Blog Archive: March 2012

Sat, 31 Mar 2012 14:45:24 UTC

RFC 2410: NULL is not a joke (nor an April Fools joke)

Posted By Tom Limoncelli

In 2007 when Peter H. Salus and I published all the April Fools RFCs in one book we also included the poetry RFCs and the funny RFCs published outside of April Fools timeframe. Speaking of which... we included "RFC 2410: The NULL Encryption Algorithm and Its Use With IPsec" because, well, I thought it was funny. Specifying an encryption scheme for IPsec that does not encrypt the bytes is, well, funny. It turns out it wasn't published as a joke. Oops. No offense meant to the authors R. Glenn and S. Kent. Nobody pointed this out to me until years after the book was printed.

Fri, 30 Mar 2012 23:28:36 UTC

Back on the net

Posted By Greg Lehey

Woke up early this morning pondering what could be wrong with my network connection. Everything pointed to the antenna or the modem itself, and it became clear that any damage there would take days to fix: everything came by post, and I don't know anywhere in Ballarat where I could find a replacement. But this horrible antenna connector seemed a good place to start. There's no way to attach it properly, and it ends up hanging off the dongle. I've put a cable tie around it to keep it in place, but clearly this is one of the worst connectors I've ever seen: Into the office, confirmed that, as expected, I was ...

Fri, 30 Mar 2012 21:28:52 UTC

Friday Squid Blogging: How Squid Hear

Posted By Bruce Schneier

Interesting research: The squid use two closely spaced organs called statocysts to sense sound. "I think of a statocyst as an inside-out tennis ball," explains Dr Mooney. "It's got hairs on the inside and this little dense calcium stone that sits on those hair cells. "What happens is that the sound wave actually moves the squid back and forth, and...

Fri, 30 Mar 2012 19:00:00 UTC

Eclipse to IntelliJ

Posted By Tim Bray

After two years I still loathe Eclipse, and my former love NetBeans is now from a bad neighborhood, and more and more people I respect are switching to IntelliJ Idea. So I thought Id give it a try, since Im just starting on a project that might grow large-ish. This is going to be a diary of the experience, heavily loaded with GoogleBait in case others encounter some of the same pain points that are inevitable in such a transition. Error: Module not specified Importing projects from Eclipse to Idea is a little tricky. First (I didnt do this) you gotta learn the lingo.

Fri, 30 Mar 2012 01:16:39 UTC

Network problems again

Posted By Greg Lehey

My network connection has been quite good latelythe last real outages (more than 5 minutes) was on 17 January 2012. But today it was time again: Mar 29 21:29:28 cojones ppp[1709]: tun0: Chat: Send: ATZ^M Mar 29 21:29:28 cojones ppp[1709]: tun0: Chat: Expect(5): OK Mar 29 21:29:28 cojones ppp[1709]: tun0: Chat: Received: ^M Mar 29 21:29:28 cojones ppp[1709]: tun0: Chat: Received: NO CARRIER^M Mar 29 21:29:28 cojones ppp[1709]: tun0: Warning: Chat script failed That's different from what I received before, and it suggests that the problem is local rather than with the network.

Fri, 30 Mar 2012 00:38:15 UTC

Interview: C++A Language for Modern Times

Posted By Herb Sutter

Last week I spent 30 minutes with interviewer Robert Hess to talk about the differences between managed and native languages, and why modern C++ is clean, safe, and fast  as clean and safe as any other modern language, and still the king of fast. The interview just went live today on Channel 9. Heres [...]

Thu, 29 Mar 2012 23:27:04 UTC

NBN coverage maps and providers

Posted By Greg Lehey

Arjen Lentz published a link on Facebook today: the NBN rollout map, including a search function conveniently not linked to URLs. It's clear that they haven't ironed out the wrinkles yet. According to the map, work started on the tower last July, while in reality the planning approval was only granted two days ago. Presumably work includes planning. And on the View all communities in the rollout, Dereel doesn't figure at all, though Enfield does. Searching for Dereel brought this map: That's interesting because of the holes.

Thu, 29 Mar 2012 19:07:38 UTC

Summer Schools in Cryptography and Software Security at Penn State

Posted By Bruce Schneier

Normally I just delete these as spam, but this summer program for graduate students 1) looks interesting, and 2) has some scholarship money available....

Thu, 29 Mar 2012 14:39:26 UTC

Tom @ LILUG, Tue, April 10, 2012, Woodbury, Long Island, NY

Posted By Tom Limoncelli

I'll be giving a talk about Ganeti, the open source virtual cluster manager April 10th @ 8:00pm at the Woodbury Campus of Cold Spring Harbor Lab, in the Woodbury Auditorium. For more information visit: http://lilug.org See you there!

Thu, 29 Mar 2012 14:22:31 UTC

Power Management of Online Data-Intensive Services

Posted By James Hamilton

I met Googles Wolf-Dietrich Weber at the 2009 CIDR conference where he presented what is still one of my favorite datacenter power-related papers. I liked the paper because the gain was large, the authors werent confused or distracted by much of what is incorrectly written on datacenter power consumption, and the technique is actually practical. In Power Provisioning for a Warehouse-sized Computer, the authors argue that we should oversell power, the most valuable resource in a data center.  Just as airlines oversell seats, their key revenue producing asset, datacenter operators should oversell power.   Most datacenter operators take the critical power, the total power available to the data center less power distribution losses and mechanical system cooling loads, then reduce it by at least 10 to 20% to protect against the risk of overdraw which can draw penalty or power loss.

Thu, 29 Mar 2012 11:53:30 UTC

Harms of Post-9/11 Airline Security

Posted By Bruce Schneier

As I posted previously, I have been debating former TSA Administrator Kip Hawley on the Economist website. I didn't bother reposting my opening statement and rebuttal, because -- even thought I thought I did a really good job with them -- they were largely things I've said before. In my closing statement, I talked about specific harms post-9/11 airport security...

Wed, 28 Mar 2012 19:00:00 UTC

WebSockets Follow-Up

Posted By Tim Bray

Back in early 2010 I wrote an immensely long piece called HTML5; a section called How To Spec? took a baffled look at one of the many HTML5 sub-projects, WebSockets. I was puzzled because the structure of the spec read like nothing Id ever encountered; in particular nothing Id ever seen in the IETF, where the work was sort of being done. I went so far as doing a strawman alternate draft in a more conventional style, as an exercise in comparison. Subsequently, I got involved slightly in the IETF working group, and found that the process was as strange as the spec it was producing; an attempt to embed the idiosyncratic WHATWG process in the IETF context; which is at least as idiosyncratic, but well-worked out and has produced some pretty good results, for example the Internet.

Wed, 28 Mar 2012 15:14:27 UTC

PICC keynote announced: Rebecca Mercuri on "The Black Swan and Information Security"

Posted By Tom Limoncelli

[Note: "Early-bird" price ends in 3 days! Don't lose the discount!] The PICC committee is excited to announce our closing keynote speaker: Rebecca Mercuri on "The Black Swan and Information Security" Dr. Mercuri is the lead forensic expert at Notable Software, Inc. Her caseload has included matters from contraband, murder, viruses and malware, and election recounts (most notably Bush vs. Gore). She has testified on the federal, state, and local level as well as to the U.K. Cabinet. Talk abstract: The economic theories proposed by Nassim Nicholas Taleb in his book "The Black Swan" have strong parallels in information security. Indeed, the concepts of robustness and risk assessment mentioned in Taleb's writing are also well known to those who design software and systems intended to withstand attack.

