Blog Archive: February 2013

Thu, 28 Feb 2013 23:29:27 UTC

Reinstating my ports commit bit

Posted By Greg Lehey

I've been updating a number of ports recently, and since I have handed in my ports commit bit, I had planned to get other people to commit them for me. But in each case they approved the commit and I ended up committing it myself. That's possible, but clearly not what's intended. And then Beech Rintoul sent a message asking for a new maintainer for the ImageMagick port, a tool I use quite a lot, so it seemed reasonable to take over maintainership. Spent much of the day getting it and a dependency, webp up to date. So it was clearly time to apply to get my commit bit back.

Thu, 28 Feb 2013 20:40:38 UTC

The Court of Public Opinion

Posted By Bruce Schneier

Recently, Elon Musk and the New York Times took to Twitter and the Internet to argue the data -- and their grievances -- over a failed road test and car review. Meanwhile, an Applebee's server is part of a petition to get her job back after posting a pastor's no-tip receipt comment online. And when he wasn't paid quickly...

Thu, 28 Feb 2013 18:58:39 UTC

My books on a Tor hidden service

Posted By Cory Doctorow

Part of the plot in Homeland revolves around "hidden services" on the Tor network. Now, a fan of mine in Norway called Tor Inge Røttum has set up a hidden service and stashed copies of all my books there. He writes: A hidden service in Tor is a server, it can be any server, a … [Read more]

Thu, 28 Feb 2013 12:35:53 UTC

Brazen Physical Thefts

Posted By Bruce Schneier

Three brazen robberies are in the news this week. The first was a theft at a small museum of gold nuggets worth $750,000: Police said the daring heist happened between daytime tours, during a 20-minute window. Museum employees said the thief used an ax to smash the acrylic window, and then left the ax behind. "He just grabbed it, threw...

Wed, 27 Feb 2013 20:00:00 UTC


Posted By Tim Bray

Heres an odd sentence made of special words: The Web can do big things for little people and little things for big; we think its really pretty good right now. In related news, this blog is ten years old today. On February 27, 2003, I told the world about this project. (Some readers might be entertained by Is This Thing On?  written the next day, about bringing up a new blog back then.) That odd sentence includes only words from among the one hundred most commonly used in ongoing since 2003; including almost all that arent just grammatical auxiliaries. The words found here to date total somewhat over 1,555,000.

Wed, 27 Feb 2013 19:26:01 UTC

Alan F. Westin Died

Posted By Bruce Schneier

Obituary here. His 1967 book, Privacy and Freedom, almost single-handedly created modern privacy law....

Wed, 27 Feb 2013 15:39:06 UTC

A Linux equivalent of DaIotFOS?

Posted By Tom Limoncelli

I often recommend the book The Design and Implementation of the FreeBSD Operating System by Kirk McKusick and George V. Neville-Neil as the best way to learn about Unix. It teaches all the parts of the Unix kernel (process tables, file systems, network stacks, etc) and the algorithms used. A sysadmin gains keen insights into what is going on, which helps them design new systems and debug running systems. It is an excellent textbook and teaches OS theory and concepts along with the narrative of how FreeBSD works. However because it has "FreeBSD" in the title, people often ask if there is a Linux version.

Wed, 27 Feb 2013 13:09:47 UTC

How Complex Systems Fail

Posted By Bruce Schneier

Good summary list. It's not directly about security, but it's all fundamentally about security. Any real-world security system is inherently complex. I wrote about this long ago in Beyond Fear....

Wed, 27 Feb 2013 00:22:59 UTC

Differing fields of view?

Posted By Greg Lehey

Another message in the German Olympus Forum today: differing fields of view for Panasonic and Olympus cameras. The latter is claimed to have a slightly wider field of view. My guess was that the submitter was processing Olympus raw images with a program like ufraw, which leaves the edge in placemouseover alternation: They also show (second image) why I don't use ufraw any more.

Tue, 26 Feb 2013 22:18:06 UTC

LISA '13 Call for Participation released!

Posted By Tom Limoncelli

Just seen on Google+: the call for participation is open: Extended abstracts, papers, experience reports, and proposals for talks, workshops, and tutorials due: Thursday, April 30, 2013, 11:59 p.m. PDT If you haven't attended LISA before, be sure to check out papers and videos from past LISA events. USENIX members help support open access to conference papers and videos of paper presentations. New in 2013! LISA Labs: New this year is a "hack space" available for informal mini-presentations by seasoned professionals, participation in live experiments, tutoring, and mentoring. This will bring a hands-on component to the conference, where attendees can investigate new technologies, apply what they have learned, and interact with other attendees in a participatory technical setting.

Tue, 26 Feb 2013 19:38:35 UTC

Security Lessons from the Battle of Hoth

Posted By Bruce Schneier

Someone has analyzed the security mistakes in the Battle of Hoth, from the movie The Empire Strikes Back....

Tue, 26 Feb 2013 13:10:03 UTC

House Hearing: How Well Is the TSA Doing?

Posted By Bruce Schneier

I would have liked to participate in this hearing: Committee on Homeland Security, Subcommittee on Oversight and Management Efficiency: "Assessing DHS 10 Years Later: How Wisely is DHS Spending Taxpayer Dollars?" February 15, 2013....

Tue, 26 Feb 2013 02:22:55 UTC

Video from Concord, NH appearance

Posted By Cory Doctorow

Steve Davidson from Amazing Stories magazine came to my gig in Concord, NH yesterday, and recorded it, and he's already put it online.

Tue, 26 Feb 2013 02:19:30 UTC

Video from Tools of Change

Posted By Cory Doctorow

I did a pair of appearances at the O'Reilly Tools of Change conference in NYC as part of the tour for Homeland -- the first a solo talk for writers, the second a panel with Henry Jenkins and Brian David Johnson. The latter is online now, as well as an interview.

Tue, 26 Feb 2013 00:15:14 UTC

Aligning images: still no silver bullet

Posted By Greg Lehey

One of the things that I wanted to do with the exposure comparison was to compare the histograms as well. To do that I had to take screen shots of the histograms and then align them somehowand what better tool than Hugin? I don't know, but it seems I need one. I followed my instructions, but the images didn't get aligned properly without selecting View optimization, and when I did, it couldn't cope. Maybe part of the story is the concept of focal length, which is completely missing here.

Mon, 25 Feb 2013 23:11:31 UTC

Hacking test: So nice, so nice, we do it twice

Posted By Greg Lehey

Hacking test(1) was easy, apart from the issue I had by not reading the struct header. Peter Jeremy thought so too, so he came up with his version, which went further than mine: I compared the modification timestamps, creation timestamps or access timestamps of two files. Peter made it more general: compare any two timestamps, including the birthtime stamp introduced with UFS 2, a total of 16 possible comparisons instead of the 3 that I had envisaged. What use are they? Who knows? You can't guess what people might like to do with the tool.

Mon, 25 Feb 2013 20:00:00 UTC

New Mobile Rhythm

Posted By Tim Bray

You know that Android Versions dashboard? It matters less and less for developers. And its been irritating me for months now that the mobile-device commentariat apparently hasnt noticed. Im hoping todays news will help make my point. Lets look at some recent history. September 2012 The debut of Google Play services brought OAuth 2.0 capabilities to apps running on all compatible devices back to release 2.2 (Froyo). December 2012 Google Play services release 2 brought major Maps-API improvements to apps on all compatible devices back to 2.2. February 26, 2013 Release 3 of Google Play services brought a major revamp of the Google+ API to apps on all compatible devices back to 2.2.

Mon, 25 Feb 2013 19:49:53 UTC

Me at the RSA Conference

Posted By Bruce Schneier

I'll be speaking twice at the RSA Conference this year. I'm giving a solo talk Tuesday at 1:00, and participating in a debate about training Wednesday at noon. This is a short written preview of my solo talk, and this is an audio interview on the topic. Additionally: Akamai is giving away 1,500 copies of Liars and Outliers, and Zcaler...

Mon, 25 Feb 2013 15:00:00 UTC

Wikimedia Foundation's system administration

Posted By Tom Limoncelli

In an effort to help the less technical community understand what Wikimedia Foundation's systems administrators do, Sumana Harihareswara wrote some very interesting blog posts. They're interesting to technical people too. From duct tape to puppets: How a new data center became an opportunity to do things right How the Technical Operations team stops problems in their tracks It is particularly interesting how she expresses the value of what we do to the Wikimedia managers and donors. There's also some information in there about how Wikimedia Foundation Ops uses Puppet, Nagios, and Ganglia. They're both worth reading. Enjoy!

