Jonathan Butler: Hack Related

Tue, 12 Aug 2008 16:53:40 GMT

Hackers Vie to Win DefCon's Mystery Challenge. One of DefCon's most difficult contests is the Mystery Challenge. Teams compete to solve a series of riddles and cryptographic conundrums in order to win a black badge that grants them DefCon admission for life.

[Wired Top Stories]

Sun, 10 Aug 2008 19:28:38 GMT

DefCon: Boston Subway Officials Sue to Stop Talk on Fare Card Hacks. The Massachusetts Bay Transportation Authority files a federal lawsuit on Friday seeking to block three MIT students from discussing security vulnerabilities in Boston's fare card system at DefCon.

[Wired Top Stories]

Sat, 09 Aug 2008 15:29:22 GMT

Hackers mull physical attacks on a networked world (AP). AP - Want to break into the computer network in an ultra-secure building? Ship a hacked iPhone there to a nonexistent employee and hope the device sits in the mailroom, scanning for nearby wireless connections. [Yahoo! News: Technology News]

Sat, 09 Aug 2008 14:48:19 GMT

Working Medeco high-security keys can be whittled out of plastic. Researchers at DefCon in Vegas have demonstrated that they can make "high security" Medeco key-blanks out of the plastic used in credit-cards, and then whittle them into working keys by referring to low-resolution photos of original keys.

"Basically, we've destroyed Medeco's key control, because we can make (plastic keys) for any of their M3 locks and a lot of their Biaxial locks, which is their last generation of locks," says Tobias, who authored the book Open in Thirty Seconds, with Bluzmanis.
The researchers demonstrated the technique using a Medeco mortise cylinder that Threat Level purchased in California before leaving for Las Vegas. After buying the lock, Threat Level scanned the key and e-mailed the image to the researchers, who then created several plastic keys. When Threat Level arrived in Las Vegas with the lock, it took about six seconds to open the lock using a plastic key.
"It's keys by e-mail," says Tobias. "It's key-mail."...
The Medeco M3 key does have an extra feature to secure the lock -- a step protrusion on the side of the key that's designed to move a slider inside the lock. But last year at DefCon, Tobias and his colleagues showed how they could simply insert the end of a bent paper clip into a Medeco high-security lock to push back the slider, rendering the slider ineffective as a security layer. Once that is done, they're then able to insert the plastic key in this new attack, to lift and rotate the pins.

Researchers Crack Medeco High-Security Locks With Plastic Keys

(Image: Dave Bullock (eecue)/Wired.com)

[Boing Boing]

Mon, 17 Dec 2007 16:17:50 GMT

How Sony BMG lost its mind and rootkitted its CDs -- prepublication law paper. Aaron Perzanowski and Deirdre Mulligan have just posted a wonderful pre-publication paper called "The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident," which will shortly be published in the Berkeley Technology Law Journal. Exhaustively researched and footnoted -- but written in clear, non-lawyerese prose -- The Magnificence of the Disaster comprehensively analyses the madness that led Sony-BMG to install dangerous, illegal rootkit anti-copying software as well as spyware (produced by a company founded to supply Elvis impersonators, no less!) on millions of its CDs, leading the company to enormous financial and legal penalties.

Potential customers who were aware of the existence and dangers posed by Sony BMG[base ']Äôs protection measures steered clear of XCP discs. The sales history of Get Right with the Man, an XCP-infected album by Van Zant that was released some six months prior to the rootkit announcement, is emblematic of the online retail impact of the rootkit incident. On November 2, just two days after the initial public announcement of the rootkit, Get Right with the Man ranked at number 887 on the music charts at Amazon.com.61 The next day, after Amazon user reviews alerted shoppers to the dangers posed by XCP, the album dropped to number 1,392.62 By the Thanksgiving holiday weekend, the XCP recall was underway and the album plummeted to number 25,802.63 In contrast, in retail environments in which customers had less immediate access to information about the dangers of XCP, sales of Get Right with the Man were relatively undisturbed.64 Since brick and mortar retailers like Wal-Mart, the nation[base ']Äôs leading seller of CDs,65 do not facilitate the sort of customer feedback common to online retailers, this outcome is hardly surprising...
SunnComm, the company that delivered MediaMax, offered even more cause for concern. The company began as a provider of Elvis impersonation services.114 After a change in management following a false press release announcing a non-existent $25 million production deal with Warner Brothers,115 the company purchased a 3.5[base ']Äù floppy disk factory in 2001, displaying a disturbing dearth of technological savvy.116 After two em- ployees announced their intention to leave the fledgling company to de- velop copy protection software, SunnComm convinced the pair to lead a new division, leaving both Elvis and floppy discs behind in order to de- velop what would become MediaMax.117