Wed, 28 Mar 2012 11:05:26 UTC

SHARCS Conference

Posted By Bruce Schneier

Last weekend was the 2012 SHARCS (Special-Purpose Hardware for Attacking Cryptographic Systems) conference. The presentations are online....

Wed, 28 Mar 2012 05:27:02 UTC

Protecting your Facebook privacy at work isnt just about passwords

Posted By Cory Doctorow

The Guardian

Wed, 28 Mar 2012 05:26:27 UTC

Facebook passwords: many employers can snoop them, and dont need to ask

Posted By Cory Doctorow

US senators are calling for action on employers' habit of demanding employees' Facebook passwords, but no one seems to notice that many companies configure their computers so that they can eavesdrop on your Facebook, bank, and webmail passwords, even when those passwords are "protected" by SSL. In my latest Guardian column, "Protecting your Facebook privacy … [Read more]

Tue, 27 Mar 2012 23:25:09 UTC

Rechecking old disks

Posted By Greg Lehey

After all the disk failures the other day, I began to suspect the USB external housing was the real culprit, so put the disks in defake on the PATA interface. Most of them ran perfectly. One had a single unreadable sector, the very first. Did the housing somehow mess that up? After writing the disk with zeroes, there were no further problems, anyway. So the real culprit must have been the housing, made by Ritmo, not known for high quality. To quote Daniel O'Connor on IRC: <Andys> nox: Ritmo = $30 ATX cases ....

Tue, 27 Mar 2012 22:15:51 UTC

Cascadia IT 2012: A big success!

Posted By Tom Limoncelli

Thanks to everyone that attended my tutorials and talk at Cascadia IT 2012. I finally got the timing right on both the Intro to Time Management for Sysadmins as well as The Limoncelli Test. I also gave a talk about the open source virtual cluster manager called Ganeti which I'm a part of via my job at Google. I'll be repeating this talk at CrabbyAdmins in Columbia, MD on Wed, April 4th. After the conference I got email from a fan that wrote "just an FYI, I've placed your book on a custom foam pedestal at my desk. Gave you the old WA state classiness."

Tue, 27 Mar 2012 21:28:04 UTC

Technical Equity

Posted By Robert V. Binder

Technical Equity is the value that accrues when a software system is well-formed.  Instead of burdening you with unnecessary excess cost, your codebase works for you. Technical equity pays dividends: you avoid wasted effort and the consequences of buggy releases, and … Continue reading →

Tue, 27 Mar 2012 21:28:04 UTC

Technical Equity

Posted By Robert V. Binder

Technical Equity is the value that accrues when a software system is well-formed.  Instead of burdening you with unnecessary excess cost, your codebase works for you. Technical equity pays dividends: you avoid wasted effort and the consequences of buggy releases, and gain the advantage of releasing sooner and/or with more features, for the same cost.  It [...]

Tue, 27 Mar 2012 21:28:04 UTC

Technical Equity

Posted By Robert V. Binder

Technical Equity is the value that accrues when a software system is well-formed.  Instead of burdening you with unnecessary excess cost, your codebase works for you. Technical equity pays dividends: you avoid wasted effort and the consequences of buggy releases, and gain the advantage of releasing sooner and/or with more features, for the same cost.  It [...]

Tue, 27 Mar 2012 19:42:43 UTC

The Founders Dilemmas

Posted By Joel Spolsky

My friend Noam Wasserman at Harvard Business School has spent years researching startups. His work is great, because he actually does real, quantitative research on the kinds of things that everybody has opinions about. Should you raise more money or maintain more control? Should you have a cofounder? Should your friends and relatives be cofounders? When and if should a founder be replaced by a professional manager? There are certainly a lot of blog posts about this stuff but not a lot of data... until now. Wasserman has finally put it all together in a great book called The Founders Dilemmas, which I highly recommend if youre starting a company.

Tue, 27 Mar 2012 19:00:00 UTC

Help Me Buy a Computer

Posted By Tim Bray

I mean with advice, not money. Dear LazyWeb: Im about to replace the MacBook Pro that Im typing this on, and not sure what to get. The problem is the pictures. Im actually seriously thinking about buying a Windows (!) box. In recent years Ive been running with this perfectly-OK 13" SSD-based Google MacBook Pro. Its death knell approaches, and there are lots of options. Heres the Problem (Im looking at you, Adobe.) I take pictures. I use Lightroom to process them. I like it. The current camera emits DNGs that average between 20-25M, and I take them dozens or hundreds at a time.

Tue, 27 Mar 2012 19:00:00 UTC

Purple Place

Posted By Tim Bray

Not just any place, but BC Place, our local football stadium, which got a welcome refresh last year and is lit up in colors that change from night to night; its nestled among buildings and there are very few (any?) places where you can see the whole thing. But after dark, you keep getting surprised by bits of it from here and there around town. I must look up who designed this and think kind thoughts; its improved my city.

Tue, 27 Mar 2012 17:16:20 UTC

How Technical Debt turns into Technical Bankruptcy

Posted By Robert V. Binder

Technical Bankruptcy occurs when technical debt overwhelms a software system. Ive previously blogged about a case study  how the accumulation of poor development practices resulted in the business failure of highly successful Enterprise IT software company. The technical debt … Continue reading →

Tue, 27 Mar 2012 17:16:20 UTC

How Technical Debt turns into Technical Bankruptcy

Posted By Robert V. Binder

Technical Bankruptcy occurs when technical debt overwhelms a software system. Ive previously blogged about a case study  how the accumulation of poor development practices resulted in the business failure of highly successful Enterprise IT software company. The technical debt metaphor provides a nice handle for a software development  trade-off thats been present in every [...]

Tue, 27 Mar 2012 17:16:20 UTC

How Technical Debt turns into Technical Bankruptcy

Posted By Robert V. Binder

Technical Bankruptcy occurs when technical debt overwhelms a software system. Ive previously blogged about a case study  how the accumulation of poor development practices resulted in the business failure of highly successful Enterprise IT software company. The technical debt metaphor provides a nice handle for a software development  trade-off thats been present in every [...]

Tue, 27 Mar 2012 11:46:48 UTC

The Effects of Data Breach Litigation

Posted By Bruce Schneier

"Empirical Analysis of Data Breach Litigation," Sasha Romanosky, David Hoffman, and Alessandro Acquisti: Abstract: In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated,...

Mon, 26 Mar 2012 23:11:53 UTC

Strange USB disk behaviour

Posted By Greg Lehey

Yesterday I set up the set top box to record two programmes onto a USB disk that I had borrowed from Chris Yeardley. Took a look today, and ran into a number of issues. First was mtools, the software for accessing FAT file systems: === root@teevee (/dev/pts/5) ~ 3  -> mdir Can't open /dev/fd0: No such file or directory Cannot initialize 'A:' Yes, I recall something about that. There's some config file, but where? RTFM time. But the man page doesn't go beyond mentioning the config file:        ...

Mon, 26 Mar 2012 18:02:24 UTC

Congressional Testimony on the TSA

Posted By Bruce Schneier

I was supposed to testify today about the TSA in front of the House Committee on Oversight and Government Reform. I was informally invited a couple of weeks ago, and formally invited last Tuesday: The hearing will examine the successes and challenges associated with Advanced Imaging Technology (AIT), the Screening of Passengers by Observation Techniques (SPOT) program, the Transportation Worker...

