Blog Archive: August 2012

Fri, 31 Aug 2012 21:22:07 UTC

Friday Squid Blogging: "The Seasick Squid"

Posted By Bruce Schneier

A fable. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 31 Aug 2012 16:00:00 UTC

Back-to-Basics Weekend Reading - Granularity of locks

Posted By Werner Vogels

I am at funconf in Ireland. After a ride in a Delorean, a private train ride to Galway and a helicopter flight I am sitting outside a cottage on the island of Inishmore. The attendants are an amazing group of people, mostly engineers, and I am humbled to be invited along. Everybody is equally passionate about "doing the right" in tech, in business and in life. The discussion shift quickly form one to the other. I brought two papers with me on this part of the trip, one was the paper that Ben Black sent out earlier this week on Data-Structures for Geometric Approximation, which is a great in-depth review of that area and it will take me a while to finish it.

Fri, 31 Aug 2012 14:20:06 UTC

Conversation about Liars and Outliers on The WELL

Posted By Bruce Schneier

I'm on The WELL right now -- for the next week or so -- discussing my new book with anyone who wants to participate. I'm also at Dragon*Con this weekend in Atlanta....

Thu, 30 Aug 2012 15:00:00 UTC

Google reveals Goobuntu!

Posted By Tom Limoncelli

I'm so proud of my coworker Thomas Bushnell giving an amazing talk at LinuxCon, the Linux Foundation's annual North American technical conference. For the first time Google revealed details about how Google manages thousands of Linux desktops. We start with Ubuntu LTS, add a packages that secure it and let us manage it better, and ta-da! Read the entire article!

Thu, 30 Aug 2012 14:22:54 UTC

The Psychological Effects of Terrorism

Posted By Bruce Schneier

Shelly C. McArdle, Heather Rosoff, Richard S. John (2012), "The Dynamics of Evolving Beliefs, Concerns Emotions, and Behavioral Avoidance Following 9/11: A Longitudinal Analysis of Representative Archival Samples," Risk Analysis v. 32, pp. 744­761. Abstract: September 11 created a natural experiment that enables us to track the psychological effects of a large-scale terror event over time. The archival data came...

Thu, 30 Aug 2012 00:43:29 UTC

Network disconnects: more dropouts

Posted By Greg Lehey

Part of chasing last week's network problems was for Internode support to send me a replacement modem, by express (usually overnight) post. It arrived today, six days latera ZTE MF652: Aug 29 14:00:38 eureka kernel: ugen5.7: <ZTE> at usbus5 Aug 29 14:00:38 eureka kernel: umass1: <ZTE MF652, class 0/0, rev 2.00/0.01, addr 7> on usbus5 Aug 29 14:00:38 eureka kernel: umass1:  SCSI over Bulk-Only; quirks = 0x0000 Aug 29 14:00:38 eureka kernel: umass1:8:1:-1: Attached to scbus8 Aug 29 14:00:38 eureka kernel: cd1 at umass-sim1 bus 1 scbus8 target 0 lun 0 Aug 29 14:00:38 eureka kernel: cd1: <ZTE USB SCSI CD-ROM 0001> Removable CD-ROM SCSI-0 device Aug 29 14:00:38 eureka kernel: cd1: 40.000MB/s transfers Aug 29 14:00:38 eureka kernel: cd1: Attempt to query device size failed: NOT READY, Medium not present Aug 29 14:00:38 eureka kernel: da1 at umass-sim1 bus 1 ...

Thu, 30 Aug 2012 00:34:34 UTC

Two months of marriage

Posted By Greg Lehey

Looked in on facebook again today, for the first time in a long while. The things that happen while you're away: Not only that, but a number of people who should know better like the marriage (in fact, I've been married for nearly 30 years). Showed it to Yvonne, who explained that she had been updating her profile and entered that she was married (presumably to me)and the software took that entry as the day of her wedding.

Wed, 29 Aug 2012 19:00:00 UTC

Living in the Future

Posted By Tim Bray

The other day I got a Roku and some Plex software; now everything in the house is connected to everything, and to the Net, and remotely-controllable from our mobiles. It feels pretty magic. Baseball Arithmetic Wanting to watch a World Series originally got me into HDTV, and history is repeating itself. The late seasons getting interesting, and since the six major-league West-Coast teams each play 3-ish home games a week, I should be able to watch ball after supper when I feel like it. But I cant because the cable companys offerings are thin. Thus, online baseball, for which the price seems fair; so I needed the Net on my TV.

Wed, 29 Aug 2012 11:37:46 UTC

Shared Lock

Posted By Bruce Schneier

A reader sent me this photo of a shared lock. It's at the gate of a large ranch outside of Victoria, Texas. Multiple padlocks secure the device, but when a single padlock is removed, the center pin can be fully lifted and the gate can be opened. The point is to allow multiple entities (oil and gas, hunting parties, ranch...

Wed, 29 Aug 2012 03:11:42 UTC

Android Calendar without Google calendar

Posted By Tom Limoncelli

Occasionally I get asked for a system that can keep a todo list and calendar and sync to a desktop directly i.e. without going through a internet-based system like Google Calendar. Pimlical has a new product that does this. I haven't tried it, but I was a big fan of their Palm OS products so I thought I'd give it a plug on my blog. The new release of Pimlical/Android and Pimlical/Desktop let you sync between your Android phone and desktop using "DirectSync" rather than syncing via Google Calendar. The press release I received says this "Removes any concern about security/safety of personal data by bypassing the cloud and Google's servers."

Tue, 28 Aug 2012 19:00:00 UTC

Statistics

Posted By Tim Bray

Last night on impulse I spent a couple hours scripting and graphing and heres a snapshot of the browser and operating-system market-share numbers as seen by this blog. The big trend is that there are no big trends. (For a while back in 2005-2007, I published a regularly-updated graph of the browser-market-share numbers. But it was too much work, and seemed less and less newsworthy. I have no plans to repeat this exercise regularly.) Platforms Less Mac and more Linux than I would have expected; but whats really interesting is that, in the last 12 months, not that much has changed.

Tue, 28 Aug 2012 15:38:30 UTC

The Importance of Security Engineering

Posted By Bruce Schneier

In May, neuroscientist and popular author Sam Harris and I debated the issue of profiling Muslims at airport security. We each wrote essays, then went back and forth on the issue. I don't recommend reading the entire discussion; we spent 14,000 words talking past each other. But what's interesting is how our debate illustrates the differences between a security engineer...

Tue, 28 Aug 2012 00:20:54 UTC

Interpreting the network logs

Posted By Greg Lehey

My network disconnect problems seem to have got better over the last few days. Since Friday I have only had a single disconnect: Aug 25 16:42:27 nerd-gw ppp[87396]: tun0: IPCP:  IPADDR[6] 121.44.12.163 At the same time, the number of cell hops diminished greatly. In 18 hours I had only the following reports: Aug 26 15:19:18 nerd-gw fstats: +CGREG  1  81E3  8FC8F2E Aug 26 15:19:55 nerd-gw fstats: +CGREG  1  81E3  8FC48E8 Aug 27 01:29:19 nerd-gw fstats: +CGREG  2 Aug 27 01:29:19 nerd-gw fstats: +CGREG  1  81E3  8FC48E8 Aug 27 09:07:45 nerd-gw fstats: +CGREG  2 Aug 27 09:07:45 nerd-gw fstats: +CGREG  1  81E3  8FC48E8 Aug 27 09:13:55 nerd-gw fstats: +CGREG  1  81E3  8FC8F2E I still don't understand the link-level disconnects, but they're ...