Mon, 25 Feb 2013 14:31:03 UTC

Libraries and Makerspaces: a match made in heaven

Posted By Cory Doctorow

I wrote a guest editorial for the Raincoast Books site, in honour of Freedom to Read Week. It's called "Libraries, Hackspaces and E-waste: how libraries can be the hub of a young maker revolution," and it's about the role of libraries in the 21st century: Every discussion of libraries in the age of austerity always … [Read more]

Mon, 25 Feb 2013 14:31:00 UTC

Libraries, Hackspaces and E-waste: how libraries can be the hub of a young maker revolution

Posted By Cory Doctorow

Raincoast Books

Mon, 25 Feb 2013 11:52:51 UTC

Another Essay about Liars and Outliers

Posted By Bruce Schneier

The Montréal Review asked me to write an essay about my latest book. Not much that regular readers haven't seen before....

Sun, 24 Feb 2013 23:01:25 UTC

Hacking test

Posted By Greg Lehey

Talking with Peter Jeremy on IRC this morning, and he bemoaned that fact that test(1) doesn't have comparison operators between files based on creation time or access time. All that's currently available is a comparison between modification times: === grog@eureka (/dev/pts/9) /var/tmp 29 -> touch foo === grog@eureka (/dev/pts/9) /var/tmp 30 -> touch bar === grog@eureka (/dev/pts/9) /var/tmp 31 -> test foo -nt bar; echo $? 1 === grog@eureka (/dev/pts/9) /var/tmp 32 -> test bar -nt foo; echo $? 0 === grog@eureka (/dev/pts/9) /var/tmp 33 -> -nt means newer than; there's also an -ot.

Sat, 23 Feb 2013 23:54:45 UTC

More fiddling with Hugin

Posted By Greg Lehey

So it seems that I will need to install wxWidgets 2.9 to have a chance of setting multiple displays, and even then it's not clear that it will work. But maybe there's an easier way: Hugin honours the DISPLAY environment variable, so how about setting that inside the program, before the window is created? Did thathow easy C is in comparison to C++but it had no effect. Presumably the widgets, or possibly GTK+, have looked at the variable on startup and hidden it somewhere difficult to find. That was to be expected, but I wonder how much sense it really makes?

Sat, 23 Feb 2013 23:05:34 UTC

Shutdown hang

Posted By Greg Lehey

Yvonne woke me this morning to tell me that her machine hadn't shut downsomething about not ready. At least that's better than an error occurred. But I saw something I have never seen before: What causes that? Why did it want to suspend? It's supposed to be shutting down. Peter Jeremy investigated and came to the conclusion that it did make sense, but of course there's no way to know what really happened, and it didn't happen again.

Sat, 23 Feb 2013 04:43:34 UTC


Posted By Cory Doctorow

Sat, 23 Feb 2013 04:42:12 UTC

Pirate Cinema

Posted By Cory Doctorow

Trent McCauley is sixteen, brilliant, and obsessed with one thing: making movies on his computer by reassembling footage from popular films he downloads from the net. In the dystopian near-future Britain where Trent is growing up, this is more illegal than ever; the punishment for being caught three times is that your entire households access … [Read more]

Fri, 22 Feb 2013 23:19:59 UTC

Hacking Hugin

Posted By Greg Lehey

I've been trying out the new version of Hugin. I can't say I particularly like it. It now comes with user levels (Interfaces), Simple, Advanced and Expert. The default interface is the Simple one, of course, and it shows a combination of the old Assistant and Fast Panorama Preview windows. It also bleeds text, which I find ugly. Once you select the Expert interface things don't look too different from before. Except for the Identify function in the Fast Panorama Preview. This shows the locations of the individual images and any masking, which is a very useful for more complicated panoramas.

Fri, 22 Feb 2013 22:44:55 UTC

Printing a PDF

Posted By Greg Lehey

Carola is leaving for Tasmania on Saturday, and she finally has her flight bookings complete. So she asked me to print out the documents for her today. Nothing difficult about that. They're PDF documents. All I need is to convert them to PostScript and print them. Arguably a print filter should do that for me. There's an issue with acroread, but I have pdf2ps, part of ghostview, so used that instead. But the printout wasn't what I expected: ERROR: invalidaccess OFFENDING COMMAND: length STACK: What does that mean?

Fri, 22 Feb 2013 22:38:30 UTC

Friday Squid Blogging: Land Squids

Posted By Bruce Schneier

Funny. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 22 Feb 2013 20:21:39 UTC

I Was on Inventing the Future

Posted By Bruce Schneier

I was a guest on Inventing the Future, for an episode on surveillance technology. The video is here....

Fri, 22 Feb 2013 17:12:01 UTC

Hacking the Papal Election

Posted By Bruce Schneier

As the College of Cardinals prepares to elect a new pope, security people like me wonder about the process. How does it work, and just how hard would it be to hack the vote? The rules for papal elections are steeped in tradition. John Paul II last codified them in 1996, and Benedict XVI left the rules largely untouched. The...

Fri, 22 Feb 2013 12:03:34 UTC

All Those Companies that Can't Afford Dedicated Security

Posted By Bruce Schneier

This is interesting: In the security practice, we have our own version of no-man's land, and that's midsize companies. Wendy Nather refers to these folks as being below the "Security Poverty Line." These folks have a couple hundred to a couple thousand employees. That's big enough to have real data interesting to attackers, but not big enough to have a...

Fri, 22 Feb 2013 01:59:03 UTC

Cascadia IT Conference: Discount about to end!

Posted By Tom Limoncelli

One week left to get early bird pricing! The conference is in Seattle, WA, March 15-16, 2013. Don't miss it!

Thu, 21 Feb 2013 21:00:00 UTC

Are release trains obsolete?

Posted By Tom Limoncelli

IT systems have many parts. Each needs to be upgraded or patched. The old way to handle this is to align all the individual release schedules so that you can make a "big release" that gets tested as a unit, and released as unit. You can do this when things change at a sane rate. Now more things are changing and the rate is much faster. We also have less control. Operating systems have frequent patches. There are urgent security patches that need to roll out "immediately". Applications have frequent updates, many even upgrade themselves. Our PCs have firmware updates for the BIOS, the keyboard, the IPMI controller, the mouse (yes, my damn mouse needed a flash update recently!)

Thu, 21 Feb 2013 20:00:00 UTC

JSON Lesson

Posted By Tim Bray

I just learned (maybe everyone else already knew) that its legal to have duplicate keys in JSON text. But please dont. There are three definitions of JSON. The lovely graphical one at, the less lovely monospaced ASCII in RFC 4627, and Section 15.12 of ECMAScript 5.1. says nothing about duplicate keys. RFC 4627 (section 2.2), says The names within an object SHOULD be unique. ECMAScript (15.12.2) says NOTE In the case where there are duplicate name Strings within an object, lexically preceding values for the same key shall be overwritten. So I guess this is legal: { "key":"a345", "key":"b678" } Gag.

Thu, 21 Feb 2013 20:00:00 UTC

A or A?

Posted By Tim Bray

When ordinary non-geek people find out Im in the biz, I often hear Im going to dump the dumbphone and get something slick. Should I get an Apple or an Android?This question is getting harder and harder to answer. Here are some things I used to say. Movies, Music, Media? Apple This remains a little bit true; the worlds still playing catch-up with Apples media ecosystem. But it is catching up; Amazon and Google are both investing hugely in providing low-friction soup-to-nuts offerings, and really want to be your books/music/movie store. And I dont see how Apple has a moat here, some special secret sauce that the competition wont be able to match.

Thu, 21 Feb 2013 18:54:28 UTC

More on Chinese Cyberattacks

Posted By Bruce Schneier

Wow, is this a crazy media frenzy. We should know better. These attacks happen all the time, and just because the media is reporting about them with greater frequency doesn't mean that they're happening with greater frequency. Hype aside, the Mandiant report on the hackers is very good, especially the part where the Chinese hackers outted themselves through poor opsec:...

Thu, 21 Feb 2013 15:04:23 UTC

Video from the Seattle stop on the Homeland tour

Posted By Cory Doctorow

Thanks to Darius Dunlap 2013 for shooting and uploading this CC-BY video from the first stop on my current Homeland tour, at the Seattle public library!