Mon, 26 Mar 2012 16:31:04 UTC

Copyright isnt dead just because were not willing to let it regulate us

Posted By Cory Doctorow

Here's a podcast of my last Guardian column, Copyright isn't dead just because we're not willing to let it regulate us: The first time I ever heard someone declare the death of copyright, it wasn't a dreadlocked GNU/Linux hacker or a cyberpunk in mirror shades: it was a music executive, circa 1999, responding to the … [Read more]

Mon, 26 Mar 2012 11:38:16 UTC

Rare Spanish Enigma Machine

Posted By Bruce Schneier

This is a neat story: A pair of rare Enigma machines used in the Spanish Civil War have been given to the head of GCHQ, Britain's communications intelligence agency. The machines - only recently discovered in Spain - fill in a missing chapter in the history of British code-breaking, paving the way for crucial successes in World War II. Fun...

Mon, 26 Mar 2012 11:36:52 UTC

C++ and Beyond 2012: Aug 5-8, Asheville, NC, USA

Posted By Herb Sutter

February and March have been killer busy, so that I forgot to repeat an important announcement here: registration is open for C++ and Beyond 2012! Im looking forward to teaching for three days again with Scott Meyers and Andrei Alexandrescu as one of the top C++ conference highlights of the year. This year, C&B will [...]

Sun, 25 Mar 2012 19:00:00 UTC

Data Pricing Sanity Maybe?

Posted By Tim Bray

Im hearing refreshing outbursts of sanity recently on mobile-data pricing (and puzzlingly, grumbling from people I normally agree with). Usage-based data pricing is inevitable. Just because the rumblings are coming from phone companies doesnt mean theyre wrong. The Problem Heres the simplest way I can put it: Fixed-price unlimited-volume data pricing is a totally, unfixably broken idea. Because once the network operator has your monthly payment, theyre powerfully incented to keep you from using the network; theres only downside in people enriching their lives via the Internet. Its painfully obvious that the world really needs a pedal-to-the-metal damn-the-expense buildout of wireless data capacity.

Sat, 24 Mar 2012 04:41:08 UTC

Copyright isnt dead just because were not willing to let it regulate us

Posted By Cory Doctorow

The Guardian

Sat, 24 Mar 2012 04:40:36 UTC

Copyright is alive and well on the Internet

Posted By Cory Doctorow

My latest Guardian column, "Copyright isn't dead just because we're not willing to let it regulate us," makes the case that copyright hasn't been killed by the Internet -- it hasn't even been threatened. Rather, the entertainment industry have made a nonsense of copyright by stubbornly (and ahistorically) insisting that this it concerns itself with … [Read more]

Sat, 24 Mar 2012 01:48:20 UTC

The desktop and server: oil and water.

Posted By Theo Schlossnagle

Fri, 23 Mar 2012 21:18:40 UTC

Friday Squid Blogging: Giant Squid Eyes

Posted By Bruce Schneier

It seems that the huge eyes of the giant squid are optimized to see sperm whales....

Fri, 23 Mar 2012 19:00:00 UTC

Eight From Maui

Posted By Tim Bray

Pictures, I mean. I suspect that many readers have been somewhere in Hawai»i at least once, and may find smiles in the photos. For those whove not, or who have but not to Maui, Ive wrapped some words of advice around the pictures. Why These Islands? If youre on the west coast of North America, its a direct 6-hour flight from almost anywhere. From anywhere else in the world, the Caribbean or Bali or Queensland might be a better choice if youre hungry for sunshine and beaches. Every Hawaiian photoset has to have one of those. Why This Island? Maui is just ridiculously nice.

Fri, 23 Mar 2012 13:44:12 UTC

Makers fan-video

Posted By Cory Doctorow

Chris Davis made a smart 1 minute video inspired by Makers, which provides visual accompaniment to Landon Kettlewell's opening speech in the novel.

Fri, 23 Mar 2012 11:33:14 UTC

The Economist Debate on Airplane Security

Posted By Bruce Schneier

On The Economist website, I am currently debating Kip Hawley on airplane security. On Tuesday we posted our initial statements, and today (London time) we posted our rebuttals. We have one more round to go. I've set it up to talk about the myriad of harms airport security has caused: loss of trust in government, increased fear, creeping police state,...

Thu, 22 Mar 2012 23:42:37 UTC

More USB disk pain

Posted By Greg Lehey

Tomorrow we have no less than 6 potential candidates for video recording tomorrow at 21:00. I only have 2 tuners in cvr2, so clearly it was time to get a functional USB disk in the external tuner, like I tried last week. At least now I knew how to build FAT32 file systems on the disks, and that went relatively quickly. But I tried 3 disks, and they all died, with different reasons. That makes a total of four dead disks, all of which I thought were OK. Somehow the problem must be elsewhere; I suspect the USB enclosure now, or maybe the power supply.

Thu, 22 Mar 2012 19:00:00 UTC

Selling Canadians Short

Posted By Tim Bray

[If you dont care about Canadian politics, you can stop reading now.] Recently I ran across A budget, a leadership race  and a nation split up the middle, by Andrew Coyne, a titan of the Canadian conservative commentariat. It made me so mad that I wanted to emit a loud peevish whine in this space, but I decided to wait till Id cooled down. But unfortunately I havent. Mr Coynes thesis is that the residents of the energy-producing regions of Canada are corrupt fools. Fortunately his argument is pitiably weak. Coynes backdrop is the current leadership race in the NDP; [I wont explain the significance since youre not reading this if youre not into our politics, and anyhow its just the backdrop].

Thu, 22 Mar 2012 17:47:48 UTC

How do Big US Firms Use Open Source Software?

Posted By Diomidis D. Spinellis

We hear a lot about the adoption of open source software, but when I was asked to provide hard evidence there was little I could find. In an article I recently published in the Journal of Systems and Software together with my colleague Vaggelis Giannikas we tried to fill this gap by examining the type of software the US Fortune 1000 companies use in their web-facing operations. The results were not what I was expecting.

Thu, 22 Mar 2012 12:17:05 UTC

Can the NSA Break AES?

Posted By Bruce Schneier

In an excellent article in Wired, James Bamford talks about the NSA's codebreaking capability. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the...

Thu, 22 Mar 2012 04:06:24 UTC

The Serpent in the Sword continued...

Posted By Niels Provos

Thu, 22 Mar 2012 01:37:17 UTC

Completing the Apple reinstall

Posted By Greg Lehey

Continued with the reinstall of boskoop today, but much more slowly. Restored the tar archive I made last weekit appears to be complete modulo the unreadable files, and in the process I found all sorts of things I didn't know about, including lots of junk in the root file system, such as MP3 files and a directory called :home:grog, apparently an attempt to obfuscate normal path names) in the root file system. /:home:grog contained what appears to be something like downloaded DMG files. I wonder where the Finder claims it is really located. My home directory (/Users/grog/) was nearly 9 GB in size, most of it not put there by me: 1.4 GB of files gratuitously copied by iTunes (no thank you, ituNes, I do not want you to manage my music collection for me), and nearly 5 GB in ~/Pictures, 2 GB apparently by some program that was installed ...

Wed, 21 Mar 2012 22:26:15 UTC

Better network up times

Posted By Greg Lehey

My network connectivity is finally getting almost acceptable. The last outage was on 15 February 2012, 5 weeks ago, and the pppd connection was up for almost all that time, as a snapshot yesterday showed: Time online: 39D 20:32:26 Mode: HSPA / SRVST: 2 RSSI:  -101 dBm (6) Total: 5535.78 MB / 5916.93 MB Now:   1222   B / 63.45 kB But this morning the connection bounced, though the process continued running (it was started on 24 January 2012), I didn't lose TCP connections, and my outage page didn't register the problem.

