Slashback: Texasocial, Networking, Attacks

Slashback this evening brings updates on social networks, Audioscrobbler, the Social Security-number security breach at the University of Texas at Austin, and more. Read on for the details.

Why meet people in real life? Roland Piquepaille writes "I wrote [Saturday] a column about social-network mapping tools mentioned by Slashdot. Slashdot readers sent me many comments and e-mails about other visualization tools. Here are these new tools, in no particular order: email constellations, Apache Agora, NetVis Module, EtherApe, inGridX, NameBase's Proximity Search, Surf3D Pro and the dazzling KartOO. Finally, a reader talked about another kind of tools, the Visual Thesaurus. This web tool is not about social mapping, but it shows graphical connections between words. In this previous column, "The Visual Thesaurus: What Does it Show About Thanksgiving?," I already explored this very funny tool. Check this new story for more the details about all these tools."

Update: 03/19 00:34 GMT by T : Directly related: Josh Tyler writes "Related to a recent Slashdot posting on social networks is this paper on automatically discovering communities based on email data, just published by our group at HP Labs. We find that simple communication data is enough to identify communities, both formal and informal, and possibly even to identify the leaders of these groups."

Speaking of online community ... TGK writes "Audioscrobbler (which many of us visited the first time it was posted here) has a new site up, and most importantly, new plugins for XMMS and Winamp 3."

From the site, a capsule description of what Audioscrobbler does: "It grows to know what music you like by monitoring what songs you play on your computer. From this information you can discover other users that share some or all of your taste in music."

Feedback is always cool. An anonymous reader writes: "Sudhakar Govindavajhala, co-author of the paper referenced by the Saturday Slashdot article 'Using Memory Errors to Attack a Virtual Machine,' has responded to many of your [Slashdot readers'] questions and comments. His commentary is located at his Princeton CS website."

Another reason that Social Security isn't. GregAllen writes "Remember the recent case of SSN data theft at The University of Texas? A student has turned himself in. In his confession he says that he acted alone, and had no intention to disseminate the information. Maybe this will convince them to stop using SSNs for student IDs." Bonker also points out that "Salon is carrying an AP article that's a followup to the story a few days ago about the mass of Social Security Numbers stolen from University of Texas. Christopher Andrew Phillips is described as a 'fine young man who has never before been in trouble with the law'. Apparently he wrote a program 'to access a university Web site that tracks employees who attend training classes'. Whether or not this was done for illegitimate purposes remains to be seen. As a former UTA student, I'm glad my SSN is no longer in danger!"

What's the state of the device? An anonymous reader writes "N-Philes.com did another State of the GBA Industry Article and Roundtable. Here is the Industry Article, and here is the Roundtable"

Update: 03/19 00:34 GMT by T : And one more presroi writes "Just one week after even slashdot has noticed the new 2.2.24 linux kernel, Alan Cox has announced a new version due to a security issue found in 2.2 as well as in the 2.4 branch. I hope that we all were to lazy to upgrade from 2.2.X to .24 until now :)"

ok fine about the SSN issue.

[garcia]

while I cannot *stand* any institution using SSNs for anything not money related (financial aid) it is a near necessity...

I went to BGSU and we had P00 numbers as our student ID (P001123344 for example). While I remember mine from BGSU the college I currently work for has "student IDs" as well but they are not as widely known (most of the foreign students w/o SSNs know theirs but not many others).

So if colleges didn't use them MANY people would have problems getting the info they needed b/c searching through 10000 Michael John Smith's is a pain in the ass.

Re:ok fine about the SSN issue.

[Dirtside]

UCLA uses a 9-digit unique ID that's assigned to you when either you apply or are accepted, I don't remember which. It's not based on your SSN and in fact has nothing to do with it. My wife just went back to UCLA for grad school seven years after finishing undergrad, and she's still using the same ID number she was using then. Faculty and staff are also assigned IDs.

All UCLA students, faculty, and staff are issued photo ID cards with the number and their name printed on it. Remembering it isn't a big deal, since you always have it with you. Some form of unique identifier is, effectively, necessary for administration tasks at a university, but it certainly doesn't need to be your SSN. A different random 9-digit number will serve just as well.

Re:huh?

