Blog Archive: August 2011

Job Opening: TSA Public Affairs Specialist

Posted By Bruce Schneier

This job can't be fun: This Public Affairs Specialist position is located in the Office of Strategic Communications and Public Affairs (SCPA), Transportation Security Administration (TSA), Department of Homeland Security (DHS). If selected for this position, you will serve as the Press Secretary and senior representative/liaison working with Federal and stakeholder partners. You will utilize your expert knowledge and mastery...

The Effects of Social Media on Undercover Policing

Posted By Bruce Schneier

Social networking sites make it very difficult, if not impossible, to have undercover police officers: "The results found that 90 per cent of female officers were using social media compared with 81 per cent of males." The most popular site was Facebook, followed by Twitter. Forty seven per cent of those surveyed used social networking sites daily while another 24...

Open files: alternatives to lsof

Posted By Greg Lehey

Discussed the extreme number of opens on IRC today, and Callum Gibson pointed out that there's also fstat, part of the base system. And it tells a very different story: === grog@dereel (/dev/pts/16) ~ 36 -> lsof | grep ^firefox | wc -l    15157 === grog@dereel (/dev/pts/16) ~ 37 -> fstat | grep firefox | wc -l      212 It also shows file descriptor numbers, so I can confirm that this process really does have (almost) this many files open: === grog@dereel (/dev/pts/16) ~ 38 -> fstat | grep gam_server | wc -l     1871 === grog@dereel (/dev/pts/16) ~ 39 -> fstat | less USER     CMD          PID   FD MOUNT      INUM MODE         ...

This week at LOPSA-NJ: Tom Limoncelli will be presenting!

Posted By Tom Limoncelli

If you are in the Princeton, NJ area I hope you come out to join us! If you've never come to our meeting, this is a good event for first timers! http://www.lopsanj.org/ I'll be talking about ways for sysadmins and developers to work better together. It will be a rehearsal for a larger talk I'll be giving at PPW. Oh, and this month we have a sponsor supplying pizza and soda. So, come for the pizza, stay for the Limoncelli. :-) More info on the LOPSA-NJ website! Tom

Facebook Privacy Guide

Posted By Bruce Schneier

It's actually pretty good. Also note that the site is redesigning its privacy. As we learned from Microsoft, nothing motivates a company to improve its security like competition....

Details of the RSA Hack

Posted By Bruce Schneier

We finally have some, even though the company isn't talking: So just how well crafted was the e-mail that got RSA hacked? Not very, judging by what F-Secure found. The attackers spoofed the e-mail to make it appear to come from a "web master" at Beyond.com, a job-seeking and recruiting site. Inside the e-mail, there was just one line of...

Catching open files

Posted By Greg Lehey

Mail from Michael in South Australia today, asking why I didn't use lsof to inspect the file opens during yesterday's problems. Simple: I didn't think of it. Tried it out today and got some interesting results: === root@dereel (/dev/pts/10) ~ 35 -> lsof | grep ^named | wc -l      161 === root@dereel (/dev/pts/10) ~ 36 -> lsof | grep ^firefox | wc -l    14656 === root@dereel (/dev/pts/10) ~ 37 -> P=`lsof | awk '{print $1}' | sort -u` === root@dereel (/dev/pts/10) ~ 38 -> for p in $P; do echo -n $p; lsof | grep ^$p | wc -l; done | sort -n -r +1 firefox-b   14646 httpd    2130 gam_serve    1887 mysql    1551 mysqld    1530 console-k     702 xterm     573 plugin-co     462 VirtualBo     416 emacs   ...

National Broadband Network: Fixed radio

Posted By Greg Lehey

So we could see fixed wireless from the National Broadband Network here in the foreseeable future. The coverage map stops just short of here, but it's very much on the cards that we'll get something here too. But what is it? Scoured the NBN web site and found no mention of the technology. Finally called their Solutions Centre on 1800 881 816 and spoke to Steven, who confirmed that I wouldn't find anything on the web site. Apparently the wireless would be comparable to current 3G wireless, 12 Mb/s (never mind that Telstra advertises 28 Mb/s, something he didn't know). So will that really buy us anything?

Donner Pass

Posted By Benjamin Mako Hill

In the Peabody Essex Museum a couple weeks ago, I a beautiful landscape by Albert Bierstadt of Donner Pass whose label referenced the famous Donner Party of 1846 and their, "sensational story of privation, cannibalism, and death." I would reorder that sentence.

Screenshots of Chinese Hacking Tool

Posted By Bruce Schneier

It's hard to know how serious this really is: The screenshots appear as B-roll footage in the documentary for six seconds­between 11:04 and 11:10 minutes -- showing custom built Chinese software apparently launching a cyber-attack against the main website of the Falun Gong spiritual practice, by using a compromised IP address belonging to a United States university. As of Aug....

Too many open files!

Posted By Greg Lehey

Into the office this morning and tried to reply to a mail message. But I got an error message, something like Can't create temporary file. Sounded like a full file system, something that doesn't often happen. What does df say? === grog@dereel (/dev/pts/18) ~ 4 -> df /libexec/ld-elf.so.1: Cannot open "/lib/libutil.so.8" That looked bad. Had I destroyed the contents of /libexec? === grog@dereel (/dev/pts/18) ~ 5 -> ls /libexec /libexec/ld-elf.so.1: Shared object "libutil.so.7" not found, required by "ls" Interesting that there are two different versions of libutil there. How do you debug something like that?

An App For That

Posted By Benjamin Mako Hill

SeeClickFix makes a mobile application you can use to report Boston drivers using their smartphones while driving, while driving.

Internode doesn't talk to Wikipedia

Posted By Greg Lehey

Got some timeouts while trying to access Wikipedia today. A bit of checking proved that it was not so much a routing problem as extreme congestion, and that it was limited to my connection to the net, via Internode: a traceroute stopped at this point:  6  te0-3-0-938.bdr1.lon1.internode.on.net (203.16.211.97)  379.576 ms  420.108 ms  379.563 ms  7  linx.lhrx.hgtn.net (195.66.224.194)  389.673 ms  398.889 ms  389.633 ms Called up, left a message that I was having problems accessing Wikipedia, but not other web sites, and that I could access Wikipedia from other places.

Friday Squid Blogging: Squid Fishing in Ulleungdo, Korea

Posted By Bruce Schneier

The industry is in decline: A generation ago, most of the island's 10,000 residents worked in the squid industry, either as sellers like Kim or as farmer-fishermen who toiled in the fields each winter and went to sea during summer. Ulleungdo developed a reputation for large, tasty squid that were once exported to the mainland and Japan. The volcanic island,...

Preventing the Theft of Wire Cutters

Posted By Bruce Schneier

This is a picture of a pair of wire cutters secured to a table with a wire. Someone isn't thinking this through.......

The Problem with Using the Cold War Metaphor to Describe Cyberspace Risks

Posted By Bruce Schneier

Nice essay on the problems with talking about cyberspace risks using "Cold War" metaphors: The problem with threat inflation and misapplied history is that there are extremely serious risks, but also manageable responses, from which they steer us away. Massive, simultaneous, all-encompassing cyberattacks on the power grid, the banking system, transportation networks, etc. along the lines of a Cold War...

Terrorism in the U.S. Since 9/11

Posted By Bruce Schneier

John Mueller and his students analyze the 33 cases of attempted terrorism in the U.S. since 9/11. So few of them are actually real, and so many of them were created or otherwise facilitated by law enforcement....

Stitching the Statuary Pavilion panorama

Posted By Greg Lehey

Back home and attended again to the panorama that didn't work yesterday, inside the Statuary Pavilion of the Ballarat Botanical Gardens. Nothing I could do would get anything close to proper stitching. In fact, the preview window looked even worse than the image I stitched yesterday, the mean error was 19.1 pixels, and the maximum was 42.5: Finally, in the assumption that one of the images must be wrong, started in the middle with just the third and fourth of these individual images: The URLs of the full-sized ...