Thu, 21 Feb 2013 14:04:37 UTC

Systems Code

Posted By Diomidis D. Spinellis

If I program in many high and low-level languages, but don–t write systems code, I am a quiche programmer or a code monkey. And if my code runs without errors, and I know the complexity of all algorithms; and if my servers have hundreds of cores and gigabytes of RAM, but don–t write systems code, I am nothing. And if I run the hippest kernel, and install the neatest apps, but don–t write systems code, it profiteth me nothing.

Thu, 21 Feb 2013 13:24:45 UTC

Age Biases in Perceptions of Trust

Posted By Bruce Schneier

Interesting research (full article is behind a paywall): Abstract: Older adults are disproportionately vulnerable to fraud, and federal agencies have speculated that excessive trust explains their greater vulnerability. Two studies, one behavioral and one using neuroimaging methodology, identified age differences in trust and their neural underpinnings. Older and younger adults rated faces high in trust cues similarly, but older adults...

Wed, 20 Feb 2013 20:00:00 UTC

The Wrath of Heaven

Posted By Tim Bray

May it afflict Dupuytren's contracture, hangnails, and other painful pathologies of the hand on every developer who screws with Control-A, -E, -F, -B, -N, or -P in any OS X app anywhere you can edit text. Firefox, Im looking at you (but only when theres a search box open at the bottom of the browser). StackOverflow, Im looking at you. Seriously, you guys are peeing on sacred ground.

Wed, 20 Feb 2013 18:03:29 UTC

Cheating at Chess

Posted By Bruce Schneier

Good summary of cheating in tournament chess....

Wed, 20 Feb 2013 16:33:55 UTC

WSJ on Homeland

Posted By Cory Doctorow

Here's a nice surprise: a glowing review of my new novel Homeland in the WSJ. "Homeland" is as dead serious as "1984," as potentially important a "novel of ideas," with a much more engaging central character and an apparently inexhaustible supply of information on everything from brewing coffee to sneaky surveillance and how to defeat … [Read more]

Wed, 20 Feb 2013 15:00:00 UTC

Reverting in "git"

Posted By Tom Limoncelli

I'm slowly learning "git". The learning curve is hard at first and gets better as time goes on. (I'm also teaching myself Mercurial, so let's not start a 'which is better' war in the comments). Reverting a file can be a little confusing in git because git uses a different model than, say, SubVersion. You are in a catch-22 because to learn the model you need to know the terminology. To learn the terminology you need to know the model. I think the best explanations I've read so far have been in the book Pro Git, written by Scott Chacon and published by Apress.

Wed, 20 Feb 2013 13:29:50 UTC

Fixing Soccer Matches

Posted By Bruce Schneier

How international soccer matches are fixed. Right now, Dan Tan's programmers are busy reverse-engineering the safeguards of online betting houses. About $3 billion is wagered on sports every day, most of it on soccer, most of it in Asia. That's a lot of noise on the big exchanges. We can exploit the fluctuations, rig the bets in a way that...

Tue, 19 Feb 2013 19:12:50 UTC

I Cant Let You Do That, Dave: when we design computers to boss us around

Posted By Cory Doctorow

My latest Publishers Weekly column, "I Can't Let You Do That, Dave," is a look at the dangers of redesigning our computers to boss us around instead of doing what they're told and trying to help us: Contrary to whats been written in some quarters, Aaron Swartz didnt attempt to download those journal articles because … [Read more]

Tue, 19 Feb 2013 19:12:41 UTC

I Cant Let You Do That, Dave

Posted By Cory Doctorow

Publishers Weekly

Tue, 19 Feb 2013 18:52:43 UTC

19th-Century Traffic Analysis

Posted By Bruce Schneier

There's a nice example of traffic analysis in the book No Name, by Wilkie Collins (1862). The attacker, Captain Wragge, needs to know whether a letter has been placed in the mail. He knows who it will have been addressed to if it has been mailed, and with that information, is able to convince the postmaster to tell him that...

Tue, 19 Feb 2013 12:11:29 UTC

Hacking Citation Counts

Posted By Bruce Schneier

Hacking citation counts using Google Scholar....

Tue, 19 Feb 2013 10:22:40 UTC

Coming to Memphis tonight!

Posted By Cory Doctorow

Hey, Memphis! I'm appearing tonight at The Booksellers at Laurelwood at 6PM! Tomorrow, I'll be in New Orleans, followed by Houston on Thursday. And lots more to come!

Tue, 19 Feb 2013 07:30:00 UTC

Expanding the Cloud - Introducing AWS OpsWorks, a Powerful Application Management Solution

Posted By Werner Vogels

Today Amazon Web Services launched AWS OpsWorks, a flexible application management solution with automation tools that enable you to model and control your applications and their supporting infrastructure. OpsWorks allows you to manage the complete application lifecycle, including resource provisioning, configuration management, application deployment, software updates, monitoring, and access control. As with all the AWS Application Management services AWS OpsWorks is provided at no additional charge. AWS customers only pay for those resources that they have used. Simplified Application Management OpsWorks is designed for IT administrators and ops-minded developers who want an easy way to manage applications of nearly any scale and complexity without sacrificing control.

Mon, 18 Feb 2013 19:43:55 UTC

More State-Sponsored Hacking

Posted By Bruce Schneier

After the New York Times broke the story of what seemed to be a state-sponsored hack from China against the newspaper, the Register has stories of two similar attacks: one from Burma and another from China....

Mon, 18 Feb 2013 15:00:00 UTC

Metcalfe's law

Posted By Tom Limoncelli

Metcalfe's law states that the value of a telecommunications network is proportional to the square of the number of connected users of the system (n^2). Robert M. Metcalfe, the inventor of Ethernet, originally meant it to apply to devices on a network that could communicate with each other. It isn't sufficient to be on the same network if they speak incompatible protocols. It isn't sufficient to speak compatible protocols if they aren't connected. A more plainspoken way to state Metcalfe's law is that every one new user added to a network makes the network more than one unit more useful. A more simple way to understand this law is: "The first person to buy a fax machine was a fool."

Mon, 18 Feb 2013 12:14:41 UTC

Automobile Data Surveillance and the Future of Black Boxes

Posted By Bruce Schneier

Tesla Motors gave one of its electric cars to John Broder, a very outspoken electric-car skeptic from the New York Times, for a test drive. After a negative review, Tesla revealed that it logged a dizzying amount of data from that text drive. The company then matched the reporter's claims against its logs and published a rebuttal. Broder rebutted the...

Mon, 18 Feb 2013 11:38:46 UTC

Coming to Oxford, MS this afternoon

Posted By Cory Doctorow

Hey, Oxford, MS! I'm coming to town today, and signing at Square Books at 5PM on the tour for my new book Homeland. I'll be in Memphis tomorrow, and then I go to New Orleans on Tuesday. Though I can hardly believe it, the tour is only halfway along, and there's tons more stops to … [Read more]

Sun, 17 Feb 2013 23:03:22 UTC

Enblend fixed

Posted By Greg Lehey

How about that, a new version of enblend, 4.1.1. No explanation, but the bug is gone, so presumably that's a result of my reportnot such a bad response time after all. Updated the port and asked Jürgen Lock to commit it for me. He went to a lot more trouble, in the process discovering a number of issues not directly related to the upgrade, notably documentation. But finally it's there. Now to move on to the Hugin port.

Sun, 17 Feb 2013 22:11:35 UTC

Video from yesterdays event at Flyleaf books in Chapel Hill, NC

Posted By Cory Doctorow

Calvin Powers of the SplatSpace makerspace posted a video of yesterday's presentation at Flyleaf Books in Chapel Hill, NC. Thanks, Calvin!

Sun, 17 Feb 2013 02:22:00 UTC

Coming to Decatur today!

Posted By Cory Doctorow

Hey, Decatur! I'm coming to town today on the tour for my new novel, Homeland; I'll be at the Decatur Library at 7PM. Then, on Monday I'll be in Oxford, MS, followed by Memphis on Tuesday. There's many more cities to go!

Sat, 16 Feb 2013 22:54:33 UTC

More photo processing strangenesses

Posted By Greg Lehey

House photo day again today. Despite improvements in my technique, it took all day, at least partially because I had to start late. But once again I've run into some strangenesses in processing that may be due to the newer versions of the software. Here an example done with the old (2011.4.0) and new (2012.1.0) versions of Hugin: As in most cases, in this image I violated the rule that you should take all component images with the same exposure, but not by very much: the ends were exposed with 12.6 EV, and the middle with 14.3 EV.

