Blog Archive: March 2013
Facebook thinks for you
I have a surprisingly diverse group of friends on Facebookmuch of what scrolls past is written in scripts or languages that I don't understand. But Facebook sifts through this information and comes up with suggestions. On the Dereel 2013 Fire Help Page I get the following suggested members: You'd think that this were random, but no, it's always the same group of people. David Yeardley lives around the corner and would make a good member. That's probably a complete coincidence, because the others are so far from appropriate members that the mind boggles.
Interview on NPRs Off-Topic
The NPR show OffTopic aired an episode called Give and Take: Pirates, Profiteers, and Art in the Age of Appropriation, and spoke to me for it. It's a really interesting listen! MP3 link
Ingress Tourism
The game still feels like a big story to me, and still under-reported; so herewith Ingress coverage, featuring tourism, community cancer, client controversy, and tactical tips. With pictures of places Ingress players see. Previously in this series: Ingress Weekly, Ingress, Month 3, Things About Ingress, and Ingress. Tourism Im still not a serious player; you cant be one of those with a job and family and so on. But I travel a lot. Last time out, I mentioned the fun Id had playing Ingress in London. Ditto for Tokyo, ditto ditto for the Big Island. I guess if theres an Ingress-photography genre, its gonna be mostly cellphone photos.
How to Fix the Sony MDR-W08L Headphones
I love the Sony MDR-W08L headphones , because they are featherlight and the only ones that don't fall from my ears when I run. Sadly, there's no effective strain relief at the point where the cable leaves their body. As a result the cable can become internally severed, and the sound becomes intermittent. Here's how to fix this problem.
More TV stuff
Finally got round to installing the new TV properly. It's still in the middle of the room, because the wall to the hallway is missing, and it looks pretty terrible. If we don't move house soon we may reconsider the location. But it worksalmost. On one occasion I couldn't turn it on again. I had to power cycle it before it would turn on. I hope that doesn't happen too often. It's also clear that the screen illumination could be better: the corners are noticeably darker, though that's not obvious when viewing a film. Under the circumstances it's nice to know that I can take it back before the end of May with no questions asked.
Back-to-Basics Weekend Reading - Principles of Transaction-Oriented Database Recovery
I have been reading mainly newer papers in the beginning of this year, but it is time to get back to the basics and start reading some more historical papers again. From the time when researchers and engineers where laying the foundations for our current systems. A good early paper to start again is the Survey that Härder en Reuter did on Database Recovery in 1983. Principles of Transaction-Oriented Database Recovery, Theo Härder and Andreas Reuter, ACM Computing Surveys, Volume 15 Issue 4, December 1983, Pages 287-317
Sheeri Cabral's "When I Moved Abroad"
Over at the Mozilla IT blog is a new post by Sheeri Cabral that every sysadmin in our community should read. Blog post: When I Moved Abroad
Friday Squid Blogging: Bomb Discovered in Squid at Market
Really: An unexploded bomb was found inside a squid when the fish was slaughtered at a fish market in Guangdong province. Oddly enough, this doesn't seem to be the work of terrorists: The stall owner, who has been selling fish for 10 years, told the newspaper the 1-meter-long squid might have mistaken the bomb for food. Clearly there's much to...
Boston Area Sysadmins: BBLISA Looking for Lightning Talks!
Would you like to do a lightning talk at the next BBLISA meeting? [ This message comes from Matt Simmons at the Standalone Sysadmin blog. ] Do you love lightning talks? Because I love lightning talks. When I found out that the DC DevOps group had an entire meeting dedicated to lightning talks, I was jealous. I mentioned the idea to John, Adam, and crew of BBLISA, and they liked it. Of course, when you volunteer an idea, you volunteer /for/ that idea, too, so if you look at the BBLISA Calendar (http://www.bblisa.org/calendar.html), you'll see my name organizing the April meeting.
The Dangers of Surveillance
Interesting article, "The Dangers of Surveillance," by Neil M. Richards, Harvard Law Review, 2013. From the abstract: ....We need a better account of the dangers of surveillance. This article offers such an account. Drawing on law, history, literature, and the work of scholars in the emerging interdisciplinary field of "surveillance studies," I explain what those harms are and why they...
Back-to-Basics Weekend Reading - Principles of Transaction-Oriented Database Recovery
I have been reading mainly newer papers in the beginning of this year, but it is time to get back to the basics and start reading some more historical papers again. From the time when researchers and engineers where laying the foundations for our current systems. A good early paper to start again is the Survey that Härder en Reuter did on Database Recovery in 1983.
Stop. Take 5 minutes to save the internet
Hey fellow sysadmins! Please take 5 minutes to make sure your DNS servers aren't open to the world for recursive queries. They can be used as amplifiers in DDOS attacks. https://www.isc.org/wordpress/is-your-open-dns-resolver-part-of-a-criminal-conspiracy/ The short version of what you need to do is here.
New RC4 Attack
This is a really clever attack on the RC4 encryption algorithm as used in TLS. We have found a new attack against TLS that allows an attacker to recover a limited amount of plaintext from a TLS connection when RC4 encryption is used. The attacks arise from statistical flaws in the keystream generated by the RC4 algorithm which become apparent...
Speaking in Bradford tomorrow
Here's details of the public event I'm doing in Bradford while I'm in town for Eastercon: I'll be at the 1in12 Club, as part of an event called "Can Technology Save the City?" that runs from 12-6. I'll be there around 1430h. Hope you'll come out!
How the amazing UK cover for Rapture of the Nerds came to be
I'm really impressed with the cover of the UK edition of Rapture of the Nerds, the novel I wrote with Charlie Stross. But it turns out that producing that cover was quite a journey. Designer Martin Stiff was kind enough to share his notes on the process, along with all the proto covers he produced … [Read more]
TV IP configuration
More playing around with my new TV today. This is the first I've ever had with an Internet connection, and I was interested in what it could do. It has a main menu reminiscent of a computer display: That white window at top left is a window in natural size into the X display, showing nothing useful. But it has a web browser with an emblem reminiscent of firefox. Tried that, but I couldn't communicate with the global Internet. It had obtained an IP address via DHCP, amusingly enough 192.109.197.224, flachmann.lemis.com, but it didn't get a valid default gateway.
Even more spam
Spam seems to be particularly bad at the moment. But when I started getting offers of Viagra (sent to an address that I only gave to Growmaster), I was puzzled. SpamAssassin should have filtered that out. Took a look at the headers: no headers from SpamAssassin. But it was running. What was wrong there? Decided to install the latest version, with some surprises: ===> p5-Mail-SpamAssassin-3.3.2_8 depends on package: p5-NetAddr-IP>=4.00.7 - found ===> p5-Mail-SpamAssassin-3.3.2_8 depends on package: p5-Net-DNS>=0.63 - found ===> p5-Mail-SpamAssassin-3.3.2_8 depends on package: p5-HTML-Parser>=3.46 - found ===> p5-Mail-SpamAssassin-3.3.2_8 depends on package: p5-libwww>=0 - found ===> p5-Mail-SpamAssassin-3.3.2_8 depends on package: p5-Encode-Detect>=0 - found ===> p5-Mail-SpamAssassin-3.3.2_8 depends on package: p5-Mail-Tools>=0 - found ===> p5-Mail-SpamAssassin-3.3.2_8 depends on file: /usr/local/bin/perl5.14.2 - found ===> Configuring for p5-Mail-SpamAssassin-3.3.2_8 NOTE: settings for "make test" are now controlled using "t/config.dist".