Funniest Joke at the Edinburgh Fringe Festival

Posted By Bruce Schneier

Nick Helm won an award for the funniest joke at the Edinburgh Fringe Festival: Nick Helm: "I needed a password with eight characters so I picked Snow White and the Seven Dwarves." Note that two other jokes were about security: Tim Vine: "Crime in multi-storey car parks. That is wrong on so many different levels." Andrew Lawrence: "I admire these...

Steve at NeXT

Posted By Tim Bray

Late in 1989 I opened my email one morning and there was one from [email protected] saying come see us. So I went and spent the day and failed to make a sale, but so did Mr. Jobs. Back Story What happened was, Id been working on the New Oxford English Dictionary Project at the University of Waterloo, and wed built some pretty impressive tools for text transformation and search and display. We were in the process of rolling out our company, which lives on today: Open Text. Id gotten to know Michael Hawley, then a grad student at the MIT Media Lab, and Mike was friends with Steve Jobs; they rode bikes together in the California hills and hed been consulting for NeXT.

Moving 211 Tons of Gold

Posted By Bruce Schneier

The security problems associated with moving $12B in gold from London to Venezuela. It seems to me that Chávez has four main choices here. He can go the FTs route, and just fly the gold to Caracas while insuring each shipment for its market value. He can go the Spanish route, and try to transport the gold himself, perhaps making...

The Security Risks of Not Teaching Malware

Posted By Bruce Schneier

Essay by George Ledin on the security risks of not teaching students malware....

Available for pre-order: THE GREAT BIG BEAUTIFUL TOMORROW

Posted By Cory Doctorow

Available for pre-order from today: The Great Big Beautiful Tomorrow, a PM Press "Outspoken Authors" chapbook, including my novella "There's a Great Big Beautiful Tomorrow/Now is the Best Time of Your Life," an essay, a transcript of my U of T iSchool talk on general purpose computing and regulation, and an exclusive interview with Terry … [Read more]

Panoramas of Botanical Gardens

Posted By Greg Lehey

While in town, to the Ballarat Botanical Gardens to take some photos. The weather was right, and there were few people around, though not as few as I managed to get in my panoramas. Back home, the processing once again took forever. In addition, I had made a mistake with one of the panoramas, and another one, for some reason, just wouldn't generate control points. Nothing looked wrong with the images, but the result was completely ridiculous: What caused that?

C9 interview with Scott Meyers, Andrei Alexandrescu, and me

Posted By Herb Sutter

After the end of the C++ and Beyond event earlier this month, Charles Torre interviewed all three of us for Channel 9. I thought it came out really well, and stayed firmly focused on C++ — including even during the parts we talked about D and other languages, where the focus was on how their best parts could be applied to [...]

C9 interview with Scott Meyers, Andrei Alexandrescu, and me

Posted By Herb Sutter

After the end of the C++ and Beyond event earlier this month, Charles Torre interviewed all three of us for Channel 9. I thought it came out really well, and stayed firmly focused on C++ — including even during the parts we talked about D and other languages, where the focus was on how their best parts could be applied to [...]

Trip Report: August 2011 C++ Standards Meeting

Posted By Herb Sutter

The spring 2011 ISO C++ meeting was held on August 15-19 in Bloomington, Indiana, USA on the wonderful Indiana University campus. The minutes will be available at the 2011 papers page in a couple of weeks. As previously announced, C++11 was unanimously approved just days before the standards meeting, so this was the first post-C++11 meeting. As [...]

Trip Report: August 2011 C++ Standards Meeting

Posted By Herb Sutter

The summer 2011 ISO C++ meeting was held on August 15-19 in Bloomington, Indiana, USA on the wonderful Indiana University campus. The minutes will be available at the 2011 papers page in a couple of weeks. As previously announced, C++11 was unanimously approved just days before the standards meeting, so this was the first post-C++11 meeting. As [...]

Three Roses

Posted By Tim Bray

Havent run a flower picture for a while. If color and light are good, then more color and more light are better, right?

Ex Twitter

Posted By Tim Bray

Back in 2010, I disclosed that Id become the owner of some Twitter shares. I sold them this week. The story provides a look into the world of public trading of private-company shares. This is a space that was new to me and I found interesting; maybe you will too. The Basics Companies are either public or private. A public companys shares can be bought and sold by nearly anyone on your friendly local stock exchange. A private companys shares can in principle be bought and sold, but there are a lot of laws and regulations which restrict this process. They are there for the excellent reason that private companies arent required to, and generally dont, disclose their financials, so theres less confidence about the value of their equity.

Call for pizza toppings!

Posted By Tom Limoncelli

The New Jersey Chapter of LOPSA has gained a sponsor that will provide pizza and soda for the Thursday, September 1, 2011 meeting. William Bilancio posted on the LOPSANJ mailing list:September's meeting pizza and soda is generously provided by INetU Managed Hosting: http://www.inetu.net. So if you are planing to attend Tom Limoncelli's talk: "Walk a kilometer in my shoes: What sysadmins wish developers knew and vice-versa" please rsvp by going to http://www.lopsanj.org/rsvp and let us know if you are attending and what toppings you would like on the pizza." http://lists.lopsanj.org/pipermail/lopsanj/2011-August/003820.html See you there!

Stealing ATM PINs with a Thermal Camera

Posted By Bruce Schneier

It's easy: Researchers from UCSD pointed thermal cameras towards plastic ATM PIN pads and metal ATM PIN pads to test how effective they were at stealing PIN numbers. The thermal cams didn't work against metal pads but on plastic pads the success rate of detecting all the digits was 80% after 10 seconds and 60% after 45 seconds. If you...

Interview with Short Story Geeks podcast

Posted By Cory Doctorow

I've just gotten back from Renovation, the 2011 World Science Fiction Convention in Reno, Nevada, where I sat down for an interview with Graveyard Greg from the Short Story Geeks podcast. My bit starts around 26:40. MP3 Link

mplayer insights

Posted By Greg Lehey

To write my diary entry for yesterday I had to make a number of screen shots of mplayer screens. It wasn't easy: I only had working versions on particular machines, and running mplayer across the network caused significant delays. On one occasion I had a completely different image displayed for the time and file position in the on-screen display. On that occasion mplayer told me that it had a 6 second discrepancy between audio and video. And that's a clue: the file positions I report are the position of the last block read. They get buffered internally, so what you see isn't what appears at that position in the stream.

Smartphone Keystroke Logging Using the Motion Sensor

Posted By Bruce Schneier

Clever: "When the user types on the soft keyboard on her smartphone (especially when she holds her phone by hand rather than placing it on a fixed surface), the phone vibrates. We discover that keystroke vibration on touch screens are highly correlated to the keys being typed." Applications like TouchLogger could be significant because they bypasses protections built into both...

Security for Implanted Medical Devices

Posted By Bruce Schneier

Worried about someone hacking your implanted medical devices? Here's a signal-jamming device you can wear....

Cheating at Casinos with Hidden Cameras

Posted By Bruce Schneier

Sleeve cameras aren't new, but they're now smaller than ever and the cheaters are getting more sophisticated: In January, at the newly opened $4-billion Cosmopolitan casino in Las Vegas, a gang called the Cutters cheated at baccarat. Before play began, the dealer offered one member of the group a stack of eight decks of cards for a pre-game cut. The...

Expanding the Cloud - Introducing Amazon ElastiCache

Posted By Werner Vogels

Today AWS has launched Amazon ElastiCache, a new service that makes it easy to add distributed in-memory caching to any application. Amazon ElastiCache handles the complexity of creating, scaling and managing an in-memory cache to free up brainpower for more differentiating activities. There are many success stories about the effectiveness of caching in many different scenarios; next to helping applications achieving fast and predictable performance, it often protects databases from requests bursts and brownouts under overload conditions. Systems that make extensive use of caching almost all report a significant reduction in the cost of their database tier. Given the widespread use of caching in many of the applications in the AWS Cloud, a caching service had been high on the request list of our customers.

Fixing mplayer fonts

Posted By Greg Lehey

Continued my search for the reasons behind the mplayer font problems today. What I wanted were fonts like the ones I use at the moment: Instead, what I got was this, about 4 times the size: Reading the mplayer man “page” (currently 9151 lines, or about 153 pages), it's clear that the fonts should be in ~/.mplayer/font:        -font <path to font.desc file, path to font  (FreeType),  font  pattern        (Fontconfig)>               Search for the OSD/SUB fonts in an  alternative  directory  (de-          ...