Tue, 28 Aug 2012 00:06:22 UTC

Fear and Imagination

Posted By Bruce Schneier

Interesting anecdote from World War II....

Mon, 27 Aug 2012 20:42:57 UTC

Matthew Sacks' new DevOps book ships!

Posted By Tom Limoncelli

Congrats to Matthew on the release of his new book: Pro Website Development and Operations: Streamlining DevOps for large-scale websites I look forward to reading my copy!

Mon, 27 Aug 2012 11:30:49 UTC

The myopic focus on IT and engineering has to stop.

Posted By Theo Schlossnagle

Sun, 26 Aug 2012 19:00:00 UTC

CL XXI: There and Back

Posted By Tim Bray

Since we became boat people, the tenor of Cottage Life has changed; we go and return when we get around to it, but each traverse is something of An Event. This last weekend, the still-strong late-summer evening sun flooded into the mighty Bodoni, sundazzle dances beautiful on the water but kind of hard to scan through for floating logs and other marine hazards. The interiors attractively retro, dont you think? Coming home, visiting friends tarried with our encouragement; we ended up leaving the island late. The sky was low and dark, the waves high and dark. Im proud to report that our somewhat-antique craft muscled through em with no real discomfort at a steady 20kt.

Sat, 25 Aug 2012 23:29:58 UTC

Network problems: more insights

Posted By Greg Lehey

My network connectivity is getting better again, but it's clearly not perfect. The last two reconnects were: Aug 24 12:20:03 nerd-gw ppp[87396]: tun0: IPCP:  IPADDR[6] changing address: 0.0.0.0  --> 118.209.122.167 Aug 25 16:42:27 nerd-gw ppp[87396]: tun0: IPCP:  IPADDR[6] changing address: 0.0.0.0  --> 121.44.12.163 That's well over 24 hours, but more importantly, the addresses are located 1000 km apart: === grog@eureka (/dev/pts/10) ~ 138 -> host 118.209.122.167 167.122.209.118.in-addr.arpa domain name pointer ppp118-209-122-167.lns20.mel4.internode.on.net. === grog@eureka (/dev/pts/10) ~ 139 -> host 121.44.12.163 163.12.44.121.in-addr.arpa domain name pointer ppp121-44-12-163.lns20.syd6.internode.on.net.

Sat, 25 Aug 2012 20:17:00 UTC

Visions of the Future

Posted By Benjamin Mako Hill

This vision of the future at Sam's No. 3 in Denver suggests that we will have ample blackboards after the apocalypse. And that the contrast will be greatly improved in direct sunlight.

Sat, 25 Aug 2012 19:00:00 UTC

Feegles

Posted By Tim Bray

Lots of people I know, including my wife, keep telling me that I really ought to like Terry Pratchett, and Ive tried a few times but havent. Except for I just finished reading the Tiffany Aching books and loved them. The Problem Its just that I havent cared much about the people in the books. I admire the cynical wisecracking, often brilliant, and the sparkling imagination in the literary set construction and scene-painting. I mean, what if Death did have an apprentice? But too often, the sequence Im reading feels like a an elaborate setup for a (usually very good) punchline, and Im not sure that Pratchett actually cares about the people hes put on the pages, and what happens to them.

Sat, 25 Aug 2012 00:22:34 UTC

Investigating the network disconnects

Posted By Greg Lehey

A couple more network disconnects today, becoming stable round midday. Probably things will be back to normal before the replacement modem from Internode arrives. But we discussed things on IRC, and with help I managed to find a little more information: the command AT+CREG=2 tells the modem to return status information when there is a change in registration: When <n>=2, and the cell information changes, the following will be reported: +CGREG: <stat>[,<lac>,<ci>] ... <stat>: 0      Not registered. The MS is not searching the new operators to be registered. 1      Local network is registered 2      Not registered.

Fri, 24 Aug 2012 21:32:51 UTC

Friday Squid Blogging: Squid Sacrifices Arms to Avoid Predators

Posted By Bruce Schneier

The squid Octopoteuthis deletron will drop portions of an arm to escape from a predator. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 24 Aug 2012 20:00:00 UTC

Back-to-Basics Weekend Reading - The 5 Minute Rule

Posted By Werner Vogels

I am in the midst of my South America tour in the beautiful but very cold Santiago, Chili. The AWS team launched this week Amazon Glacier, a cold storage archive service at the very low price point of $0.01 per GB/month. Which makes this week a good moment to read up on some of the historical work around the costs of data engineering. For this purpose I have picked work based on two papers by Jim Gray, the brilliant IBM / Tandem / Microsoft researcher, who won a Turing award for his contributions to data and transaction processing. The papers are from 1987, 1997 and 2007.

Fri, 24 Aug 2012 19:00:00 UTC

Kindle is Weird

Posted By Tim Bray

The Kindle store is sort of like a quantum vacuum; items flicker into and out of existence, and when theyre there, the measurable attributes dont stand still. An Ethiopian Romance Thats the subtitle of The Chains of Heaven by Philip Marsden (heres another listing from amazon.ca). I bought it on Kindle, based on a recommendation in The Economist, and enjoyed it as much as anything Ive read in the last ten years. A tasty Ethiopian dinner at Axum Restaurant in Vancouver Its not there any more. Except for sometimes it is, maybe as a consequence of where I am or what browser Im using.

Fri, 24 Aug 2012 18:18:45 UTC

Internet Safety Talking Points for Schools

Posted By Bruce Schneier

A surprisingly sensible list. E. Why are you penalizing the 95% for the 5%? You don't do this in other areas of discipline at school. Even though you know some students will use their voices or bodies inappropriately in school, you don't ban everyone from speaking or moving. You know some students may show up drunk to the prom, yet...

Fri, 24 Aug 2012 11:27:07 UTC

Fear and How it Scales

Posted By Bruce Schneier

Nice post: The screaming fear in your stomach before you give a speech to 12 kids in the fifth grade is precisely the same fear a presidential candidate feels before the final debate. The fight-or-flight reflex that speeds up your heart when you're about to get a speeding ticket you don't deserve isn't very different than the chemical reaction in...

Fri, 24 Aug 2012 00:12:44 UTC

Diganosing network problems

Posted By Greg Lehey

I had a number of disconnections of my HSPA network connection in the course of the day. I have a statistics page which is showing significant signs of neglect: the graphs no longer work, and the thought of debugging gnuplot scares me, so I've left it. It's not as if it helps much anyway: the amount of status information I get from this Huawei dongle is minimal, and I don't really detect disconnects well. As I write this, I have had the following reconnects: === root@nerd-gw (/dev/pts/3) ~ 16 -> grep "IPCP: myaddr" /var/log/ppp.log Aug 15 14:15:10 nerd-gw ppp[59859]: tun0: IPCP: myaddr 121.44.62.119 hisaddr = 10.1.0.1 Aug 21 06:49:36 nerd-gw ppp[59859]: tun0: IPCP: myaddr 118.209.86.244 hisaddr = 10.1.0.1 Aug 21 09:57:35 nerd-gw ppp[59859]: tun0: IPCP: myaddr 121.44.41.58 hisaddr = 10.1.0.1 Aug 23 11:02:55 nerd-gw ppp[59859]: tun0: IPCP: myaddr 121.44.104.207 hisaddr = ...

Thu, 23 Aug 2012 18:23:14 UTC

Exaggerating Cybercrime

Posted By Bruce Schneier

Finally, someone takes a look at the $1 trillion number government officials are quoting as the cost of cybercrime. While it's a good figure to scare people, it doesn't have much of a basis in reality....