Tropical Mirrorless Research
I claim that watching people photograph the Big Island is effective camera-futures research; and camera futures are interesting now. So heres some research. Oh, and Big Island photos. Those camera futures became interesting with the arrival, this past few years, of mirrorless and other compact-format high-quality cameras (overview here). Check out I've Got Good News, I've Got Bad News for some data on sales trends; it suggests SLRs are doing well but compacts arent much of a factor. At the Pu»uhonua o HMnaunau (City of Refuge)park, a must-see on the Big Island. Why Hawaii? People go to the Big Island to see things.
What problem are we trying to solve in the copyright wars?
My latest Guardian column is "Copyright wars are damaging the health of the internet" and it looks at what we really need from proposed solutions to the copyright wars: I've sat through more presentations about the way to solve the copyright wars than I've had hot dinners, and all of them has fallen short of … [Read more]
Unwitting Drug Smugglers
This is a story about a physicist who got taken in by an imaginary Internet girlfriend and ended up being arrested in Argentina for drug smuggling. Readers of this blog will see it coming, of course, but it's a still a good read. I don't know whether the professor knew what he was doing -- it's pretty clear that the...
Schedule for EasterCon in Bradford
I'm heading to Bradford tomorrow for Eight Squared Con, the 2013 Eastercon. I'm appearing on several programme items: * Friday, 17h: Reading, Hawthorn Room * Saturday, 12h: "On Twitter, Everyone Can Hear You Scream," Boardroom (panel) * Saturday, 13h: Book launch for RAPTURE OF THE NERDS, Conservatory * Saturday, 19h: "Genre Get-Together: Science Fiction," Conservatory … [Read more]
New TV
Up early this morning and off to ALDI in Sebastopol to buy their special offer 58" TV, arriving just before they opened. A good thing to: they had about 9 of them, and they were all gone within about 5 minutes. Back home after finally finding a way to transport it, and set it up. It's not just big, it's also heavy38 kg if you believe the statement on the package. An amazing number of connections: 4 HDMI, VGA, even an Internet connection.
Can you make the speed of light faster?
One technical issue that often plagues me is that you can't make the speed of light any faster. Network latency from NYC to Sydney is going to suck no matter what. Helping users understand this is difficult. Often it is equally difficult to make software developers understand this too. Many times people have asked me, sometimes seriously, if we could just make the speed of light faster. There is one obvious way to improve the latency between NYC and Sydney: Tunnel through the earth. A direct route would be much faster. However it looks like scientists are close to a more realistic alternative: use air instead of glass! "
The Institute for Cultural Diplomacy and Wikipedia
A month ago, Mark Donfried from the Institute for Cultural Diplomacy (ICD) an organization dedicated to promoting open dialogue sent me this letter threatening me with legal action because of contributions I’ve made to Wikipedia. Yesterday, he sent me this followup threat. According to the letters, Donfried has threatened me with legal action [...]
Security Awareness Training
Should companies spend money on security awareness training for their employees? It's a contentious topic, with respected experts on both sides of the debate. I personally believe that training users in security is generally a waste of time, and that the money can be spent better elsewhere. Moreover, I believe that our industry's focus on training serves to obscure greater...
How the Maker of TurboTax Fought Free, Simple Tax Filing
This investigative report by propublica.org is what I thought was going on but had no proof. Basically I've always said that since the IRS gets all the data from our employers and financial institutions electronically, why can't they present our tax forms partially or completely filled out? We should be able to subtract our deductions and that's it. Obviously we should get all the data so we can examine it or hire a tax accountant to examine it. Anytime someone said "yeah, but the people that prepare tax returns would try to stop any legislation like that" I would say, "oh, don't be a conspiracy theory crazyperson".
The NSA's Cryptolog
The NSA has published declassified versions of its Cryptolog newsletter. All the issues from Aug 1974 through Summer 1997 are on the web, although there are some pretty heavy redactions in places. (Here's a link to the documents on a non-government site, in case they disappear.) I haven't even begun to go through these yet. If you find anything good,...
Being Google
This month saw my 3-year anniversary here, and I feel like one of my missions is to be a guide on this Magical Mystery Tour. So, here are some things about Google; without asking anyone first, because not asking first is best. Being Careful Startups are all damn-the-torpedos and ship-it-now. Been there, done that, loved it. Inappropriate with a user count on the order of a billion. My first-ever push to Googles webspace was a couple of paragraphs of documentation; the compulsory review process ended up with four rewrites involving input from three people. Not management-driven cover-your-ass rewrites, either; topics of debate included what is the actual failure mode? and Dont talk abstractly about developers, say You must... Code reviews are way fiercer.
Finite Surface Integral of the Earth
I have watched the piecewise creation of the world; new pieces burn gold-red, creep into place like honey, lethally hot in the ocean-moist air. And of course took lots of pictures. Back Story I owe this experience to one of the many photographers on Google+, who posted on shooting lava. Since wed planned a vacation to the Big Island you can bet this caught my attention. Id visited the island and the volcano a couple of times, but live lava always seemed something that you had to be an extreme-hiking fanatic, and prepared to die in the attempt, to see.
Identifying People from Mobile Phone Location Data
Turns out that it's pretty easy: Researchers at the Massachusetts Institute of Technology (MIT) and the Catholic University of Louvain studied 15 months' worth of anonymised mobile phone records for 1.5 million individuals. They found from the "mobility traces" - the evident paths of each mobile phone - that only four locations and times were enough to identify a particular...
Today is my last day at Google.
Today is my last day at Google. After 7 years I'm looking forward to doing nothing for a while, writing a book or two (oh yeah, I have a big announcement: I've signed 2 book contracts! More info soon!) , and I'm getting married. Please, no speculation on why I'm leaving. I was at Bell Labs 7 years too. It's just time. (FunFact: I found a draft of a "goodbye message" I wrote. The file's datestamp was Nov 10, 2010.) The annoying thing about job hunting is that usually you have to take random days off from your current job claiming "something came up" or taking vacation days or faking sick days.
Down and Out in the Magic Kingdom read-aloud part 02
As I mentioned in my March Locus column, I'm celebrating the tenth anniversary of Down and Out in the Magic Kingdom by planning a prequel volume. As part of that planning, I'm going to read aloud the entire text of that first book into the podcast, making notes on the book as I go. Here's … [Read more]
MIT LaTeX Stationery
The MIT graphic identity website provides downloadable stationery templates for letterhead and envelopes. They provide both Microsoft Word and LaTeX templates. But although they provide both black and white and color templates for Word, they only provide the monochrome templates for LaTeX. When writing cover letters for the job market this year, I was not [...]