Installing Adobe Flash on FreeBSD

Posted By Greg Lehey

While trying the new TV machine today, checked something that I had noticed earlier: Flash wasn't working. It seems that my ports infrastructure checked for the presence of the wrong file. That's straightforward enough, and within a few minutes I had Flash installed. Well, it was on the machine. firefox still claimed that it wasn't installed. It seems that the port installation only does part of the job. The important incantation to tell firefox that it's there is missing: nspluginwrapper -v -i /usr/local/lib/npapi/linux-f10-flashplugin/libflashplayer.so That's version-specific, of course.

Expanding the Cloud - Introducing Amazon ElastiCache

Posted By Werner Vogels

Today AWS has launched Amazon ElastiCache, a new service that makes it easy to add distributed in-memory caching to any application. Amazon ElastiCache handles the complexity of creating, scaling and managing an in-memory cache to free up brainpower for more differentiating activities. There are many success stories about the effectiveness of caching in many different scenarios; next to helping applications achieving fast and predictable performance, it often protects databases from requests bursts and brownouts under overload conditions.

Big Camera Tradeoffs

Posted By Tim Bray

These days, for a photographer who cares, a medium format camera is becoming a serious option. This is something that, while large, you can still fit in your hand, but has a huge sensor and gives you gobs and gobs of megapixels. Examples would be the Leica S2 and the Pentax 645D. These cameras are beautiful, objects of desire, but really Im not tempted. They give you enough pixels (40M or so) that you can confidently sell your work to high-gloss magazines or use it on big display posters. For a sample of the 645D at work, check out the Svalbard gallery by Jostein Øksne, especially Sarkofagen.

Movie-Plot Threat: Open Airplane Cockpit Doors During Bathroom Breaks

Posted By Bruce Schneier

James Fallows has a nice debunking of a movie-plot threat....

How Microsoft Develops Security Patches

Posted By Bruce Schneier

I thought this was an interesting read....

Pseudonymity

Posted By Bruce Schneier

Long essay on the value of pseudonymity. From the conclusions: Here lies the huge irony in this discussion. Persistent pseudonyms aren't ways to hide who you are. They provide a way to be who you are. You can finally talk about what you really believe; your real politics, your real problems, your real sexuality, your real family, your real self....

Links for Sunday, August 21, 2011

Posted By Jeff Barr

Hypergrid Business: 11 Tips for Successful Virtual Training - “It only makes sense to use virtual world technology if you are making use of its unique affordances. That is, if you are doing things that can only be done in a virtual world. If you bring your learners into a beautiful virtual environment and then [...]

How the times change

Posted By Greg Lehey

Started a shell today and got the following fortune: Just about every computer on the market today runs Unix, except the Mac (and nobody cares about it).                 -- Bill Joy 6/21/85 Now isn't that ironic?

Network problems, not Optus' fault

Posted By Greg Lehey

Finally finished my house photos today and started uploading them to the external site—at a snail's pace: 20110820/big/garden-centre.jpeg      7350157 100%   12.88kB/s    0:09:17 (xfer#15, to-check=33/50) 20110820/big/garden-n.jpeg      6976128 100%   14.29kB/s    0:07:56 (xfer#16, to-check=32/50) 20110820/big/garden-path-ne.jpeg      6622813 100%   13.50kB/s    0:07:59 (xfer#17, to-check=31/50) 20110820/big/garden-path-se.jpeg      6999010 100%   14.18kB/s    0:08:02 (xfer#18, to-check=30/50) Normally I would get about 60 to 100 kB/s upload. Looking at my net statistics, it seems that this had been going on for about 36 hours: Discussing it on IRC, Jürgen Lock thought I might be stuck in UMTS mode.

Patching mplayer

Posted By Greg Lehey

While I was waiting, finished patching mplayer and tried compiling. Surprise! It worked. The only issue is that the font sizes aren't what I wanted: they're far too big. But that may be as simple as installing the correct fonts.

Weekly photos: the time it takes

Posted By Greg Lehey

In the past couple of weeks I've been trying a new approach to my weekly photos: I take them in raw format and use Olympus Viewer to convert them to JPEG, in the process correcting chromatic aberration and lens distortion. The results are clearly better: now all my control points get a “very good” rating. But the time! Today I started the photos at 9:05, stopped for breakfast, and was finished by 9:52. Then I had to read the files in, all 5.6 GB of them, which was done by 10:19. Then extracting thumbnails from the images, making “contact prints” to confirm what I had taken, and ran another script to choose which photos to merge and what to call them.

Apple Pages: forensics

Posted By Greg Lehey

For yesterday's diary I was about to write, of “Pages”, that it uses a proprietary format. But that's prejudice, and it's a good thing to check. So I read a “Pages” document into Emacs, and to my surprise got: M Filemode      Length  Date         Time      File - ----------  --------  -----------  --------  -----------------------------------------------------------------------------------   -rw-rw-rw-       437  18-Aug-2011  14:31:48  buildVersionHistory.plist   -rw-rw-rw-     29009  18-Aug-2011  14:31:50  .iWTrash/00000001 ...   -rw-rw-rw-      8688  18-Aug-2011  14:26:02  MARIA-1.jpg   -rw-rw-rw-    101363  18-Aug-2011  14:31:48  QuickLook/Thumbnail.jpg   -rw-rw-rw-    415712  18-Aug-2011  14:31:48  QuickLook/Preview.pdf   -rw-rw-rw-   1585057  18-Aug-2011  14:31:48  index.xml - ----------  --------  -----------  --------  -----------------------------------------------------------------------------------                2613045                         26 files %%-  Spring-2011.pages   All (31,0)  (Zip-Archive Narrow)--11:08AM 1.21 Mail------------- ...

Patching mplayer

Posted By Greg Lehey

Finally drummed up the courage to start applying my patches to mplayer today, after finally locating what I think is the correct version. They're against version 1.0pre8, and what I have now is 1.0rc2: after 11 years it is asymptotically approaching release 1.0. I decided to apply the patches manually rather than using patch, and this proved to be a good choice. That way I had the ability to review the code itself, not to mention changes in the base mplayer code. They have almost discovered one of my patches: the length of the on-screen display was too short. So my patch had: +#define OSD_TEXT_LEN 128  static void update_osd_msg(void) {      mp_osd_msg_t *msg; -    static char osd_text[64] = ""; -    static char osd_text_timer[64]; +    static char osd_text[OSD_TEXT_LEN] = ""; +    static char osd_text_timer[OSD_TEXT_LEN]; ...

MVC 3 and DependencyResolver - The Ecstasy and the Agony

Posted By Terry Coatta

I started building my first MVC 3 the other day and came across the DependencyResolver mechanism for incorporating 3rd party inversion of control containers. How I rejoiced! I've been using Castle/Windsor for quite some time and have a nice set of capabilities built on top of its interceptor feature. So, I pull in my utility library, grab a Windsor-specific implementation of IDependencyResolver off the net, and start setting up my constructors for injection. I run my sample app, and it all hangs together. My controllers are being instantiated through Windsor and I'm happily making use of my utilities for tracing, logging, timing, etc.

MVC 3 and DependencyResolver - The Ecstasy and the Agony

Posted By Terry Coatta

I started building my first MVC 3 the other day and came across the DependencyResolver mechanism for incorporating 3rd party inversion of control containers. How I rejoiced! I've been using Castle/Windsor for quite some time and have a nice set of capabilities built on top of its interceptor feature. So, I pull in my utility library, grab a Windsor-specific implementation of IDependencyResolver off the net, and start setting up my constructors for injection. I run my sample app, and it all hangs together. My controllers are being instantiated through Windsor and I'm happily making use of my utilities for tracing, logging, timing, etc.