PDF Link

[Boing Boing]

Wed, 12 Dec 2007 13:46:45 GMT

Watch out for the 'evil twin' when using public Wi-Fi (USATODAY.com). USATODAY.com - For the modern nomadic worker, few things are more enjoyable than heading to a cafe, ordering a cappuccino and firing up the laptop to get some work done. As far as anyone you're e-mailing knows, you're at the office. [Yahoo! News: Technology News]

Fri, 13 Jul 2007 12:16:49 GMT

Seeing Yellow: call your printer's manufacturer and ask why they spy on you. Cory Doctorow: Seeing Yellow wants you to call your printer's manufacturer and ask them to stop spying on you.

We've known that our printers are spying on us, ever since the Electronic Frontier Foundation cracked the secret codes in the output of color laser printers. These hidden codes -- apparently placed at the behest of the Secret Service -- identify the serial number, make and model of the printer that printed them, as well as a date and timestamp.

What we didn't know is that if you ask the manufacturer of your printer to stop spying on you, they respond by ratting you out to the Secret Service as a dangerous subversive, and a few days later, the SS will show up and ask you why you care about your privacy.

Seeing Yellow -- a project from the MIT Media Lab -- wants to put a stop to this by overwhelming the manufacturers with complaints from their customers, so many that they can't turn us all into the SS.

When you print on a color laser printer, it's likely that you are also printing a pattern of invisible yellow dots. These marks exist to allow the printer companies and governments to track and identify you -- presumably as a way to combat money counterfeiting. When one person asked his printer manufacturer about turning off the tracking dots, Secret Service agents showed up at his door several days later.
Upset? You should be!
Let's stand up to silent tracking and government bullying and send a strong message to printer manufacturers. Our privacy and our control over our own technology is far too important to give up over trumped up fears of photocopied money.

Link

[Boing Boing]

Wed, 14 Feb 2007 01:39:53 GMT

Blu-Ray AND HD-DVD broken - processing keys extracted. Cory Doctorow: Arnezami, a hacker on the Doom9 forum, has published a crack for extracting the "processing key" from a high-def DVD player. This key can be used to gain access to every single Blu-Ray and HD-DVD disc.

Previously, another Doom9 user called Muslix64 had broken both Blu-Ray and HD-DVD by extracting the "volume keys" for each disc, a cumbersome process. This break builds on Muslix64's work but extends it -- now you can break all AACS-locked discs.

AACS took years to develop, and it has been broken in weeks. The developers spent billions, the hackers spent pennies.

For DRM to work, it has to be airtight. There can't be a single mistake. It's like a balloon that pops with the first prick. That means that every single product from every single vendor has to perfectly hide their keys, perfectly implement their code. There can't be a single way to get into the guts of the code to retrieve the cleartext or the keys while it's playing back. All attackers need is a single mistake that they can use to compromise the system.

There is no future in which bits will get harder to copy. Instead of spending billions on technologies that attack paying customers, the studios should be confronting that reality and figuring out how to make a living in a world where copying will get easier and easier. They're like blacksmiths meeting to figure out how to protect the horseshoe racket by sabotaging railroads.

The railroad is coming. The tracks have been laid right through the studio gates. It's time to get out of the horseshoe business.

But then I realized why I first didn't find the Media Key: it was removed from memory after the Volume ID was retrieved and the VUK calculated. I also saw that in my "corrupt" memdump the VUK, Vol ID, Media Key and the Title Key MAC were all closely clustered in memory: in the first 50kb (of the entire multi megabyte file!) but there were large empty parts around it. Almost as if it was cleaned up.
This gave me an idea: what I wanted to do is "record" all changes in this part of memory during startup of the movie. Hopefully I would catch something insteresting. In the end I did something a little more effiecient: I used the hd dvd vuk extractor (thanks ape!) and adapted it to slow down the software player (while scanning its memory continously) and at the very moment the Media Key (which I now knew: my bottom-up approach really paid off here) was detected it halted the player. I then made a memdump with WinHex. I now had the feeling I had something.
And I did. Not suprisingly the very first C-value was a hit. I then checked if everyting was correct, asked for confirmation and here we are.

