Monday, March 24, 2014

How do you DRM a thing like a coffee pod?

A brewing system lockdown may echo the tale of printers and ink cartridges.

Soon, new Keurig brewers will only take Keurig-approved K-cups.
Keurig's next generation of coffee machines will have a way to prevent any coffee not licensed by Keurig from brewing in the machine as early as this fall. Locking down a thing like coffee seems both trifling and difficult to accomplish—no one has yet described how Keurig can differentiate its own pods enough so that its machines would honor those pods and only those pods.
Security can be as complex or as simple as a user wants, but it does have limitations: size and cost. It's easy to imagine how, for instance, a credit card with a smart chip works in its own ecosystem. But how can something as small, relatively cheap, and disposable as a coffee pod be protected? And even if it can, how strong could that protection be without raising the cost too significantly?
To suss out the issue of coffee DRM, it makes sense to look at a relatively close analog product with its own rights management and interoperability issues—printer toner cartridges. Each printer company jealously guards its model of cartridges, doing everything it can to make them proprietary and unrefillable, because, of course, the real money in printing is in selling the ink at a very large profit.
In the early 2000s, Lexmark attempted a widespread lockdown of its toner cartridges in what it called the Prebate Program. The company provided proprietary toner cartridges to its customers at a steep discount under the condition that they would use the cartridge a single time and return it to the company.
In 2002, a company called Static Control Components (SCC) figured out how to replicate the microcontroller exchange Lexmark used between its cartridges and printers. SCC began selling its own chips to toner cartridge refillers. Lexmark sued, accusing SCC of violating copyright law and the Digital Millennium Copyright Act.
As far as applying DRM to proprietary goods, "this is not new, although it's probably new to coffee," said Mitch Stoltz, a staff attorney with the Electronic Frontier Foundation. When asked how Keurig might do this with a coffee pod, Stoltz speculated that the pod and the coffee machine would have to perform a handshake similar to that of Lexmark's printers and cartridges. "I imagine you could do this with the equivalent of the RFID chip they put in subway tickets," said Stoltz. "My guess is that a chip that could do this could be very small and very cheap."
RFID hacks crop up regularly in the news, so if Keurig went this route, it could probably expect its system to be infiltrated in fairly short order. Bill Rosenblatt, founder of GiantSteps Media Technology Strategies, suggested that Keurig might go for an arrangement in each pod that involves a processor and memory, in the vein of Lexmark's system. "There are various degrees of complication of authentication protocol," said Rosenblatt. "They're going to be looking for a cost-security trade-off."
"If this thing goes to market, probably within a day people will have figured out how to break it. They will take it as a challenge," said Stoltz. The issue is less whether anyone will try to break it—they certainly will—but what they might try to do with that information, how Keurig might react, and how the courts will treat the situation.
"You can build a car that only accepts a particular brand of tire," said Stoltz. "The other question is, will the law stop people from getting around that? In the case of digital stuff, the courts are actually split on that." Lexmark has thus far been unsuccessful in proving that SCC violated the DMA; the US court of appeals for the Sixth Circuit ruled in favor of SCC in 2012, 10 years after the original suit was filed. Lexmark is currently appealing the decision in the Supreme Court.
In Keurig's case, it's less likely that the company is trying to lock coffee competitors out rather than bring them under control. Whatever security scheme it lands on, the company already said it plans to license to third parties so they will still be able to get their product on Keurig machines for a price. Rosenblatt compared the licensing scheme to that of Apple's devices and third-party accessories.
Two companies that currently makes third-party K-cups, TreeHouse Foods and Rogers Family Company, are already suing Green Mountain on the grounds (no pun intended) that their proposed proprietary system is anti-competitive, exclusionary, and designed to edge out companies who won't comply with their rules. If a third party tries to replicate Keurig's verification scheme outside the walled Green Mountain, there is a chance the company would take them to court. Whether Keurig could successfully defend the necessity of a DRM'd coffee pod is another matter.