Thu, 23 Aug 2012 11:43:42 UTC

Video Filter that Detects a Pulse

Posted By Bruce Schneier

Fascinating. How long before someone claims he can use this technology to detect nervous people in airports?...

Thu, 23 Aug 2012 02:47:57 UTC

Bauhn 12MP Video camera

Posted By Greg Lehey

Yvonne takes a number of video clips with her Canon IXY 200F. They're nothing special, and only 640×480, so I was interested when this week's ALDI specials included a 12 Mega Pixel High Definition Video Camera for only $70. The great thing about ALDI is that I can return things if I don't like them, so I got Yvonne to pick one up. ALDI's technology things are a bit of a mixed bag. Some are good, some are not so good. Some are quite bad.

Thu, 23 Aug 2012 01:25:20 UTC

Installing conkeror

Posted By Greg Lehey

Jashank Jeremy asked me today if I had used conkeror, something I had never heard of. It proves to be an attempt to create a web browser with Emacs bindings. It's in the FreeBSD Ports Collection, so tried to install it. Not easy. First of all I need to find it. You'd expect it to be called www/conkeror, but no, for some reason it's called www/xpi-conkeror. Building it starts with the rather confusing message:  conkeror is using libxul for gecko support, but you can  change that by defining WITH_GECKO to the following values:    libxul Doesn't that seem the wrong way round?

Thu, 23 Aug 2012 00:40:51 UTC

Coming War Over General Purpose Computers talk at Google

Posted By Cory Doctorow

I gave my "Coming Civil War Over General Purpose Computers" talk three times this summer: at Defcon XX, the Long Now Foundation, and Google. Here's a video of the Google talk. Cory Doctorow: "The Coming Civil War over General-purpose Computing", Talks at Google

Thu, 23 Aug 2012 00:27:03 UTC

Open source rants: not just me

Posted By Greg Lehey

In the past couple of days I've had my attention drawn to a couple of rants about free software that I almost could have written myself. One of them was from an acknowledged Microsoft-centric person, and a number of people I talked to dismissed the article because of it. But despite his perspective he has a number of valid points. In his case, he was complaining that a specific Apache module, mod_rewrite. And its behaviour has changed between releases 2.2 and 2.4. The documentation doesn't tell him so, and the release notes are very vague about how he should recover from the problem.

Wed, 22 Aug 2012 17:34:51 UTC

Five "Neglects" in Risk Management

Posted By Bruce Schneier

Good list, summarized here: 1. Probability neglect  people sometimes dont consider the probability of the occurrence of an outcome, but focus on the consequences only. 2. Consequence neglect  just like probability neglect, sometimes individuals neglect the magnitude of outcomes. 3. Statistical neglect  instead of subjectively assessing small probabilities and continuously updating them, people choose to use rules-of-thumb...

Wed, 22 Aug 2012 13:19:32 UTC

Links for Tuesday, August 22, 2012

Posted By Jeff Barr

OpenBeam – An open source miniature construction system – “$10/meter, ~$1.00 per joint, 100% off-the-shelf fasteners. By eliminating specialty screws, you get the best bang for the buck! “ Tam Labs: Behind the Scenes: Injection Molding – “Every day, we … Continue reading →

Wed, 22 Aug 2012 11:09:11 UTC

Poll: Americans Like the TSA

Posted By Bruce Schneier

Gallup has the results: Despite recent negative press, a majority of Americans, 54%, think the U.S. Transportation Security Administration is doing either an excellent or a good job of handling security screening at airports. At the same time, 41% think TSA screening procedures are extremely or very effective at preventing acts of terrorism on U.S. airplanes, with most of the...

Wed, 22 Aug 2012 00:48:34 UTC

More thoughts on power supplies

Posted By Greg Lehey

Peter Jeremy commented on yesterday's thoughts on power supplies. It seems that the 94%-96% efficiency applies only to the power factor correction. He pointed me at a certification site for power supplies with efficiencies over 80%. It's a bit difficult to navigate, and the legend for the tables is missing (or maybe just obscured by the markup errors): the last three columns only get displayed some of the time. But it appears to display the efficiencies at various loads, notably at 20% load. And the most efficient one is not quite 94% efficientat 20% load. There's a problem here, of course: all the el-cheapo power supplies are missing.

Wed, 22 Aug 2012 00:26:07 UTC

Casting a forge-shell from Kast-O-Lite 30 LI

Posted By Niels Provos

Wed, 22 Aug 2012 00:26:07 UTC

Casting a forge-shell from Kast-O-Lite 30 LI

Posted By Niels Provos

Tue, 21 Aug 2012 18:42:31 UTC

Is iPhone Security Really this Good?

Posted By Bruce Schneier

Simson Garfinkel writes that the iPhone has such good security that the police can't use it for forensics anymore: Technologies the company has adopted protect Apple customers' content so well that in many situations it's impossible for law enforcement to perform forensic examinations of devices seized from criminals. Most significant is the increasing use of encryption, which is beginning to...

Tue, 21 Aug 2012 15:10:26 UTC

C&B Panel: Alexandrescu, Meyers, Sutter on Static If, C++11, and Metaprogramming

Posted By Herb Sutter

The first panel from C++ and Beyond 2012 is now available on Channel 9: On Static If, C++11 in 2012, Modern Libraries, and Metaprogramming Andrei Alexandrescu, Scott Meyers, Herb Sutter Channel 9 was invited to this year’s C++ and Beyond to film some sessions (that will appear on C9 over the coming months!)… At the [...]

Tue, 21 Aug 2012 12:46:33 UTC

Glacier: Engineering for Cold Data Storage in the Cloud

Posted By James Hamilton

Earlier today Amazon Web Services announced Glacier, a low-cost, cloud-hosted, cold storage solution. Cold storage is a class of storage that is discussed infrequently and yet it is by far the largest storage class of them all. Ironically, the storage we usually talk about and the storage Ive worked on for most of my life is the high-IOPS rate storage supporting mission critical databases. These systems today are best hosted on NAND flash and Ive been talking recently about two AWS solutions to address this storage class:   I/O Performance (no longer) Sucks in the Cloud EBS Provisioned IOPS & Storage Optimized EC2 Instance Types   Cold storage is different.

Tue, 21 Aug 2012 10:53:54 UTC

Help Cryptanalyze Gauss

Posted By Bruce Schneier

Kaspersky is looking for help decrypting the Gauss payload....

Tue, 21 Aug 2012 03:01:00 UTC

Expanding the Cloud  Managing Cold Storage with Amazon Glacier

Posted By Werner Vogels

Managing long-term digital archiving is a challenge for almost every company. With the introduction of Amazon Glacier, IT organizations now have a solution that removes the headaches of digital archiving and provides extremely low cost storage. Many organizations have to manage some form of long term archiving. Enterprises have regulatory and business requirements to retain everything from email to customers transactions, hospitals create archives of all digital assets related to patients, research and scientific organizations are creating substantial historical archives of their findings, governments want to provide long-term open data access, media companies are creating huge repositories of digital assets, and libraries and other organizations have been looking to archive everything that takes place in society.

Mon, 20 Aug 2012 22:01:59 UTC

Power supplies: cheaper costs more?

Posted By Greg Lehey

The power supply fan on eureka.lemis.com (normal ATX) is getting noisy, and I'm considering replacing the power supply itself, which is now nearly 4 years old. Discussion on IRC: what to buy? eureka typically uses about 200 W, and I can get power supplies that deliver that (well, 460 W) starting at $29. I can also spend up to $300. Why should I ever want to do that? Reliability might be one issue, but even the cheap ones last several years. If the $29 one lasts for 3 years, the one for $300 would have to last 30 years, by which time it would presumably be completely obsolete.