Link (via Engadget)

[Boing Boing]

Wed, 14 Feb 2007 01:35:14 GMT

I hope there is some resolution soon for the HD DVD versus BluRay replay of VHS versus Betamax. I was at that party before and fortunately was on the surviving side. Ultimately these things always boil down to money for the makers, content providers, resellers- and oh yeah, screw the consumer. -Jon- Hacker Unlocks HD DVD/Blu-Ray DRM. Opening the "processing key" that protects high-def DVDs is surprisingly simple. Happy Valentine's Day, AACS. In Gadget Lab. [Wired News: Top Stories]

Mon, 27 Nov 2006 17:38:43 GMT

Oh, brings back memories of seeing these in Popular Electronics and Kilobaud magazine when I was little. My how things have changed since then. Altair 8800 replica kit. Cory Doctorow:
Check out these amazing replica Altair 8800 kit, composed all new (or new-old stock) parts, with the original instructions for assembly. The Altair 8800 was the microcomputer ancestor of the PC -- the computer that inspired the PC revolution. It was -- to some approximation -- the first useful computer that you could build and run in your home workshop. Regrettably, these kits are only sold on eBay, making them a pain to acquire, but the idea is just fantastic, and it sounds like the build-quality is terrific. Link (via Make)

By noemail@noemail.org (Cory Doctorow). [Boing Boing]

Sat, 30 Jul 2005 17:21:23 GMT

Defcon, Makezine, kegbot. Xeni Jardin: Boing Boing reader Paul Short says, "The annual hacker conference DefCon in Las Vegas this weekend has spawned some pretty innovative stuff, not the least of which is the Kegbot. DefCon attendee Phillip Torrone of Make Magazine writes: "

"One the coolest projects I've seen so far at DEFCON was the kegbot, a linux based keg that dispenses beer as long as you have an iButton key. The system keeps track of who you are, how much you're drinking and in team mode- where you rank. the Kegbot crew built and deployed a kegbot on site at DEFCON, we were lucky enough to get there and document the building of it!"

More pics and instructions on building your own Kegbot at the Make Magazine web site. [Boing Boing]

Sat, 30 Jul 2005 17:14:36 GMT

Hack cracks Microsoft anti-piracy check.

(InfoWorld) - Microsoft Corp. acknowledged Friday that hackers were able to bypass a process implemented earlier this week to ensure users of Microsoft's update services had legitimate copies of Windows before downloading updates and content from those services.

A posting on the Boing Boing Web log Thursday claimed that a JavaScript command string could bypass a check instituted Wednesday by Microsoft through the Windows Genuine Advantage (WGA) 1.0 program.

According to the posting, users can override the WGA by pasting javascript:void(window.g_sDisableWGACheck='all') in the address bar of their browser and pressing enter. The code "turns off the trigger for the key check," according to the Web log posting.

The WGA program makes users run a program that verifies that their Windows operating system is not pirated before they can use Microsoft's software update services. Microsoft was running it as a pilot program since September but made the validation system a requirement on Wednesday.

A Microsoft spokesman said Friday that hackers indeed succeeded in cracking the WGA program, and that the software giant will fix the flaw they had exploited in an upcoming version of the WGA program.

The exploit came soon after the Wednesday launch of the program, the spokesman said. "Within 24 hours hackers claimed to have circumvented the process and it appears that they did," he said. "This is a hack that exploits a feature that enables repeat downloads in the same session so that a hacker never has to validate as a genuine user," he said.

The move to lock out pirated copies of Windows from the update sites is part of Microsoft's effort to fight software piracy, which is a major issue for the software vendor.

The Boing Boing hack is not the only way to get around WGA's restrictions.

David Keller, founder of PC consulting and services firm Compu-Doctor in Cape Coral, Florida, was able to change his Internet Explorer settings to bypass WGA when he experienced a flaw in the program that flagged a legitimate product key on a customer's Windows XP Professional Service Pack 2 as invalid.