Thursday, March 20, 2014

Sally Beauty Confirms Card Data Breach

Nationwide cosmetics and beauty retailer Sally Beauty today confirmed that hackers had broken into its networks and stolen credit card data from stores. The admission comes nearly two weeks after KrebsOnSecurity first reported that the company had likely been compromised by the same criminal hacking gang that stole 40 million credit and debit cards from Target.
The advertisement run by thieves who stole the Sally Beauty card data.
The advertisement run by thieves who stole the Sally Beauty card data.
Previously, Denton, Texas-based Sally Beauty had confirmed a breach, but said it had no evidence that card data was stolen in the break-in. But in a statement issued Monday morning, the company acknowledged it has now discovered evidence that “fewer than 25,000 records containing card present (track 2) payment card data have been illegally accessed on our systems and we believe have been removed.” Their statement continues:
“As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security breach/incident prior to the completion of a comprehensive forensic investigation. As a result, we will not speculate as to the scope or nature of the data security incident.”
“We take this criminal activity very seriously. We continue to work diligently with Verizon on this investigation and are taking necessary actions and precautions to mitigate and remediate the issues caused by this security incident. In addition, we are working with the United States Secret Service on their preliminary investigation into the matter.”
On Mar. 5, this blog reported that hackers appeared to have broken into Sally Beauty’s network and stolen at least 282,000 cards from the retailer. That conclusion stemmed from purchases made by several banks at an archipelago of fraud sites that have been selling cards stolen in the Target breach. The first new batch of non-Target cards sold by this fraud network — a group of cards marketed under the label “Desert Strike” — all were found by three different financial institutions to have been recently used at Sally Beauty stores nationwide.
In a FAQ that accompanies today’s announcement, Sally Beauty declined to speculate whether data from its online stores was compromised, but stressed that so far the breach is known to involve “card present” data — specifically the data stored on the magnetic strip on the backs of cards. Thieves prize this data because it allows them to create counterfeit cards and use them to go shopping in big box stores for high-priced merchandise, gift cards and other items that can be resold quickly for cash.
In a fascinating and timely development, the main fraud shop that has been selling cards stolen in the Sally Beauty breach — rescator[dot]so — was recently hacked, its entire database of customers’ (read: fraudsters) usernames and passwords dumped online. Then, sometime on Sunday, the site’s homepage was defaced, with a message to this author and to the proprietors of the fraud shop:
The site principally responsible for selling Sally Beauty cards -- as well as millions of cards stolen from Target -- was defaced this weekend.
The site principally responsible for selling Sally Beauty cards — as well as millions of cards stolen from Target — was defaced this weekend.

Scary New Drone Can Hack Your Phone From the Air

Scary New Drone Can Hack Your Phone From the Air
Imagine you're walking around, enjoying the early spring sunshine, and looking for a Wi-Fi network. You hear a whirring sound above you, look up, and there's a drone, just chilling. Did that drone just take your picture? Nah. It just stole all the precious passwords from your smartphone.
This is a real—however somewhat distant—possibility. We know that it's technically possible thanks to some London-based Sensepoint security researchers who built new software called Snoopy that turns drones into data thieves. Essentially, Snoopy works on drones that seek out the signal that your smartphone broadcasts when it's looking for a Wi-Fi network to join. The drone intercepts the signal and tricks the phone into thinking it's a trusted network, then Snoopy gains access to all kinds of data on the phone.
It's not just passwords. The researchers say that Snoopy can retrieve credit card numbers, location data, and usernames, too. They've successfully stolen Amazon, PayPal, and Yahoo credentials from random Londoners. The technology is not dissimilar to some of the gadgets in the NSA's spy gear catalog that enable them to break into Wi-Fi networks from a distance. Whereas the NSA can do it from eight miles away, however, Snoopy evidently needs to be as close as two feet.
So the data-stealing drone is real, but it's not like they're flying all over cities around the world right now. Sensepoint did the drone project in the name of better security and are presenting their findings at the Black Hat Asia conference next week in Singapore. In the meantime, maybe it's best to just turn off that automatic Wi-Fi network-finding feature. It's clearly vulnerable. Furthermore, it drains your battery like whoa. [CNN Money via ThinkProgress]

Taken in phishing attack, Microsoft’s unmentionables aired by hacktivists

If Microsoft and eBay aren't safe from social engineering attacks, who is?