Wed, 21 Mar 2012 19:36:19 UTC

Another Liars and Outliers Excerpt

Posted By Bruce Schneier

IT World published an excerpt from Chapter 4....

Wed, 21 Mar 2012 15:00:52 UTC

Job ad: post-doctoral researcher in security, operating systems, computer architecture

Posted By Robert N. M. Watson

We are pleased to announce a job opening at the University of Cambridge Computer Laboratory for a post-doctoral researcher working in the areas of security, operating systems, and computer architecture. Research Associate in compiler-assisted instrumentation of operating system kernels University of Cambridge – Faculty of Computer Science and Technology Salary: £27,578-£35,938 pa The funds for this post are available [...]

Wed, 21 Mar 2012 11:26:26 UTC

Unprinter

Posted By Bruce Schneier

A way to securely erase paper: "The key idea was to find a laser energy level that is high enough to ablate - or vaporise - the toner that at the same time is lower than the destruction threshold of the paper substrate. It turns out the best wavelength is 532 nanometres - that's green visible light - with a...

Wed, 21 Mar 2012 04:00:00 UTC

A Thousand Platforms ...

Posted By Werner Vogels

Todays AWS Elastic Beanstalk announcement of PHP and Git support reminded me of the post where I mentioned that we want to let a thousand platforms bloom on AWS. Some might ask why AWS would want a thousand platforms. One of the most important AWS principles is flexibility. Flexibility is in the choice of software and languages running on AWS, in the tools and interfaces available to manipulate resources and applications, and in the ability to leverage services from other providers. One of our customers I met last week was talking about his application and how it runs on AWS; He collects geo-location data, analyzes and crunches this data using Elastic Map Reduce, stores the data for quick access in DynamoDB, runs his user interface on Heroku and his web services layer for mobile devices on Elastic Beanstalk.

Tue, 20 Mar 2012 22:50:49 UTC

Reinstalling MacOS X

Posted By Greg Lehey

Finally finished backing up the reconstituted disk for boskoop, so put it in the machine and tried to boot from it. Nothing. No error messages, not even these silly 1980s images, just a greyer apple on a grey screen, with a twirling baton underneath. Where do you go from there? There were several possibilities: part of the boot blocks could be missing, or maybe it didn't like the fact that the disk wasn't the same size as the image. But wouldn't a bit of text help? Tried a number of things. Copied Chris' system disk (10 GB!) to a 20 GB disk and tried to boot from that.

Tue, 20 Mar 2012 14:21:44 UTC

Printable version of The Limoncelli Test

Posted By Tom Limoncelli

As requested, I've made a printable version of The Limoncelli Test. http://everythingsysadmin.com/the-test.pdf http://everythingsysadmin.com/the-test.html I'll be teaching a class based on this article in Fri, March 23 2012 at the Cascadia IT Conference in Seattle, WA and on Fri, May 11, 2012 at the LOPSA PICC 2012 Conference in New Brunswick, NJ. Seating is limited. Register soon! I'll also be teaching my Time Management class and giving an invited talk on the Ganeti virtual server cluster management software. See you there!

Tue, 20 Mar 2012 13:52:05 UTC

Hacking Critical Infrastructure

Posted By Bruce Schneier

A otherwise uninteresting article on Internet threats to public infrastructure contains this paragraph: At a closed-door briefing, the senators were shown how a power company employee could derail the New York City electrical grid by clicking on an e-mail attachment sent by a hacker, and how an attack during a heat wave could have a cascading impact that would lead...

Mon, 19 Mar 2012 22:35:03 UTC

More Apple disk recovery

Posted By Greg Lehey

On with the disk recovery today. The real issue is backups. I'm religious with backups, and I make backups every eveningon my FreeBSD boxes. With others it's not as simple, because they're not powered on all the time, and in the case of commercial operating systems, tar doesn't seem to be the way to go. So I've been making disk images, so that in case of failure I can just copy them to a new disk. And in between I make some half-hearted backup attemptstoo seldom, it seems. The directory /src/dump/boskoop was empty, and a locate boskoop found nothing of interest. Only later did I find that I had changed the spelling: Boskoop is a Dutch town famous for its apples, but the name is often called Boskopp in German, and when I got the box I didn't know about the Dutch town.

Mon, 19 Mar 2012 19:37:47 UTC

Britannica Brat

Posted By Robert V. Binder

I’ve been reflecting on the recent announcement that Encyclopedia Britannica (EB) will no longer publish in print. Subscription to its web site is now the only offered media. My full set of the 15th edition (1974) rests on the lower two … Continue reading →

Mon, 19 Mar 2012 19:37:47 UTC

Britannica Brat

Posted By Robert V. Binder

I’ve been reflecting on the recent announcement that Encyclopedia Britannica (EB) will no longer publish in print. Subscription to its web site is now the only offered media. My full set of the 15th edition (1974) rests on the lower two shelves of a bookcase in the room where I’m writing this — 4 feet 7 [...]

Mon, 19 Mar 2012 19:37:47 UTC

Britannica Brat

Posted By Robert V. Binder

I’ve been reflecting on the recent announcement that Encyclopedia Britannica (EB) will no longer publish in print. Subscription to its web site is now the only offered media. My full set of the 15th edition (1974) rests on the lower two shelves of a bookcase in the room where I’m writing this — 4 feet 7 [...]

Mon, 19 Mar 2012 19:33:02 UTC

Avi Rubin on Computer Security

Posted By Bruce Schneier

Avi Rubin has a TEDx talk on hacking various computer devices: medical devices, automobiles, police radios, smart phones, etc....

Mon, 19 Mar 2012 17:14:00 UTC

A Manhattan Project for Cliché Collection

Posted By Benjamin Mako Hill

This weekend, I launched an extremely ambitious effort to collect evidence of extremely ambitious efforts.

Mon, 19 Mar 2012 11:38:58 UTC

Australian Security Theater

Posted By Bruce Schneier

I like the quote at the end of this excerpt: Aviation officials have questioned the need for such a strong permanent police presence at airports, suggesting they were there simply "to make the government look tough on terror". One senior executive said in his experience, the officers were expensive window-dressing. "When you add the body scanners, the ritual humiliation of...

Sun, 18 Mar 2012 22:50:21 UTC

Repairing the Apple

Posted By Greg Lehey

More head-scratching about boskoop, my Apple, today. Why did the machine not complete the self test? I needed to find out whether this was a second problem or a consequence of the first, so over to Chris Yeardley's place to look at DELICIOUS, her almost identical machine (no idea why the name is shouted). It was powered down, but came up happily when I turned it on, though the display on/display off/display on behaviour occurred here too. The second display on was preceded by disk access sounds. Open up, disconnect the disk cable and... exactly the same behaviour as I had seen on boskoop.

Sat, 17 Mar 2012 22:40:03 UTC

Hardware failures continue

Posted By Greg Lehey

In this morning to check how the recording on the USB disk went. I didn't need to look. I could hear it: Wheee-CLICK Wheee-CLICK from the disk. It had failed. It wasn't the only thing. I think my backup of the Apple completed, but by the time I looked, the xtterms were gone. ruptime told me that it had stopped talking to the outside world last night at 22:28. That's the time of the power failure. Coincidence? It's not clear how it could be connected, though, since the computer is on a UPS. The machine was in fact sleeping, and I was able to wake it.