Our Internet Surveillance State
I'm going to start with three data points. One: Some of the Chinese military hackers who were implicated in a broad set of attacks against the U.S. government and corporations were identified because they accessed Facebook from the same network infrastructure they used to carry out their attacks. Two: Hector Monsegur, one of the leaders of the LulzSac hacker movement,...
The perfect April Fools gift for the geek you love?
There are still a few copies left of the book of April Fools RFCs. http://www.rfc-humor.com They say if you have to explain a joke it wasn't funny. Well, this makes The Complete April Fools RFCs the least funny book in the world. Ok, maybe that's not 100 percent true but you have to be pretty darn technical to get some of these jokes. There are only a few left in stock. Why not pick one up today? Click here to see it on Amazon Tom
Launching the UK edition of Rapture of the Nerds TODAY at Forbidden Planet London
Hey, Londoners! I'll be launching the UK edition of Rapture of the Nerds today at 1PM at Forbidden Planet. Although the book is available across the country at finer stores, this will be your only chance to stroke the marvellous 3D printed Space Marine Stross and have your picture taken with it.
Letter from a young reader about Little Brother
A young man named Alex came out to my Decatur, GA Homeland tour-stop and we had a charming (if brief) conversation, and subsequently snapped this quite wonderful photo. One of Alex's teachers subsequently wrote to me to say that Alex had taken high academic honors in a Letters About Literature contest about Little Brother, and … [Read more]
Friday Squid Blogging: Giant Squid Genetics
Despite looking very different from each other and being distributed across the world's oceans, all giant squid are the same species. There's also not a lot of genetic diversity. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Changes to the Blog
I have made a few changes to my blog that I'd like to talk about. The first is the various buttons associated with each post: a Facebook Like button, a Retweet button, and so on. These buttons are ubiquitous on the Internet now. We publishers like them because it makes it easier for our readers to share our content. I...
What does Stack Exchange do when disaster strikes?
Find out at LOPSA-East (formerly PICC) May 3-4, 2013, New Brunswick, NJ (Early Bird Registration ends April 1st! http://lopsa-east.org Space is limited!) In late October of 2012, Hurricane Sandy was wreaking havoc on the east coast. It was the second costliest hurricane in US history causing widespread power and service disruptions. George Beech, a System Aministrator at Stack Overflow, will be presenting a talk at LOPSA-East 2013 about their successful failover to a backup datacenter and what it took to keep their primary New York City datacenter operational while implementing the Disaster Recovery plan. This talk will focus mostly on Disaster Recovery and migration for a primarily windows based shop.
FBI Secretly Spying on Cloud Computer Users
Both Google and Microsoft have admitted it. Presumably every other major cloud service provider is getting these National Security Letters as well. If you've been following along, you know that a U.S. District Court recently ruled National Security Letters unconstitutional. Not that this changes anything yet....
Signing Rapture of the Nerds at Forbidden Planet London tomorrow
Hey, Londoners! A reminder that I'll be signing the UK edition of Charlie Stross's and my novel Rapture of the Nerds, tomorrow at 1PM at Forbidden Planet. Charlie can't make it, so I have fashioned a cunning 3D printed Space Marine Stross to accompany me, which you may rub for good luck if you attend.
Ports: Upsetting the apple cart
Processing the photos of the stray dog proved to be a problem: exiftool had disappeared. I don't know why, but since it's a perl module, it's reasonable to assume that the reinstallation of the new perl version yesterday removed it. I wonder how many other ports have disappeared. I note also that the fonts used by wine seem to have changed. One more reason not to upgrade ports on a production machine until they've been tested elsewhere. On the other hand, it seems that I do have LibreOffice installed. No idea how that happened. I looked for an obvious executable yesterday, something like /usr/local/bin/libreofficeand that's exactly what was installed, admittedly a symlink.
WH Smith automatically adding DRM to DRM-free ebooks, but theres an interim solution while they fix it
The UK Bookseller WH Smith has been experiencing some kind of bug in its ebook store, whereby it adds DRM to all of the Kobo ebooks it sells, even the ones that are supposed to be DRM-free (like mine). Apparently, this is a metadata-parsing issue. I spoke to my agent and publisher, and WH Smith/Kobo … [Read more]
Text Message Retention Policies
The FBI wants cell phone carriers to store SMS messages for a long time, enabling them to conduct surveillance backwards in time. Nothing new there -- data retention laws are being debated in many countries around the world -- but this was something I did not know: Wireless providers' current SMS retention policies vary. An internal Justice Department document (PDF)...
Lookalikes
Is Croatian kiberkomunist (i.e., cyber-communist) artist and hacker Marcell Mars living a secret life as a Nantucket Reds -wearing preppie from the American northeast?
New video: Ganeti: Your Private Virtualization Cloud "the Way Google Does It"
My 60-minute talk on Ganeti from the Usenix LISA '12 conference has been posted: https://www.usenix.org/conference/lisa12/ganeti-your-private-virtualization-cloud-way-google-does-it Ganeti is a cluster virtual server management software tool built on top of existing virtualization technologies such as Xen or KVM and other Open Source software. Ganeti takes care of disk creation, migration, OS installation, shutdown, startup, and can be used to preemptively move a virtual machine off a physical machine that is starting to get sick. It doesn't require a big expensive SAN, complicated networking, or a lot of money. The project is used around the world by many organizations; it is sponsored by Google and hosted at http://code.google.com/p/ganeti.
When Technology Overtakes Security
A core, not side, effect of technology is its ability to magnify power and multiply force -- for both attackers and defenders. One side creates ceramic handguns, laser-guided missiles, and new-identity theft techniques, while the other side creates anti-missile defense systems, fingerprint databases, and automatic facial recognition systems. The problem is that it's not balanced: Attackers generally benefit from new...
LibreOffice install
I don't use things like Microsoft Office or clones. But since I've started using a Microsoft box, I should maybe consider it, especially as I could do with a spreadsheet right now to calculate costs for the house. I don't want to spend money on it, of course, but then there's LibreOffice. Today was the last day of my billing month for Internet traffic, so I downloaded it both for Microsoft (after their page gave up trying to identify my Vista box as PPC MacOS X) and FreeBSD.
The Netflix OSS Cloud Prize
Netflix has over the years become one of the absolute best engineering powerhouses for building cloud-native applications. At AWS we are very proud to be their infrastructure partner and every day we learn from how they use our cloud services. Many of the observations I talk about in my 21st Century Application Architectures presentation come from seeing Netflix architects at work. Netflix has gone beyond just building great applications; they have made fundamental pieces of their cloud platform available as open source and many in the industry have responded to that with great enthusiasm, evidenced by the packed Netflix House in February where people came to hear more about NetflixOSS.
The Netflix OSS Cloud Prize
Netflix has over the years become one of the absolute best engineering powerhouses for building cloud-native applications. At AWS we are very proud to be their infrastructure partner and every day we learn from how they use our cloud services. Many of the observations I talk about in my ?21st Century Application Architectures? presentation come from seeing Netflix architects at work.
Lessons From the FBI's Insider Threat Program
This article is worth reading. One bit: For a time the FBI put its back into coming up with predictive analytics to help predict insider behavior prior to malicious activity. Rather than coming up with a powerful tool to stop criminals before they did damage, the FBI ended up with a system that was statistically worse than random at ferreting...