Mon, 20 Aug 2012 18:05:08 UTC

Passive Sensor that Sees Through Walls

Posted By Bruce Schneier

A new technology uses the radiation given off by wi-fi devices to sense the positions of people through a one-foot-thick brick wall....

Mon, 20 Aug 2012 11:36:29 UTC

The View from an Israeli Security Checkpoint

Posted By Bruce Schneier

This is an extraordinary (and gut-wrenching) first-person account of what it's like to staff an Israeli security checkpoint. It shows how power corrupts: how it's impossible to make humane decisions in such a circumstance....

Sun, 19 Aug 2012 22:52:42 UTC

X bug: another lead?

Posted By Greg Lehey

Now that USB seems to be working better on eureka, tried inserting the card reader that never used to work, with an SDHC card in it. It does get recognized now, but X froze. I thought it had taken down the machine, but it proved to be another case of the dreaded mouse freeze. I wonder if it has something to do with the USB bus (the mouse is, of course, also connected via USB).

Sun, 19 Aug 2012 01:48:37 UTC

More scanner fun

Posted By Greg Lehey

More playing around with the scanner today, trying to get devd to recognize it correctly. Somehow I'm missing something here. In principle, this entry in /etc/devd.conf should do the trick: attach 100 {         device-name "ugen.*";         match "vendor" "0x04b8";         match "product" "0x012a";         action "logger EPSON Scanner connected; chmod 666 /dev/$device-name"; }; But what I get is the output for the nomatch rule: Aug 18 10:27:18 eureka root: Unknown USB device: vendor 0x04b8 product 0x012a bus uhub7 Aug 18 10:27:18 eureka kernel: ugen5.7: <EPSON> at usbus5 I haven't found any documentation for the regular expression for the device ...

Sat, 18 Aug 2012 19:00:00 UTC

Blogodammerung?

Posted By Tim Bray

Jon Udell is blogging less. Gosh, so am I. There are loads of ways to talk to the world, new alternatives here every day it seems. Is this thing, you know, over? Lets count ways to hurl words at the Web: (1) Blog on your own space, or (2) on someone elses, like Blogspot or WordPress. (3) Live it up on a mailing list with a public archive. (4) Go short-form on Twitter (wow, or maybe a competitor). (5) Social-net it on Facebook or G+. (6) Minimize effort on Tumblr or whatever. (7) Try a new mode with Branch, or (8) an even newer one on Medium.

Sat, 18 Aug 2012 14:49:21 UTC

OpenFlow: A Radical New Idea in Networking

Posted By Tom Limoncelli

My ACM Queue magazine article OpenFlow: A Radical New Idea in Networking has been re-printed by CACM. Their version uses a different font and adds an awesome graphic by Jason Cook. Check it out!

Sat, 18 Aug 2012 00:07:04 UTC

Scanner access: now easy!

Posted By Greg Lehey

Bram wrote a number of notes while he was here, conveniently on a document he couldn't leave with me, so I decided to scan it in. No problem, right? Wrong. It's on pain, my Microsoft laptop, and on starting the scanner program I got: This happened on attempting to start the scanner program. What does it mean? Where did it come from? I had used the scanner only this morning to scan the house plan, and since then the machine had only been suspended.

Fri, 17 Aug 2012 22:00:00 UTC

Back-to-Basics Weekend Reading - Staged Event-Driven Architecture

Posted By Werner Vogels

I am in São Paolo, Brazil for the 2012 AWS Latin America Summit and for The Next Web Latin America conference. I will also be visiting Chile and Mexico on this trip and have the great fortune to meet many of our Latin American AWS customers. Staged Event-Driven Architecture. Matt Welsh's thesis work at Berkeley was on building high-performance internet services. In a time when the debates on Threads vs Events were still rampant he came up with a practical and elegant approach of combining both, delivering excellent results. Several of the principles from this paper have made it into systems I have since built.

Fri, 17 Aug 2012 21:16:40 UTC

Friday Squid Blogging: Efforts to Film a Live Giant Squid

Posted By Bruce Schneier

Japanese researchers are attempting to film the elusive giant squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 17 Aug 2012 11:39:14 UTC

$200 for a Fake Security System

Posted By Bruce Schneier

This is pretty funny: Moving red laser beams scare away potential intruders Laser beams move along floor and wall 180 degrees Easy to install, 110v comes on automatically w/timer Watch the video. This is not an alarm, and it doesn't do anything other than the laser light show. But, as the product advertisement says, "perception can be an excellent deterrent...

Fri, 17 Aug 2012 00:21:41 UTC

Chrome: three times no

Posted By Greg Lehey

Spent some time investigating why Chrome (or whatever it's called) didn't see my printers. Conveniently found this message on the xterm from which I had started it: 80520:209744896:3454719773244:ERROR:browser_main_loop.cc(157)] Gtk: IA__gtk_printer_is_accepting_jobs: assertion `GTK_IS_PRINTER (printer)' failed What does that mean? Still, it's an indication, and went searching for it. Finally came up with this bug report, closed as will not fix. Chrome wants a PDF printer and will accept no substitute. Potentially CUPS would do it, but that's another can of worms I don't want to open. So, echoing both some of the opinions expressed in the bug report and also Callum Gibson (There are too many other things wrong with Chrome for me to use it.

Thu, 16 Aug 2012 23:42:10 UTC

technology, gardening

Posted By Greg Lehey

The Friends of the Ballarat Botanical Gardens have a machine for engraving plant labels such as this one: It had been sent for repair recently, and when it came back they couldn't get it to work. Came in after the General Meeting and took a look. There's a PC (Microsoft, of course) connected via the parallel port to an enormous interface box, and then by another cable to the engraver itself. Adele Thomas, the Engraver-in-Chief, showed me how to run the thing: basically the program prints to the Microsoft spooler, which talks to the interface box as a generic text printer.

Thu, 16 Aug 2012 19:00:00 UTC

Popular Metaphysics

Posted By Tim Bray

I just read Why Does the World Exist?: An Existential Detective Story by Jim Holt. Its wonderful; will make you think, and enjoy your thinking. Almost anyone whos bothered to visit this humble blog more than a couple of times would enjoy it, I think. Ill provide a few words of review (just cheerleading, basically) and then dip into a little metaphysics myself; but Ill warn you so you can stop reading before I go there. The Question and the Method The Question is Why is there anything?  obviously the center of metaphysics. Because, well, maybe there neednt have been. Scientists, mathematicians, and philosophers prefer simpler explanations and shorter stories; and what could be simpler than the null universe?

Thu, 16 Aug 2012 18:52:38 UTC

Rudyard Kipling on Societal Pressures

Posted By Bruce Schneier

In the short story "A Wayside Comedy," published in 1888 in Under the Deodars, Kipling wrote: You must remember, though you will not understand, that all laws weaken in a small and hidden community where there is no public opinion. When a man is absolutely alone in a Station he runs a certain risk of falling into evil ways. This...

Thu, 16 Aug 2012 17:00:00 UTC

Total Cost of Ownership and the Return on Agility

Posted By Werner Vogels

In the many meetings with customers in which I have done a deep dive on their architecture and applications to help them create an accurate cost picture, I have observed two common patterns: 1) It is hard for customers to come to an accurate Total Cost of Ownership (TCO) calculation of an on-premise installation and 2) they struggle with how to account for the Return on Agility; the fact that they are now able to pursue business opportunities much faster at much lower costs points than before. Both of these are important as they help customer accurately gauge the economic benefits of running their applications in the cloud.