Sat, 16 Feb 2013 10:22:54 UTC

Ill be Chapel Hill today at 2PM

Posted By Cory Doctorow

Hey, Chapel Hill! I'm headed your way today on the Homeland tour! I'll be at Flyleaf Books at 2PM. Tomorrow, I'll be in Decatur, and Monday it's a 5PM event at Square Books in Oxford, MS. I'm only halfway through the tour, too! Here's the rest of the schedule.

Sat, 16 Feb 2013 00:45:34 UTC

Enblend bug confirmed

Posted By Greg Lehey

Reply to my message about the enblend bug today. It appears to be a known problem, and the respondent (Christoph Spiel?) even provided a link to a patch. This all begs the question why it hasn't been made more public. I'd consider that one a show-stopper. It seems to have less to do with 360° panoramas than with images with more than one seam line. I suppose I should try the development version.

Fri, 15 Feb 2013 22:09:57 UTC

Friday Squid Blogging: More on Flying Squid

Posted By Bruce Schneier

Japanese squid researchers have confirmed flying squid can fly, and how they do it. (Note: I have written about flying squid before.) As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 15 Feb 2013 18:52:24 UTC

Jacob Appelbaum's 29C3 Keynote Speech

Posted By Bruce Schneier

This QNsePZj_Yks">speech from last December's 29C3 (29th Chaos Communication Congress) is worth listening to. He talks about what we can do in the face of oppressive power on the Internet. I'm not sure his answers are right, but am glad to hear someone talking about the real problems....

Fri, 15 Feb 2013 12:48:58 UTC

Guessing Smart Phone PINs by Monitoring the Accelerometer

Posted By Bruce Schneier

"Practicality of Accelerometer Side Channels on Smartphones," by Adam J. Aviv. Benjamin Sapp, Matt Blaze, and Jonathan M. Smith. Abstract: Modern smartphones are equipped with a plethora of sensors that enable a wide range of interactions, but some of these sensors can be employed as a side channel to surreptitiously learn about user input. In this paper, we show that...

Fri, 15 Feb 2013 09:50:32 UTC

Coming to Miami tonight!

Posted By Cory Doctorow

Hey, Miami! I'm about to head to the airport for my appearance tonight at Books & Books. Tomorrow I'll be in Chapel Hill at Flyleaf Books, and on Sunday I'll be in Decatur at the Decatur Library (sponsored by Little Shop of Stories). There's still plenty more cities to go, too!

Fri, 15 Feb 2013 08:01:00 UTC

Amazon Redshift and Designing for Resilience

Posted By Werner Vogels

As you may remember from our announcement at re: Invent in November 2012, Amazon Redshift is a fast and powerful, fully managed, petabyte-scale data warehouse service that delivers fast query performance at less than one tenth the cost of most traditional data warehouse systems. Ive been eagerly waiting for Amazon Redshifts launch since we announced the service preview at re: Invent and Im delighted that its now available for all customers in the US East (N. Virginia) Region, with additional AWS Regions planned for the coming months. To get started with Amazon Redshift, visit: Amazon Redshift and Resilience Previously, Ive written at length about how Amazon Redshift achieves high performance.

Fri, 15 Feb 2013 03:13:58 UTC

The new enblend

Posted By Greg Lehey

My updated enblend 4.1 port is now ready for committing. I had done some testing with it on stable-amd64, but it seemed reasonable to try it on eureka with some more complicated panoramas. A good thing I did: Spent hours investigating, but it seems that this is a bug in enblend 4.1 which occurs with 360° panoramas. I wasn't able to stitch a single 360° panorama correctly. Entered a bug report and wrote a description page.

Thu, 14 Feb 2013 21:18:50 UTC

EFF-Austin benefit after My Book People event on Feb 22

Posted By Cory Doctorow

After my event at Austin's Book People on Feb 27, I'll be doing a benefit for EFF-Austin on their location privacy campaign. We did this the last time I came through town and it was tremendous -- come on out! An evening with Cory Doctorow and EFF-Austin

Thu, 14 Feb 2013 20:00:00 UTC

California Valentine

Posted By Tim Bray

OK, so I took these pix on the 11th not the 14th and, whats worse, processed them heavily, but theyre still a love letter to That State. Theyre from Venice Beach in LA, which I think a deep expression of Pacific Timezone consciousness. Yeah, its sorta sleazy and drug-oriented, but Ill deal with that in exchange for, well, that Pacific edge. LAs about a lot of things, like for example this.

Thu, 14 Feb 2013 17:42:59 UTC

Using the iWatch for Authentication

Posted By Bruce Schneier

Usability engineer Bruce Tognazzini talks about how an iWatch -- which seems to be either a mythical Apple product or one actually in development -- can make authentication easier. Passcodes. The watch can and should, for most of us, eliminate passcodes altogether on iPhones, and Macs and, if Apple's smart, PCs: As long as my watch is in range, let...

Thu, 14 Feb 2013 12:32:47 UTC

Anti-Cheating Security in Casinos

Posted By Bruce Schneier

Long article. With over a thousand cameras operating 24/7, the monitoring room creates tremendous amounts of data every day, most of which goes unseen. Six technicians watch about 40 monitors, but all the feeds are saved for later analysis. One day, as with OCR scanning, it might be possible to search all that data for suspicious activity. Say, a baccarat...

Thu, 14 Feb 2013 09:55:32 UTC

Coming to Cincinnati today!

Posted By Cory Doctorow

As I write this, I'm on my way to the airport, headed for Cincinnati, where I'll be doing an appearance tonight at Joseph-Beth Booksellers on the tour for Homeland, which hit the New York Times bestseller list last night. Tomorrow, I'll be in Miami and then I'll be in Chapel Hill. There's still lots more … [Read more]

Thu, 14 Feb 2013 04:40:30 UTC

Crucible Steel

Posted By Niels Provos

Thu, 14 Feb 2013 04:40:30 UTC

Crucible Steel

Posted By Niels Provos

Thu, 14 Feb 2013 04:40:30 UTC

Crucible Steel

Posted By Niels Provos

Thu, 14 Feb 2013 00:05:48 UTC

Shutdown stupidity

Posted By Greg Lehey

Watching TV in the evening, and then for some reason wanted to look at something on eureka. Did that, then shut the machine down. teevee? No, eureka! What a pain. And the more I reboot eureka, the more idiotic this historical reliance on dereel, now a virtual machine, becomes. It took me over half an hour to bring the machine up again. There's no reason why the executables and libraries need to be on an NFS mount from dereeltomorrow I'll move them to a local file system.

Wed, 13 Feb 2013 23:25:40 UTC

Aligning panoramas, continued

Posted By Greg Lehey

More playing around with Hugin today trying to align the before and after images of Yvonne's office. Made some progress, but clearly it's getting to be time to investigate what all the different optimizations really do at a technical level. RSS can't display the comparisons. See the HTML version for more details. The real issue appears to be to find enough control points in the right places for nona to remap them correctly. Here the picture on the right and the curtain rails are OK, but on the left I couldn't find enough control points to completely align the two. It's also worth noting how much smaller the maximum crop has become.

Wed, 13 Feb 2013 22:09:01 UTC

Homeland just made the New York Times bestseller list!

Posted By Cory Doctorow

Indiebound list, too! Life is good where I am.

Wed, 13 Feb 2013 19:39:57 UTC

Real-World Prisoner's Dilemma from France

Posted By Bruce Schneier

This is a real story of a pair of identical twins who are suspected in a crime. There is there is CCTV and DNA evidence that could implicate either suspect. Detailed DNA testing that could resolve the guilty twin is prohibitively expensive. So both have been arrested in the hope that one may confess or implicate the other....

Wed, 13 Feb 2013 15:00:00 UTC

Label those datacenter cables!

Posted By Tom Limoncelli

Matt Simmons of the Standalone Sysadmin blog asked about labeling network cables in a datacenter on the LOPSA-Tech mailing list which brought up a number of issues. He wrote:So, my current situation is that I'm working in a datacenter with 21 racks arranged in three rows, 7 racks long. We have one centralized distribution switch and no patch panels, so everything is run to the switch which lives in the middle, roughly. It's ugly and non-ideal and I hate it a bunch, but it is what it is. And it looks a lot like this. Anyway, so given this really suboptimal arrangement, I want to be able to more easily identify a particular patch cable because, as you can imagine, tracing a wire is no fun right now.