Chatting with Techdirt about Pirate Cinema
My novel Pirate Cinema is the current TechDirt Book Club selection, and we're kicking it off today with a Google+ hangout in about five minutes. I've never done a Hangout before -- I don't have a G+ account because I object to its "real names" policy, but I've created a throwaway account for the occasion. … [Read more]
Google hosted Xen Hackathon, May 16-17, Dublin
The next Xen Hackathon will be hosted by the Ganeti team at Google and takes place on May 16-17, 2013 at Google's offices in Dublin Ireland. I can't make it but many of my coworkers on the Ganeti project will be there. If you use the open source version of Xen and want to get your hack on, please sign up!
FinSpy
Twenty five countries are using the FinSpy surveillance software package (also called FinFisher) to spy on their own citizens: The list of countries with servers running FinSpy is now Australia, Bahrain, Bangladesh, Britain, Brunei, Canada, the Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, the United Arab Emirates, the United States...
My talk on copyright, ebooks and libraries for the Library of Congress
Last fall, while on the Pirate Cinema tour, I stopped in at the Library of Congress to give a talk called "A Digital Shift: Libraries, Ebooks and Beyond," which was an amazing treat. The LoC people were delightful and the building and its collections were outstanding. Now, they've put the video online! A Digital Shift: … [Read more]
Save up to $197 on LOPSA-East registration, really?
Early bird pricing ends April 1st! Make sure you register before then to save up to $197! http://lopsa-east.org/ Best way to save money? Start talking with your boss NOW so all that purchasing department paperwork gets done in time!
End of an era: death after 3737 days
Somebody pointed me at this slashdot story today: a machine shut down after 3737 days of uptime (that's over 10 years, 2 months). It makes my "After running uninterrupted for 3737 days, this humble Sun 280R server running Solaris 9 was shut down. At the time of making the video it was idle, the last service it had was removed sometime last year. A tribute video was made with some feelings about Sun, Solaris, the walk to the data center and freeing a machine from internet-slavery."
Down and Out in the Magic Kingdom read-aloud part 01
As I mentioned in my March Locus column, I'm celebrating the tenth anniversary of Down and Out in the Magic Kingdom by planning a prequel volume. As part of that planning, I'm going to read aloud the entire text of that first book into my podcast, making notes on the book as I go. Here's … [Read more]
A 1962 Speculative Essay on Computers and Intelligence
From the CIA archives: Orrin Clotworthy, "Some Far-out Thoughts on Computers," Studies in Intelligence v. 6 (1962)....
Im at Forbidden Planet London with Rapture of the Nerds this Saturday!
Hey, Londoners! A quick reminder that I'll be signing the new UK edition of Rapture of the Nerds this Saturday at Forbidden Planet on Shaftesbury Ave at 13h. Come on down and say hi!
Last night I had a nightmare...
...that I got caught in a "spear phishing attack". (A malware attack where they send an email specifically crafted to one or two people.) The email was a receipt from a hotel that I stay at occasionally but it listed the address as being in South Carolina instead of San Francisco. I clicked on the PDF to read it and then realized I was being phished because I haven't been to South Carolina in ages and the invoice mentioned a coworker that I've never traveled with. I started shutting down my computer and made plans to wipe the disks; glad I have good backups but not wanting to go through the pain of being without my laptop until I could do this.
Prison Escape
Audacious daytime prison escape by helicopter. The escapees have since been recaptured....
SCARF ACE
I Although I don’t mean to brag… I have an really great scarf-hood-combination garment. I was wearing said awesome scarf in a rather cold apartment during my remote participation in the Learning Creative Learning class. I would like to think that I said some interesting and insightful things. But if I didn’t, I’m glad to [...]
Audio from my Homeland tour presentation
Thomas "Command Line" Gideon came out for the DC stop on my Homeland tour, at Busboys and Poets, and mic'ed me up for the event. He's mastered the audio and posted it. It's a 40 minute talk about the promise of technology to improve our lives, the risks from allowing technology to be used to … [Read more]
Getting nanoseconds from stat(2)
The 0 in the nanoseconds from stat(1) puzzled me, so I went to take a look. And how about that: the stat(2) system call returns the fields set to 0: === gdb -> Return 336 rc = lstat(file, &st); === gdb -> Return 339 if (rc == -1) { === gdb -> p st $1 = { st_dev = 129, st_ino = 11732393, st_mode = 33188, st_nlink = 1, st_uid = 1004, st_gid = 1000, st_rdev = 47224992, st_atim = { tv_sec = 1363569201, tv_nsec = 0 }, st_mtim = { tv_sec = 1350666025, tv_nsec = 0 }, st_ctim = { tv_sec = 1350666025, tv_nsec = 0 }, st_size ...
Don't enhance test(1)
A couple of weeks ago Peter Jeremy made some modifications to test(1) and with approval of his mentors (John Baldwin and myself) committed them to the head of the FreeBSD source tree. The changes are summarized in the man page: file1 -nt file2 True if both file1 and file2 exist and file1 is newer than file2. file1 -ntXY file2 True if both file1 and file2 exist and file1 has a more recent last access time (X=a), inode creation time (X=B), change time (X=c), or modification time (X=m) than the last ...
Call For Proposals Extended: Open Source Bridge 2013
The "Call for Proposals" for Open Source Bridge 2013 has been extended 2 weeks (Sat, March 23). The current proposals so far are listed online. The conference itself is June 18-21, 2013 in Portland, Oregon. More info about submitting proposals is here: http://opensourcebridge.org/blog/2013/03/were-extending-our-call-for-proposals/
Cascadia IT Conference 2013 a big success!
Congrats to all involved! Save next year's date: 7 & 8 MAR, 2014. (It's already marked in the Sysadmin Event Calendar: http://everythingsysadmin.com/calendar.html )
Conversation on Freedom and Openness in Learning
On Monday, I was a visitor and guest speaker in a session on Open Learning in a class on Learning Creative Learning which aims to offer a course for designers, technologists, and educators. The class is being offered publicly by the combination surprising but very close to my heart of Peer 2 Peer [...]
Registration open for LOPSA-East 2013! (formerly PICC) May 3-4, 2013, New Brunswick, NJ
Register early and save! http://lopsa-east.org Space is limited! Registration opens at midnight for the 2013 LOPSA-East conference, May 3-4, 2013 at the Hyatt Regency hotel in New Brunswick, NJ. IT professionals from the tri-state area, as well as the entire east coast will be joining us for the most talked about community-driven conference of the year. You can find out more at http://lopsa-east.org LOPSA-East begins Friday with an entire day of training offered by world class instructors. We have half day sessions on Team Efficiency, Configuration Management, Basic and Advanced PowerShell, IPV6 migration, and much more! The conference continues on Saturday, with more half day training sessions along with 45 minute presentations from invited speakers, 5 minute lightning talks, and ‘birds of a feather’ discussions on participant selected topics.
Friday Squid Blogging: WTF, Evolution?
WTF, Evolution? is a great blog, and they finally mentioned squid....