MVC 3 and DependencyResolver - The Ecstasy and the Agony

Posted By Terry Coatta

I started building my first MVC 3 the other day and came across the DependencyResolver mechanism for incorporating 3rd party inversion of control containers. How I rejoiced! I've been using Castle/Windsor for quite some time and have a nice set of capabilities built on top of its interceptor feature. So, I pull in my utility library, grab a Windsor-specific implementation of IDependencyResolver off the net, and start setting up my constructors for injection. I run my sample app, and it all hangs together. My controllers are being instantiated through Windsor and I'm happily making use of my utilities for tracing, logging, timing, etc.

Friday Squid Blogging: Squid Forks

Posted By Bruce Schneier

Squid forks....

Job Openings in AWS - Senior Leader in Database Services

Posted By Werner Vogels

There are some great job openings within Amazon Web Services. I will try to highlight some of those in coming weeks. This week it is an opening for senior leaders with AWS Database Services. AWS Database Services is responsible for setting the database strategy and delivering distributed structured storage services to our AWS customers. This team is constantly rethinking the assumptions behind how traditional databases were built and constantly working on building the right database architectures suited for the Cloud environment. The database services organization is looking for senior leaders who will be able to hire and lead a large software development team that is responsible for designing and running services that are at the cutting edge of distributed database technology that helps our customers to build scalable database-driven applications in the cloud and have a significant bottom-line impact on our business.

Looking Backward at Terrorism

Posted By Bruce Schneier

Nice essay on the danger of too much security: The great lie of the war on terror is not that we can sacrifice a little liberty for greater security. It is that fear can be eliminated, and that all we need to do to improve our society is defeat terrorism, rather than look at the other causes of our social,...

Interview with Ken MacLeod about Makers, For the Win, and UK riots

Posted By Cory Doctorow

Here's a two-part video interview that Ken MacLeod conducted with me earlier this week at the Edinburgh Book Festival for the ESRC Genomics Policy and Research Forum. We chatted gold farming, post-industrial manufacturing,

The Dilemma of Counterterrorism Policy

Posted By Bruce Schneier

Any institution delegated with the task of preventing terrorism has a dilemma: they can either do their best to prevent terrorism, or they can do their best to make sure they're not blamed for any terrorist attacks. I've talked about this dilemma for a while now, and it's nice to see some research results that demonstrate its effects. A. Peter...

Job Openings in AWS - Senior Leader in Database Services

Posted By Werner Vogels

There are some great job openings within Amazon Web Services. I will try to highlight some of those in coming weeks. This week it is an opening for senior leaders with AWS Database Services. AWS Database Services is responsible for setting the database strategy and delivering distributed structured storage services to our AWS customers.

Updating Yvonne's computer

Posted By Greg Lehey

Back home, got round to switching Yvonne's computer to the new motherboard. For once, things Just Worked. Change the Device entry in /etc/X11/xorg.conf, and we're away. It's nice that some things work so easily.

Writing newsletters with user-friendly software

Posted By Greg Lehey

After lunch went to visit Helen Vincent, who does the newsletter for the Friends of the Ballarat Botanical Gardens. I had already prepared for that by putting my ssh keys on a USB stick. There's a problem there: what file system? Clearly UFS is out of the question for non-BSD systems, including Apple I suppose, so I formatted it as FAT32. But FAT doesn't have permissions. So what I got was: === grog@boskoop (/dev/ttyp4) ~ 2 -> ssh-add /Volumes/GROGSSTICK/.ssh/id_rsa @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0777 for '/Volumes/GROGSSTICK/.ssh/id_rsa' are too open.

Driving down the cost of Big-Data analytics

Posted By Werner Vogels

The Amazon Elastic MapReduce (EMR) team announced today the ability to seamlessly use Amazon EC2 Spot Instances with their service, significantly driving down the cost of data analytics in the cloud. Many of our Big-Data customers already saw a big drop in their AWS bill last month when the cost of incoming bandwidth was dropped to $0.

Driving down the cost of Big-Data analytics

Posted By Werner Vogels

The Amazon Elastic MapReduce (EMR) team announced today the ability to seamlessly use Amazon EC2 Spot Instances with their service, significantly driving down the cost of data analytics in the cloud. Many of our Big-Data customers already saw a big drop in their AWS bill last month when the cost of incoming bandwidth was dropped to $0.00. Now, given that historically customers using Spot Instances have seen cost saving up to 66% over On-Demand Instance prices, Amazon EMR customers are poised to achieve even greater cost savings. Analyzing vast amounts of data is critical for companies looking to incorporate customer insights into their business, including building recommendation engines or optimizing customer targeting.

Steven Pinker on Terrorism

Posted By Bruce Schneier

It's almost time for a deluge of "Ten Years After 9/11" essays. Here's Steven Pinker: The discrepancy between the panic generated by terrorism and the deaths generated by terrorism is no accident. Panic is the whole point of terrorism, as the root of the word makes clear: "Terror" refers to a psychological state, not an enemy or an event. The...

New Attack on AES

Posted By Bruce Schneier

"Biclique Cryptanalysis of the Full AES," by Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger. Abstract. Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-round attacks on the 128-bit key variant or upon 8-round attacks on the 192/256-bit key variants has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a...

More teevee progress

Posted By Greg Lehey

Continued working on the teevee upgrade today. For some reason, the machine was coming up without NFS-mounted file systems, which really messes things up. Put a mount -t nfs -a in /etc/rc.local, to no avail. Then I put in a second, with a sleep 5 in between. Success! Somehow it takes the NIC several seconds to come online, as the link state changed to UP indicates. That wasn't the only NIC problem: while testing, copying between cvr2 and teevee (the old machines) ground to a halt. After rebooting teevee (with the old dc0 NIC) to no avail, changed back to the old 100 Mb/s switch, but cvr2 didn't want to know—not even after a reboot.

Museo Nacional de Antropología

Posted By Tim Bray

The one in Mexico City, I mean; National Museum of Anthropology en Inglés. They arranged a walk-through for us after closing time and let us take pictures; here are a few. Warning: kind of sad. The artifacts spanned Mesoamerica: Mayans, Mixtecs, Toltecs, Aztecs. At one point I got interested in these times and places and read dozens of books. The problem was, the histories were full of gloom and empty of celebration; the writers were either telling tragic stories of societal collapse and European oppression, or alternatively seemed to have come to dislike their subjects. These figures do not seem the work of happy people.

Alarm Geese

Posted By Bruce Schneier

A prison in Brazil uses geese as part of its alarm system. There's a long tradition of this. Circa 400 BC, alarm geese alerted a Roman citadel to a Gaul attack....

No Server Required - Jekyll & Amazon S3

Posted By Werner Vogels

As some of you may remember I was pretty excited when Amazon Simple Storage Service (S3) released its website feature such that I could serve this weblog completely from S3. If you have a largely static site you can rely on the enormous power of S3 to make serving your content highly scalable and storing it extremely durable.

No Server Required - Jekyll & Amazon S3

Posted By Werner Vogels

As some of you may remember I was pretty excited when Amazon Simple Storage Service (S3) released its website feature such that I could serve this weblog completely from S3. If you have a largely static site you can rely on the enormous power of S3 to make serving your content highly scalable and storing it extremely durable. Amazon S3 is much more than just storage; the network and distributed systems infrastructure to ensure that content can be served fast and at high rates without customers impacting each other, is amazing. Just dropping your website in an S3 bucket brings all that power to you.

Security by Default

Posted By Bruce Schneier

Nice essay by Christopher Soghoian on why cell phone and Internet providers need to enable security options by default....

Why CCTV has failed to deter criminals

Posted By Cory Doctorow

The Guardian

CCTV deterrence and the London riots

Posted By Cory Doctorow

My latest Guardian column, "Why CCTV has failed to deter criminals," looks at the London riots and the way that rioters were willing to commit their crimes in full view of CCTV cameras, and what that says about CCTVs as deterrence. I think that we need to draw a distinction between having cameras on all … [Read more]

The Myth of DPI

Posted By Greg Lehey

As lPart of the discussion about the low-resolution images in Wellingtonia, Jenny Burrell came up with an interesting link about the The Myth of DPI. The word should get around more.