Wed, 13 Feb 2013 12:13:31 UTC

New al Qaeda Encryption Tool

Posted By Bruce Schneier

There's not a lot of information -- and quite a lot of hyperbole -- in this article: With the release of the Asrar Al Dardashah plugin, GIMF promised "secure correspondence" based on the Pidgin chat client, which supports multiple chat platforms, including Yahoo Messenger, Windows Live Messenger, AOL Instant Messenger, Google Talk and Jabber/XMPP. "The Asrar Al Dardashah plugin supports...

Wed, 13 Feb 2013 10:39:19 UTC

Coming to Cincinnati tomorrow!

Posted By Cory Doctorow

Hey folks! Just a reminder that I'll be in romantic Cincinnati tomorrow night at 7PM at Joseph-Beth for the next stop of my Homeland tour. From there, it's Miami and Chapel Hill (and tons more).

Tue, 12 Feb 2013 23:16:24 UTC

Aligning panoramas

Posted By Greg Lehey

The photos of Yvonne's office aren't ideal: the before and after images don't line up. And the instructions in my alignment page don't help. If the focal length of the images are close to the same, the view alignment doesn't workthis is the background to one of the things that Thomas Modes changed, but it still needs clarification. This is going to keep me busy for a while.

Tue, 12 Feb 2013 23:07:14 UTC

Documenting Hugin, continued

Posted By Greg Lehey

A reply to my message in the Hugin mailing list this morning, from Thomas Modes, explaining a few things, but still a little astonishing: The wiki page are also used as help files and shipped with Hugin. If the new version would be shipped without the updated pages, it would also confusing. And we can't update all pages at once. So we started with the update of the wiki pages. The first beta release will follow in the next weeks. So there is a short time, where wiki and release are out of date.

Tue, 12 Feb 2013 21:01:56 UTC

Scott Siglers new MONSTROSITY show, plus a tour of my office

Posted By Cory Doctorow

Scott Sigler's got a new YouTube show called Monstrosity, and he interviewed me (and several others!) for it. I also gave him a shakycam tour of my beloved office, which he's posted as a bonus ep.

Tue, 12 Feb 2013 20:00:00 UTC

Every Year This Time

Posted By Tim Bray

These little guys show up in our front garden, and every year this time I run photos of em, not that theres anything really new or different compared to previous years; but theyre whispering Spring! in violet and yellow, so how could I not share? Some others were really fully open to the sun, but I thought this family were adorable.

Tue, 12 Feb 2013 18:55:26 UTC

Massive Police Shootout in Cleveland Despite Lack of Criminals

Posted By Bruce Schneier

This is an amazing story. I urge you to read the whole thing, but here's the basics: A November car chase ended in a "full blown-out" firefight, with glass and bullets flying, according to Cleveland police officers who described for investigators the chaotic scene at the end of the deadly 25-minute pursuit. But when the smoky haze -- caused by...

Tue, 12 Feb 2013 15:00:00 UTC

"The Finer Art of Being a Senior Sysadmin"

Posted By Tom Limoncelli

Sheeri K. Cabral's talk from LCA2013 is now available online: "The Finer Art of Being a Senior Sysadmin" The video is 17 minutes long and makes a lot of references to a blog post I wrote last September. It is a great talk and well worth watching!

Tue, 12 Feb 2013 12:53:19 UTC

Our New Regimes of Trust

Posted By Bruce Schneier

Society runs on trust. Over the millennia, we've developed a variety of mechanisms to induce trustworthy behavior in society. These range from a sense of guilt when we cheat, to societal disapproval when we lie, to laws that arrest fraudsters, to door locks and burglar alarms that keep thieves out of our homes. They're complicated and interrelated, but they tend...

Tue, 12 Feb 2013 06:46:01 UTC

Photos from Booksmith stop

Posted By Cory Doctorow

Photographer Alex Schoenfeld came to my Homeland tour-stop at Booksmith in San Francisco and took some great shots, which he's been kind enough to post under a Creative Commons 3.0 Non-commercial attribution only license. Thanks, Alex!

Tue, 12 Feb 2013 04:35:57 UTC

Books I've recommended in the last week:

Posted By Tom Limoncelli

Realizing that I've recommended a lot of books lately. I thought I'd list them here for others to benefit. I'm not saying I've read them all and these are the best, but these are the ones I've read and found useful. Management: If you are getting started as a manager: The One Minute Manager by Kenneth H. Blanchard If you want to be more strategic: The Art of War: Complete Texts and Commentaries If you have to make a big change to your organization (shutting down a project or getting everyone onto a new platform): Managing Transitions: Making the Most of Change by William Bridges Layout and web design: The basics of design, so you can make posters, webpages, and just about anything look more professional: The Non-Designer's Design Book by Robin Williams Website usability: Don't Make Me Think: A Common Sense Approach to Web Usability by ...

Tue, 12 Feb 2013 00:31:02 UTC

Mail falling into black hole

Posted By Greg Lehey

I was expecting a lot of mail today, but somehow nothing much arrivedso little that I started to check. First in /var/log/maillog: Feb 11 00:00:00 dereel newsyslog[26227]: logfile turned over That's not very much. Why wasn't postfix logging? Tried sending myself a message locally. No log messages. Nothing in my inbox. Nothing in ~/Mail/backup, where I store everything that arrives, even spam. Panic time. Was this another problem with procmail? Took a look in the procmail log. Everything looked normal: mail arrived, processed, stored in /var/mail/grog.

Tue, 12 Feb 2013 00:27:00 UTC

More ports

Posted By Greg Lehey

Finished my port of tclap today, and finally committed it. Also updated the Hugin port to the latest releaseby no means too earlybut that's Vadim Dimov's baby, so I'll have to send it to him. At least things are looking tidier now.

Tue, 12 Feb 2013 00:15:05 UTC

Documentation: The newer, the better

Posted By Greg Lehey

After fixing the Hugin alignment page yesterday, I sent out a message to the Hugin mailing list asking for review. No replies apart for a thank-you, but when I went to look, I discovered that a Thomas with no further identification had changed itto reflect the current development version! So now, again, it doesn't work. Why do people do that? Admittedly, he did have one great simplification, but in general this just confuses people.

Tue, 12 Feb 2013 00:00:00 UTC

Expanding the Cloud: The Amazon Elastic Transcoder

Posted By Werner Vogels

While I was returning from an exciting time in New Orleans watching the Super Bowl, AWS launched a very cool, brand new service: Amazon Elastic Transcoder. Amazon Elastic Transcoder is designed to be very easy to use, scalable and cost-effective video transcoding in the cloud. Jeff Barr did an excellent job running through the service on his blog and you can also check out the detail page. I spent a lot of time talking to AWS customers who were also in New Orleans, many of them who work with media, and all emphasized that transcoding fits naturally with services that we already offer like storage (Amazon S3 and Glacier) and delivery (Amazon CloudFront).

Mon, 11 Feb 2013 20:52:35 UTC

Video from activism panel at ASU

Posted By Cory Doctorow

ASU's Center for Science and the Imagination has already posted the video from this morning's panel on hacktivism and politics. It was a good, meaty discussion: Part 1, Part 2

Mon, 11 Feb 2013 19:25:40 UTC

Really Clever TLS Attack

Posted By Bruce Schneier

This is an extremely clever man-in-the-middle timing attack against AES that exploits the interaction between how the protocol implements AES in CBC mode for encryption, and HMAC-SHA1 for authentication. (And this is a really good plain-language description of it.)...

Mon, 11 Feb 2013 18:31:42 UTC

atomic Weapons: The C++ Memory Model and Modern Hardware

Posted By Herb Sutter

Most of the talks I gave at C++ and Beyond 2012 last summer are already online at Channel 9. Here are two more. This is a two-part talk that covers the C++ memory model, how locks and atomics and fences interact and map to hardware, and more. Even though we’re talking about C++, much of [...]

Mon, 11 Feb 2013 12:49:11 UTC

Platform Fragmentation as a Security Issue

Posted By Bruce Schneier

Interesting article about the difficulty Google has pushing security updates onto Android phones. The problem is that the phone manufacturer is in charge, and there are a lot of different phone manufacturers of varying ability and interest....