[Seek4th]

The point of the Slashback is to provide additional follow-up information or corrections to previous stories, that is why there it seems like there is no general topic... because there isn't :)

It is just a number of tidbits about a number of stories that have already been posted before, kind of like an update.

SeekForth

Audioscrobbler

[joshwa]

Also worth noting: Scrobbler is going open-source.

See Developer Mailing List

Sourceforge projects:
Main

XMMS Plugin

Winamp Plugin

iTunes Plugin

Hmmmn on balance I should probably tell RJ to consolidate the projects into one and use modules... Ah well

Re:Audioscrobbler

[captainclever]

Hey :) Glad to see Audioscrobbler got another mention, it's come a long way since the first posting. I kept the SF projects separate as they will be run by different people, eg Russ is resposible for WA3 and Sam for iTunes... There'll be a new "Similar Users" algorithm going live on the site in a few days :) RJ

Think Again

[DCowern]

"As a former UTA student, I'm glad my SSN is no longer in danger!"

Depends on how long ago you attended. Most universities keep your record on file indefinitely right along with active students indefinitely. I have a friend who works in the student services division of my university. She tells me that she routinely has to perform maintenance on records of people who graduated 10 or more years ago. You may want to call your uni and tell them to remove you if they haven't done so already.

Re:Think Again

[tricknology]

sorry, that was supposed to be "check here"

Re:Why SSN?

[Ungrounded+Lightning]

Makes it easier to deal with student loans, scholarships, and other financial aids a student might recieve.

That's a side-issue (which could be done as easily by storing the SSN in a database attached to the student's record - and not until the first time it's needed).

The real reason IT departments try to use SSNs: It's a very close approximation to a "unique identifier" - i.e. (with few exceptions) everybody has exactly one and no two people have the same one. So it heads off some problems when one person gets entered twice or two people get mixed up.

Then there's a side benefit: Easy correlation of documents about the same person from other bureaucracies (credit, health, criminal justice, etc.) should that ever become desirable (to the bureaucracy). The financial aid simplification you discuss above is a small subset of this.

Re:XPde?

it isn't down. it's up but returns 403s.

I'm guessing user error. I've been trying to get a message to them (if they read their logs) by sending GETs for:
http://xpde.com/your-server-is-fucked
http: //xpde.com/fix-your/etc/apache/httpd.conf
http:// xpde.com/or-perms-on/var/www/htdocs
http://xpde.c om/did-you-just-convert-to-php3?bad-i dea-to-rush-through-QA
http://xpde.com/really-i'd -be-happy-to-help-fix-th is
http://xpde.com/low-contract-rates-available

Re:XPde?

The freshmeat project page also disappeared. Maybe there could be a slashback followup on this project.

Re:Audioscrobbler & Privacy

[rumba]

I posted-- it looks like he'd sell data based on song similarities, but not user information. As long as the information is not specific to the user, then I'm fine with selling demographics.

About the UT Hack

[BurKaZoiD]

I work at a University in south Texas somewhere within the near vicinity of UT Austin (*wink, *wink, *nudge, *nudge, *grin, *grin, say no more) in an IT department on campus. We've known for years that using someone's SSN was a bad idea, and we've tried time and time again to tell our clients (the departments within our office, and other offices across campus) this, but the business heads mostly turn a deaf ear, and our clients are too short-sighted (or stupid) to think of any way to associate data with a particular student with any other identifier other than an SSN. For any web applications we develop for these clients where students (prospective, current, alumni) can do whatever online, we have to butt heads every time when we inform them, "Hey, we can't require students to enter an SSN", but they still want the field on the form (if someone is signing up for something, for instance). We do what we can technologically to mask the data, but it's still there in one form or another. There's other problems too. We're a pretty big shop with a good budget, but there are a number of smaller shops on campus that have just enough budget to afford servers and software (gotta love those academic licensing prices!) but can't afford to hire someone to properly administer (secure) the environment. Shit, there are mails servers in colleges all over campus that aren't using SSL. Be afraid of the kid in his dorm who cracked a router and is sniffing traffic, or sitting in the library sniffing the wireless airwaves.

But, I digress: There's been talk for years of changing from SSNs to something else, but never any progress. I really hope this spurs the change.