Sat, 17 Mar 2012 20:22:58 UTC

I Love Solar Power But...

Posted By James Hamilton

I love solar power, but in reflecting carefully on a couple of high profile datacenter deployments of solar power, Im really developing serious reservations that this is the path to reducing data center environmental impact. I just cant make the math work and find myself wondering if these large solar farms are really somewhere between a bad idea and pure marketing, where the environmental impact is purely optical.   Facebook Prineville The first of my two examples is the high profile installation of a large solar array at the Facebook Prineville Oregon Facility.

Sat, 17 Mar 2012 00:06:00 UTC

Disaster after disaster

Posted By Greg Lehey

Lots of things to record on TV tonight, and so I needed to use my external tuner for the first time in earnest. It has a USB disk interface, and though I was able to record something onto a USB stick a while back, it looked as if it wasn't fast enough, and in any case it wasn't big enough. Not a problem: I have piles of old PATA disks lying around, and with a little searching I found an external PATA/USB housing. Put an 80 GB disk in it. Confirmed in lagoon, Yvonne's FreeBSD system, that it was a Solaris partition, clearly not what the tuner wanted.

Fri, 16 Mar 2012 21:57:45 UTC

Friday Squid Blogging: Squid-Shaped USB Drive

Posted By Bruce Schneier

It looks great. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 16 Mar 2012 19:00:00 UTC

White Punks on Dope

Posted By Tim Bray

Ive been reading immensely more lately, but not reviewing much; not sure why. But A Visit from the Goon Squad by Jennifer Egan demands to be written about. Which lots of people have, its been reviewed to death, mostly positively, and won all sorts of prizes. It gave me as intense a book-reading experience as Ive had in years; Im still not 100% sure I like it. The book is unique; saying that it centers on some people with mental-health problems who work in the music biz is maybe beside the point; because the point might be the unconventional virtuosity of its construction.

Fri, 16 Mar 2012 18:15:24 UTC

BitCoin Security Musings

Posted By Bruce Schneier

Jon Callas talks about BitCoin's security model, and how susceptible it would be to a Goldfinger-style attack (destroy everyone else's BitCoins)....

Fri, 16 Mar 2012 12:09:58 UTC

Non-Lethal Heat Ray

Posted By Bruce Schneier

The U.S. military has a non-lethal heat ray. No details on what "non-lethal" means in this context....

Thu, 15 Mar 2012 23:20:07 UTC

GUI progress

Posted By Greg Lehey

It's been some years since I wrote my What I want from a GUI rant. At the time I was getting extremely frustrated with GNOME, and this was a reaction. Since then, I've solved my GNOME problems in a simple and elegant manner: I stopped using it. But times have changed. I think I'll leave this page the way it is, and if I come up with anything new to say, I'll write a different page. In the meantime, a quote from Peter Jeremy sums it up: GUIs have advanced in the past 6½ years.

Thu, 15 Mar 2012 19:35:42 UTC

Assorted Schneier News Stories

Posted By Bruce Schneier

I have several stories in the news (and one podcast), mostly surrounding the talks I gave at the RSA Conference last month....

Thu, 15 Mar 2012 11:16:13 UTC

More "Liars and Outliers" Links

Posted By Bruce Schneier

First, five new reviews of the book. Second, four new AV interviews about the book. Third, I take the Page 99 Test....

Thu, 15 Mar 2012 02:24:56 UTC

Revamping "The Limoncelli Test" for Cascadia IT 2012 (Seattle, WA)

Posted By Tom Limoncelli

If you are in the Pacific North West I hope you are planning on attending the Cascadia IT conference March 23-24, 2012. And if you are attending, I hope you have signed up for one or both of my tutorials. I'll be teaching "Intro to Time Management" and a new class "The Limoncelli Test: Evaluating and improving sysadmin operations". " The Limoncelli Test" is a tutorial I first did last December at LISA '11. It was kind of a half-baked idea and I got a lot of really excellent feedback. I've revamped a lot of it and I think the class it going to be much better.

Wed, 14 Mar 2012 23:15:48 UTC

GPS and Google mapsaccuracy guaranteed

Posted By Greg Lehey

I've been bitching and moaning about the quality of online maps since before I moved to Dereel, but things haven't improved much. I started a Google Map of Google maps breakage round Dereel years ago, but so far they have only fixed some of the problems. Still, I have a GPS navigator, with maps from naviextras.com, who pride themselves on the accuracy of their maps, and stress that they do their own independent checksor at least they said last time I was able to find it on their web site. Clearly they wouldn't have the same broken data as Google Maps.

Wed, 14 Mar 2012 21:06:49 UTC

Capsicum in CACM Research Highlights

Posted By Robert N. M. Watson

The Research Highlights section of Communications of the ACM from March 2012 features two articles on Capsicum, collaborative research by the Cambridge security group and Google on capability-oriented security for contemporary operating systems. The first, Technical Perspective: The Benefits of Capability-Based Protection by Steven Gribble, considers the value of capability systems (such as Capsicum) in [...]

Wed, 14 Mar 2012 11:22:09 UTC

On Cyberwar Hype

Posted By Bruce Schneier

Good article by Thomas Rid on the hype surrounding cyberwar. It's well worth reading. And in a more academic paper, published in the RUSI Journal, Thomas Rid and Peter McBurney argue that cyber-weapons aren't all that destructive and that we've been misled by some bad metaphors. Some fundamental questions on the use of force in cyberspace are still unanswered. Worse,...

Tue, 13 Mar 2012 23:57:06 UTC

NBN tower: planning committee speaks

Posted By Greg Lehey

Off to Bannockburn with Scott Weston to the Golden Plains Shire Planning Committee meeting to discuss planning application P11-334: Development of Land for a Telecommunications Facility at Crown Allotment A4D, parish of Dereel (Colac-Ballarat Road), in other words the NBN communications tower. To my surprise, the part of the agenda for this item was printed 2 sided on A4, was 2 cm thick and weighed 500 g. It included all the submissions and their names and addresses, which was interesting.

Tue, 13 Mar 2012 19:01:46 UTC

A Negative Liars and Outliers Review

Posted By Bruce Schneier

Ths person didn't like it at all. It'll go up on the book's webpage, along with all the positive reviews....

Tue, 13 Mar 2012 19:00:00 UTC

Tab Sweep  The World

Posted By Tim Bray

Well, the old browser tab count is up well past thirty, and that makes it awfully slow to restart even if its Chrome. So, lets see if I can transplant some of these tabs into your browser. The Strongest Girls in the World This is the title of an essay about European politics and culture which I somehow missed when it was published in January 2011. It has as much clear-eyed concentrated thought on the relationship between individuals, families, and the state as Ive read, well, maybe ever. It considers, among other things, the Swedish Theory of Love and Pippi Longstocking.

Tue, 13 Mar 2012 11:22:26 UTC

The Security of Multi-Word Passphrases

Posted By Bruce Schneier

Interesting research on the security of passphrases. From a blog post on the work: We found about 8,000 phrases using a 20,000 phrase dictionary. Using a very rough estimate for the total number of phrases and some probability calculations, this produced an estimate that passphrase distribution provides only about 20 bits of security against an attacker trying to compromise 1%...

Mon, 12 Mar 2012 22:45:45 UTC

Interest in Guardian operating system

Posted By Greg Lehey

Mail from Jonathan Lafleche this morning. He's studying Computer Engineering and wants to do a presentation on the Guardian operating system, and asked me for some suggestions based on my article in Beautiful Architecture. And, of course, he wanted some anecdotes. I already had one, but there are others that I hadn't written up yet, so finished the draft of the CPU failure at 16:04. Those were the fun days.