The correct RSS feed for this site
I'm getting reports that some RSS reading software does not see the latest posts from this list. Please be sure to use this URL for your RSS reading pleasure: http://feeds.everythingsysadmin.com/EverythingSysadmin Of course, if you are using an old URL that has gone away, you'll never see this post (so tell your friends!). Thanks!
Legal issues in Pirate Cinema analyzed by IP lawyer
IP lawyer Stuart Langley wrote a fantastic analysis of the legal issues raised in my novel Pirate Cinema a guest-article for the wonderful Law and the Multiverse site. Langley does a very thorough job of looking at the real laws and legal problems behind the plot points in the book. The McCauleys internet access has … [Read more]
Stuxnet is Much Older than We Thought
Symantec has found evidence of Stuxnet variants from way back in 2005. That's much older than the 2009 creation date we originally thought it had. More here and here. What's impressive is how advanced the cyberattack capabilities of the U.S. and/or Israel were back then....
Aaron Swartz MIT Memorial
On Tuesday, there was a memorial for Aaron Swartz held at the MIT Media Lab. Unfortunately, I am traveling this week and was unable to attend. As I wrote recently, I was close to Aaron. I am also, more obviously, close to MIT and the lab. It was important to me to participate in the [...]
NBN: Yes, no, maybe
One of the good things about the new property is that it's only a stone's throw from the Enfield radiation tower. We could get good network coverage there immediately. Out of idle curiosity, went to the NBN rollout map to see what the coverage was like, and in the process discovered a link at the top overwriting another text and saying Find a service provider: Followed that, and discovered that the link forgot where I was: I was presented with a map of Australia.
More weather station flakiness
For some reason the wireless communication between the external and internal components of my weather station has been particularly flaky lately, and there have been long periods of time with no readings. Changed the batteries, but the old ones weren't particularly discharged, and it didn't help, so finally got down to complete some modifications I had started years ago to ensure that I don't try to save invalid readings. What a series of functions just to read a page of weather data from the unit: /* * Read routines. There are lots of these: * * read_station reads 8 bytes from the station, the maximum it can deliver.
Why oh why is Google canceling "reader"?
I can not confirm nor deny... @sheeri or it's a conspiracy by @yesthattom to improve TMFSA by removing a huge time sink... ;)— Nahum Shalman (@nahumshalman) March 14, 2013 If that makes you sad, maybe this will cheer you up... Wow. The heads of all major religions (iOS, Android, Windows, and the Catholic Church) have been replaced in a 6 month time period.— Brian Walsh (@thepartycow) March 13, 2013 @thepartycow maybe that's true of those minor religions, but the great religions of Vi and Emacs are eternal.— ghc (@xnomagichash) March 13, 2013
On Secrecy
Interesting law paper: "The Implausibility of Secrecy," by Mark Fenster. Abstract: Government secrecy frequently fails. Despite the executive branchs obsessive hoarding of certain kinds of documents and its constitutional authority to do so, recent high-profile events among them the WikiLeaks episode, the Obama administrations celebrated leak prosecutions, and the widespread disclosure by high-level officials of flattering confidential information to...
Words of wisdom: Bjarne Stroustrup
Bjarne Stroustrup wrote the following a few minutes ago on the concepts mailing list: Let me take this opportunity to remind people that "being able to do something is not sufficient reason for doing it" and "being able to do every trick is not a feature but a bug" For the latter, remember Dijkstra’s famous [...]
Profile in Guardian Books
Damien Walter's written a very kind article about me and my work in the Guardian's books section, discussing the role of science fiction in social criticism and activism. As technology becomes an ever bigger factor in day-to-day life, we need writers like Doctorow to help us direct it to support freedom over oppression. In his … [Read more]
Nationalism on the Internet
For technology that was supposed to ignore borders, bring the world closer together, and sidestep the influence of national governments the Internet is fostering an awful lot of nationalism right now. We've started to see increased concern about the country of origin of IT products and services; U.S. companies are worried about hardware from China; European companies are worried about...
Software Tools Research: SPLASH Panel Discussion
Written by Dennis Mancl and Steven Fraser At the recent SPLASH (Systems, Programming, Languages and Applications: Software for Humanity) conference, one of us (Steven Fraser) organized an international group of experts to discuss challenges in software tools research. 1 The panelists included Kendra Cooper (University of Texas, Dallas), Jim Cope Coplien (Gertrud & Cope), Junilu Lacar (Cisco Systems), Ruth Lennon (Letterkenny Institute of Technology), Diomidis Spinellis (Athens University of Economics and Business), and Giancarlo Succi (Free University of Bolzano-Bozen). The discussion interwove three threadstool use, development, and educationand the panelists took a critical look at how well tools serve the needs of software professionals, managers, and academics.
Microsoft update fun
Microsoft released patches for its operating systems today, apparently something they do every month. Now that I have a real Microsoft box, it seems to be right to upgrade. But of course my network link wasn't up to it, and rather than wait forever, decided to postpone. Clicked the stop download button, and got: Code 80244023 Windows Update encountered an unknown error. Get help with this error I've seen this one before, and at the time decided, presumably correctly, that it meant network connection interrupted.
Committing ports: the bureaucracy
Review of my new port from Edwin Groothuis this morning, suggesting a couple of modifications, including noting conflicts with the normal Hugin port. That required testing, including building both ports a couple of times, but finally I was ready to commit. Not quite what I expected: Path "head/graphics/hugin-devel/distinfo" is missing the svn:keywords property (or an fbsd:nokeywords override) What does that mean? No idea. Discovered a PortSubversionPrimer, resplendent in missing spaces, which told me about properties, and that I needed svn propset to set them. More careful reading showed that I needed to add entries to ~/.subversion/config, something that I had done years ago (coincidentally exactly 4 years ago today) for the src tree and then forgotten.
Security Theater on the Wells Fargo Website
Click on the "Establishing secure connection" link at the top of this page. It's a Wells Fargo page that displays a progress bar with a bunch of security phrases -- "Establishing Secure Connection," "Sending credentials," "Building Secure Environment," and so on -- and closes after a few seconds. It's complete security theater; it doesn't actually do anything but make account...
Hacking Best-seller Lists
It turns out that you can buy a position for your book on best-seller lists....
Network pain continues
I've more or less resigned myself to the fact that my network connectivity is barely acceptable. Roll on the radiation tower! It's hardly worth mentioning the disconnects any more, but they continue unabated. Each of these represents a successful reconnect after a dropout: === grog@eureka (/dev/pts/4) ~ 125 -> grep myaddr /var/log/ppp.log Feb 25 20:12:36 eureka ppp[1982]: tun0: IPCP: myaddr 118.209.58.27 hisaddr = 10.1.0.1 Feb 26 13:12:31 eureka ppp[1982]: tun0: IPCP: myaddr 118.209.82.100 hisaddr = 10.1.0.1 Feb 27 02:05:54 eureka ppp[1982]: tun0: IPCP: myaddr 118.209.127.130 hisaddr = 10.1.0.1 Feb 27 09:29:38 eureka ppp[2717]: tun0: IPCP: myaddr 118.209.61.68 hisaddr = 10.1.0.1 Feb 27 15:22:14 eureka ppp[2717]: tun0: IPCP: myaddr 118.209.116.108 hisaddr = 10.1.0.1 Feb 27 16:06:23 eureka ppp[2717]: tun0: IPCP: myaddr 121.44.113.98 hisaddr = 10.1.0.1 Feb 27 17:22:40 eureka ppp[2717]: tun0: IPCP: myaddr 121.44.86.185 hisaddr = 10.1.0.1 Feb 28 18:11:28 eureka ppp[2717]: ...