Mon, 11 Feb 2013 12:46:22 UTC

Speaking at ASU Phoenix this morning

Posted By Cory Doctorow

Yesterday's event at Changing Hands Bookstore in Tempe, AZ was amazing, and I'm sticking around in Phoenix for one more day: this morning, I'll be presenting at ASU's Center for Science and the Imagination at 10:30AM, talking about hacktivism, ethics and the future of the fight for digital rights. Then I'm on the red-eye to … [Read more]

Mon, 11 Feb 2013 01:16:07 UTC

Interview with Rick Kleffel about Homeland

Posted By Cory Doctorow

Last week I sat down for an interview with Rick Kleffel at KQED in San Francisco. He's put the whole interview -- a long one! -- up in his Trashotron podcast feed. We talked about Homeland and other things. Rick, as always, was a very astute interviewer. MP3 link

Sun, 10 Feb 2013 23:58:51 UTC

Traceroute to Star Wars

Posted By Greg Lehey

Somebody pointed me at this today: === grog@w3 (/dev/ttyp1) ~ 1 -> traceroute traceroute to (, 64 hops max, 40 byte packets ...

Sun, 10 Feb 2013 23:33:26 UTC

Finally: aligning images

Posted By Greg Lehey

In March 2011 I tried in vain to align 3 images with Hugin so that I could compare them with mouseover image manipulation. The main problem was that one of the images was taken at a different focal length, so they didn't line up: I asked on the Hugin mailing list, but didn't get the answers I wanted. Today I finally worked it out and wrote a description of how to do it.

Sun, 10 Feb 2013 20:00:00 UTC

XMLs 15th Birthday

Posted By Tim Bray

Whether you like XML or not, were stuck with it for a long time. These days, the only new XML-based projects being started up are document-centric and publishing-oriented. Thank goodness, because thats a much better fit than all the WS-* and Java EE config puke and so on that has given those three letters a bad name among so many programmers. XML for your document database is actually pretty hard to improve on. February 10, 1998 I was at some meeting or another at Microsoft, and we were trying to get the last few changes in and publish the final approved spec.

Sun, 10 Feb 2013 19:52:11 UTC

Letter from a young Homeland reader

Posted By Cory Doctorow

As you've no doubt gleaned, I'm on tour with my new novel, Homeland. A lot of people commiserate with me about the grueling pace -- and it is! a new city practically every day and nowhere near enough sleep and continuous interviews and presentations from o-dark hundred to late at night -- but for all … [Read more]

Sun, 10 Feb 2013 12:26:11 UTC

Coming to Tempe, AZ today on the Homeland tour!

Posted By Cory Doctorow

I'm heading to Tempe, AZ today for a 2PM appearance at Changing Hands Bookstore on my tour for Homeland, the sequel to Little Brother. Next I'll be in NYC for the Tools of Change publishing conference, then in Cincinnati for a romantic Feb 14 presentation at Joseph-Beth Booksellers at 7PM. There's plenty more stops on … [Read more]

Sat, 09 Feb 2013 22:48:27 UTC

Yet Another X Hang

Posted By Greg Lehey

I've got to admit it: since building my last kernel, the X hang problem is back. Many times when I connect cameras or disks to the USB bus, I end up with this cursor jumping problem. It happened twice today. How can I fix it?

Sat, 09 Feb 2013 22:04:40 UTC

No wind any more

Posted By Greg Lehey

My weather station showed no wind at all for nearly 24 hours. Looking outside shows why:

Sat, 09 Feb 2013 13:41:44 UTC

Instructables based on Little Brother and Homeland

Posted By Cory Doctorow

The awesome people at Instructables have launched a series of HOWTOs based on my novel Homeland, written from the point of view of Marcus, the novel's hero. They previously posted 11 of these for Little Brother, and the new Homeland ones should be kicking off any day. Watch this space! m1k3y's Instructables

Sat, 09 Feb 2013 13:27:32 UTC

Coming to Salt Lake City today

Posted By Cory Doctorow

As you read this, I'll be on a plane heading for Salt Lake City, where I'll be appearing at the Leonardo Science Museum at 2PM with my new novel Homeland. On Sunday, I'll be in Tempe at Changing Hands books, and then on Feb 12 I'll be in NYC for the Tools of Change conference … [Read more]

Sat, 09 Feb 2013 00:28:21 UTC

Friday Squid Blogging: Squid Recipe

Posted By Bruce Schneier

Chorizo-stuffed squid with potatoes, capers and sage. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 08 Feb 2013 20:41:19 UTC

I Seem to Be a Physical Security Expert Now

Posted By Bruce Schneier

This seems so obviously written by someone who Googled me on the Internet, without any other knowledge of who I am or what i do....

Fri, 08 Feb 2013 20:32:36 UTC

Mesh wireless inspired by Little Brother

Posted By Cory Doctorow

Eric writes: If the protagonists in the book Little Brother had access to a low-power mesh network, they may have been able to avert the DHS. In reality, mesh networking could help organize protests like what occurred during the Arab Spring--helping citizens to peacefully participate in an effective manner, by leveraging the self-healing and spontaneous … [Read more]

Fri, 08 Feb 2013 17:20:44 UTC

Millennials and Cybersecurity

Posted By Bruce Schneier

This long report looks at risky online behavior among the Millennial generation, and finds that they respond positively to automatic reminders and prodding. No surprise, really....

Fri, 08 Feb 2013 15:05:18 UTC

Last night in San Francisco!

Posted By Cory Doctorow

Tonight's my last night in San Francisco on my Homeland tour. I'll be at Borderlands books at 7PM. Tomorrow I'll be at the Leonardo in Salt Lake City; and on Sunday I'll be at Changing Hands in Tempe, AZ. Come on down (and thanks to everyone who came by the Booksmith last night!).

Fri, 08 Feb 2013 12:16:47 UTC

Inauguration Security

Posted By Bruce Schneier

A first-person account of the security surrounding the second inauguration of President Obama....

Thu, 07 Feb 2013 22:26:00 UTC

Network improvement: coincidence

Posted By Greg Lehey

Yesterday's improvement in the network quality didn't last. Today wasn't quite as bad as two days ago, but it's still unacceptable. Still, yesterday's experience suggests that I can rule out heat as a contributing factor. Today I ended up in a situation where the modem was just losing and reconnecting to the same cell all the time: Feb  7 19:58:00 eureka fstats: Cell lost: 81e3 8fc48e8 (5) Feb  7 19:58:00 eureka fstats: Cell found: -> 81e3 8fc48e8 Feb  7 19:58:00 eureka fstats: Cell lost: 81e3 8fc48e8 (5) Feb  7 19:58:00 eureka fstats: Cell found: -> 81e3 8fc48e8 Feb  7 19:58:01 eureka fstats: Cell lost: 81e3 8fc48e8 (5) Feb  7 19:58:01 eureka fstats: Cell found: -> 81e3 8fc48e8 Feb  7 19:58:02 eureka fstats: Cell lost: 81e3 8fc48e8 (5) Feb  7 19:58:02 eureka fstats: Cell found: -> 81e3 8fc48e8 Feb  7 19:58:02 eureka ...

Thu, 07 Feb 2013 18:51:41 UTC

Tide Becomes Drug Currency

Posted By Bruce Schneier

Basically, Tide detergent is a popular product with a very small profit margin. So small non-chain grocery and convenience stores are happy to buy it cheaply, no questions asked. This makes it easy to sell if you steal it. And drug dealers have started taking it as currency, large bottles being worth about $5....

Thu, 07 Feb 2013 18:00:00 UTC

Registration is now open for Cascadia IT Conference 2013!

Posted By Tom Limoncelli

You do not want to miss this conference! You will learn how to automate the configuration of all your systems when Nathen Harvey teaches you Chef or Garrett Honeycutt teaches you Puppet. You'll stay one step ahead of the game by learning IPv6 from Owen DeLong, the man that teaches IPv6 so well you'll thank him 128 times. The wizard of PowerShell himself, Steven Murawski will teach you how to automate anything in Windows. You'll fix things once and they'll stay fixed after Stuart Kendrick teaches you how to do Root Cause Analysis. You'll learn how to translate "geek" to "manager-speak" and other tips in Navigating the Business World by the internationally recognized experts Nicole Forsgren Velasquez and Carolyn Rowland.

Thu, 07 Feb 2013 12:51:22 UTC

Ill be in San Francisco tonight and tomorrow

Posted By Cory Doctorow

I'm still revving up my tour for Homeland, the sequel to Little Brother, and tonight I'll be at Booksmith in San Francisco. I'm lucky enough to get two days in SFO and tomorrow I'll be at Borderlands, before I head to Salt Lake City for an appearance at The Leonardo on Saturday. From there, it's … [Read more]

Thu, 07 Feb 2013 12:35:01 UTC

Over $3M in Prizes to Hack Google Chrome

Posted By Bruce Schneier

Google's contest at the CanSecWest conference: Today were announcing our third Pwnium competition­Pwnium 3. Google Chrome is already featured in the Pwn2Own competition this year, so Pwnium 3 will have a new focus: Chrome OS. Well issue Pwnium 3 rewards for Chrome OS at the following levels, up to a total of $3.14159 million USD: $110,000: browser or system level...