Thu, 16 Aug 2012 11:49:54 UTC

An Analysis of Apple's FileVault 2

Posted By Bruce Schneier

This is an analysis of Apple's disk encryption program, FileVault 2, that first appeared in the Lion operating system. Short summary: they couldn't break it. (Presumably, the version in Mountain Lion isn't any different.)...

Thu, 16 Aug 2012 05:24:33 UTC

The Coming Civil War Over General Purpose Computers

Posted By Cory Doctorow

Last month, I gave a talk called "The Coming Civil War Over General Purpose Computing" at DEFCON, the Long Now, and Google. We're going to have a transcript with the slides on Monday, but in the meantime, here's a video of the Long Now version of the talk. Stewart Brand summarized it thus: Doctorow framed … [Read more]

Wed, 15 Aug 2012 22:22:56 UTC

Browser bugs

Posted By Greg Lehey

Finally got round to investigating the print mutilation bug in firefox that bit me last weekend. As I suspected at the time, it must be some configuration issue: I run multiple instances of firefox, all on the same system and from the same executable, and so far only one of them has shown the issue, though I haven't tried them all. So: off to look for about:config, a pseudo-URL that firefox doesn't honour when presented as a link, and found dozens of user set variables that I don't recall setting. Tried printing a page: success. The bug has gone into hiding.

Wed, 15 Aug 2012 19:23:52 UTC

Lousy Password Security on Tesco Website

Posted By Bruce Schneier

Good post, not because it picks on Tesco but because it's filled with good advice on how not to do it wrong....

Wed, 15 Aug 2012 19:00:00 UTC

Dreampeaks

Posted By Tim Bray

A few days ago, I got on a plane heading just south of west out of Vancouver, in a window seat; the window unscratched and unsmudged, a rarity these days. And then there were clouds low over those Pacific Northwest mountains. I say Pacific Northwest because these peaks dreams may be American or Canadian, dont know which.

Wed, 15 Aug 2012 15:42:52 UTC

XKCD with a very boingy punchline

Posted By Cory Doctorow

Daww, that was nice of him: Randall Munroe's made me the punchline of another XKCD! Starwatching

Wed, 15 Aug 2012 13:57:59 UTC

Sexual Harassment at DefCon (and Other Hacker Cons)

Posted By Bruce Schneier

Excellent blog post by Valerie Aurora about sexual harassment at the DefCon hackers conference. Aside from the fact that this is utterly reprehensible behavior by the perpetrators involved, this is a real problem for our community. The response of "this is just what hacker culture is, and changing it will destroy hackerdom" is just plain wrong. When swaths of the...

Wed, 15 Aug 2012 10:59:19 UTC

Liars and Outliers on Special Discount

Posted By Bruce Schneier

Liars and Outliers has been out since late February, and while it's selling great, I'd like it to sell better. So I have a special offer for my regular readers. People in the U.S. can buy a signed copy of the book for $11, Media Mail postage included. (Yes, I'm selling the book at a loss.) People in other countries...

Tue, 14 Aug 2012 23:52:44 UTC

TIFF panorama problems investigated

Posted By Greg Lehey

I was surprised by the poor results I got from using TIFF images for my panoramas on Saturday, and today I did yet more investigation. I had thought that I had had two different problems: one where the control point detector is all up in the sky, and one where they appeared to be OK, but the images were rotated. I concentrated on the latter one and found yes, some of the images were rotated, but I also had this up in the sky syndrome on others, where the control points were all in the sky and in the same place on the image, not related to what was represented there: ...

Tue, 14 Aug 2012 19:27:23 UTC

Schneier in the News

Posted By Bruce Schneier

Here are links to three news articles about me, and two video interviews with me....

Tue, 14 Aug 2012 18:18:13 UTC

Doubling Down on DRM

Posted By Cory Doctorow

Here's a podcast of my recent Publishers Weekly column, Doubling Down on DRM: Ive just seen a letter sent to an author who has published books under Hachettes imprints in some territories and with Tor Books and its sister companies in other territories (Tor is part of Macmillan). The letter, signed by Little, Browns U.K. … [Read more]

Tue, 14 Aug 2012 18:16:15 UTC

Measuring Cooperation and Defection using Shipwreck Data

Posted By Bruce Schneier

In Liars and Outliers, I talk a lot about social norms and when people follow them. This research uses survival data from shipwrecks to measure it. The authors argue that shipwrecks can actually tell us a fair bit about human behavior, since everyone stuck on a sinking ship has to do a bit of cost-benefit analysis. People will weigh their...

Tue, 14 Aug 2012 15:00:00 UTC

Using Google 2-factor authentication on Linux or FreeBSD

Posted By Tom Limoncelli

HowToGeek posted a great explanation (with screenshots) of how to use Google's two-factor authentication on a Linux system. How to Secure SSH with Google Authenticator's Two-Factor Authentication If you use FreeBSD there are packages that install the same PAM module:portinstall -P security/pamgoogleauthenticator Some nice features: It is time dependent. Does not rely on Google servers. You don't have to set up a server either. There are iPhone and Android apps. Both are open source so you can independently verify their security. It is a PAM module, so it works with everything. It is also open source, thus can be independently verified.

Tue, 14 Aug 2012 15:00:00 UTC

Google hiring Ganeti software developers in Munich

Posted By Tom Limoncelli

As many of you know, I work at Google supporting the Ganeti open source project use within Google. I'm on the New York team that does certain functions and the Munich team is responsible for the open source project itself. Both are hiring, but this post is about Munich. The developers in Munich are taking on some new and exciting work related to the Ganeti open source project. We have a vision of where Ganeti can go and need experienced developers to make it happen. If you are interested in working in Munich on an exciting and important open source project, please check out this job advert: Google hiring Ganeti software developers in Munich Most of the Ganeti project is in Python with some Haskell.

Tue, 14 Aug 2012 12:21:38 UTC

Doubling Down on DRM

Posted By Cory Doctorow

Here's a podcast of my recent Publishers Weekly column, Doubling Down on DRM: Ive just seen a letter sent to an author who has published books under Hachettes imprints in some territories and with Tor Books and its sister companies in other territories (Tor is part of Macmillan). The letter, signed by Little, Browns U.K. … [Read more]

Tue, 14 Aug 2012 11:00:34 UTC

Cryptocat

Posted By Bruce Schneier

I'm late writing about this one. Cryptocat is a web-based encrypted chat application. After Wired published a pretty fluffy profile on the program and its author, security researcher Chris Soghoian wrote an essay criticizing the unskeptical coverage. Ryan Singal, the editor (not the writer) of the Wired piece, responded by defending the original article and attacking Soghoian. At this point,...

Tue, 14 Aug 2012 05:45:58 UTC

Doubling Down on DRM

Posted By Cory Doctorow

Publishers Weekly

Tue, 14 Aug 2012 05:45:36 UTC

Hachette to Tor authors: you must keep the DRM on your ebooks

Posted By Cory Doctorow

You'll recall that Tor Books (and its sister science fiction imprints of Macmillan publishers around the world) has dropped DRM on all of its titles. Hachette, one of Macmillan's rivals in the "Big Six" pantheon of publishers, is famously pro-DRM (one Hachette author told me that her editor said that Hachette's unbreakable policy, straight from … [Read more]

Tue, 14 Aug 2012 00:14:07 UTC

New pocket calculator

Posted By Greg Lehey

I first came in contact with electronic calculators at university, in about 1970. A huge thing from TI with Nixie tubes, so expensive that we only had one and had to share it. Only a few years later I got an HP 45, much smaller but also very expensive. Times have changed. A week or two ago I bought a small basic pocket calculator on eBay for $2.97, including postage. The days of expensive electronics are mainly gone. It arrived today, and it does the job (calculations in the kitchen). It even has sound for the key presses. But the documentation!