"The customer was the original owner, no hardware was changed since purchase, nor was Windows ever reinstalled on the system," Keller said in an e-mail to the IDG News Service. WGA rejected the operating system, nevertheless, which prevented Windows Update from working, he said.

Keller wrote that he did not have much luck with Microsoft support technicians, so he found a way to bypass the validation process on his own and moved along with the update. He accomplished this by disabling the Windows Genuine Advantage add-on within his browser's Internet Options. By clicking on Tools/Internet Options/Programs/Manage Add-ons, Keller disabled the WGA add-on. He then exited Internet Explorer and was able to do a Windows Update without the validation step.

Sat, 30 Jul 2005 17:12:07 GMT

How To hack biometrics [the INQUIRER]

Fri, 29 Jul 2005 02:11:27 GMT

Microsoft "Genuine Advantage" cracked in 24h: window.g_sDisableWGACheck='all'. Cory Doctorow: AV sez, "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours."

Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:
javascript:void(window.g_sDisableWGACheck='all')
It turns off the trigger for the key check.

Link (Thanks, AV!)

Wed, 27 Jul 2005 01:33:26 GMT

Game-modder rips into anti-modder US politicos. Cory Doctorow: A game-modder has published a stirring broadside about the public outcry over the pornographic sequences that could be viewed in Grand Theft Auto: San Adreas using the Hot Coffee mod. From the title ("The Founding Fathers roll over in their graves as a new witch-hunt against the First Amendment is launched") on, it's a rip-snortin' read:

The primary difference between the retail version of the game and that of the modded version is that the above content has simply been rearranged and intensified by the consumers. By using the logic that this content was illegally "hidden", one could just as easily claim that any R rated movie has covertly crossed the limits of decency because the end-user could very well pause their DVD player on a scene containing nudity, thus exceeding the length of such scenes by which the MPAA decides whether a film is to be classified as R or NC-17. The same could be said of even a PG-13 rated movie which contains brief nudity.
Perhaps what is most absurd about the accusations against both Rockstar Games and the gaming industry, is that those making the allegations seem to have no idea how the technology they're condemning works. Had they done even a moment's worth of research, they would discover that the online mod community for GTA:SA (and many other PC games) is not only capable of recycling various fragments of game code and art to create new scenes for the game, but we do it all the time. If Senator Hillary Clinton, Leeland Yee, Dr. David Walsh, et al, were to give even a cursory glance at the websites which published the Hot Coffee mod, they would see that it is but one of thousands of modifications made by users which create new game play scenarios using the existing assets. Given the very nature of the interactive digital medium, an industrious "modder" could within minutes create things far "worse" than Hot Coffee if they so desired simply by swapping a few items and lines of code about. Then, on top of just shifting around pre-existing assets, it is also quite easy and common for players to create entirely new content from scratch.

Link (Thanks, Gavin!) [Boing Boing]

Wed, 27 Jul 2005 01:24:38 GMT

Wired News: Privacy Guru Locks Down VOIP. First there was PGP e-mail. Then there was PGPfone for modems. Now Phil Zimmermann, creator of the wildly popular Pretty Good Privacy e-mail encryption program, is debuting his new project, which he hopes will do for internet phone calls what PGP did for e-mail. [Tomalak's Realm]

Mon, 25 Jul 2005 19:07:59 GMT

Is Your Printer Spying On You?. Mark Frauenfelder: Donna Wentworth says: "Could your color laser printer be automatically including a secret fingerprint in every page so that what you print could be used to trace the document back to you?

"While it sounds like something from an episode of "Alias," the scenario isn't fictional. "

In an effort to identify counterfeiters, the US government has succeeded in persuading some color laser printer manufacturers to encode each page with identifying information. That means that without your knowledge or consent, an act you assume is private could become public. A communication tool you're using in everyday life could become a tool for government surveillance. And what's worse, there are no laws to prevent abuse. ... The ACLU recently issued a report revealing that the FBI has amassed more than 1,100 pages of documents on the organization since 2001, as well as documents concerning other non-violent groups, including Greenpeace and United for Peace and Justice. In the current political climate, it's not hard to imagine the government using the ability to determine who may have printed what document for purposes other than identifying counterfeiters. Your freedom to speak anonymously is in danger. Yet there are no laws to stop the Secret Service -- or for that matter, any other governmental agency or private company -- from using printer codes to secretly trace the origin of non-currency documents. We're unaware of any printer manufacturer that has a privacy policy that would protect you, and no law regulates what people can do with the information once it's turned over. And that doesn't even reach the issue of how such a privacy-invasive tool could be developed and implemented in printers without the public becoming aware of it in the first place.