Wed, 06 Feb 2013 23:16:16 UTC

Network improvement?

Posted By Greg Lehey

Yesterday's network performance was by far the worst I've experienced since getting the UMTS link. I had multiple timeouts, not surprising with RTTs of up to 4 minutes. My long discussion with James at Internode support was interesting, but basically ended with We can't get Optus to do anything about it. So I wasn't expecting anything to change in a hurry, especially given my hypothesis that the problem might be related to the hot weather: today was the hottest day in the last couple of weeks, with a top temperature of 39°. And of course I had my problems. One disconnect, a firmware reset at 9:40.

Wed, 06 Feb 2013 20:00:00 UTC

Ingress Weekly

Posted By Tim Bray

I still think Ingress is the most interesting piece of New Internet Stuff on the current radar. What else is there to get excited about, Vine? Gimme a break. Also I cant write about work until the release pipeline unjams a bit. So herewith more news from the front. Local Power Wow, the real gamers and grinders are all making it to Level 8. We now have ten eights by my count, just on the Resistance side here in Vancouver. So they went out one night and made 29 L8 portals. I tagged along and took photos, but Im only going to show you this one.

Wed, 06 Feb 2013 18:21:36 UTC

Why Is Quantum Computing So Hard?

Posted By Bruce Schneier

Blog post (and two papers) by Ross Anderson and Robert Brady. News article....

Wed, 06 Feb 2013 15:00:00 UTC

Operational aspects of a system

Posted By Tom Limoncelli

Users tend to be concerned with what a system does (features, functionality) and sysadmins tend to be concerned with the operational aspects of a system. I just noticed this great Wikipedia page that lists "Non-functional requirements" of a system.Broadly, functional requirements define what a system is supposed to do whereas non-functional requirements define how a system is supposed to be. Functional requirements are usually in the form of "system shall do <requirement>", while non-functional requirements are "system shall be <requirement>". I could see myself using this as a tool for jogging my memory when I'm trying to think of all the aspects of a system that I need to be concerned with either operationally or when writing requirements.

Wed, 06 Feb 2013 13:36:56 UTC

Coming to Portland today, San Francisco tomorrow!

Posted By Cory Doctorow

Last night, I kicked off the tour for Homeland (the sequel to Little Brother) with an amazing event at the Seattle Public Library, and now I'm hitting the road! I'll be in Portland tonight, at the Powell's in Beaverton at 7PM. Tomorrow I hit San Francisco with a stop at Booksmith on the 7th, then … [Read more]

Wed, 06 Feb 2013 12:36:06 UTC

New York Times Hacked by China

Posted By Bruce Schneier

This was big news last week, and I spent a lot of time doing press interviews about it. But while it is an important story -- hacking a newspaper, looking for confidential sources is fundamentally different from hacking for financial gain -- it's not much different than GhostNet in 2009, Google's Chinese hacking stories from 2010 and 2011, or others....

Wed, 06 Feb 2013 00:16:08 UTC

VCAT sets a date

Posted By Greg Lehey

On the topic of the Radiation Tower, VCAT has finally set a date for the hearing: 24 April 2013, 10:00 to 13:00. I hope that the short duration of the hearing will mean that the result is a foregone conclusion. Then we could finally be rid of this horribly flaky wireless connection.

Wed, 06 Feb 2013 00:04:00 UTC

Network problems: worse than ever

Posted By Greg Lehey

My network problems continue to be catastrophic. Called up Internode Support and asked what was happening, and got a call back from James, clearly somebody who knows what he's talking about. It seems they've repeatedly supplied the information to Optus, who identified the rogue cell as one of the cells on the Rokewood tower, but they say that it's functioning normally. No explanation of the poor response times, which have now reached times reminiscent of RFC 1149: That's a worst-case response time of 234.833 seconds, nearly 4 minutes!

Tue, 05 Feb 2013 18:16:05 UTC

Anti-Drone Clothing

Posted By Bruce Schneier

Clothing designed to thwart drones....

Tue, 05 Feb 2013 13:38:59 UTC

Proactive Defense Papers

Posted By Bruce Schneier

I just printed this out: "Proactive Defense for Evolving Cyber Threats," a Sandia Report by Richard Colbaugh and Kristin Glass. It's a collection of academic papers, and it looks interesting....

Tue, 05 Feb 2013 11:32:01 UTC

Seattle tonight!

Posted By Cory Doctorow

Hey, Seattle! Just a reminder that I'll be at the Seattle Public Library tonight at 7PM with my new novel Homeland. Come on down (and bring the kids!)! Portland, you're next, then San Francisco (and again!). Here's the whole schedule -- 20+ cities!.

Mon, 04 Feb 2013 23:06:56 UTC

New system, old bugs

Posted By Greg Lehey

Things are up and running happily on my reshuffled hardware, but the past isn't completely gone. Today I had Yet Another case of the X hang bug that should have been fixed months ago. And again it happened while I was doing other things with the USB subsystem, this time reading in photos from SD cards. As if to confirm my suspicion that all is not well with FreeBSD USB subsystem, the second SD card didn't register. The reader I have reports multiple devices, normally something like this (the first card): Feb  4 13:34:14 eureka kernel: ugen6.12: <Myson Century, Inc.> at usbus6 Feb  4 13:34:14 eureka kernel: umass4: <Mass Storage Class> on usbus6 Feb  4 13:34:14 eureka kernel: umass4:  SCSI over Bulk-Only; quirks = 0x4000 Feb  4 13:34:14 eureka kernel: umass4:12:4:-1: Attached to scbus12 Feb  4 13:34:14 eureka kernel: da3 at ...

Mon, 04 Feb 2013 19:43:40 UTC

Security Seals

Posted By Bruce Schneier

I don't see a lot written about security seals, despite how common they are. This article is a very basic overview of the technologies....

Mon, 04 Feb 2013 19:16:06 UTC

The Power Failure Seen Around the World

Posted By James Hamilton

In the data center world, there are few events taken more seriously than power failure and considerable effort is spent to make them rare. When a datacenter experiences a power failure, its a really big deal for all involved. But, a big deal in the infrastructure world still really isnt a big deal on the world stage. The Super Bowl absolutely is a big deal by any measure. On average over the last couple of years, the Super Bowl has attracted 111 million viewers and is the number 1 most watched television show in North America eclipsing the final episode of Mash.  World-wide, the Super Bowl is only behind the European Cup (UEFA Champions Leaque) which draws 178 million viewers.

Mon, 04 Feb 2013 16:00:00 UTC

Registration is now open for Cascadia IT Conference 2013!

Posted By Tom Limoncelli

You do not want to miss this conference! You will learn how to automate the configuration of all your systems when Nathen Harvey teaches you Chef or Garrett Honeycutt teaches you Puppet. You'll stay one step ahead of the game by learning IPv6 from Owen DeLong, the man that teaches IPv6 so well you'll thank him 128 times. The wizard of PowerShell himself, Steven Murawski will teach you how to automate anything in Windows. You'll fix things once and they'll stay fixed after Stuart Kendrick teaches you how to do Root Cause Analysis. You'll learn how to translate "geek" to "manager-speak" and other tips in Navigating the Business World by the internationally recognized experts Nicole Forsgren Velasquez and Carolyn Rowland.

Mon, 04 Feb 2013 15:00:00 UTC

Ganeti "list" subcommand tips: list output and filtering

Posted By Tom Limoncelli

If you use the Ganeti command line you probably have used gnt-instance list and gnt-node list. In fact, most of the gnt-* commands have a list subcommand. Here's some things you probably didn't know. Part 1: Change what "list" outputs Unhappy with how verbose gnt-instance list is? The -o option lets you pick which fields are output. Try this to just see the name: gnt-instance list -o name I used to use awk and tail and other Unix commands to extract just the name or just the status. Now I use -o name,status to get exactly the information I need.

Mon, 04 Feb 2013 12:39:35 UTC

Using Imagery to Avoid Censorship

Posted By Bruce Schneier

Interesting: "It's really hard for the government to censor things when they don't understand the made-up words or meaning behind the imagery," said Kevin Lee, COO of China Youthology, in conversation at the DLD conference in Munich on Monday. "The people there aren't even relying on text anymore It's audio, visual, photos. All the young people are creating their own...