Mon, 13 Aug 2012 17:41:37 UTC

Preventive vs. Reactive Security

Posted By Bruce Schneier

This is kind of a rambling essay on the need to spend more on infrastructure, but I was struck by this paragraph: Here's a news flash: There are some events that no society can afford to be prepared for to the extent that we have come to expect. Some quite natural events -- hurricanes, earthquakes, tsunamis, derechos -- have such...

Mon, 13 Aug 2012 11:57:01 UTC

U.S. and China Talking About Cyberweapons

Posted By Bruce Schneier

Stuart Baker calls them "proxy talks" because they're not government to government, but it's a start....

Mon, 13 Aug 2012 02:14:18 UTC

Fun with Energy Consumption Data

Posted By James Hamilton

Facebook recently released a detailed report on their energy consumption and carbon footprint: Facebooks Carbon and Energy Impact. Facebook has always been super open with the details behind there infrastructure. For example, they invited me to tour the Prineville datacenter just prior to its opening: ·         Open Compute Project ·         Open Compute Mechanical System Design ·         Open Compute Server Design ·         Open Compute UPS & Power Supply   Reading through the Facebook Carbon and Energy Impact page, we see they consumed 532 million kWh of energy in 2011 of which 509m kWh went to their datacenters.

Mon, 13 Aug 2012 00:05:47 UTC

More TIFF processing

Posted By Greg Lehey

Spent much of today trying to process my panoramas, gaining more insight than success. Yes, the problems I had are clearly associated with processing TIFF images. Nearly all the 360° panoramas were badly broken, but using JPEG copies of the same images they worked fine. Here an example: The control point detectors found plenty of valid control points, but something caused Hugin to turn over some of the images, and I couldn't work out how to get it to accept the orientation: So I converted the images to JPEG, making no other changes, and things worked fine: ...

Sun, 12 Aug 2012 16:02:34 UTC

PICC Conference becomes "LOPSA-East", May 3-4, 2013

Posted By Tom Limoncelli

We're 3 years old and as we have finally gotten our foothold it seems like a good time to pick a name that more accurately depicts who we are and what we do. Changing the name of the conference is a very serious matter. It is not something we take lightly. At the current growth rate this is likely to be our last opportunity to change the name (our registration numbers for the first three years were 81, 98 and 127. We hope to grow to 150-200 which is a good size for a regional conference). At the end of PICC '12 we surveyed the audience about possibly changing the name of the conference.

Sun, 12 Aug 2012 15:45:35 UTC

ANNOUNCEMENT: I'll be speaking at MacTech Conference 2012.

Posted By Tom Limoncelli

http://www.mactech.com/conference/sessions My talk will be titled, "Time Management tips for Mac Admins". I won't be explaining how to get Siri to schedule an appointment for you (you should be able to figure that out for yourself). I'll talk about better ways to organize your day, your time, and multiply your team's effectiveness. The Conference is October 17-19, 2012, in Los Angeles, at the Sheraton Universal hotel.

Sat, 11 Aug 2012 22:37:45 UTC

House photos: increasing the pain

Posted By Greg Lehey

Gradually I've got into a routine with my weekly panoramic photos of the garden (house photos), so clearly it's time to change things. My routine involves taking the partial images in raw format, converting them to JPEG with DxO Optics Pro, and then stitching them with Hugin. But today it occurred to me that it doesn't make sense to use JPEG for the intermediate steps: both DxO and Hugin understand TIFF, so I should convert my intermediate images to TIFF. The results remind me of the adage: for every complex problem, there is a solution that is simple, elegant ... and wrong.

Sat, 11 Aug 2012 19:00:00 UTC

Best Practices

Posted By Tim Bray

That Steve Yegge is really good at starting conversations. Everyone including Steve thinks his essays are way too long, but theyre insightful and erudite and funny. His most recent outing, Notes from the Mystery Machine Bus, is all of those things, and worth plowing through to the end. Its also more or less completely wrong. Wrong Why? Because, after providing a framework to help think about competing software technologies, Steve says, essentially, Its like politics, were not gonna all just get along, use whichever suits you. But damn it, this is an engineering discipline, and for most projects we undertake, there should be some consensus Best Practices in terms of tools and architectures; where there arent, thats a bug.

Sat, 11 Aug 2012 17:00:00 UTC

Back-to-Basics Weekend Reading - On Naming and Binding

Posted By Werner Vogels

I have just returned from two wonderful weeks in the rugged NorthWest wilderness. Every time again I am amazed of the magnificent outdoors at only two hours drive from Seattle. This weeks back to basics is a paper David Richardson reminded me of when we were discussing the merits of Saltzer's end-to-end paper. It is a note by Saltzer that in the most clear and fundamental way lays out the concepts of naming, addressing, routing and binding in distributed systems. It was republished as an IETF RFC given it importance for the design of internet systems: Saltzer, J. H., "On the Naming and Binding of Network Destinations", RFC 1498, August 1993.

Sat, 11 Aug 2012 02:10:29 UTC

The revenge of firefox

Posted By Greg Lehey

Now that I have my printer running, it seemed to make sense to print out the real estate web pages I had been looking at. The result was abysmal: How can firefox possibly make such a mess? I've seen it before, and it seems to be some setting, but which? I can't find anything obvious, and it's not clear how firefox should have code in it to make this much of a mess in the first place.

Fri, 10 Aug 2012 21:02:56 UTC

Friday Squid Blogging: Dumpling Squid

Posted By Bruce Schneier

The sex life of the dumpling squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 10 Aug 2012 18:22:46 UTC

Termite Suicide Bombers

Posted By Bruce Schneier

Some termites blow themselves up to expel invaders from their nest....

Fri, 10 Aug 2012 17:22:45 UTC

Audio from chat with Charlie Stross on Internet Evolution

Posted By Cory Doctorow

Here's the audio from the chat Charlie Stross and I did with Mitch Wagner from Internet Evolution about our forthcoming book, Rapture of the Nerds.

Fri, 10 Aug 2012 11:21:53 UTC

Stross and Doctorow text-and-voice chat today at 11AM Eastern

Posted By Cory Doctorow

Charlie Stross and I are doing a text and voice chat with Internet Evolution today at 11AM Eastern, in celebration of our forthcoming novel Rapture of the Nerds. Hope to see you there! Look out! The team of Charlie Stross and Cory Doctorow has produced upcoming science fiction novel Rapture of the Nerds, due out … [Read more]

Fri, 10 Aug 2012 10:51:17 UTC

11-Year-Old Bypasses Airport Security

Posted By Bruce Schneier

Sure, stories like this are great fun, but I don't think it's much of a security concern. Terrorists can't build a plot around random occasional security failures....

Fri, 10 Aug 2012 02:16:01 UTC

Firefox: where's the documentation?

Posted By Greg Lehey

I've been using firefox for nearly 8 years, and I've been complaining about it for just as long. Why do I even bother? To misquote Jawaharlal Nehru, firefox is good. I say this because other systems are worse. Today I received mail from Volkan Yazici suggesting that I listen to Radio Swiss Classic. OK, select that and get the well-known question: OK, that's simple: click on Browse and type in the name of the helper application. But the latest version of firefox wants to save me the trouble of using the keyboard, and it gives me this window: This window was never good, but ...