Pro Syrian hacktivists have offered compelling proof that they successfully breached Microsoft's corporate network and made off with highly sensitive documents that company employees sent to law enforcement officials, according to a media report published Thursday.
Billing invoices and other documents show Microsoft charging the FBI hundreds of thousands of dollars a month to comply with legal requests for customer information, according to the article published by The Daily Dot. The publication said the stolen Microsoft material was provided by members of the Syrian Electronic Army (SEA), a hacking group that has compromised social media accounts and occasionally private networks of eBay and Viber, as well as media outlets including The Washington Post, the Associated Press, The Financial Times, the BBC, Al Jazeera, and Forbes. The group has proven itself to be extremely effective in waging highly targeted phishing attacks that extract login credentials. For an idea how intricate some SEA attacks can be, see thisdetailed post-mortem of a recent ransacking of Forbes.
Most of the SEA's successes result in little more than a public embarrassment for the compromised targets. But recent exploits against Microsoft and eBay, which Ars covered here andhere, were more serious because they exposed confidential operations or data that could be used to further penetrate the companies or compromise operational security.
The hackers behind the eBay attack, for instance, intercepted the real-time communications of eBay security personnel as they responded to a recent hack of the company's UK websites. That eavesdropping had the potential to foil eBay's attempts to remediate a breach in progress. The SEA's access of servers containing private communications between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit is similarly detrimental to the company's operational security. Taken together, the breaches are a sad commentary on the current state of security. If employees of two of the most visible technology companies in the world can't steer clear of social engineering attacks, what hope is there for less experienced Internet users?
The Daily Dot report also raises another good question about the means by which Microsoft employees communicated with FBI officials. The documents, Thursday's post reported, appear to have been sent using plain-vanilla e-mail, possibly with no encryption. If true, the practice represents a startling admission that sending encrypted e-mail is too onerous even for people at the world's biggest software companies.
Post updated to change the headline and add link to post-mortem of Forbes breach.

Thursday, March 13, 2014

Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It



Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It
(Corrects to identify Romania in a map accompanying the story.)
The biggest retail hack in U.S. history wasn’t particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Target’s (TGT) security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores. At the critical moment—when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe—the malware would step in, capture the shopper’s credit card number, and store it on a Target server commandeered by the hackers.
Behind this week’s coverBehind this week’s coverIt’s a measure of how common these crimes have become, and how conventional the hackers’ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified.
On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then …

Nothing happened.
For some reason, Minneapolis didn’t react to the sirens. Bloomberg Businessweekspoke to more than 10 former Target employees familiar with the company’s data security operation, as well as eight people with specific knowledge of the hack and its aftermath, including former employees, security researchers, and law enforcement officials. The story they tell is of an alert system, installed to protect the bond between retailer and customer, that worked beautifully. But then, Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes.
When asked to respond to a list of specific questions about the incident and the company’s lack of an immediate response to it, Target Chairman, President, and Chief Executive Officer Gregg Steinhafel issued an e-mailed statement: “Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach. As a result, we are conducting an end-to-end review of our people, processes and technology to understand our opportunities to improve data security and are committed to learning from this experience. While we are still in the midst of an ongoing investigation, we have already taken significant steps, including beginning the overhaul of our information security structure and the acceleration of our transition to chip-enabled cards. However, as the investigation is not complete, we don’t believe it’s constructive to engage in speculation without the benefit of the final analysis.”
More than 90 lawsuits have been filed against Target by customers and banks for negligence and compensatory damages. That’s on top of other costs, which analysts estimate could run into the billions. Target spent $61 million through Feb. 1 responding to the breach, according to its fourth-quarter report to investors. It set up a customer response operation, and in an effort to regain lost trust, Steinhafel promised that consumers won’t have to pay any fraudulent charges stemming from the breach. Target’s profit for the holiday shopping period fell 46 percent from the same quarter the year before; the number of transactions suffered its biggest decline since the retailer began reporting the statistic in 2008.
In testimony before Congress, Target has said that it was only after the U.S. Department of Justice notified the retailer about the breach in mid-December that company investigators went back to figure out what happened. What it hasn’t publicly revealed: Poring over computer logs, Target found FireEye’s alerts from Nov. 30 and more from Dec. 2, when hackers installed yet another version of the malware. Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network. Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happened at all.

The heart of Target’s antihacking operation is cloistered in a corner room on the sixth floor of a building in downtown Minneapolis. There are no internal-facing windows, just a locked door. Visitors ring a bell, then wait for a visual scan before being buzzed in.

Tuesday, March 11, 2014

Intel’s 800Gbps cables headed to cloud data centers and supercomputers

64 fibers pushing 25Gbps apiece stuffed into one cable connector.

Intel's pitch for Silicon Photonics.