"EFF is investigating further, but we need more data before we can do anything more to protect your privacy. We're asking you to help out by printing and sending us test sheets from your printer and/or your local print shop." Link [Boing Boing]

Sun, 24 Jul 2005 14:05:09 GMT

Hacker Mitnick preaches social engineering awareness.

(InfoWorld) - SYDNEY -- Properly trained staff, not technology, is the best protection against social engineering attacks on sensitive information, according to security consultant and celebrity hacker Kevin Mitnick.

"People are used to having a technology solution [but] social engineering bypasses all technologies, including firewalls," Mitnick said. "Technology is critical but we have to look at people and processes. Social engineering is a form of hacking that uses influence tactics."

During his keynote address at this year's Citrix iForum conference in Sydney Thursday, Mitnick said hackers are analyzing the "bigger picture" and are looking for the weakest link, which is "people like you and me".

"Why do hackers use social engineering? It's easier than exploiting a technology vulnerability," he said. "You can't go and download a Windows update for stupidity... or gullibility."

Mitnick said social engineering appeals to hackers because the Internet is so widespread, it evades all intrusion detection systems, it's free or very low cost, it's low risk, it works on every operating system, leaves no audit trail, is nearly 100 percent effective, and there is a general lack of awareness of the problem.

"Social engineering attacks can be simple or complex and take from minutes to years," he said, adding that surveys have revealed that nine out of 10 people will give their password in exchange for a chocolate Easter egg.

Mitnick spoke of how social engineering has been used to extract millions of dollars from banks and how he used the technique to siphon source code for a mobile phone out of Motorola by posing as an employee in its own R&D department.

Mitnick also mentioned how he is not immune to the social engineering scourge and was sent an e-mail 'phishing' for information from his PayPal account earlier this year.

"The attacks are real and the threat is real so I encourage everyone to do something about it," he said, adding the main target is the helpdesk because "it's there to help".

Pretexting, where the hacker takes on an acting role, is the heart of social engineering, Mitnick said, because people need reasonable justification to fulfill a request.

Hackers establish an identity and role, build a rapport through linking or other influence tactics, and leave an "out" to avoid "burning" the source.

Intelligence gathering exercises may include seeking titles of company positions so hackers know who to target, and good old "dumpster diving" where the company's garbage is screened for information.

Mitnick said even large companies participate in dumpster diving, as Oracle was recently caught sifting through Microsoft's garbage. When Mitnick was 17, he did some dumpster diving and found an employee directory and source code in piles of rubbish.

To combat social engineering attacks, Mitnick said organizations need to build a "human firewall" and fill existing holes such as illusions of invulnerability. "It can happen to anyone," he said. "People naturally want to help people and underestimate the value of information."

Mitigation techniques begin with top management buy-in and demonstrating personal vulnerability.

"Establish an employee participation program," he said. "Develop simple rules to define what is sensitive information [and] build a human firewall by raising awareness."

Mitnick recommends performing social engineering pen-tests, and not forgetting the periodic dumpster diving, and modifying the organization's politeness norms - "it's OK to say No!

"Use technology to remove employee decision making," he said. "The big challenge is to balance productivity and sensitivity."

