At the centerof the Smithsonian Institution's National Museum of Natural History's gleaming new Sant Ocean Hall lies a preserved giant female squid -- the arresting, spineless star among the vibrant exhibition's animal specimens. Tentacles menacingly outstretched and seemingly frozen in time, the 24-foot squid embodies humans' fascination with the briny deep. But this squid also symbolizes something else: an ongoing experiment in the chemistry of preservation, without which the Smithsonian's new exhibition would not have been possible.

Also note the terrorism tie-in:

To create the exhibit, the Smithsonian had to work around post-9/11 rules restricting flammable materials, while maximizing the lifelike appearance of the squid for public display. They turned not to formalin or ethanol, but to a new fluorinated chemical called Novec, developed by 3M.

If we give up our preserved giant squids, then surely the terrorists have won.

This is Morgellon and Droop's talks about hacking the Arduino micro controller platform from Phreaknic 12. Droops and Morgellon will take you from basic electronics to building embedded systems. Learn how to build a standalone RFID tag reader with a fancy LCD display or your own oscilloscope or children's toys that speak to you or how to solar power a geothermal heat pump. There may even be some giveaways and contests. Magical Potions will be consumed but not provided.

Check out the following sites by Droops and Morgellon:
http://dailyduino.com/
http://www.hackermedia.org/

I've done a little work to pull some noise out of the audio, but I may have made it worse in some spots. Thanks go out to the Phreaknic 12 A/V team SomeNinjaMaster, Night Carnage, Greg, Brimstone, Poiu Poiu, Mudflap, and Drunken Pirate for setting up the rigs and capturing the video.

Up first is a new MacBook Pro, with a buttonless trackpad, full glass screen (like the iMac), and all ports migrated to one side of the machine. The new buttonless trackpad adopts the iPhone’s multitouch functionality, offering a glass surface area that is both 39 percent larger than previous trackpads and allows for gestures involving up to four fingers. The new construction features an LED-backlit display, next-gen Nvidia GeForce 9400M and 9600M graphics with 512MB of GDDR3 RAM (and the ability to run them in Hybrid SLI mode), and a “precision aluminum unibody enclosure” that cuts down on parts costs while offering a much more rigid construction than the current aluminum design.

Some of the changes are great — more surface area on the trackpad and stronger construction–who can fault them for that? However, why on earth would they want to move all ports to one side? It’s really useful to bea ble to plug some things (like USB ports) from both sides, and honestly they need more than just 2 USB ports, so I’m sad to see that wasn’t updated.

The other great ergonomic change that could be made on the large MacBooks would be to move the speakers (currently at either side of the keyboard) to the center, and separate the keyboard sections to allow some space between your hands. But Apple might anticipate that this is a change that would be badly received by some users and that it can easily be corrected using a special ergonomic keyboard–everyone with a laptop should be using an external keyboard regularly anyway.

What’s the solution? Ars Technica suggests there might not be a good one, in part because malware distributors can go so far as to hire real people to do their dirty work:

Instead of trying to build better CAPTCHA-cracking programs, the malware industry went out and got itself some humans of its own. This effectively bypasses the primary security strength of the CAPTCHA system and leaves it entirely dependent on what we’ll call secondary security characteristics. CAPTCHAs are often complex (particularly these days), which does increase the chance that they’ll be misread (and returned incorrectly), while the font and display of the characters themselves are at least somewhat unfamiliar to the CAPTCHA crackers sitting on the other side of the world.

Sometimes those captcha phrases are pretty incoherent to me too. When I post over at Craigslist sometimes it says I’ve gotten its Captcha wrong, and I end up wondering if secretly I’m a bot?? Apparently not a very smart one either.

The problem is self-signed certificates.

A CA is not a great solution:

Using a Certification Authority (CA) could solve the attack but at the same time introduces a new set of attack vectors:

1. The CA becomes a single point of failure. It becomes the juicy/high-value target for the attacker. Single point of failures are not good. Attractive targets are not good.

   Any person with access to the CA key can undetectably fake passports. Direct attacks, virus, misplacing the key by accident (the UK government is good at this!) or bribery are just a few ways of getting the CA key.

2. The single CA would need to be trusted by all governments. This is not practical as this means that passports would no longer be a national matter.

3. Multiple CA's would not work either. Any country could use its own CA to create a valid passport of any other country. Read this sentence again: Country A can create a passport data set of Country B and sign it with Country A's CA key. The terminal will validate and display the information as data from Country B.This option also multiplies the number of 'juicy' targets. It makes it also more likely for a CA key to leak.

   Revocation lists for certificates only work when a leak/loss is detected. In most cases it will not be detected.

So what's the solution? We know that humans are good at Border Control. In the end they protected us well for the last 120 years. We also know that humans are good at pattern matching and image recognition. Humans also do an excellent job 'assessing' the person and not just the passport. Take the human part away and passport security falls apart.