Intel and several of its partners said they will make 800Gbps cables available in the second half of this year, bringing big speed increases to supercomputers and data centers.
The new cables are based on Intel's Silicon Photonics technology that pushes 25Gbps across each fiber. Last year, Intel demonstrated speeds of 100Gbps in each direction, using eight fibers. A new connector that goes by the name "MXC" holds up to 64 fibers (32 for transmitting and 32 for receiving), enabling a jump to 800Gbps in one direction and 800Gbps in the other, or an aggregate of "1.6Tbps" as Intel prefers to call it. (In case you're wondering, MXC is not an acronym for anything.)
That's a huge increase over the 10Gbps cables commonly used to connect switches and other equipment in data centers today. The fiber technology also maintains its maximum speed over much greater distances than copper, sending 800Gbps at lengths up to 300 meters, Intel photonics technology lab director Mario Paniccia told Ars. Eventually, the industry could boost the per-line rate from 25Gbps to 50Gbps, doubling the overall throughput without adding fibers, he said.
Intel partnered with Corning to develop new fibers to support the Silicon Photonics transmission technology, which converts electrical signals into optical ones and vice versa. Intel also worked withUS Conec on the project. Those three companies today announced their plan to sell MXC cables.
"MXC cable assemblies have been sampled by Corning to customers and will be in production in Q3 2014," an Intel presentation said. "US Conec announced that it will sell MXC connector parts to Corning and other connector companies."
US Conec established an MXC certification program to help other companies sell the cables. Tyco Electronics and Molex are the first besides Corning to announce that they will build and sell MXC cable assemblies.
Corning refused to say how much the cables and connectors will cost. Obviously, the 800Gbps ones will be the most expensive. Customers can order connectors with 8, 16, 32, or 64 fibers to fit their needs and budgets.
Typical designs max out at 12 or 24 fibers per connector, Corning's David Hessong, product line manager for embedded and optical systems, told Ars. The MXC design is higher-density and less sensitive to damage from dust and scratches than previous technology, he said.
Intel and Corning expect the first adopters to come from the supercomputing and cloud computing markets. The world's fastest supercomputers are composed of thousands of servers that work together to solve computational problems. Those systems would benefit from faster interconnects, Paniccia noted.
Cloud computing data centers are also likely early adopters. "They will be the first to adopt whatever speed you can give them," Hessong said.
Microsoft and the Facebook-led Open Compute Project are among the organizations already testing out the MXC-based cables.
Providing faster connections between top-of-rack switches and core switches, and connecting servers to extra storage or GPUs are among the expected use cases.
Longer-term, Intel wants Silicon Photonics inside racks. As we wrote last year, future server racks could use a "more efficient architecture that separates CPU, storage, power, and networking resources into individual components that can be swapped out as needed. Power and cooling would be shared across CPUs, rather than having separate power supplies for each server. Server, memory, network, and storage resources would all be disaggregated and shared across the rack."
As this approach pushes components further apart, faster interconnects would be needed. Bringing optical interconnects inside data center racks would be a big upgrade but an expensive one. While Intel and Corning provided no hint as to how much the MXC cables will cost, Paniccia said the companies want to make the technology cost-effective so it can be "cheap enough to compete with copper."
In an announcement, Paniccia described some of the ways vendors are planning to use MXC and Silicon Photonics.
"Fujitsu recently demonstrated an expansion box that increases the storage capacity and adds CPU accelerators to its 1U server.  In September, Intel demonstrated a new rack architecture called RSA that when used with MXC cables and Intel Silicon Photonics enables a totally new server architecture that increases performance and decreases cost. In the coming months, we expect to see more demonstrations and announcements about MXC and Intel Silicon Photonics."

Monday, March 10, 2014



Next-gen “Archival Disc” will squeeze 1TB of data onto optical discs

Sony and Panasonic developing AD for "professional use"; 300GB-per-disc by 2015.



There are plans to scale the format's capacity from 300GB in 2015 to 1TB at some point in the future.

Move over, Blu-ray: Sony and Panasonic have just announced a new optical disc specification with even higher storage capacities. The new "Archival Disc" format promises to store between six and 20 times the data of a standard 50GB dual-layer Blu-ray disc. Unlike Blu-ray, this new format is intended primarily for professional, archival use. The companies first announced that they would be working on this then-nameless standard together in July of 2013.
"Optical discs have excellent properties to protect themselves against the environment, such as dust-resistance and water-resistance, and can also withstand changes in temperature and humidity when stored," reads the release. "They also allow inter-generational compatibility between different formats, ensuring that data can continue to be read even as formats evolve. This makes them robust media for long-term storage of content."
First-wave Archival Discs are slated to launch in summer of 2015 and will be able to hold up to 300GB of data. By comparison, the largest commonly available Blu-Ray discs use the 100GB and 128GB BDXL format. Archival Discs will apparently be double-sided, so this works out to 150GB of data per side. Future versions of the technology will improve storage density, increasing to 500GB (or 250GB per side) and 1TB (500GB per side) as the standard matures.
It's possible that this technology could come to consumers at some point—we'll eventually start seeing more 4K content as TVs that use the standard begin to replace their 720p and 1080p predecessors. However, streaming video services combined with new, more efficient video codecs may reduce the need for this kind of high-capacity optical disc in the home. Blu-ray sales aren't growing fast enough to make up for the continuing decline in DVD sales, and an even more expensive, higher-capacity storage medium is unlikely to reverse this trend.