Mon, 12 Mar 2012 21:30:34 UTC

Video Shows TSA Full-Body Scanner Failure

Posted By Bruce Schneier

The Internet is buzzing about this video, showing a blogger walking through two different types of full-body scanners with metal objects. Basically, by placing the object on your side, the black image is hidden against the scanner's black background. This isn't new, by the way. This vulnerability was discussed in a paper published last year by the Journal of Transportation...

Mon, 12 Mar 2012 15:51:58 UTC

Censorship is inseparable from surveillance

Posted By Cory Doctorow

Here's a podcast of my last Guardian column, Censorship is inseparable from surveillance: There was a time when you could censor without spying. When Britain banned the publication of James Joyce's Ulysses in the 1920s and 1930s, the ban took the form on a prohibition on the sale of copies of the books. Theoretically, this … [Read more]

Mon, 12 Mar 2012 15:00:00 UTC

Fear of Rebooting

Posted By Tom Limoncelli

I have two fears when I reboot a server.[1] Every time I reboot a machine I fear it won't come back up. The first cause of this fear is that some change made since the last reboot will prevent it from being able to reboot. If that last reboot was 4 months ago it could have been any change made in the last 4 months. You spend all day debugging the problem. Is it some startup script that has a typo? Is it an incompatible DLL? Sigh. This sucks. The second cause of this fear is when I've made a change to a machine (say, added new application service) and then rebooted it to make sure the service starts after reboot.

Mon, 12 Mar 2012 11:35:12 UTC

Jamming Speech with Recorded Speech

Posted By Bruce Schneier

This is cool: The idea is simple. Psychologists have known for some years that it is almost impossible to speak when your words are replayed to you with a delay of a fraction of a second. Kurihara and Tsukada have simply built a handheld device consisting of a microphone and a speaker that does just that: it records a person's...

Sun, 11 Mar 2012 23:36:34 UTC

More photo web stuff

Posted By Greg Lehey

Still more photo work today. I've been dragging my feet on how to present video clips on my web site. As I've commented before, I'm no fan of sites like Flickr and friends, and I host all my own photos. But there are a couple of reasons to do it differently for video clips: firstly, they're big, and secondly web browsers don't handle them as well as they do still images. So it made sense to upload the clips to YouTube. The first step was to edit the clips. In the first clip my habits as a still photographer got the better of me, and I tried moving to portrait mode for better framing.

Sun, 11 Mar 2012 19:00:00 UTC

Waterfront Life and Death

Posted By Tim Bray

Vancouver includes a small ingression of the mighty Pacific called False Creek. Three busy bridges cross it and many boats (including ours) are moored there. The space that surrounds it is overly planned but still interesting. I include two photos, one of which you might not want to see. [Warning: The second picture here is of a the mostly-eaten remains of a recently-killed bird. If youd rather not see it, dont scroll down.] Back when I came to Vancouver, a lot of the land around it was still industrial, and much was just empty. In the early nineties, freshly-single, I moved to a 16th-floor apartment, one of the first high-rises in Yaletown.

Sat, 10 Mar 2012 20:00:00 UTC

Who Buys Books?

Posted By Tim Bray

In our family its mostly Kindle these days. We share an account, and read on various electronic devices. This works great; recently my wife and I read the Inspector O novels, while my 12-year-old and I read The Hunger Games. This works because Amazon doesnt mind multiple devices at once having access to a book; and because our Amazon identity is a lightweight shopping-context thing, not like a This is really me Facebook or G+ identity. It requires trust; anyone in the family could go and charge anything Amazon sells to my credit card. But you can have that, at the family level.

Sat, 10 Mar 2012 16:37:31 UTC

The Spreadsheet Experiment

Posted By Robert V. Binder

Having spent many years on the bleeding edge of test automation and model-based testing, I recently tried an experiment to see how I could use Excel to support test plan development. In a earlier post, I explained some of the … Continue reading →

Sat, 10 Mar 2012 16:37:31 UTC

The Spreadsheet Experiment

Posted By Robert V. Binder

Having spent many years on the bleeding edge of test automation and model-based testing, I recently tried an experiment to see to what extent Excel could support a test plan for manual testing of mobile apps. In a earlier post, I explained some of the thinking behind my new course “How to Test Mobile Apps.” [...]

Sat, 10 Mar 2012 03:57:32 UTC

DxO Optics Pro: User causes product misbehaviour

Posted By Greg Lehey

Mail back from DxO support today. As I had reported, DxO doesn't handle EXIF data correctly for Olympus camerasat least the two I have hadif the EXIF data has been modified, even in accordance with the standard. In my case, I had added an Author tag, and this caused DxO to fail silently. But DxO support sees it differently: today I got a reply telling me that this was a user error, and that I shouldn't mess with EXIF tags if I don't know exactly what I'm doing. That's fine: I do. They don't explain why they don't detect this error, nor why they don't document this limitation.

Sat, 10 Mar 2012 03:28:31 UTC

House photos early

Posted By Greg Lehey

We're off to Geelong tomorrow for Nemo to take his Delta society test. That's normally the day I take my house (really garden) photos. So I had the choice of taking them today, tomorrow afternoon or Sunday. Despite the predictions of the Bureau of Meteorlogy, there was as good as no wind today, so it sounded like a good idea to take the photos today, in the afternoon. The sun was shining, however, so I had a couple of considerations: Verandah photos with the normal flash, and also with the ring flash.

Fri, 09 Mar 2012 22:01:37 UTC

Friday Squid Blogging: Humboldt Squid Can Dive to 1.5 km

Posted By Bruce Schneier

Yet another impressive Humboldt squid feat: "We've seen them make really impressive dives up to a kilometre and a half deep, swimming straight through a zone where there's really low oxygen," the Hopkins Marine Station researcher said. "They're able to spend several hours at this kilometre-and-a-half-deep, and then they go back up and continue their normal daily swimming behaviour. It's...

Fri, 09 Mar 2012 20:00:00 UTC

Looking Up

Posted By Tim Bray

Skyscape, with wires and shoes. You know, this impression I have, that Lightroom 4 is making my pictures all look better, is almost certainly a placebo effect.

Fri, 09 Mar 2012 19:40:25 UTC

Liars and Outliers: Book Excerpt

Posted By Bruce Schneier

Gizmodo published the beginning of Chapter 17: the last chapter....

Fri, 09 Mar 2012 19:02:03 UTC

Copyfight in five minutes, with doodles

Posted By Cory Doctorow

Here's a short video in Arte Creative's "From Sketch" series explaining the copyright wars while attempting to create a meaningful accompanying graphic. I love how this came out, though I really can't draw very well!

Thu, 08 Mar 2012 23:04:48 UTC

Trip Report: February 2012 C++ Standards Meeting

Posted By Herb Sutter

The spring 2012 meeting of ISO/IEC JTC1/SC22/WG21 (C++) was held on February 6-10 in Kona, Hawaii, USA. Heres the major takeaway: This is going to be a busy year as investment in C++ across the industry continues to increase, and thats good news for C++. Here are some highlights from the meeting. Attendance This was [...]

