Fraudulent Google Certificate Issued by TURKTRUST - a CA you can safely delete

Firefox's default list of trusted certificate authorities

I'll point you here for the full story, and add my two cents below.

Sadly I don't have time to get into the rabbit hole of explaining certificates and SSL, so this will have to be directed at those already in the know.

Here's the overview. A root certificate authority, TURKTRUST (yes, they're Turkish), somehow issued two certificates in 2011 that allowed their owners to impersonate any *.google.com site. And I'm here to let you know you can go right ahead and delete TURKTRUST from your browser without worrying you'll ever need it.

This useful bit of information is courtesy of "Nasko" at netsekure.org, who did a survey in 2010 of the most commonly used certificate authorities on the web. This was in order to reduce his attack surface, since we've seen a steady stream of CA (certificate authority) compromises over the years, and if you don't trust a CA in the first place, you can't be fooled by their fraudulent certificates.

His surprising results were that you only need about 25 CA's out of the hundreds that browsers trust by default. His survey queried the top 1 million most popular sites according to Alexa, so you can be pretty sure he didn't miss much of the web.

What's more, I actually implemented his findings, deleting all but the those 25 from my own browser. And after several months of (heavy) browsing, I can tell you I've never once run into a problem.

After the jump, my revelations on the bigger picture I learned through this experiment.

Update: A billion views.

Well, it happened. Since becoming the most viewed video ever over Thanksgiving, Gangnam Style gathered 200 million views in under a month to become the first Youtube video ever with more than a billion views. Man. Remember when a million views was a lot?

Oh, and the bonus is that a couple weeks ago, some people started passing around a supposed Nostradamus prediction that could be interpreted as saying the world will end when Gangnam Style gets a billion views. The prophesy included hints at Korea, the horse dance, and the nine zeros in 1 billion. And when I saw that, I realized that the video was on track to a billion views right around Dec 21st, which was only too perfect. And now it did happen on the 21st! Right at noon. Extra bonus Apocalypse points.

Fake Morgan Freeman turns out to have the sanest comment on the shooting

This has been making the rounds on Facebook, misattributed to Morgan Freeman (because nothing on Facebook can occur without some misinformation propagated by the gullible). Turns out it comes from some Facebook user named Mark, but it's just as sensible a comment on this whole circus.

"You want to know why. This may sound cynical, but here's why.
It's because of the way the media reports it. Flip on the news and watch how we treat the Batman theater shooter and the Oregon mall shooter like celebrities. Dylan Klebold and Eric Harris are household names, but do you know the name of a single victim of Columbine? Disturbed people who would otherwise just off themselves in their basements see the news and want to top it by doing something worse, and going out in a memorable way. Why a grade school? Why children? Because he'll be remembered as a horrible monster, instead of a sad nobody.

CNN's article says that if the body count "holds up", this will rank as the second deadliest shooting behind Virginia Tech, as if statistics somehow make one shooting worse than another. Then they post a video interview of third-graders for all the details of what they saw and heard while the shootings were happening. Fox News has plastered the killer's face on all their reports for hours. Any articles or news stories yet that focus on the victims and ignore the killer's identity? None that I've seen yet. Because they don't sell. So congratulations, sensationalist media, you've just lit the fire for someone to top this and knock off a day care center or a maternity ward next.

You can help by forgetting you ever read this man's name, and remembering the name of at least one victim. You can help by donating to mental health research instead of pointing to gun control as the problem. You can help by turning off the news."

Best argument for Google ever

You can guess which one's Google.

Finally. Netflix on Linux.

A recent post at the "OMG! Ubuntu!" blog broke the news that there is finally a working, straightforward way to watch Netflix on Linux. Skip to installation instructions below or read on for the full story. Oh, and here's a screenshot if you're still incredulous:

For those not so familiar with the story, here's the background. These days you can do almost everything you need to on Linux. But the one gaping hole for those of us who've switched to Linux full-time has been Netflix. The streaming video on netflix.com requires Microsoft Silverlight (apparently they need its DRM capabilities), and, unsurprisingly, Silverlight is not available on Linux. Last I heard, it wouldn't even run properly in WINE, the Windows emulation/compatibility layer people often use to run Windows apps on Linux. So the only standard way to watch Netflix, and the way I've been using, is to install an entire copy of Windows in a virtual machine. This is pretty clunky and slow, at best. In order to watch Netflix I'd have to start up my virtual machine, a process about as slow as booting a real computer, and often close Firefox to get the 2GB of free RAM it requires.

So naturally there have been pleas for years to get Netflix to finally support Linux. After all, they work on Windows, Mac, iOS, and Android already. There have even been a number of false starts, like last year when they announced they would be supporting Chrome OS, which is a version of Linux. It turns out that even though they produced a Chrome plugin that worked on Chrome OS's Linux, no one could get it to work reliably, even moving the plugin files and executables to the proper locations in Chrome installed on a regular Linux OS.

tl;dr: We've been stuck with virtual machines for years.