Fri, 10 Aug 2012 01:08:00 UTC

A Model of Free Software Success

Posted By Benjamin Mako Hill

Last week I helped organize the Open and User Innovation Conference at Harvard Business School. One of many interesting papers presented there was an essay on Institutional Change and Information Production by Fabio Landini from the University of Siena. At the core of the paper is an economic model of the relationship between rights protection and technologies that affects the way that cognitive labor can be divided and aggregated. Although that may sound very abstract (and it is in the paper), it is basically a theory that tries to explain the growth of free software. The old story about free software and free culture (at least among economists and many other academics) is that the movements surged to prominence over the last decade because improvements in communication technology made new forms of mass-collaboration -- like GNU/Linux and Wikipedia -- possible.

Thu, 09 Aug 2012 18:46:02 UTC

Rolling Stone Magazine Writes About Computer Security

Posted By Bruce Schneier

It's a virus that plays AC/DC, so it makes sense. Surreal, though. Another article....

Thu, 09 Aug 2012 11:32:29 UTC

Detecting Spoofed GPS Signals

Posted By Bruce Schneier

This is the latest in the arms race between spoofing GPS signals and detecting spoofed GPS signals. Unfortunately, the countermeasures all seem to be patent pending....

Wed, 08 Aug 2012 23:24:38 UTC

Alternatives to DxO

Posted By Greg Lehey

I've been using DxO Optics Pro for raw image conversion for over 6 months now. It seems to do its job well, but at a completely unacceptable lack of speedup to 3 minutes per image. Recently Phase One have had a special offer on their Capture One software, so I thought I'd try it out. Like most photo processing software, it seems, there's a free trialin this case, two months with unrestricted use. I wonder how many people just reinstall every two months. In any case, the installation went smoothly, and once again I was presented with a grey tiled environment.

Wed, 08 Aug 2012 18:04:58 UTC

Chinese Gang Sells Fake Professional Certifications

Posted By Bruce Schneier

They were able to hack into government websites: The gangs USP, and the reason it could charge up to 10,000 yuan (£1,000) per certificate, was that it could hack the relevant government site and tamper with the back-end database to ensure that the fake certs name and registration number appeared legitimate. The gang made £30M before being arrested....

Wed, 08 Aug 2012 11:31:24 UTC

Yet Another Risk of Storing Everything in the Cloud

Posted By Bruce Schneier

A hacker can social-engineer his way into your cloud storageand delete everything you have. It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud....

Tue, 07 Aug 2012 19:00:00 UTC

Not the Softest on the Block

Posted By Tim Bray

We moved into our current place in early 1997 and, almost immediately, were badly burgled. Last week, Mat Honan got badly hacked. We took home-security measures and havent had any problems since. I protect my online presence, with similar results. Some lessons apply to both cases. Home Security Our freshly-purchased-but-old house was a security disaster waiting to happen: flimsy external doors and lots of them, no alarms, old single-glazed basement windows, you name it. So in the aftermath, we did away with a redundant door, fixed up the rest, and went shopping for a security system. The first guy we talked to wanted to put dozens of active alarms all over the place, including on an elevated side window, because, as he pointed out, the bad guys could climb up on the side fence and (precariously) get at it.

Tue, 07 Aug 2012 18:45:30 UTC

Peter Swire Testifies on the Inadequacy of Privacy Self-Regulation

Posted By Bruce Schneier

Ohio State University Law Professor Peter Swire testifies before Congress on the inadequacy of industry self-regulation to protect privacy....

Tue, 07 Aug 2012 16:19:55 UTC

Importing an RCS Project into Git

Posted By Diomidis D. Spinellis

RCS stands for Revision Control System. You may have never heard it, because it's more than a quarter-century old; a paper describing it was published in 1985. Although its commands are still available in most Unix distributions and it's one of the easiest systems to use in a single-user scenario, it is clearly showing its age when compared to more modern systems. Here is how to move an existing project managed with RCS to the 21st century and Git , while preserving all its history.

Tue, 07 Aug 2012 12:14:03 UTC

Verifying Elections Using Risk-Limiting Auditing

Posted By Bruce Schneier

Interesting article on using risk-limiting auditing in determining if an election's results are likely to be valid. The risk, in this case, is in the chance of a false negative, and the election being deemed valid. The risk level determines the extent of the audit....

Mon, 06 Aug 2012 19:00:00 UTC

Three Mysteries

Posted By Tim Bray

Just some pretty pixels, no thematic or narrative distractions here. I think I know which flower this is. But this plants hanging up in the air and that doesnt look like sky behind it. Mystery. The grainy green makes me smile. I have a thing for white bricks, just cant resist pointing cameras at them. Its the formalism I guess. Only I cant remember taking the picture. Heuristics and the timestamp suggest its somewhere round The Drive. Mystery. One of my kids was fooling around with the camera in the back seat, and I was OK with that because bits are free and silence is golden.

Mon, 06 Aug 2012 16:22:12 UTC

Breaking Microsoft's PPTP Protocol

Posted By Bruce Schneier

Some things never change. Thirteen years ago, Mudge and I published a paper breaking Microsoft's PPTP protocol and the MS-CHAP authentication system. I haven't been paying attention, but I presume it's been fixed and improved over the years. Well, it's been broken again. ChapCrack can take captured network traffic that contains a MS-CHAPv2 network handshake (PPTP VPN or WPA2 Enterprise...

Mon, 06 Aug 2012 11:43:27 UTC

State-by-State Report on Electronic Voting

Posted By Bruce Schneier

The Verified Voting Foundation has released a comprehensive state-by-state report on electronic voting machines (report, executive summary, and news coverage). Let's hope it does some good....

Sun, 05 Aug 2012 18:33:08 UTC

Audio from The Coming Civil War Over General Purpose Computation at Long Now

Posted By Cory Doctorow

I've been trying out a sequel to my 2011 28C3 talk, The Coming War on General Purpose Computation. I've given the talk twice now, once at DEFCON 20 in Las Vegas and once at the Long Now SALT talk in San Francisco. The Long Now folks have put up the audio already, with video to … [Read more]

Sun, 05 Aug 2012 12:45:13 UTC

Record tonight's Mars event on NASA-TV

Posted By Tom Limoncelli

My cable company (Verizon FIOS) doesn't carry NASA TV channel (according to the NASA TV FAQ they can have it at no cost, which means they must not carry it because they hate space, America, freedom, and puppies). Since it is on very late in my timezone, I was hoping to Tivo it but since I don't get the channel that wasn't going to work. Luckily I found this script that lets me easily record the stream to disk using mplayer. On my mac I installed mplayer using MacPorts ("sudo port install mplayer") and the script worked on my first try.

Sat, 04 Aug 2012 19:00:00 UTC

Finding the Ways

Posted By Tim Bray

I just read The Old Ways: A Journey on Foot by Robert Macfarlane. It isnt a perfect book; but its a good one, which I enjoyed immensely because I found a new way of reading. The Book Its another travel book, but about places you go on foot  or in a small boat, which he finds analogous. The places are remote-ish corners of the British Isles, the Middle East, and the Chinese Himalayas. Its great flaw is that its too long; Macfarlane is prone to lengthy exegeses about how wonderful walking is and how special the places he visits are going to be.

Sat, 04 Aug 2012 18:16:44 UTC

Link of the week: The carpets are so clean, we don't need janitors!