Polishing my ports commit bit
News from FreeBSD portmgr today: I have my ports commit bit back, after having given it up some years ago for safe keeping. It's a little tarnished, but nothing that a bit of cleaning won't fix. Some years ago I mentored Edwin Groothuis for a src commit bit. He has a ports commit bit, so I asked him to be my mentor while I did the cleaning. A week or two again a beta release of Hugin came out, so it seemed reasonable to add a new port, graphics/hugin-devel, for that: the FreeBSD port of Hugin has been lagging quite a bit lately.
X-E1@q¬: Still Water
I bought a ticket on the Tokyo airport bus leaving from near the Google office and thought my fun with the new camera was over; but I was wrong. A half-hour wait provoked a random stroll which brought me to a little teeny shrine down a little teeny alley. I guess I should conclude this series with some more reportage on the camera, but hey, the most important thing isnt that, because theyre all pretty good these days. What matters is finding something worth pointing it at. Most times, all you really need is for the camera to get out of the way.
Cisco IP Phone Hack
Nice work: All current Cisco IP phones, including the ones seen on desks in the White House and aboard Air Force One, have a vulnerability that allows hackers to take complete control of the devices....
Why Tim Berners-Lee is wrong about DRM in HTML5
My latest Guardian column is "What I wish Tim Berners-Lee understood about DRM," a response to the Web inventor's remarks about DRM during the Q&A at his SXSW talk last week. Additionally, all DRM licence agreements come with a set of "robustness" rules that require manufacturers to design their equipment so that owners can't see … [Read more]
"The Logic of Surveillance"
Interesting essay: Surveillance is part of the system of control. "The more surveillance, the more control" is the majority belief amongst the ruling elites. Automated surveillance requires fewer "watchers", and since the watchers cannot watch all the surveillance, long term storage increases the ability to find some "crime" anyone is guilty of. [...] This is one of the biggest problems...
Town Car Version Control
The team at Fog Creek is releasing a major new version of Kiln today. Kiln is a distributed version control system. One of the biggest new features is Kiln Harmony, which lets you operate on Kiln repositories using either Git or Mercurial. So you can push changes to a Kiln repo using Git and then pull them using Mercurial. This means that you never have to decide whether you want to use Git or Mercurial. Religious war: averted. But, Im getting ahead of myself! For those of you that have been living under a rock, the single biggest change in developers lives in the last decade (besides Stack Overflow, natch) is Distributed Version Control.
Beanstalk a la Node
I spent a lot of time talking to AWS developers, many working in the gaming and mobile space, and most of them have been finding Node.js well suited for their web applications. With its asynchronous, event-driven programming model, Node.js allows these developers to handle a large number of concurrent connections with low latencies. These developers typically use EC2 instances combined with one of our database services to create web services used for data retrievals or to create dynamic mobile interfaces. Today, AWS Elastic Beanstalk just added support for Node.js to help developers easily deploy and manage these web applications on AWS.
X-E1@q¬: Wheels
Ah, the camera and the motorized vehicle; both blossomed last century but are going strong. Lets apply the first to the second and do it with a new camera in Tokyo. Whats not to like? Shameless plug: Includes my personal favorite picture in this series. This is a random lucky capture in Shibuya, which has come to inhabit its own mythology. I dont make a point of going there any more when I visit Tokyo but somehow I always do anyhow, and then I smile because for a place featuring vertical concrete and a trillion or so watts of synthetic illumination, its awfully human.
Sex Education
My turn in the carpool schedule. Girl and Boy in the back seat, my first-grade daughter and her classmate whos expecting a little sister any day now. Girl: Daddy, how do they know whether its a boy or a girl before its born? Me: [Tries to explain about ultrasound (as if I understood it) and how they can see a not-very-good picture of the baby, still in Mummys tummy.] [Silence] Girl: But how do they know if its a boy or a girl? Me: Well, they look to see if it has a penis! [Longer silence.] Boy: Did you know that when a babys born, its naked? [Still longer silence.]
Dead Drop from the 1870s
Hats: De Blowitz was staying at the Kaiserhof. Each day his confederate went there for lunch and dinner. The two never acknowledged one another, but they hung their hats on neighboring pegs. At the end of the meal the confederate departed with de Blowitz's hat, and de Blowitz innocently took the confederate's. The communications were hidden in the hat's lining....
Elastic Beanstalk a la Node
I spent a lot of time talking to AWS developers, many working in the gaming and mobile space, and most of them have been finding Node.js well suited for their web applications. With its asynchronous, event-driven programming model, Node.js allows these developers to handle a large number of concurrent connections with low latencies.
Site Redesign Launched!
www.EverythingSysadmin.com is proud to announce our newly redesigned website! New design and color scheme. After nearly 10 years this new design has a more modern feel. New Feature: The sysadmin events calendar is now a tab for easier viewing. This calendar of events is a joint project with Matt Simmons' Standalone Sysadmin Blog. Updated: Author biographies and book descriptions. New feature: A spinning book carousel in the header! New automation for the "See us live", "Awesome Conferences", and "Best of Blog" boxes. Much improved navigation for older posts. And much much more! We expect to be making minor adjustments over the next few days.
Ten Years On
Here's a reading of my recent Locus column, Ten Years On, in which I reflect on my first decade as a novelist and discuss a possible further volume related to Down and Out in the Magic Kingdom, my first-ever novel: I never thought Id write a sequel. The allure of writing books has always been … [Read more]
Is Software Security a Waste of Money?
I worry that comments about the value of software security made at the RSA Conference last week will be taken out of context. John Viega did not say that software security wasn't important. He said: For large software companies or major corporations such as banks or health care firms with large custom software bases, investing in software security can prove...
Town Car Version Control
The team at Fog Creek is releasing a major new version of Kiln today. Kiln is a distributed version control system. One of the biggest new features… Read more "Town Car Version Control"
Guidebook for Cascadia IT Conference open to all!
The Guidebook App (available for every smart-phone known to the planet) now lists all the events and talks for the Cascadia IT Conference, scheduled to start this Friday in Seattle, WA. You can download the app whether or not you are attending. I just read through all the talks and they look excellent. I wish I could be there! There is plenty of time to register! If you are local to Seattle there's no excuse. This has got to be the best "bang for your buck" of a conference the region will see all year.
X-E1@q¬: Shades of Grey
Im a color guy; but some pictures cry out for B&W. These are both from Kitanomaru Park, which I recommend to anyone for a walk, whatever the weather. There are museums about, and the Budokan; if that name rings a bell in your head this is probably why. Also its just a nice garden; the botanically-inclined will appreciate the careful labeling. This first picture in among the trees at the center of this map, and while its not quite as magical as the picture looks, its a pretty nice bit of greenery, a rare thing in the heart of Tokyo.