Mon, 04 Feb 2013 05:25:33 UTC

Coming to Seattle (then PDX, then SFO) for the Homeland tour

Posted By Cory Doctorow

In a couple of hours, I'm getting on a plane from London to Seattle to kick off the tour for Homeland, the sequel to Little Brother. My first stop is tomorrow (Feb 5) night, at the Seattle Public Library, and then I head to Portland for Feb 6, where I'll be at Powell's in Beaverton. … [Read more]

Sun, 03 Feb 2013 22:20:24 UTC

Shutting down another machine

Posted By Greg Lehey

Most of my reorganization is now done. dereel has been demoted to a virtual machine, and my new graphics configuration finally works, though the last attempt at a change to the X configuration file didn't work: once again the position of the monitors change. Here's the layout in the config file: Section "ServerLayout"     Identifier     "Layout0"     Screen      0  "Screen0" 0 0     Screen      1  "Screen1" RightOf "Screen0"     Screen      2  "Screen2" RightOf "Screen1"     Screen      3  "Screen3" RightOf "Screen2" ... You don't need to understand much of the configuration file syntax to understand what that means.

Sun, 03 Feb 2013 20:00:00 UTC

Gun Machine

Posted By Tim Bray

I originally noticed this bearded author, an interesting voice on Twitter and wow, also apparently a collaborator with Nick Cave in Grinderman and on the excellent White Lunar. Oops, wrong. The Warren Ellis who wrote Gun Machine is quite a different bloke from the Aussie-musician Warren Ellis. That settled, on to the book, which is good. Its a New York police procedural, which has been done before; but not like this. The killer is different, the cop is different, the corruption in the pillars of power (thats almost a cliché now too) is different. And cop shows are all about the ambience; does it make you feel like you are there?

Sun, 03 Feb 2013 09:42:59 UTC

Interview with The Oregonian about Homeland

Posted By Cory Doctorow

I did a Q&A with The Oregonian to help publicize my stop at the Powell's Books in Beaverton, OR on Feb 6 at 7PM. It's the second stop in my 22 city tour. What prompted you to write "Homeland," the sequel to "Little Brother," and what's the impact of "Little Brother" been, especially among younger … [Read more]

Sun, 03 Feb 2013 00:55:01 UTC

ABC: No iview for you

Posted By Greg Lehey

ABC TV reception continues to be abysmal, but there's a new series on TV, The Doctor Blake Mysteries, taking place in Ballarat, so I thought it might be worth downloading yesterday's first episode via ABC's iview service. Surprise, surprise: Warning: Due to copyright reasons this video program[sic] is available for download by people located in Australia only. If you are not located in Australia, you are not authorised to view this video. This isn't a warning, it's an error message. What it really means is You are not located in Australia, so you can't watch the video.

Sun, 03 Feb 2013 00:37:58 UTC

Eliminating GPRS

Posted By Greg Lehey

I've been grumbling for some time that my wireless Internet connection drops back to GPRS from time to time, and is hard to get back to HSPA. I read the manual looking for that capability, without success. And then Andy Snow came up on IRC and said it could be done. It turned out he was using a different kind of modem, but he found the right commands for my Huawei 1762 here and here: AT^SYSCFG=14,2,3FFFFFFF,2,4 The only important parameter is the first, but they all need to be specified: 14: Only 3G.

Sat, 02 Feb 2013 23:17:17 UTC

More config refinements

Posted By Greg Lehey

So my new setup is up and running relatively well. X server 1 is effectively what I want server 0 to be, but for photo processing it makes sense to have one display spread over 2 screens. OK, that's simple enough: that's what TwinView is for, and the config files were conveniently generated with this line for each device:     Option         "TwinView" "0"     Option         "TwinViewXineramaInfoOrder" "CRT-0" So I tried setting TwinView to 1. No difference, apart from the fact that the order of the screens changed yet again, and that two monitors came up in low resolution.

Sat, 02 Feb 2013 06:46:50 UTC

Law and Little Brother

Posted By Cory Doctorow

I'm excited to see the folks at Law and the Multiverse (a blog that considers legal questions through the lens of comics, movies and fiction) having a look at the legal issues raised in Little Brother. It's very timely, what with the sequel, Homeland, coming out on Tuesday! A large portion of the books plot … [Read more]

Sat, 02 Feb 2013 00:24:53 UTC

Of mice and modems

Posted By Greg Lehey

Back home, set up the mouse, which was relatively simple. It has 5 buttons and one scroll wheel, or, as the probe put it: Feb  1 17:06:06 eureka kernel: ugen5.10: <Logitech> at usbus5 Feb  1 17:06:06 eureka kernel: ukbd2: <Logitech USB Receiver, class 0/0, rev 2.00/24.00, addr 10> on usbus5 Feb  1 17:06:06 eureka kernel: kbd4 at ukbd2 Feb  1 17:06:06 eureka kernel: ums2: <Logitech USB Receiver, class 0/0, rev 2.00/24.00, addr 10> on usbus5 Feb  1 17:06:06 eureka kernel: ums2: 16 buttons and [XYZT] coordinates ID=2 Feb  1 17:06:06 eureka kernel: uhid1: <Logitech USB Receiver, class 0/0, rev 2.00/24.00, addr 10> on usbus5 There are two side buttons for the right thumb (bad luck if you're left-handed), which xev reports as buttons 8 and 9.

Fri, 01 Feb 2013 23:45:41 UTC

Still more upgrade fun

Posted By Greg Lehey

Into the office this morning to find a surprising message: Segmentation fault: 11 at address 0x800017 Fatal server error: Caught signal 11 (Segmentation fault: 11). Server aborting That was the X server 1. I couldn't find a core dump, but I did find an emacs.core dated only shortly before I came in, so it seems to have happened then. Why? Unless it happens again, I'll never know.

Fri, 01 Feb 2013 22:40:31 UTC

Friday Squid Blogging: Squid Anchor

Posted By Bruce Schneier

Webpage says that it's "the most effective lightweight, portable anchor around." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 01 Feb 2013 18:36:44 UTC

Pentagon Staffs Up U.S. Cyber Command

Posted By Bruce Schneier

The Washington Post has the story: The move, requested by the head of the Defense Department's Cyber Command, is part of an effort to turn an organization that has focused largely on defensive measures into the equivalent of an Internet-era fighting force. The command, made up of about 900 personnel, will expand to include 4,900 troops and civilians. [...] The...

Fri, 01 Feb 2013 17:55:52 UTC

Pirate Cinema and Rapture of the Nerds make Locuss best of 2012

Posted By Cory Doctorow

Locus magazine has just released its 2012 Recommended Reading List of science fiction/fantasy/horror, which is always a great reading guide (and a fabulous resource for those of us nominating for the Hugo awards. I'm delighted to see my novel Pirate Cinema and Rapture of the Nerds (written with Charlie Stross) on the best novel list! … [Read more]

Fri, 01 Feb 2013 15:00:00 UTC

Labeling Machines Is A Safety Precaution

Posted By Tom Limoncelli

Something happened at home today that reminded me of something I used to do when I worked at Bell Labs. My rule was simple. If a machine in the computer room wasn't labeled, I was allowed to power it off. No warning. Click. No power. If I logged into a machine as root and the prompt didn't include the hostname, the only command I was interested in typing was "halt". Both of these rules came from the same source: If sloppy system administration was going to lead to errors and downtime, I wanted that downtime to happen during the day when we can fix it instead of late at night when we should be asleep.

Fri, 01 Feb 2013 12:08:15 UTC

Jared Diamond on Common Risks

Posted By Bruce Schneier

Jared Diamond has an op-ed in the New York Times where he talks about how we overestimate rare risks and underestimate common ones. Nothing new here -- I and others have written about this sort of thing extensively -- but he says that this is a bias found more in developed countries than in primitive cultures. I first became aware...

Fri, 01 Feb 2013 01:00:23 UTC

DxO screen refresh insights

Posted By Greg Lehey

Had to do some photo processing today, while still playing with X. For some reason I brought up my rdesktop window on another monitor. And the DxO Optics Pro screen refresh worked! It seems that the problem is related to the resolution: normally I run it on the 2560×1440 monitor. I wonder if the problem exists with higher resolution displays locally as well. I can't test it, because the monitor has only DVI input, and dxo, the Microsoft box, has only a VGA output.