Posted By Tom Limoncelli

Mark's Stories: "The carpets are so clean, we don't need janitors!" At one company I worked at, one of the problems it didn't have was IT. When someone was hired, by the time they got to their new desk, there was a computer on it with the correct image on it, their desk phone worked, their email worked... Follow the link for the full story. This is exactly why we felt it was so important that The Practice of System and Network Administration have an entire chapter about how to have great visibility when things are going well.

Fri, 03 Aug 2012 21:08:24 UTC

Friday Squid Blogging: SQUIDS and Quantum Computing

Posted By Bruce Schneier

It seems that quantum computers might use superconducting quantum interference devices (SQUIDs). As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 03 Aug 2012 17:57:09 UTC

Unsafe Safes

Posted By Bruce Schneier

In a long article about insecurities in gun safes, there's this great paragraph: Unfortunately, manufacturers and consumers are deceived and misled into a false sense of security by electronic credentials, codes, and biometrics. We have seen this often, even with high security locks. Our rule: electrons do not open doors; mechanical components do. If you can compromise the mechanisms then...

Fri, 03 Aug 2012 15:30:23 UTC

Another Day, Another $440 Million

Posted By Robert V. Binder

A “rogue algorithm” is widely reported as resulting in a $440 million loss for leading NYSE broker-dealer Knight Capital Group. So where did this rogue come from? Did it sneak in while no one was looking? Beat up the guards and smash down the doors? Did some software suddenly go postal after too much stress? Did a spike in the power [...]

Fri, 03 Aug 2012 15:30:23 UTC

Another Day, Another $440 Million

Posted By Robert V. Binder

A “rogue algorithm” is widely reported as resulting in a $440 million loss for leading NYSE broker-dealer Knight Capital Group. So where did this rogue come from? Did it sneak in while no one was looking? Beat up the guards and smash down the doors? Did some software suddenly go postal after too much stress? Did a spike in the power [...]

Fri, 03 Aug 2012 11:03:04 UTC

Overreaction and Overly Specific Reactions to Rare Risks

Posted By Bruce Schneier

Horrific events, such as the massacre in Aurora, can be catalysts for social and political change. Sometimes it seems that they're the only catalyst; recall how drastically our policies toward terrorism changed after 9/11 despite how moribund they were before. The problem is that fear can cloud our reasoning, causing us to overreact and to overly focus on the specifics....

Fri, 03 Aug 2012 01:26:53 UTC

"IPv6 is now a reality in terms of adoption"

Posted By Tom Limoncelli

"There is a myth that IPv6 is only for those in Asia, but that's not true. According to new data discussed this week at an IETF conference, there are more IPv6 users in the U.S than anywhere else in the world -- coming in at 3 million. From the article: 'George Michaelson, senior R&D scientist at APNIC (Asia Pacific Network Information Centre) has a reasonable idea of what the current levels are globally for IPv6 adoption, thanks to some statistical research he has been doing. In his view, IPv6 is now a reality in terms of adoption. " I think you're used to us standing up and saying 'woe is me, woe is me, v6 isn't happening," George Michaelson, senior R&D scientist at APNIC (Asia Pacific Network Information Centre) said. "

Thu, 02 Aug 2012 22:45:11 UTC

Google Translate: not Google Maps

Posted By Greg Lehey

Somebody pointed me to an interesting article today. The Malaysian constitution has an interesting clause that gives specific rights only to the Malays, one of many ethnic and religious groups in Malaysia. This has given rise to a certain amount of ethnic and religious tension, and in view of the increasingly radical nature of Islam it's nice to see a more balanced attitude from a Malay: Remember what Islam has instilled in you, not what Muslims have told you. The bio of the author was written in Malay, a language I once thought I understood.

Thu, 02 Aug 2012 19:19:59 UTC

Court Orders TSA to Answer EPIC

Posted By Bruce Schneier

Year ago, EPIC sued the TSA over full body scanners (I was one of the plantiffs), demanding that they follow their own rules and ask for public comment. The court agreed, and ordered the TSA to do that. In response, the TSA has done nothing. Now, a year later, the court has again ordered the TSA to answer EPIC's position....

Thu, 02 Aug 2012 18:08:30 UTC

Hotel Door Lock Vulnerability

Posted By Bruce Schneier

The attack only works sometimes, but it does allow access to millions of hotel rooms worldwide that are secured by Onity brand locks. Basically, you can read the unit's key out of the power port on the bottom of the lock, and then feed it back to the lock to authenticate an open command using the same power port....

Thu, 02 Aug 2012 11:26:37 UTC

Strong and weak hardware memory models

Posted By Herb Sutter

In Welcome to the Jungle, I predicted that weak hardware memory models will disappear. This is true, and its happening before our eyes: x86 has always been considered a strong hardware memory model that supports sequentially consistent atomics efficiently. The other major architecture, ARM, recently announced that they are now adding strong memory ordering in [...]

Thu, 02 Aug 2012 11:23:40 UTC

Profile on Eugene Kaspersky

Posted By Bruce Schneier

Wired has an interesting and comprehensive profile on Eugene Kaspersky. Especially note Kaspersky Lab's work to uncover US cyberespionage against Iran, Kaspersky's relationship with Russia's state security services, and the story of the kidnapping of Kaspersky's son, Ivan. Kaspersky responded (not kindly) to the article, and the author responded to the response....

Thu, 02 Aug 2012 04:35:08 UTC

Kids and Mozilla hack my novel Little Brother

Posted By Cory Doctorow

I'm proud and excited beyond words to see the running notes from the work being done in Chicago by a group of students and a facilitator from the Mozilla Foundation's Hive NYC on a number of video projects using Mozilla's Popcorn technology and my novel Little Brother. Here's an introductory set of notes on the … [Read more]

Thu, 02 Aug 2012 01:01:47 UTC

Repairing laser printers

Posted By Greg Lehey

My old Brother HL2700-CN colour laser printer hasn't worked for years: it had extreme paper feed problems. That's a typical problem for devices without tractors, of course, but getting it repaired even looked at would have cost me a minimum of $80, and that was more than the price of a new black-and-white printer, so two years ago I bought one. Now that one has run out of toner, and of course a full toner cartridge costs more than a new printer, so here I am again. I'd like the flexibility of duplex colour printing, and the prices are now down to as low as $250 or so.

Wed, 01 Aug 2012 18:34:23 UTC

Lone Shooters and Body Armor

Posted By Bruce Schneier

The new thing about the Aurora shooting wasn't the weaponry, but the armor: What distinguished Holmes wasn't his offense. It was his defense. At Columbine, Harris and Klebold did their damage in T-shirts and cargo pants. Cho and Loughner wore sweatshirts. Hasan was gunned down in his Army uniform. Holmes' outfit blew these jokers away. He wore a ballistic helmet,...

Wed, 01 Aug 2012 12:57:52 UTC

EBS Provisioned IOPS & Optimized Instance Types

Posted By James Hamilton

In I/O Performance (no longer) Sucks in the Cloud, I said   Many workloads have high I/O rate data stores at the core. The success of the entire application is dependent upon a few servers running MySQL, Oracle, SQL Server, MongoDB, Cassandra, or some other central database.   Last week a new Amazon Elastic Compute Cloud (EC2) instance type based upon SSDs was announced that delivers 120k reads per second and 10k to 85k writes per second. This instance type with direct attached SSDs is an incredible I/O machine ideal for database workloads, but most database workloads run on virtual storage today.

Wed, 01 Aug 2012 12:17:47 UTC

On Soft Targets

Posted By Bruce Schneier

Stratfor has an interesting article....