer much insight into the issue they’re talking about.
The Current (by CBC) – A middling current affairs program. Each podcast is about 20 minutes long, in which the host tries to conduct at least two sets of interviews. The interviews usually sound rushed, and the guests are of variable quality. At the end of each program, I feel like I’ve been given a quick overview of the given topic, but without any real depth. I’m not sure why I keep listening to this.
Quirks and Quarks (by CBC) – I really, really want to like this show. It’s CBC’s sole science show. It features interviews with various boffins about their latest discoveries. But it’s really, really dry. As much as I try to listen to it, I find myself tuning it out. Which is too bad, since the quality of reporting is top notch, and the host does a great job at making complex information accessible.
Terrible:
The Moth – Imagine the worst whackjobery of CBC’s Ideas, mixed with the bland self-adulation of CBC’s Tapestry. Each relatively quick episode is supposedly a true story from some egoist’s person’s life, being told on-stage without props or a script. It’s like nails on a chalk-board. I suffered through four episodes before I finally unsubscribed. Why did it take so long? Because I’m a masochist.
BiblioPress publishes reviews from a Bibliocommons-based library catalogue to a WordPress-based blog. In other words: all the time I wasted reviewing stuff on Ottawa’s library website is now made useful because my blog will automatically republish my reviews.
The plugin is something verging on beta software. It works, but its only had limited testing.
And no, that isn’t a membership card in my pocket. I’m just happy to see your new catalog. Your FANTASTIC new catalog.
The crunky old catalog has been replaced with a shiny new BiblioCommons website. With a bit of searching, I managed to track down some info on BiblioCommons:
- They have a terrible website.
- Their founder, Beth Jefferson, appears to be a mix of volunteer-ist and entrepreneur (imagine that!).
- Beth talks about BiblioCommons in a podcast I haven’t listened to yet.
- They seem to snarf information from Amazon. (Their images come directly from Amazon)
- I am addicted to annotating books.
As far as I can tell, they don’t have an official API. I managed to find a Drupal module that professes to do BiblioCommons stuff, but I don’t know enough about Drupal to tell what it’s up to.
And their login pages confuse cURL. Boo!
Google has
announced an experimental alternative to HTTP:
SPDY. It’s a datagram-oriented protocol that multiplexes streams across a single TCP connection to minimize latency. The initial explanation sounds pretty neat.
I’ve put together a Gnome applet that checks the balance of an online bank account at predetermined times and emails the balances to a selected email address. It’s unimaginatively titled “balancer“.
It’s (1) useful, and (2) scares the crap out of me.
The useful part is pretty self evident. I want to know my current balance so I can reign in my spending if I’m going overboard.
The scary part is equally self evident. balancer keeps bank credentials on the user’s computer. That’s a terrible idea. An attacker who wants to make some cash just has to trawl the secrets stored in the GnomeKeyring to get access to the user’s life savings. In theory, GnomeKeyring could be secure-ish, if it kept all of its secrets on a portion of the disk hidden from users and blocked access on too many failed access attempts. But it doesn’t seem to. It looks like it keeps secrets in ~/.gnome2/keyrings. If an attacker can subvert an app owned by the user, then they can read ~/.gnome2/keyrings/balancer.credentials.keyring and pass the file offsite for an offline dictionary attack. Eep!
On top of that, GnomeKeyring differentiates between apps based on the path to the app binary. I guess this works for native applications, but it breaks when the app runs in a virtual machine. My app, balancer, is written in Python. After I run it, other Python apps are able to dig into the GnomeKeyring without the user being prompted for a password. Noes!
It’s funny. I tried Wesabe, and had no problem putting myself at the same risk balancer would inflict on me. Even though the Wesabe client has the same security problems, I put them out of my head because someone else wrote the code. But I’m having a hard time doing that with something I wrote.
Gawp has impressed on me the value of
curation – that’s the process of normalizing and verifying data so that it can be used elsewhere. Clean, useful data is clearly awesome, but I didn’t realize it would be possible to build a business on it.
AggData apparently has. They scrape publicly available data, normalize it and make it available for a small fee.
I’m amazed that they can
employ five people with a business model based on pure curation. Good for them! Further proof, if any was needed, that we live in the future. (Via
Weather Sealed)
My fiancĂ©’s mp3 player died last month, and mine is on its last legs. Since my lady love is a bit of a technophobe, I started looking into iPods. One of the first stories I ran across when I was looking into them was about the suicide of Sun Danyong – an employee of one of Apple‘s suppliers. The guy had apparently lost an iPhone prototype and then been subjected to a week of abuse at the hands of his employer, Foxconn. He then committed suicide.
When I buy stuff, I try to keep to the ethically made goods. I buy fair trade when possible, and I avoid products that don’t have a fair trade option. But because iPods have a reputation for usability and my sweetie deserves the best, I crafted this letter to Apple’s PR contacts.
Dear Ms. Cotton and Mr. Atkins,
I’m in the market for a new MP3 player. Before I buy an Apple gadget, I’d like to know what Apple is doing to ensure that its suppliers are treating their workers well. The ongoing coverage of Sun Danyong’s abuse and subsequent suicide has me reconsidering Apple products.
e
I don’t expect Apple to get a TransFair certification any time soon, but I can at least ask if they’re doing anything.
Blogawa Events Robot
I’m back. My wrists aren’t 100%, but they’re much better than they were. To prove it, I’ve squeezed another feature into
Blogawa: events. Our friendly events robot reads
OttawaEvents.org daily, randomly picks some upcoming events, and posts them to Blogawa.
The events are currently jumbled together, regardless of category, but that may change with time.
“The problem is TransFair can’t limit the usage of ‘Fairly Traded.’ They can & rightfully do frown upon...” 
“Just for your information “Fairly Traded” and “Fairly Traded Certified” are two different things....” 
“Bevans, I think you need this plugin http://wordpress.org/extend/pl ugins/time-machine/ It lets you do hourly.” 
I have two...” 
“you don’t have a clue unless you’ve went through it or know some one who has.My daughter was 7 of age when she...” 