Hortonworks Taking Hadoop to Next Level

Posted By James Hamilton

I got a chance to chat with Eric Baldeschwieler while he was visiting Seattle a couple of weeks back and catch up on whats happening in the Hadoop world at Yahoo and beyond. Eric recently started Hortonworks whose tag line is architecting the future of big data. Ive known Eric for years when he led the Hadoop team at Yahoo! most recently as VP of Hadoop Engineering.  It was Erics team at Yahoo that contributed much of the code in Hadoop, Pig, and ZooKeeper.    Many of that same group form the core of Hortonworks whose mission is revolutionize and commoditize the storage and processing of big data via open source.

More teevee progress

Posted By Greg Lehey

Somehow I can't get myself to continue with the installation of the new teevee, but I have to do something. Managed to make a bootable GPT disk, which requires a separate boot partition. Wrote a script to do my default partition. The whole thing looks like this: gpart destroy -F $DRIVE # Create GPT gpart create -s gpt $DRIVE # p1 gpart add -s 64k -t freebsd-boot $DRIVE # Install boot loader.  Note that -i is the partition number :-( gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 $DRIVE # First root file system, p2 gpart add -s 41943040 -t freebsd-ufs $DRIVE # Swap, p3 gpart add -s 10g -t freebsd-swap $DRIVE # Second root file system, p4 gpart add -s 41943040 -t freebsd-ufs $DRIVE # /home file system, p5 gpart add -t freebsd-ufs $DRIVE ...

Expanding the Cloud - The AWS GovCloud (US) Region

Posted By Werner Vogels

Today AWS announced the launch of the AWS GovCloud (US) Region. This new region, which is located on the West Coast of the US, helps US government agencies and contractors move more of their workloads to the cloud by implementing a number of US government-specific regulatory requirements. The concept of regions gives AWS customers control over the placement of their resources and services. Next to GovCloud (US) there are five general purpose regions; two in the US (one on the west coast and one on the east coast), one in the EU (in Ireland) and two in APAC (in Singapore and Tokyo).

Search Redirection and the Illicit Online Prescription Drug Trade

Posted By Bruce Schneier

Really interesting research. Search-redirection attacks combine several well-worn tactics from black-hat SEO and web security. First, an attacker identifies high-visibility websites (e.g., at universities) that are vulnerable to code-injection attacks. The attacker injects code onto the server that intercepts all incoming HTTP requests to the compromised page and responds differently based on the type of request: Requests from search-engine crawlers...

Expanding the Cloud - The AWS GovCloud (US) Region

Posted By Werner Vogels

Today AWS announced the launch of the AWS GovCloud (US) Region. This new region, which is located on the West Coast of the US, helps US government agencies and contractors move more of their workloads to the cloud by implementing a number of US government-specific regulatory requirements. The concept of regions gives AWS customers control over the placement of their resources and services.

Feeding Nemo: the web approach

Posted By Greg Lehey

I'm participating in an online survey (really a 9-day “diary”) on how we feed our dog Nemo. The question of feeding is important, and almost nobody does it right. Yvonne has been following a book Give Your Dog a Bone by Ian Billinghurst, which advocates food as close to what wild dogs would eat. That means no cooking, no processed food, bones (clearly), and fresh vegetables. Yvonne feeds him like this: 13:00: A lamb leg bone. He eats it all.

Replacing teevee: the next unsteady steps

Posted By Greg Lehey

I've been dragging my feet on the new replacement teevee, and I know why. I really don't want to have to look into the mplayer code again, and the prospect of patching lirc doesn't fill me with joy either. But there are other things to do. Currently I've been building and testing things on defake.lemis.com, a clone of dereel.lemis.com that I've dedicated to keeping one step ahead of the real machine. And as a result I've pointed it via NFS to the same /home file system. That proves to have its issues: I've already come to the conclusion that “system” files that belong to a specific machine should be on /home and not /usr (in my case, the root file system), so I've split the subdirectories of /var (also on the root file system) between /var and /home/var, depending on whether they relate to the operating system or the installation.

Telus Android Island Internet Win

Posted By Tim Bray

For Net access from our cottage on Keats Island, we checked alternatives and ended up getting a Internet stick from Telus Mobility, plugging it into my old BlackBook, and having that broadcast WiFi. It worked, but not brilliantly, with big latency and regular outages. This week I had a bright idea, pulled the SIM out of the dinky little USB goober, dropped it into my original 7" Galaxy Tab, and had that create a mobile network. Wow! The Tab gets not only a more robust signal (probably because its bigger and has more room for an antenna), but also Telus HSPA.

Links for Monday, August 15, 2011

Posted By Jeff Barr

MicroRAX - “MicroRAX is a light weight mini T-Slot style building system. Suitable for use on your desktop or bench top to build science, engineering, or advanced hobby and DIY projects.“ Sparkfun Electronics: MakerBeam - “MakerBeam is a Mini-T open-source building system. Mini-T is a miniature version of T-slot. Not only is it small enough to [...]

New, Undeletable, Web Cookie

Posted By Bruce Schneier

A couple of weeks ago Wired reported the discovery of a new, undeletable, web cookie: Researchers at U.C. Berkeley have discovered that some of the nets most popular sites are using a tracking service that cant be evaded -- even when users block cookies, turn off storage in Flash, or use browsers incognito functions. The Wired article was very short...

100 + 3 Sci-Fis

Posted By Tim Bray

I ran across Your Picks: Top 100 Science-Fiction, Fantasy Books at NPR.org of all places. I enjoyed it, and immediately started thinking: Whats missing? First, I have to say that its a pretty good list. With surprises, even, notably the inclusion of Atwoods Handmaids Tale; welcome, but far from her best book. It is biased toward the old rather than the new which is in the nature of such things. Trivia: Ive read 42 of the first 50 and only 21 of the second. Ill read more. I considered, and could only think of three works that were obviously missing; interestingly, all by authors with other offerings that had made the list.

Headed to Edinburgh Festival tonight, Reno WorldCon this week

Posted By Cory Doctorow

I'm about to fly to Edinburgh for a gig at the Edinburgh Festival, tonight at 8:30PM. There are still a few tickets left. From there, I'm headed straight to Renovation, the World Science Fiction Convention in Reno, where I'll be doing a ton of stuff: Wednesday, August 17 11.00-11.45am - Author in the Library, Sierra … [Read more]

Friends resolution problems explained

Posted By Greg Lehey

I've established that the resolution problems in Wellingtonia, the newsletter of the Friends of the Ballarat Botanical Gardens, were due to some processing step, but what? Andy Snow came up with the answer: When the image quality is set to best, the resolution of images isnt scaled down. When the image quality is set to better, images are downsampled to 150 dpi. When the image quality is set to good, images are downsampled to 72 dpi. 72 dpi! What's “good” about that? Even low-resolution faxes have 99 dpi.

Interview with Me

Posted By Bruce Schneier

Here's an interview with me from the Homeland Security News Wire....

WITH A LITTLE HELP at U Washington Bookstore

Posted By Cory Doctorow

Seattle's kick-ass University of Washington bookstore is the latest local store to start selling my DIY science fiction short story collection, With a Little Help, printing it on demand from their Espresso Book Machine. They're even giving away some copies to celebrate.

Firefox: What You See Is More Than You Get

Posted By Greg Lehey

Finally got round to packing up the possum and rat traps to send them back. Printed out the return address from my eBay messages. Well, a good part of it. firefox adapted to my output format and printed a whole lot of nothing on the left and truncated both the right margin and the end of the message. I can't show that detail because it contains confidential information, but the following section illustrates the problem. The display format is bad enough, but the print format is useless:

Analysing the Friends' PDFs

Posted By Greg Lehey

The Friends of the Ballarat Botanical Gardens put out a quarterly newsletter, currently only in PDF form. It really should be in HTML, but so far I've met with some resistance to the idea. But this quarter's edition had problems with image resolution. I have a copy of the original images, and they're pretty tiny. For example, this one (on the left) was only 320×240. That's full size below. I was going to say “don't shrink your photos so much, use a larger image”, but looking at it, it didn't look as bad as when it was printed. So I took another look at the PDF, something with which I have little experience.