Who needs swap?
An unexpected effect of the completed verandah panorama was that Hugin decided that the optimal size was considerably larger than before. Although it has always stitched a full 360°×180° panorama, even when the bottom was missing, today the calculated size increased considerably: === grog@eureka (/dev/pts/4) ~/Photos/20130309 105 -> identify ../20130303/Pano/verandah-centre.jpeg Pano/verandah-centre.jpeg ../20130303/Pano/verandah-centre.jpeg JPEG 13068x6534 13068x6534+0+0 8-bit DirectClass 21.2MB 0.000u 0:00.000 Pano/verandah-centre.jpeg[1] JPEG 21866x10933 21866x10933+0+0 8-bit DirectClass 44.21MB 0.000u 0:00.000 === grog@eureka (/dev/pts/4) ~/Photos/20130309 106 -> ls -l ../20130303/Pano/verandah-centre.jpeg Pano/verandah-centre.jpeg -rw-r--r-- 1 grog lemis 21200630 3 Mar 12:41 ../20130303/Pano/verandah-centre.jpeg -rw-r--r-- 1 grog lemis 44207375 9 Mar 16:23 Pano/verandah-centre.jpeg So instead of an 85 MP panorama, I ended up with a 239 MP panorama; surprisingly, the image sizes don't reflect that.
A nadir, finally
Last weekend's attempt at a full 360°×180° panorama of the verandah wasn't overly successful. One of the issues I had was finding appropriate control points: the floor was too uniform and repetitive. Today I tried the trick of putting a few flowerpots on the floor in the range both of the nadir and the lower row of the panorama. That worked nicely, though I still have issues with the alignment of the floorboards, probably relating to the accuracy of the positioning. Still, the result isn't too bad: How much work would it be to fix the remaining jaggies in the floor?
X-E1@q¬: Gates
The event that took me to Tokyo with a new camera was in Chiyoda, which is to say right next to the Imperial palace. On two successive days, I took the opportunity to go visit; once to Kitanomaru Park, and once to the East Garden itself. Pictures today from the latter. The history of Japan is full of wars, mostly in a feudal flavor; all these walls and battlements and fortifications werent built for decoration. Doesnt mean they dont look good. These are the East gates. I confess, this photo had to be fixed up a little. The spring sun on the trees other side of the gate was overpowering, brilliant.
Registration open for LOPSA-East 2013! (formerly PICC) May 3-4, 2013, New Brunswick, NJ
Register early and save! http://lopsa-east.org Space is limited! Registration is open for the 2013 LOPSA-East conference, May 3-4, 2013 at the Hyatt Regency hotel in New Brunswick, NJ. IT professionals from the tri-state area, as well as the entire east coast will be joining us for the most talked about community-driven conference of the year. You can find out more at http://lopsa-east.org LOPSA-East begins Friday with an entire day of training offered by world class instructors. We have half day sessions on Team Efficiency, Configuration Management, Basic and Advanced PowerShell, IPV6 migration, and much more! The conference continues on Saturday, with more half day training sessions along with 45 minute presentations from invited speakers, 5 minute lightning talks, and ‘birds of a feather’ discussions on participant selected topics.
Friday Squid Blogging: Squid/Whale Yin-Yang
Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
X-E1@q¬: Cylinders
On Day Two of the new-camera-in-Tokyo trail lets move gradually from people to geometry. Because any city has lots of that. This is from the 20th floor, at Hitotsubashi University looking down over the Mainichi building; in the background are some of the Imperial Palace gardens (more to come from there). I said gradually and yep, if you blow this up you will in fact spot a few people. I wonder what the guys on the rooftop are up to; on a really big screen with the full-rez photo, its clear that theyre pretty well-dressed, i.e. probably not maintenance folk. Maybe they just stepped outside for a smoke.
Ross Anderson's Security Engineering Online
The second edition of Ross Anderson's fantastic book, Security Engineering, is now free online. Required reading for any security engineer....
Oxford University Blocks Google Docs
Google Docs is being used for phishing. Oxford University felt that it had to block the service because Google isn't responding to takedown requests quickly enough. Think about this in light of my essay on feudal security. Oxford University has to trust that Google will act in its best interest, and has no other option if it doesn't....
Rapture of the Nerds hits London on Mar 23
The UK edition of Rapture of the Nerds hits shelves on April 12, but we're having a sneaky early release at Forbidden Planet in London on Mar 23 at 1PM. Tell your friends! (I'm pretty sure that Forbidden Planet will take advance mail-orders for people who can't make it, and I'll sign and personalise every … [Read more]
DynamoDB One Year Later: Bigger, Better, and 85% Cheaper&
Time passes very quickly around here and I hadnt realized until recently that over a year has gone by since we launched DynamoDB. As I sat down with the DynamoDB team to review our progress over the last year, I realized that DynamoDB had surpassed even my own expectations for how easily applications could achieve massive scale and high availability with DynamoDB. Many of our customers have, with the click of a button, created DynamoDB deployments in a matter of minutes that are able to serve trillions of database requests per year. Ive written about it before, but I continue to be impressed by Shazams use of DynamoDB, which is an extreme example of how DynamoDBs fast and easy scalability can be quickly applied to building high scale applications.
DynamoDB One Year Later: Bigger, Better, and 85% Cheaper?
Time passes very quickly around here and I hadn?t realized until recently that over a year has gone by since we launched DynamoDB. As I sat down with the DynamoDB team to review our progress over the last year, I realized that DynamoDB had surpassed even my own expectations for how easily applications could achieve massive scale and high availability with DynamoDB.
X-E1@q¬: People
So, I took the new camera to Tokyo and came back with pictures, which will inhabit this space for the next few days. For most, Im not gonna claim theyre typical; but these are. If youre going to show the truth about q¬, it has to be people. Because its buildings and cars and streets and so on are mostly nothing special, but the people who live among them are. Not far from Shimbashi station and its 10PM or so. I wont claim this is a good picture, but I will argue that its what Tokyo street-life is really, really like; do me a favor and enlarge it.
How the FBI Intercepts Cell Phone Data
Good article on "Stingrays," which the FBI uses to monitor cell phone data. Basically, they trick the phone into joining a fake network. And, since cell phones inherently trust the network -- as opposed to computers which inherently do not trust the Internet -- it's easy to track people and collect data. There are lots of questions about whether or...
Browser Security
Interesting discussion on browser security from Communications of the ACM. Also, an article on browser and web privacy from the same issue....
Wendy McClelland exposes scam
Yvonne pointed me at an article in the Hepburn Advocate today. Wendy McClelland has taken pity on all us poor souls who were conned by the NBN: NBN endeavoured to convince the public to want Wi-Fi radiation broadband via a proposed tower to deliver at speeds of 5-12 megabits per second. NBN staff stated it was faster than satellite broadband. Most residents who attended were duped by the con. Count me as one of the residents who was duped.