SEE ALSO:

Microsoft helps Japan's cybercops

Security concerns to stunt e-commerce growth

[InfoWorld: Top News]

Fri, 08 Jul 2005 17:58:09 GMT

Unstrung: 802.11n Back on Track. [Hack the Planet]

Sat, 22 Jan 2005 13:52:49 GMT

Ethereal Detects Weak WEP IVs. For the security wonks, Ethereal 0.10.9 now detects and flags weak initialization vectors (IVs) for WEP keys: An initialization vector (IV) is an attempt to increase randomness in a publicly available encryption stream. Combine a truly random IV from a large number space with a key set by a user and each packet has additional protection against brute force attacks. WEP was weak to begin with because the IV space was too small, forcing reuse. Errors in implementation meant that IVs are rapidly reused on some networks. A flaw in the encryption algorithm further means that certain IVs, called weak IVs, reveal more information about the secret part of the WEP key than others--about 9,000 weak IVs out of 16,000,000 possible ones. (WPA, by the way, has a 48-bit IV instead of a 24-bit one without the weakness problem.) The weak IVs are much more interesting than others because they have a statistically higher likelihood of resulting in a crack. Gathering weak IVs quickly produces a crack faster than gathering lots of strong IVs. (Some WEP-generating Wi-Fi adapters exclude weak IVs from their IV creation process as part of firmware design.) Gather a few thousand weak IVs, and you have a chance at cracking the key. On busy networks, this might be a few minutes using the latest cracking software. Ethereal 0.10.9 detects these weak IVs, which either means you know you can crack a WEP key quickly or you know that your network has weak protection and ought to be upgraded. [link via Nigel Ballard; thanks to him and Jim Thompson for reality checks.]... [Wi-Fi Networking News]

Wed, 17 Nov 2004 15:56:13 GMT

Japanese govt threats silence security researcher. Cory Doctorow: A security expert who audited the Japanese National ID Card system and found it to be terribly designed and implemented was prevented from presenting his findings at a technology conference after the Japanese government intervened and threatened the conference organizers.

The Japanese government gave me two options.
1) Do not talk
2) Drastically change your slides to say what they want me to.
When I offered to not use slides at all and give my own opinion they told me that I would not be permitted to speak AT ALL. It is obvious to me that they did not have an issue with my slides or presentation. They were afraid that I would draw attention to problems in JUKI net. Soumushou thinks that they can hide from the issues. They think that if they keep people from speaking about the issues, it will go away. I thought I would be immune from such Japanese government pressures however I underestimated Soumushou's ability to manipulate those around me.

Link (Thanks, Gohsuke!) [Boing Boing]

Thu, 21 Oct 2004 21:49:13 GMT

Wired News on Make. David Pescovitz: Wired News ran an article today about Make, the new DIY tech magazine that O'Reilly Media is launching early next year with BB's own Mark Frauenfelder at the helm!

The can-do attitude of old hobbyist magazines like Popular Science and Popular Mechanics inspired the spirit of the new magazine, (O'Reilly VP Dale) Dougherty said.

"That was kind of lost in the '70s and '80s when people started becoming more consumers," said Mark Frauenfelder, editor in chief of Make. "People didn't need to make things anymore. It was cheaper to buy them."

While that still may be true today, "there is a satisfaction in making something rather than buying it," he said.

Link [Boing Boing]

Fri, 08 Oct 2004 19:10:54 GMT

Make News #2. Mark Frauenfelder: Here's the second issue of the Make newsletter.