Friday, March 7, 2014

WALTER GLENN

Seven Things I Wish I Knew When I Was Still in College

From:
http://lifehacker.com/seven-things-i-wish-i-knew-when-i-was-still-in-college-1538265078




College is more than job training. It's your chance to explore, make friends, and grow as a person. Unfortunately, college is also more expensive than it's ever been, so you have to balance your exploration with some hard-nosed practicality. Here are some things we wish we knew while we were still in college.

I went to college nearly twenty years ago and, even though I'm not exactly working in a field related to my major, I still count it as one of the most valuable experiences of my life. In addition to thinking about what I wish I had known back then, I talked to a bunch of people when I was prepping this article: the Lifehacker staff, some old friends from college, some people in college right now, and some people who are college bound in the next year or so. I also read what a lot of you had to say on the subject. Here are the things that most people agreed on: http://lifehacker.com/seven-things-i-wish-i-knew-when-i-was-still-in-college-1538265078.
As the most widely used technology to prevent eavesdropping on the Internet, HTTPS encryption has seen its share of attacks, most of which work by exploiting weaknesses that allow snoops to decode cryptographically scrambled traffic. Now there's a novel technique that can pluck out details as personal as someone's sexual orientation or a contemplation of suicide, even when the protection remains intact.
A recently published academic paper titled "I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis" shows how even strongly encrypted Web traffic can reveal highly personal information to employers, Internet service providers, state-sponsored spies, or anyone else with the capability to monitor a connection between a site and the person visiting it. As a result, it's possible for them to know with a high degree of certainty what video someone accessed on Netflix or YouTube, the specific tax form or legal advice someone sought from an online lawyer service, and whether someone visiting the Mayo Clinic website is viewing pages related to pregnancy, headaches, cancer, or suicide.
The attack works by carefully analyzing encrypted traffic and taking note of subtle differences in data size and other characteristics of the encrypted contents. In much the way someone holding a wrapped birthday present can tell if it contains a book, a Blu-ray disk, or a box of candy, an attacker can know with a high degree of certainty the specific URL of the HTTPS-protected website. The transport layer security and secure sockets layer protocols underpinning the Web encryption specifically encrypt the URL, so until now, many people presumed an attacker could only deduce the IP address of a site someone was visiting rather than specific pages belonging to that site.
Read 5 remaining paragraphs
We Need to Call a Professional for This One
Submitted by: Unknown

Netflix disables Chrome's developer console

Boing Boing by Cory Doctorow  

When you watch Netflix videos in the Chrome browser, the service disables Chrome's developer console, a debugging and programming tool that gives you transparency and control over what your browser is doing. The Hacker News thread explains that this is sometimes done in order to stop an attack called "Self-XSS" that primarily arises on social media sites, where it can cause a browser to leak nominally private information to third parties. But in this case, the "Self-XSS" attack Netflix is worried about is very different: they want to prevent browser owners from consciously choosing to run scripts in the Netflix window that subvert Netflix's restrictions on video.
This is the natural outflow of the pretense that "streaming" exists as a thing that is distinct from "downloading" -- the idea that you can send a stream of bytes to someone else's computer without the computer being able to store those bytes. "Streaming" is at the heart of "rental" business models like Netflix's, and there's nothing wrong with the idea of rentalper se. But the only way to attain "rental" with computers is to design computers so that their owners can't give them orders that the renters disagree with. You have to change the computer and its software so that you can't see what it's doing and can't change what it's doing.
Your browser is a portal to your whole social life, your financial life and your work life, entrusted with the most potentially compromising secrets of your life. Anything that allows third parties to make it harder for you to figure out what the browser is doing, or to prevent it from doing something you don't want, should be a non-starter. As soon as a powerful entity like Netflix comes to depend on -- and insist on -- computers that owners can't control, that company is doing something wrong. Not because rentals are bad, but because taking away owner control from computers is bad.
This is why it's such a big deal that Netflix has convinced Microsoft, Apple, and Google to build user-controlling technology into their browsers, and why it's such a big deal that Microsoft, Apple, and Google have convinced the W3C to standardize this for all devices with HTML5 interfaces. Any time we allow the discussion to be sidetracked into "How can Netflix maximize its revenue by enforcing rental terms?" we're missing the real point, which is, "How can people be sure that their browsers aren't betraying them?"