Thu, 08 Mar 2012 21:58:08 UTC

Testability Part 4: White Box Strategies

Posted By Robert V. Binder

This post covers part four of my recent talk on testability. White box testability refers to specific programming practices and components that can improve or hinder testability. The known-good practices for producing clean, well-structured, readable, and maintainable software have  the … Continue reading →

Thu, 08 Mar 2012 21:58:08 UTC

Testability Part 4: White Box Strategies

Posted By Robert V. Binder

This post covers part four of my 2010 talk on testability. White box testability refers to specific programming practices and components that can improve or hinder testability. Since Dykstras 1968 note Go To Considered Harmful, practices for producing clean, well-structured, readable, and maintainable software have been the subject of extensive discussion, research, argument, and use. The [...]

Thu, 08 Mar 2012 20:00:00 UTC

Story Pricing

Posted By Tim Bray

What happened was, this weeks Economist had a rave review of something called Dogs at the Perimeter, by a Madeleine Thien of whom Id never heard but who turns out to be from Vancouver. And to have created a Dogs at the Perimeter Tumblr, which is full of severe formal beauty. So I thought Id buy it, but the Kindle version was $18.03 and that bothered me. Which kind of rung a bell; a few days earlier Id tweeted OK, I just hit my limit. I am *not* gonna pay $18.03 for a thriller on Kindle even when its by Elmore Leonard.

Thu, 08 Mar 2012 12:50:26 UTC

Cloud Computing As a Man-in-the-Middle Attack

Posted By Bruce Schneier

This essay uses the interesting metaphor of the man-in-the-middle attacker to describe cloud providers like Facebook and Google. Basically, they get in the middle of our interactions with others and eavesdrop on the data going back and forth....

Thu, 08 Mar 2012 07:03:33 UTC

Package Management Systems

Posted By Diomidis D. Spinellis

DLL hell was a condition that often afflicted unfortunate users of old Microsoft Windows versions. Under it, the installation of one program would render others unusable due to incompatibilities between dynamically linked libraries. Suffering users would have to carefully juggle their conflicting DLLs to find a stable configuration. Similar problems distress any administrator manually installing software that depends on incompatible versions of other helper modules.

Wed, 07 Mar 2012 22:46:52 UTC

Financial reporting software

Posted By Greg Lehey

Into town today to talk to Peter O'Connell about my investments. It seems that the visit last month didn't reset some timer they had, so we ended up doing it again. As a result, there wasn't much to talk about, but their computer person is retiring, so we discussed what they'd be doing to replace him, and I suggested that they should take the opportunity to review the problems they have with their reporting software. Once upon a time people wrote programs to do this sort of thing. But that's out of date. Now you buy a package, in this case Visiplan from Iress, that does exactly what the designers intended it to do.

Wed, 07 Mar 2012 20:00:00 UTC

Old Garages

Posted By Tim Bray

I took my little girl for a walk, she with her little training-wheels bike, me with my camera. We prefer the neighborhoods alleys for these expeditions. I was struck by the textures and colors of the garages backing on the laneways. The neighborhood is a bit anomalous. Historically it has been middle-class; the houses range from solid to very modest; no mansions. Some of the houses, of every shape and size, have been fixed up and cleaned up; others have become run-down. The anomaly follows from Vancouvers ferocious run-up in real-estate prices (theres talk of a bubble): The houses in front of these garages are probably in average worth in excess of a million dollars.

Wed, 07 Mar 2012 19:35:11 UTC

NSA's Secure Android Spec

Posted By Bruce Schneier

The NSA has released its specification for a secure Android. One of the interesting things it's requiring is that all data be tunneled through a secure VPN: Inter-relationship to Other Elements of the Secure VoIP System The phone must be a commercial device that supports the ability to pass data over a commercial cellular network. Standard voice phone calls, with...

Wed, 07 Mar 2012 16:51:24 UTC

Using statements of "Undeniable Value"

Posted By Tom Limoncelli

I got email from someone that was having trouble convincing a boss to spend money on new PCs. The current ones are 5 years old (or older). It is a small company, owned by one man, and he runs every detail. Part of my advice to him was: Use "undeniable value" to describe requests. State things in terms of "undeniable value". The statement "we need a faster PC" doesn't do that. To you it has undeniable value: faster is better and will solve a list of problems. But to a non-technical person they can't guess all the things in your head that it will solve.

Wed, 07 Mar 2012 12:14:28 UTC

How Changing Technology Affects Security

Posted By Bruce Schneier

Security is a tradeoff, a balancing act between attacker and defender. Unfortunately, that balance is never static. Changes in technology affect both sides. Society uses new technologies to decrease what I call the scope of defection -- what attackers can get away with -- and attackers use new technologies to increase it. What's interesting is the difference between how the...

Tue, 06 Mar 2012 23:24:34 UTC

Welcome to the Jungle in Kansas City  March 20, 2012

Posted By Herb Sutter

Thanks to Perceptive Software who are bringing me to Kansas City in two weeks to give a free talk on Welcome to the Jungle. The talk will be based on my recent essay of the same name (sequel to The Free Lunch Is Over) concerning the turn to mainstream heterogeneous distributed computing and the end [...]

Tue, 06 Mar 2012 20:00:00 UTC

High Speed Packet Access

Posted By Tim Bray

This is my personal favorite mobile technology thats not an Android product in, well, forever. Popularly known as HSPA or HSDPA or HSPA+, its what youre using when your Android phone shows a little H up by the signal-bars readout. Before I dive in, I should freely admit that I understand very little about 2G and 3G and 4G and the forest of acronyms that surround them. But Im a damn heavy mobile-data user who travels widely, and thus I have some claim to connaisseurship in this space. Anyhow, here are the good things about HSPA. It Works Everywhere Specifically, in my experience, Canada, the US, Japan, China, the UK, the Netherlands, Spain, Belgium, and Germany.

Tue, 06 Mar 2012 19:22:57 UTC

The Keywords the DHS Is Using to Analyze Your Social Media Posts

Posted By Bruce Schneier

According to this document, received by EPIC under the Freedom of Information Act, the U.S. Department of Homeland Security is combing through the gazillions of social media postings looking for terrorists. A partial list of keywords is included in the document (pages 2023), and is reprinted in this blog post....

Tue, 06 Mar 2012 18:26:00 UTC

Half the Battle Against DRM

Posted By Benjamin Mako Hill

As the free software and free culture movements have sat quietly by, DRM is now well on its way to becoming the norm in the electronic book publishing industry. The free culture movement has failed to communicate the reality of DRM and, as a result, millions of people are buying books that they won't be able to read when they switch to a different model of ebook reader in the future. They are buying books that will become inaccessible when the DRM system that supports them is shut down -- as we've already seen with music from companies including Wal*Mart, Yahoo, and Microsoft.

Tue, 06 Mar 2012 12:20:29 UTC

Comic: Movie Hacking vs. Real Hacking

Posted By Bruce Schneier

Funny....

Tue, 06 Mar 2012 03:48:40 UTC

Whats Inside the Box?

Posted By Cory Doctorow

Here's a podcast of my last Locus column, What's Inside the Box?: The answer to this that most of the experts I speak to come up with is this: The owner (or user) of a device should be able to know (or control) which software is running on her devices. This is really four answers, … [Read more]

Mon, 05 Mar 2012 22:01:00 UTC

Driving Compute Cost Down for AWS Customers

Posted By Werner Vogels

AWS today announced a substantial price drop from March 1, 2012 for many of the Amazon EC2, Amazon RDS, and Amazon ElastiCache instances types around the world. For example, the popular m1.small instance type will see a price drop of 6% for EC2 On-Demand usage and 33% for EC2 Reserved Instance usage. Some of the other instance types have even greater savings: for example, the high memory M2 instances will see a 10% price cut for On Demand and 37% for Reserved instances. Similarly, Amazon RDS will cut its On-Demand prices by up to 10% and Reserved Instance prices by up to 42%.