But apparently two developers, Erich Hoover and David Andrews have put together a well-functioning solution using Firefox and Silverlight installed in a bundled (and improved?) version of WINE. I just watched an entire episode of Archer without so much as a blip of buffering, and this is on a Core 2 Duo 2.53GHz machine with 4GB RAM (with Firefox open!). The developers claim to have even gotten it running on a netbook. One disclaimer of note: this works on Ubuntu running Unity, but I'm not sure if it's supported outside that configuration. So, without further ado:

Here's how to install it on Ubuntu

$ sudo apt-add-repository ppa:ehoover/compholio
$ sudo apt-get update && sudo apt-get install netflix-desktop

That's it. They've bundled it all into one package in their repository. It installs WINE, Silverlight, and Firefox (the Windows version) automatically. When you first start it up (search "Netflix" in Unity) WINE will do some configuration (say yes to the installation prompts) and the Netflix login page will pop open. (Important note: it's just Firefox full-screen, so hit F11 to exit full-screen mode.)

Further instructions and troubleshooting in the developers' post:
PPA for Netflix Desktop App - iheartubuntu

The new most viewed video on Youtube

Well, it happened. Gangnam Style is now the most viewed video on Youtube, having just passed Justin Bieber's "Baby" at over 800 million views. And I have to say, I welcome this turn of events.

It's hard to explain, but my attitude is similar to when I decided to embrace the popularity of Lady Gaga and LMFAO. That attitude is essentially, "Well hey, at least they're making pop music interesting. So why not?" And, as you move from Lady Gaga to LMFAO, and now Gangnam Style, it shows the mainstream's increasing embrace of the ridiculousness and wtf nature of the internet that I'm so fond of. So in celebration, let's stop worrying about things making sense and enjoy one more round of that Korean pop maniac:

Totally off-the-cuff second term prediction

(NBC News)

Apologies for the political post. I'm not actually taking any sides here, and I hope it won't turn anyone off, regardless of political persuasion. I just wanted to record a prediction on my mind so I can check it later. Anyway. Here's what I see happening:

So when did we last see a president facing heavy, ideologically-incensed opposition nevertheless re-elected by a slim margin? Don't have to think back too far. Yep, I'm talking about 2004. Now, the interesting thing about 2004 is that, looking at Bush's approval ratings, that's just about the last time he could've eked out a re-election:

Bush approval ratings over both terms

(Prof. Steven Ruggles, Univ. Minnesota)

And despite Obama's similarly unidirectional trend in approval ratings, he seems to have just pulled off a similar feat. But I don't see any reason to believe his trend is going to reverse. So, reasoning by analogy, I'm going to put in a prediction of a similar second-term implosion for Obama. Now, where did that take us last time? Well, I suppose it brought a landslide victory for a candidate further to the left than anyone would have predicted possible. So I guess I have to assume a similar result in 2016.

I think this scenario fits with the ideas we're hearing at the moment about the Republican party. Yes, many Republicans believe Romney's mistake this year was being too far right and alienating moderates. The primaries were a circus that pushed everyone to the far right, and maybe Romney didn't pivot back to the center fast enough. But at the same time, I hear conservatives who are convinced Romney's problem was being too moderate and milquetoast. I don't see how these two movements could actually resolve in the next four years and give them a new, viable direction. But! If Obama really does undergo a Bush-level-implosion in his second term, the Republicans could easily nominate someone as far to the right as half their primary candidates this time and win. I'm not trying to lock in Bachmann/Gohmert in 2016, but I think we could see someone quite a bit less moderate than Romney.

The opposite of graceful degradation

This is Coursera. (No, I'm not directly linking. They've been a bad boy.) "Why are you showing their webpage before it loads?" you might be thinking. Well, to me, this is their webpage. Because I was viewing it with Javascript disabled. And if you do that, this is all you ever see.

That's right. The entirety of their site depends on Javascript. You don't just see a normal webpage but maybe the pop-up calendar doesn't work, or the navigation bar is a bit wonky. No, it's not even like Gawker circa 2011 where you still see some UI elements but everything else fails to load. Here, you simply see nothing.

You'd expect a modern, hip company like Coursera might take heed of the ideas like graceful degradation and progressive enhancement that have been all the rage lately. The point is, it's fine to have extra features provided by Javascript or the latest HTML5 specs. But if those features don't work for your visitor, you should have the more basic functionality there and operational. The particular reason the idea has been popular recently is the explosion in mobile devices, many of which are limited in their form factors and supported technologies. It's also a good idea for accessibility and even Google juice. But no, Coursera is turning away all those less-able devices and people at the door.

Postscript: Yes, I can just turn Javascript on. And I probably will. But I am definitely not turning it on for every site I happen to run into. Whether out of security concerns (and oh, there are many) or because they just don't want all that crap bogging down their browsing, disabling Javascript is a legitimate choice many people make. And if I run into a site like Coursera, half the time I'll just leave and never come back.

 (Saturday Morning Breakfast Cereal)

Nothing more dismaying than an election year!

"Tech Bubble" vs. "Social Bubble"

(Google Trends)

In honor of the recent merger of Google Trends with Google Insights for Search, I thought I'd note an interesting recent trend that confirms one in my own head. People used to refer to the "Bubble 2.0" as the "tech bubble" exclusively, but now they refer to it as the "social bubble" just as much. That evolution mirrors my own, where I've come to understand that the current tech bubble is almost entirely centered on social media hysteria.

More info: I've written about bubble stuff a couple times, though you should probably just skip those and go directly to the really informative video I linked. It's a really good, informative, non-hysterical analysis of the nature and evolution of the bubble.

Oh, and P.P.S., in case you haven't heard, it's already popped. But that's no surprise, is it? This was all pretty silly in the first place. Maybe now I'll stop seeing things like my local coffee shop begging for me to like it on Facebook.