Friday Squid Blogging: Giant Squid Painted on Canal Narrowboat

Posted By Bruce Schneier

Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

We have an international standard: C++0x is unanimously approved

Posted By Herb Sutter

The final ISO ballot on C++0x closed on Wednesday, and we just received the results: Unanimous approval. The next revision of C++ that we’ve been calling “C++0x” is now an International Standard! Geneva will take several months to publish it, but we hope it will be published well within the year, and then we’ll be [...]

We have an international standard: C++0x is unanimously approved

Posted By Herb Sutter

[Update: "C++11" is now the confirmed name -- Geneva informs me that they plan to have it published in a matter of weeks, and then we'll have ISO/IEC 14882:2011(E) Programming Languages -- C++, Third Edition. The second edition was C++03, a Technical Corrigendum, or bug patch, that contained no new features. This is the first [...]

Liars and Outliers Cover

Posted By Bruce Schneier

My new book, Liars and Outliers, has a cover. Publication is still scheduled for the end of February -- in time for the RSA Conference -- assuming I finish the manuscript in time....

Rat that Applies Poison to its Fur

Posted By Bruce Schneier

The African crested rat applies tree poison to its fur to make itself more deadly. The researchers made their discovery after presenting a wild-caught crested rat with branches and roots of the Acokanthera tree, whose bark includes the toxin ouabain. The animal gnawed and chewed the tree's bark but avoided the nontoxic leaves and fruit. The rat then applied the...

Counterfeit Pilot IDs and Uniforms Will Now Be Sufficient to Bypass Airport Security

Posted By Bruce Schneier

This seems like a really bad idea: ...the Transportation Security Administration began a program Tuesday allowing pilots to skirt the security-screening process. The TSA has deployed approximately 500 body scanners to airports nationwide in a bid to prevent terrorists from boarding domestic flights, but pilots don't have to go through the controversial nude body scanners or other forms of screening....

Amsterdams American Book Center retailing WITH A LITTLE HELP

Posted By Cory Doctorow

Amsterdam's excellent American Book Center is now carrying my DIY science fiction short story collection, With a Little Help, in its inventory; they've got a print-on-demand machine that'll print and bind a copy in any of the four covers (they'll also ship within Europe and abroad).

My panel with Tim Berners-Lee, Vint Cerf and Al Gore at Mexico Citys Campus Party

Posted By Cory Doctorow

Back in July, I went to Mexico City to moderate a panel at the Campus Party conference, a massive LAN party/campout/hackathon/tech policy event. It was a long, long way to go, but it was worth it: my panelists were Tim Berners-Lee (who invented the Web), Vint Cerf (one of the most important figures in the … [Read more]

Ballarat Gardens in Spring, from the inside

Posted By Greg Lehey

For the past two years we've visited the Ballarat Gardens in Spring, but this year I seem to be involved in the organization. Today I received a PDF for proof-reading from Elizabeth Gilfillan, who also wants it on the Friends of the Ballarat Botanical Gardens web site. That's a problem for an unexpected reason: currently the home page is fairly strongly structured, and there's no place for this sort of thing. Spent much of the day playing around with the home page, which didn't pass the W3.org validation test, and also put together a Google map of the locations. Now to work out how to put the stuff up on the web.

Progress with lirc

Posted By Greg Lehey

Somehow I don't have the courage to open the cans of worms that are lirc and mplayer. With lircd, checked what I had on teevee. It wants startup parameters: lircd  --driver=dvico --device=/dev/uhid0 Tried that, and there were no error messages any more. But irw still didn't return anything, though ktrace clearly showed that lircd received key events:  83716 lircd    CALL  read(0x8,0x7fffffffe0d0,0x3)  83716 lircd    GIO   fd 8 read 3 bytes        0x0000 01fe 5b              |..[| Tried the version I have on teevee, which surprisingly didn't have any library dependency issues.

Yahoo! login again

Posted By Greg Lehey

Why didn't Yahoo! let me log in yesterday? This morning I tried again with the same user name and password, and it worked. And that before my 24 hours enforced lockout had expired. What can I say?

Reading the Economist

Posted By Tim Bray

I mean The Economist, which persists in referring to itself as a newspaper even though it physically appears to be a magazine. Well, it does indeed deliver news and is printed on paper. Oops, maybe not. The mobile app version is out, and its noticeably better than the one involving dead trees. Basics Anyone can install the app, its free. If youre not a subscriber, itll download some highlights from each issue. If you are, then at 9PM British time each Thursday, you can download that weeks issue, in full; all the articles and pictures. Ive been a subscriber for decades; there are a lot of people out there who feel that if you dont read The Economist, you really cant claim to be well-informed.

Security Flaws in Encrypted Police Radios

Posted By Bruce Schneier

"Why (Special Agent) Johnny (Still) Cant Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System," by Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze. Abstract: APCO Project 25a (P25) is a suite of wireless communications protocols used in the US and elsewhere for public safety two-way (voice) radio systems. The protocols include...

My SIGGRAPH keynote

Posted By Cory Doctorow

This week, I gave the keynote address at the ACM SIGGRAPH conference in Vancouver, BC. The event's organizers were kind enough to record and release my video to their YouTube channel. My talk was about the way that copyright can be made to work for creators in the digital age, and why it's important for … [Read more]

Getting multimedia software to work

Posted By Greg Lehey

Finally my ports are all built on the new machine. I gave up on perl yesterday, and on Chromium (or is that chrome?) and nmap today, and the rest built, with some help. mpg23.el claimed to be broken: ===>  mpg123.el-1.52 is marked as broken: does not fetch. *** Error code 1 That's wrong. Presumably at some time or another it applied, but after removing the BROKEN line from the Makefile it fetched and installed with no problems. I installed perl and nmap from packages, and since I don't use chromium, I just took it out of the build.

Friday Squid Blogging: Smaller Male Squid Have Bigger Sperm

Posted By Bruce Schneier

Loligo bleekeri males have two different reproductive strategies, depending on their size. It's kind of like a covert channel....

GPRS Hacked

Posted By Bruce Schneier

Just announced: Nohl's group found a number of problems with GPRS. First, he says, lax authentication rules could allow an attacker to set up a fake cellular base station and eavesdrop on information transmitted by users passing by. In some countries, they found that GPRS communications weren't encrypted at all. When they were encrypted, Nohl adds, the ciphers were often...

"Taxonomy of Operational Cyber Security Risks"

Posted By Bruce Schneier

I'm a big fan of taxonomies, and this -- from Carnegie Mellon -- seems like a useful one: The taxonomy of operational cyber security risks, summarized in Table 1 and detailed in this section, is structured around a hierarchy of classes, subclasses, and elements. The taxonomy has four main classes: actions of people -- action, or lack of action, taken...

Surge is gonna kick ass.

Posted By Theo Schlossnagle

Yahoo!: We don't want you

Posted By Greg Lehey

The current global economic turmoil had many of us watching the stock markets closely, and one of the sites I looked at was http://au.finance.yahoo.com/. Following some links that ultimately proved uninteresting, I found I had to sign in. Not a problem: I have a Yahoo! login, and the password is stored in my browser. But that didn't work. Invalid password. Did I have my CAPS LOCK turned on? Clearly not, since the password included lower case letters, but that didn't stop me getting the message. So I went to password recovery. “What's your alternate email address?” Huh? I don't have one.

Free-Riding on Plant Security Countermeasures

Posted By Bruce Schneier

There's a security story from biology I've used a few times: plants that use chemicals to call in airstrikes by wasps on the herbivores attacking them. This is a new variation: a species of orchid that emits the same signals as a trick, to get pollinated....

New sponsor: Scalability from serverfault.com

Posted By Tom Limoncelli

Notice a new advertisement on the right-hand side of this blog from ServerFault.com's "Scalability" 1-day conference. Use the discount code "everythingsysadmin" and get $100 off registration. I'll be speaking that day. I'm working on my slides right now!

Android and iOS both fail, but Android fails better

Posted By Cory Doctorow

The Guardian

Choosing Android because you dont trust Google

Posted By Cory Doctorow

My latest Guardian column, "Android and iOS both fail, but Android fails better," explains why I prefer Android to iOS -- not because I trust Google more than I trust Apple, but because Android requires less trust than iOS. I use Android because I don't trust Google. Sure, I trust and like individual googlers, and … [Read more]

MRI Lie Detectors

Posted By Bruce Schneier

An article from Salon -- lots of interesting research. My previous blog post on the topic....