Make News No. 2
October 4, 2004
==============
Welcome to the second issue of the Make magazine newsletter. A couple of weeks ago, I asked you to suggest a name for this newsletter. Dozens of people replied -- thanks!
Here are some of the suggestions that came in:
Makefile
Modifications
make /usr/share/hack
Create It
Done Deal
DoItNow
Make it Mine
Makers
Make-up-date
The Make a Cake NL
MAKE: The News
Re:Make
We had a lot of good submissions to choose from, but our favorite was "Make News." Matthew Morrisson was the first to submit it, so he wins the prize -- a title of his choice from O'Reilly's Hacks Series. Congratulations, Matthew!
***
In the first issue of Make News, I also asked you to send in your ideas for Make. A bunch of you wrote back asking for writers' guidelines. Here they are:
Make Submission Guidelines
Make is a do-it-yourself technology magazine written by makers. When you write something for Make, use your voice. Tell us the story behind your project.
There are four types of content in Make: Projects, Features, Reviews, and Everything Else. (If you have an idea for something that doesn't fit in one of the first three areas but is still related to do-it-yourself technology, we'd like to hear about it, too -- hence the Everything Else category.)
We pay $100 for a review. Payment for other types of content will be negotiated.
To pitch an idea, email it to Mark Frauenfelder (markf@oreilly.com).
1. Projects
If you've made something cool (or have come up with a cool hack or tweak for something) and want to show other people how to make one, we'd like to publish it in our projects section. (Note: We're interested in hearing about things you've already made, not things you are just thinking about making.)
Remember this when you are writing for Make: you're the readers' coach. Think of your reader as a smart person who doesn't necessarily know what you know. Imagine the questions he or she might have about your project. Explain everything they need to know to recreate the thing you're writing about.
We have two kinds of projects. One is called "DIY." This section is for shorter projects (like swapping a battery out of an iPod, or installing open source software on your TiVo.) DIY pieces run between 200 and 750 words. When writing a DIY, keep it conversational. These are very much like explaining to a friend how you did something. Describe difficulties you encountered, and suggest workarounds. Take digital photos of each step along the way. Photos should be at least 2 Megapixels.
The second kind of project is a "Major Project." These are more complex projects that would require a reader at least several hours, if not days, to complete. If we accept your proposal for a Major Project, you will need to submit the article in a format that fits our template. We'll provide you with further instructions.
2. Features
We have several sections with articles about interesting things made by people or groups of people. "Made on Earth" is a section with large photos of projects and their makers, along with 200-word stories about them. "Maker" is a longer profile of a dedicated maker-of-cool-things. And we also have 600- to 1,000-word articles about groups, companies, clubs, and technologies relating to DIY projects.
3. Reviews
Is there some gadget, tool, web site, newsletter, instructional video, book, magazine, CD-ROM, or instrument you already own and love? Then send your review to "Toolbox," Make's recommendation section.
Reviews should be approximately 300 words, and be written in the first person. Think more "recommendation" and "experience" when you write these than "review." We want to hear about your involvement with it.
The old Wired guidelines for reviews went like this: "Write your review. Then write us a letter explaining why we should devote space to your item. Throw away your review and send us the letter." That's the way to do it.
4. Everything Else
Do you have an idea involving DIY technology, but doesn't fit in any of the above categories? Is it interesting? Let us know about it. Tell us about the time your dad made a homebrew computer based on the Apple II schematic. Tell us the funny story about the motorized surfboard you made. What's the strangest experience you've had making something? If it's surprising or funny, we'll run it.
***
Remember, the first issue of Make is coming in January, so start clearing off your workbench!
Best regards,
Mark Frauenfelder
Editor in Chief
Make
markf@oreilly.com

[Boing Boing]

Sat, 25 Sep 2004 01:54:39 GMT

Lucas put malicious Xbox trojan on Star Wars DVD. Cory Doctorow: The new Star Wars bonus DVD erases elements of your Xbox's firmware without informing you or giving you a chance to decline. This is apparently deliberate, as part of an "anti-piracy" effort aimed at punishing people who play the Star Wars DVD bonus disk in a modded Xbox.

The 'StarWars Trilogy DVD' (video/movie DVD) has an 'Extra Special Features Disc'. If you try to launch this on your Xbox it will automaticly update your dashboard ... NO confirmation will be asked. The bonus disc has extra features including a documentary on the star wars saga, footage from the making of all three films and a preview demo of the new 'StarWars Battlefront' Xbox game (that's why there's a default.xbe, dashupdate.xbe and update.xbe on the disc).
This information can be important for some people with older bioses (booting xboxdash.xbe), people using exploits or simply those who don't want their dash upgraded.

Link (via Gizmodo) [Boing Boing]

Thu, 23 Sep 2004 13:23:55 GMT

The Butt Ugly Weblog: We lied to you. "In the golden 80s and 90s [the computer industry] told [the entertainment industry] micropayments and content protection would work; that you would be able to charge minuscule amounts of money whenever someone listened to your music or watched your movie. We told you untruths which we well knew would never work - after all, we would've never used them ourselves." I don't think games are a good example of this, considering the escalating copy protection war in that industry. Game publishers tried funky corrupted CDs (the Apple II days all over again) and requiring the CD to be in the drive, so game-playing hackers wrote CD-ROM-drive-emulating device drivers. This merely opened a new front in the kernel, prompting the copy protection systems to install their own device drivers which disable debuggers and other legitimate utilities. Of course any offline system can be cracked, so the game companies are planning to force you to be connected to the Internet to play. [Hack the Planet]