Netflix disables use of the Chrome developer console (pastebin.com) 

Wednesday, March 5, 2014

This Is The Room Where The Internet Was Born

This Is The Room Where The Internet Was Born
For something as ubiquitous as the internet today, it certainly isn't easy to find where it all started. I don't mean historically, I mean logistically: 3420 Boelter Hall is a tiny room in a basement hallway of a large nondescript building on the sprawling UCLA campus.
But from these inauspicious beginnings emerged the reason you're able to read this story, wherever and whenever you're choosing to do so. Although the internet itself has many authors—even, apocryphally, Al Gore—this is widely considered to be its birthplace. This room, with its glaring, lime green paint and scuffed linoleum flooring, is where the first ARPANET node was installed, where communications protocol was established, and where the first message was sent over the network to another node at Stanford University.
This Is The Room Where The Internet Was Born
This Is The Room Where The Internet Was Born

"How many revolutions can you think about where you can see—within a few feet!—where it began? This machine is where the internet breathed to life, spoke its first words," says Leonard Kleinrock, the computer scientist for whom the Kleinrock Center for Internet Studies is named. Currently, the center consists of several research projects, as well as maintaining this room, in all its 1960s glory; it's Mad Men for nerds.
While a grad student at MIT, Kleinrock had developed a mathematical theory of packet switching, where data is broken up into "packets" that can be exchanged using a network, allowing access to data by multiple users across different platforms. This was the technology that the internet is based upon, and something that was of great interest to the Defense Department, more specifically its Advanced Research Projects Agency (ARPA—later named DARPA), which knew it could use packet switching to disseminate papers, research and software to its audience more efficiently.
ARPA sent out an RFP looking for a team to build, install and manage a pilot program for this new kind of network. The contract was awarded to a team of computer engineers at Bolt Beranek and Newman (BBN), who built a hulking machine named the Interface Message Processor (essentially the first router). They placed the first node of the network at UCLA, where Kleinrock had joined the faculty, and the school was made responsible for testing the system and running experiments. His team designed a network that could send messages using existing data infrastructure: the longlines of the telephone system.
As Kleinrock tells the story, his hand rarely leaves the IMP. It's almost as if he's got his arm slung around it. Like an old friend.
This Is The Room Where The Internet Was Born
SEXPAND
This Is The Room Where The Internet Was BornSEXPAND
On October 29, 1969, a team assembled in 3420 Boelter Hall to attempt to send the first message to Stanford Research Institute: "LOGIN." They managed to type in the first two letters before the system crashed. So the first message sent over what would become the internet was "LO."
An hour later, they tried again—and it worked. By December of 1969, four nodes were permanently installed at UCLA, Stanford Research Institute, University of Utah, and University of California at Santa Barbara. By 1975 there were 57 IMPs. By 1981 there were 213. The rest is history.
But, even as the internet became part of our everyday lives, the historic relevance of these machines was almost obliterated. There are currently only two IMPs still in existence. UCLA's IMP was replaced by new technology in 1982 and moved to a faculty break room where it sat near a water cooler, until it was rescued by Kleinrock. He also managed to salvage a SDS Sigma 7 computer, the refrigerator-sized machine that was used to host that first message.
In 2011, the center opened in this room, which used to be larger, notes Bradley Fidler. He serves as director of the center, and is to thank for the meticulous attention to detail to make the room period-perfect. It turned out that reclaiming the original location was the biggest challenge: because the room had become a computer lab for current students, they had to convince the school to subdivide it, carving out a space among the valuable classroom real estate. Nearly all the furnishings are from the era, either rescued from UCLA storerooms or found elsewhere, and the lights are original because, well, they'd never been upgraded. The green shade of the wall was recreated from photographs and the vivid memories of the team. The only true anachronism, if you could call it that, is masked by a wooden loudspeaker mounted on the wall: the wireless router.