The Tragedy of the Re-Auth
Were pushing the notion that sites should do Federated Identity; that those Sign in with Facebook/Google/Twitter/whoever badges you see everywhere are A Good Thing. And indeed they are. But its exposing a subtle problem. Background I spend a lot of time talking to people who are (in the jargon) RPs, where the initials stand for Relying Party and mean someone who relies on an Identity Provider (IDP in the jargon) to take care of login/logout. Its increasingly easy to set up Federated Login with an IDP, and as OpenID Connect stabilizes, therell be room for a real standards-based RP/IDP ecosystem.
Fujifilm X-E1
What happened was, this month includes trips to Tokyo and the Big Island. And lately Ive been reading about cameras full of shiny new ideas. So I decided to indulge myself; here are way too many words about the state of cameras in general and in particular the one I bought. I suppose this is partly a review of the X-E1, but if you want to know the most important thing (what kind of pictures it takes) just follow the blog for the next week or two. Ill do a pictures-from-Tokyo series that covers a lot of different photographic styles.
The NSA's Ragtime Surveillance Program and the Need for Leaks
A new book reveals details about the NSA's Ragtime surveillance program: A book published earlier this month, "Deep State: Inside the Government Secrecy Industry," contains revelations about the NSA's snooping efforts, based on information gleaned from NSA sources. According to a detailed summary by Shane Harris at the Washingtonian yesterday, the book discloses that a codename for a controversial NSA...
Al Qaeda Document on Avoiding Drone Strikes
Interesting: 3 Spreading the reflective pieces of glass on a car or on the roof of the building. 4 Placing a group of skilled snipers to hunt the drone, especially the reconnaissance ones because they fly low, about six kilometers or less. 5 Jamming of and confusing of electronic communication using the ordinary water-lifting dynamo fitted with...
Thirty years of audio data storage
Edwin Groothuis pointed me at this image on the web today: Amazing how times change, and in particular how much content is now served by the Web.
Marketing at the RSA Conference
Marcus Ranum has an interesting screed on "booth babes" in the RSA Conference exhibition hall: I'm not making a moral argument about sexism in our industry or the objectification of women. I could (and probably should) but it's easier to just point out the obvious: the only customers that will be impressed by anyone's ability to hire pretty models to...
Issue 34 "Hacker News Monthly" issue
My "4 Unix commands I abuse every day" blog post has been published in this month's Hacker News Monthly! Check it out: http://hackermonthly.com/issue-34.html Interestingly enough that post got more hits than any other that I posted last year. It got mentioned on HN (quite an honor) and then the print edition (Hacker News Monthly) contacted me about reprinting it. HNM is a pretty nice deal. If you don't have time to read HN every day, they pick out the best articles of the month and print them as an ebook (multiple formats) and an actual dead-trees printed version too!
Technologies of Surveillance
It's a new day for the New York Police Department, with technology increasingly informing the way cops do their jobs. With innovation comes new possibilities but also new concerns. For one, the NYPD is testing a new type of security apparatus that uses terahertz radiation to detect guns under clothing from a distance. As Police Commissioner Ray Kelly explained to...
Homeland interviews
A pair of nice interviews about my new novel Homeland hit the Web today: this fun chat with Rob "CmdrTaco" Malda on the Washington Post, and this one with David Klein at Las Vegas City Life: Its about conveying your enthusiasm. My readers like that enthusiastic voice. The dirty secret about geeking out is that … [Read more]
More weather station software
Peter Jeremy came up with this weather station software site today. It seems to do roughly what my software does (hopefully with fewer warts), but I haven't really looked at it yet.
New Internet Porn Scam
I hadn't heard of this one before. In New Zealand, people viewing adult websites -- it's unclear whether these are honeypot sites, or malware that notices the site being viewed -- get a pop-up message claiming it's from the NZ Police and demanding payment of an instant fine for viewing illegal pornography....
Podcast with Beyond the Book
The folks at Beyond the Book interviewed me for a recent podcast (MP3). We talked about computer control, DRM, publishing, and my latest book, Homeland.
How to tell if a site stores passwords in clear-text?
Click on the "I forgot my password" link. If they email you your password, you know they stored it in clear-text somewhere. You should complain. Sadly their first-tier support probably won't understand and will assure you that they take security seriously and you have nothing to fear. Oh well, at least you know and can choose to use a different company or at least use a password you aren't using anywhere else (which, you already do, right?) If they email you a code to reset your password or a temporary password, then either they stored a hash of the password (hopefully they did it right), or they're doing it wrong and their password-recovery system obscures this fact.
Getting Security Incentives Right
One of the problems with motivating proper security behavior within an organization is that the incentives are all wrong. It doesn't matter how much management tells employees that security is important, employees know when it really isn't -- when getting the job done cheaply and on schedule is much more important. It seems to me that his co-workers understand the...
Whats the most utopian fiction of all?
My latest column for Locus, "Ten Years On," looks back on my first decade as a novelist, and speculates about what a difficult utopia might be, and announces my next novel project: And then I realized I had no idea what novel Id write next. I have notes for about five books, but none of … [Read more]
No day for computing
Somehow things didn't go well today. It started when I came in and found a message from Wolfgang Riegler telling me of an incorrect dependency in the enblend port. Fixed that and got Edwin Groothuis to commit it, and he then discovered that removing the port left an empty directory behind. Normally that's handled by a @dirrm line in the pkg-plist file, but this port doesn't have a pkg-plist: it's all in the Makefile. Spent some time reading the porter's handbook without finding out how to remove a directory. Should I revert to a pkg-plist after all? It makes sense to minimize the number of files in a port, since they're all small, usually smaller than the minimum fragment size.
Real world adieu
Nearly 2 years ago I took over maintenance of the Friends of the Ballarat Botanical Gardens web site in hope of contributing something to the cause and getting a better understanding of the Real World. I suppose that I've been successful in those aims. But it's been a pain! Clearly gardeners aren't the most technical people in the world. And even more clearly I don't have the interpersonal skills to be a webmaster. But the site is still almost completely devoid of content, and what little content I get usually comes in forms that require much correction before they can be put up at all.
Friday Squid Blogging: Another Squid Cartoon.
Another. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Me on "Virtually Speaking"
Last week I was on "Virtually Speaking."...
Phishing Has Gotten Very Good
This isn't phishing; it's not even spear phishing. It's laser-guided precision phishing: One of the leaked diplomatic cables referred to one attack via email on US officials who were on a trip in Copenhagen to debate issues surrounding climate change. "The message had the subject line 'China and Climate Change' and was spoofed to appear as if it were from...
Cascadia IT Conference: Discount extended! Don't miss out!
https://plus.google.com/u/0/101281951565093176572/posts/XALRuBSdgqP From the organizers: An impressive number of registrations over the past few days has prompted us to extend early bird pricing through Monday, March 4th. Save as much as $75 over at-the-door pricing by registering before 11:59pm Monday evening! If you're visiting Seattle from out of town, don't forget to make your hotel reservations by phone and be sure to mention the conference to receive a discounted room rate and parking: We also hope you'll join us Thursday, March 14th as the Seattle Area System Administrators Guild (SASAG) hosts a welcome reception sponsored by Silicon Mechanics in the Governors Room at the Hotel Deca.