Friends' Internet connection

Posted By Greg Lehey

Finally got round to finding out what kind of Internet connection the Friends of the Ballarat Botanical Gardens have. That proved to be completely different from what I had been told: $39.95 for an ADSL line (512/128, 3 GB traffic limit), $17.60 for web hosting (I had been told about $50) and $5.50 for DNS hosting. Clearly we can get rid of the last two. But what about the ADSL connection? That sounds very expensive for such a slow line. But then I see that we're only using about 200 MB per month. And looking at Internode, their cheapest ADSL connections start at $49.95.

System upgrade: the pain continues

Posted By Greg Lehey

On with the system upgrade today. Took the disk out of the housing and installed it in the machine, in itself not an easy action: the power supply didn't have any SATA connector, so I had to change it. Then on, and once again I ran into trouble with perl: cd x2p; LD_LIBRARY_PATH=/src/FreeBSD/ports/lang/perl5.12/work/perl-5.12.4 make s2p make: don't know how to make s2p. Stop That's exactly the same as yesterday. But this time I didn't have anything installed, and the entry was present in /etc/make.conf. I really don't know what this is, but I consider it a bug.

New Bank-Fraud Trojan

Posted By Bruce Schneier

Nasty: The German Federal Criminal Police (the Bundeskriminalamt or BKA for short) recently warned consumers about a new Windows malware strain that waits until the victim logs in to his bank account. The malware then presents the customer with a message stating that a credit has been made to his account by mistake, and that the account has been frozen...

I'll be speaking at LOPSA-NJ, Thu Sept 1, 2011, Lawrenceville, NJ (near Princeton)

Posted By Tom Limoncelli

At the September LOPSA-NJ meeting Thu Sept 1, 2011. The topic will be "What sysadmins wish developers knew and vice-versa". If you are in the area, I hope to see you there! Info about the event: http://lopsanj.org/node/696 Info about LOPSA-NJ: http://lopsanj.org

For the Win, fan podcast edition

Posted By Cory Doctorow

The nice folks at Colbyjack have begun a free, Creative-Commons licensed fan podcast serial of my novel For the Win. The first of 37 installments is here (here's the MP3), and the RSS feed for the podcast is here.

Business Week on The Cyberwar Arms Race

Posted By Bruce Schneier

I've been using the phrase "arms race" to describe the world's militaries' rush into cyberspace for a couple of years now. Here's a good article on the topic that uses the same phrase....

More system installation pain

Posted By Greg Lehey

Started putting together the new hardware for teevee today. And right at the outset there was a surprise. I bought a Sempron 145, as the package and packaging clearly show: But when I brought it up, the BIOS claimed it was an Athlon II . So did FreeBSD: CPU: AMD Athlon(tm) II X2 4450e Processor (2812.81-MHz K8-class CPU)   Origin = "AuthenticAMD"  Id = 0x100f63  Family = 10  Model = 6  Stepping = 3   Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>   Features2=0x802009<SSE3,MON,CX16,POPCNT>   AMD Features=0xee500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM,3DNow!+,3DNow!>   AMD Features2=0x37ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT>   TSC: P-state invariant ...

CL XV: Eagles Nest

Posted By Tim Bray

This will be two consecutive Cottage-Life posts focusing on eagles, and thats OK because theyre at the center of the thing. Herewith a nest with an eaglet in residence; not the greatest picture but its something that I feel blessed to have seen and cant not pass on. Bald eagles like to hang out where there are tall trees right next to the ocean so the fishin is easy, and Keats Island has lots of those; also relatively few permanent human residents to bother them. Enlarge for a better look at the young bird. A small family of eagles lives somewhere in the trees right next to our cottage; theyve appeared in this space before.

Web browsers: frustrated window managers?

Posted By Greg Lehey

I've been using tabs with firefox now for some time. I still don't like them, but there isn't much choice. It's clear that firefox no longer handles windows even marginally well: it uses much more memory and crashes frequently. Tabs are irritating not just because of their nature but also the implementation: in particular, the tab bar is pretty useless when you have more than about 10 tabs. But there's a solution, a drop-down menu of course: And that doesn't look bad.

Establishing real focal lengths

Posted By Greg Lehey

Olympus is not very accurate about reporting focal lengths in its EXIF data. My Zuiko Digital ED 12-60mm F2.8-4.0 SWD doesn't even report some integer focal lengths, such as 25 mm: there's nothing between 24.0 and 26.0 mm. That's a particular problem with wide angle lenses such as the Zuiko Digital ED 9-18mm that I use to take my panoramas. But Hugin calculates the real focal length when presented with a 360° panorama. How accurate are the calculations? I wondered if the discrepancy (reported focal lengths less than the 9 mm minimum of the lens) might the difference in aspect ratio.

Software Testability, Part 3: Accidental Untestability

Posted By Robert V. Binder

The next several posts about testability will cover programming techniques that can enhance or diminish testability. To reveal a bug, a test must: Reach the buggy code Trigger the bug Propagate the incorrect result to an observable interface Incorrect result … Continue reading →

Good Afternoon

Posted By Tim Bray

We often use the Internet as a vehicle for bitching and complaining, and I suppose thats OK. But sometimes things go well, and we should talk about that too. With a hairdresser anecdote and pasta-sauce recipe. It was an at-home Vancouver Saturday, our much-belated summer now fully in residence. On impulse I joined the afternoon pickup soccer game. At my age, an hours soccer with no pulls or sprains is a minor triumph, and chasing a bouncy sphere around a nice grass field on a sunny afternoon is really very refreshing. Now a bit of back story; on Friday, I went for a haircut because after all Im keynoting a conference in Mexico City on Tuesday.

Pittsburgh, San Francisco, Raleigh, and Boston speaking engagements announced

Posted By Tom Limoncelli

I've updated http://everythingsysadmin.com's front page to list all upcoming speaking engagements. Look for me in Pittsburgh on Oct 8-9 for the Pittsburgh Perl Workshop, in San Francisco on Oct 14 for Scalability (sponsored by ServerFault), and in Raleigh, NC on Oct 20 for ISSA Triangle InfoSeCon. Of course, in December I'll be speaking at LISA '12 including 1.5 full days of tutorials. More info on the left navigation bar on http://everythingsysadmin.com

This message sent from my real computer

Posted By Greg Lehey

Lately I've been getting messages from people using mobile phones to send email. You can tell because the .sig contains the line Sent from my mobile device OK, I can do that too, so I added this line to my .sig: Sent from my real computer Tom Maynard didn't like that and thought it snobbish. Maybe he has a point.

ABC supports Real Audio again

Posted By Greg Lehey

A few months ago I discovered that the Real Audio links on the ABC Classic FM radio web site no longer worked: they just timed out. Talking to a representative on the phone, discovered that they were planning to drop Real Audio, but the links are still on their web site. And now it works again—almost. The transmission rate is so slow that you can't listen online (the intention) but have to save it to disc first (probably not what they like).

Webmin as an MUA

Posted By Greg Lehey

Chris Yeardley has been sending messages to Yvonne using Webmin, mainly because it's the only option open to her some of the time. And Yvonne has been complaining that the text is truncated. Sure enough, it was. Looking in the mail spool, I saw, all on one line: Oh crap!!! Dann schmier Dir mal was von der gruenen Pferdepaste auf die Rippen. Und ein Ibuprofen oder zwei werden auch nicht schaden. Ich hab auch eine aua Stelle auf dem rechten Rippenbogen (von gestern Abend). Aber mein Koerper ist da etwas haerter im Nehmen...

New hardware for teevee

Posted By Greg Lehey

As a result of last night's failures, off to Geelong today to buy new hardware. Things are getting cheaper all the time. Got an AsRock N68VS3 motherboard, a Sempron LE-145 and 2 GB memory (the smallest they have!) for a total of $101. Also a display card in case the on-board graphics aren't good enough for teevee (otherwise Yvonne gets it) and a 5 port gigabit switch, the first ever. Back home came the question: how do I do this? The old teevee still works, but the version of FreeBSD that it runs is 3 years old, and there's a good chance that some of today's new hardware is not supported in that version.