Mon, 05 Mar 2012 19:30:02 UTC

Themes from the RSA Conference

Posted By Bruce Schneier

Last week was the big RSA Conference in San Francisco: something like 20,000 people. From what I saw, these were the major themes on the show floor: Companies that deal with "Advanced Persistent Threat." Companies that help you recover after you've been hacked. Companies that deal with "Bring Your Own Device" at work, also known as consumerization. Who else went...

Mon, 05 Mar 2012 12:45:51 UTC

British Anti-Theft Briefcase from the 1960s

Posted By Bruce Schneier

Fantastic....

Mon, 05 Mar 2012 01:11:00 UTC

Unhappy Birthday Hall of Shame

Posted By Benjamin Mako Hill

I roll my eyes a little when I think that Unhappy Birthday is the document I have written that has been read by the most people. The page -- basically a website encouraging people to rat on their friends for copyright violation for singing Happy Birthday in public -- has received millions of page views and has generated tons of its own media (including a rather memorable interview of CBC's WireTap). At the bottom of the page I am listed, by name and email, as the "copyrighteous spokesman" for the initiative. And since the page has been online, I have received hate mail about it.

Sun, 04 Mar 2012 20:00:00 UTC

Who Gets the Mobile Money?

Posted By Tim Bray

The people who build the phones, the people who run the networks, or the people who make mobile interesting by writing the great apps? Sidebar: Asymco The numbers Im talking about are mostly from Horace Dedius wonderful asymco.com site. If you laboriously-gathered, elegantly-presented facts about whats going on around here, Horace has em. $350 for Apple Theyre obviously the best at turning a profit on selling phones. As Asymco reports, Apple gets about $650 per iPhone, has a margin around 55%, and thus makes a gross profit of $350 or so apiece. $590 for AT&T I went and dug through their 2011 Q3 numbers: They claimed a smartphone ARPU (dollars per customer per month) of $83.46 and reported a 29.6% gross margin; which over two years (a reasonable lifetime for a phone), by my math comes to just under $600.

Sat, 03 Mar 2012 22:47:53 UTC

Who believes in DVD region codes?

Posted By Greg Lehey

A few weeks back I recorded The Birdcage, an American remake of La Cage aux Folles, and not nearly as good. So we tried to find the original at the Central Highlands Regional Library. The results were predictable: There were a total of 13 suggestions, none of which even remotely matched the search term. So no go? No, there are plenty more libraries, but by (severe) default the web form only searches the local library. You have to press the Search ALL libraries button, and that really found something, though you have to recognize it: Il vizietto?

Fri, 02 Mar 2012 22:41:45 UTC

Friday Squid Blogging: Squid Vision

Posted By Bruce Schneier

Some squid can see aspects of light that are invisible to humans, including polarized light. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 02 Mar 2012 20:50:21 UTC

Whats Inside the Box?

Posted By Cory Doctorow

Locus Magazine

Fri, 02 Mar 2012 20:50:00 UTC

Who should know whats happening in your computer? Who should control it?

Posted By Cory Doctorow

My latest Locus column is "Whats Inside the Box," a discussion of whether owners, users or third parties should be able to know and/or control what their computers are doing: The answer to this that most of the experts I speak to come up with is this: The owner (or user) of a device should … [Read more]

Fri, 02 Mar 2012 19:21:49 UTC

Liars and Outliers: The Big Idea

Posted By Bruce Schneier

My big idea is a big question. Every cooperative system contains parasites. How do we ensure that society's parasites don't destroy society's systems? It's all about trust, really. Not the intimate trust we have in our close friends and relatives, but the more impersonal trust we have in the various people and systems we interact with in society. I trust...

Fri, 02 Mar 2012 12:49:53 UTC

Censorship is inseparable from surveillance

Posted By Cory Doctorow

The Guardian

Fri, 02 Mar 2012 12:49:22 UTC

Censorship is surveillance, and privacy is a public health problem

Posted By Cory Doctorow

My latest Guardian column is "Censorship is inseparable from surveillance," which discusses the fact that network censorship entails surveillance, and how this exacerbates the public health problem caused by our difficulty in evaluating privacy trade-offs. There was a time when you could censor without spying. When Britain banned the publication of James Joyce's Ulysses in … [Read more]

Fri, 02 Mar 2012 12:11:46 UTC

GPS Spoofers

Posted By Bruce Schneier

Great movie-plot threat: Financial institutions depend on timing that is accurate to the microsecond on a global scale so that stock exchanges in, say, London and New York are perfectly synchronised. One of the main ways of doing this is through GPS, and major financial institutions will have a GPS antenna on their main buildings. "They are always visible because...

Thu, 01 Mar 2012 19:32:57 UTC

State Department Redacts Wikileaks Cables

Posted By Bruce Schneier

The ACLU filed a FOIA request for a bunch of cables that Wikileaks had already released complete versions of. This is what happened: The agency released redacted versions of 11 and withheld the other 12 in full. The five excerpts below show the government's selective and self-serving decisions to withhold information. Because the leaked versions of these cables have already...

Thu, 01 Mar 2012 15:00:00 UTC

Seats still available for my classes at Cascadia IT 2012, Seattle, WA, March 23-2, 2012!

Posted By Tom Limoncelli

I'm teaching Intro to Time Management for Sysadmins and a new class based on The Limoncelli Test. Register before the classes fill up! http://www.casitconf.org/ My classes are both on Friday, March 23. This is a rare opportunity to catch my classes in the PNW area. The League of Professional System Administrators and the Seattle Area System Administrators Guild are proud to present the 2012 Cascadia IT Conference. Cascadia 2012 is a regional IT conference for all types of system administrators - computer, database, network, SAN, VMware, etc. It will take place on March 23 - 24th (Fri - Sat) of 2012 at Hotel DECA in Seattle's University District.

Thu, 01 Mar 2012 12:39:45 UTC

Detect Which Social Networking Sites Website Visitors Are Logged Into

Posted By Bruce Schneier

Clever hack....

Thu, 01 Mar 2012 00:39:57 UTC

Premier 100 IT Leader profile: Ralph Loura

Posted By Tom Limoncelli

Congrats to Ralph Loura for being named one Computer World's Premier 100 IT Leaders. Premier 100 IT Leader profile: Ralph Loura Ralph Loura was my second manager at Bell Labs. I can't tell you which of the anonymized stories in The Practice of System and Network Administration are secretly about him, but I can say that he was the manager that encouraged me to start writing papers for conferences like Usenix LISA, which lead me to being noticed by Addison-Wesley, which got me my book deals, and the rest is history. Congrats, Ralph!

Thu, 01 Mar 2012 00:39:57 UTC

Premier 100 IT Leader profile: Ralph Loura

Posted By Tom Limoncelli

Congrats to Ralph Loura for being named one Computer World's Premier 100 IT Leaders. Premier 100 IT Leader profile: Ralph Loura Ralph Loura was my second manager at Bell Labs. I can't tell you which of the anonymized stories in The Practice of System and Network Administration are secretly about him, but I can say that he was the manager that encouraged me to start writing papers for conferences like Usenix LISA, which lead me to being noticed by Addison-Wesley, which got me my book deals, and the rest is history. Congrats, Ralph!