Friday Squid Blogging: Severed Hand is Actually A Dried Squid

Posted By Bruce Schneier

I just can't make this stuff up: A report of a severed hand found at an Oahu seabird sanctuary has turned out to be dried squid. Remember: if you see something, say something. Again this week, please use the squid post to talk about the security stories in the news that I didn't cover....

XKCD on the CIA Hack

Posted By Bruce Schneier

So true....

Perma-noob

Posted By Tim Bray

This week Ive been learning how one would build a simple RESTful back-end for an Android app, using Sinatra on Rack on JRuby on Java on App Engine and its Datastore, by doing it. The app needs persistence and user-account authentication, among other things. Its been stimulating, but Im feeling wistful. Lets see, we could call this the JAD stack. The problem is that while Im reasonably Ruby-literate, Ive never touched Sinatra nor App Engine nor Google account authentication. So while I think my conclusion will be that this is a good clean high-productivity stack for building this kind of thing, I actually havent actually been very productive, because Ive had 25 different browser tabs perpetually open to consult on the details of all the different API levels and how they fit together.

Zodiac Cipher Cracked

Posted By Bruce Schneier

I admit I don't pay much attention to pencil-and-paper ciphers, so I knew nothing about the Zodiac cipher. Seems it has finally been broken: The Zodiac Killer was a serial killer who preyed on couples in Northern California in the years between 1968 and 1970. Of his seven confirmed victims, five died. More victims and attacks are suspected. The killer...

Care and Trust

Posted By Benjamin Mako Hill

When you care for somebody, it is difficult to tell them "no." When you trust somebody, you will tell them.

German Police Call Airport Full-Body Scanners Useless

Posted By Bruce Schneier

I'm not surprised: The weekly Welt am Sonntag, quoting a police report, said 35 percent of the 730,000 passengers checked by the scanners set off the alarm more than once despite being innocent. The report said the machines were confused by several layers of clothing, boots, zip fasteners and even pleats, while in 10 percent of cases the passenger's posture...

More USB death

Posted By Greg Lehey

Doing my photo backups this afternoon was a problem. On connecting my external USB drive to teevee, I got lots of: Aug  4 16:37:24 teevee kernel: uhub1: port 3 reset failed Aug  4 16:37:55 teevee last message repeated 29 times Aug  4 16:39:56 teevee last message repeated 114 times I had to connect to a different USB connector before the drive was recognized. That wasn't all, though. In the evening had trouble with the remote control, which was generating incorrect events, and the mouse started wandering round the screen.

Home-Made Wi-Fi Hacking, Phone Snooping, UAV

Posted By Bruce Schneier

Impressive....

Hacking Lotteries

Posted By Bruce Schneier

Two items on hacking lotteries. The first is about someone who figured out how to spot winner in a scratch-off tic-tac-toe style game, and a daily draw style game where expcted payout can exceed the ticket price. The second -- behind a paywall, sorry -- is about someone who has won the lottery four times, with speculation that she had...

Getting digital copyright right: pay artists, but dont break the Internet

Posted By Cory Doctorow

I'm headed to Vancouver this weekend to give a keynote at SIGGRAPH; I did a long interview with Blaine Kyllo from the Georgia Straight about the subject of my talk -- that is, how you build a digital copyright system that gives creators a fair deal, and why getting it wrong is bad for the … [Read more]

New Information on the Inventor of the One-Time Pad

Posted By Bruce Schneier

Seems that the one-time pad was not first invented by Vernam: He could plainly see that the document described a technique called the one-time pad fully 35 years before its supposed invention during World War I by Gilbert Vernam, an AT&T engineer, and Joseph Mauborgne, later chief of the Army Signal Corps. [...] The 1882 monograph that Dr. Bellovin stumbled...

Identifying People by their Writing Style

Posted By Bruce Schneier

The article is in the context of the big Facebook lawsuit, but the part about identifying people by their writing style is interesting: Recently, a team of computer scientists at Concordia University in Montreal took advantage of an unusual set of data to test another method of determining e-mail authorship. In 2003, the Federal Energy Regulatory Commission, as part of...

VCs Say the Darndest Things

Posted By Robert V. Binder

As the fundraiser for startup mVerify, I contacted over a hundred venture capital investors and then had serious discussions with several dozen.  Although I came close to getting a terms sheet a few times, all the discussions ended in a … Continue reading →

Developments in Facial Recognition

Posted By Bruce Schneier

Eventually, it will work. You'll be able to wear a camera that will automatically recognize someone walking towards you, and a earpiece that will relay who that person is and maybe something about him. None of the technologies required to make this work are hard; it's just a matter of getting the error rate down low enough for it to...

Attacking PLCs Controlling Prison Doors

Posted By Bruce Schneier

Embedded system vulnerabilities in prisons: Some of the same vulnerabilities that the Stuxnet superworm used to sabotage centrifuges at a nuclear plant in Iran exist in the countrys top high-security prisons, according to security consultant and engineer John Strauchs, who plans to discuss the issue and demonstrate an exploit against the systems at the DefCon hacker conference next week in...

Another day of photo processing

Posted By Greg Lehey

Carried on with my panorama experiments again today. And it took another whole day! Part of that was just moving files around (and getting it wrong a couple of times), but also discovered another mistake I had made yesterday: I had not set the lens to its 9 mm focal length. The EXIF data tells me 10 mm, but which Hugin tells me was 10.38 mm. I'm assuming that Hugin gets this value from the relationship between image size and the total (360°) width. It starts with the value supplied by the EXIF data, but after alignment it changes the value.

Introduction to 20th anniverary edition of The Difference Engine

Posted By Cory Doctorow

Here's a reading of my introduction for the 20th anniversary edition of William Gibson and Bruce Sterling's Difference Engine, which is just out from Random House, with new material from Bill and Bruce. Mastering by John Taylor Williams: [email protected] John Taylor Williams is a full-time self-employed audio engineer, producer, composer, and sound designer. In his … [Read more]

Breaking the Xilinx Virtex-II FPGA Bitstream Encryption

Posted By Bruce Schneier

It's a power-analysis attack, which makes it much harder to defend against. And since the attack model is an engineer trying to reverse-engineer the chip, it's a valid attack. Abstract: Over the last two decades FPGAs have become central components for many advanced digital systems, e.g., video signal processing, network routers, data acquisition and military systems. In order to protect...

Using Science Fiction to Teach Computer Security

Posted By Bruce Schneier

Interesting paper: "Science Fiction Prototyping and Security Education: Cultivating Contextual and Societal Thinking in Computer Security Education and Beyond," by Tadayoshi Kohno and Brian David Johnson. Abstract: Computer security courses typically cover a breadth of technical topics, including threat modeling, applied cryptography, software security, and Web security. The technical artifacts of computer systems -- and their associated computer security risks...

SolidFire: Cloud Operators Becomes a Market

Posted By James Hamilton

Its a clear sign that the Cloud Computing market is growing fast and the number of cloud providers is expanding quickly when startups begin to target cloud providers as their primary market. Its not unusual for enterprise software companies to target cloud providers as well as their conventional enterprise customers but Im now starting to see startups building products aimed exclusively at cloud providers. Years ago when there were only a handful of cloud services, targeting this market made no sense. There just werent enough buyers to make it an interesting market. And, many of the larger cloud providers are heavily biased to internal development further reducing the addressable market size.

More reception problems

Posted By Greg Lehey

So, I had finally decided that my reception problems lie in the antenna system, and I'm wondering whether to approach it myself or get somebody in to do it for me. What speaks against the latter is the suspicion that they won't necessarily do it well enough. It looks as if Barry Robinson positioned the antenna incorrectly when he installed it. But that doesn't seem to be the only problem. Came in this morning and found one “recording” completely empty, and a second one still “recording”, having stored nothing. Both were on GEM, so it looked like a smoking gun. Tried recording the same programme on another tuner and—it worked.