Blog Archive: August 2013
CL XXVII: Cheap Audio
Weve finally arranged, after five full years of Cottage Life, for music playback. There were complicating factors, notably my being a deranged audiophile; and the installation isnt 100% complete. But it sounds nice, and Ive already saved $259,404.01! Downstream Wed always wanted music and, within the first year or so, snapped up a pair of PSB Alpha B1s. From time to time, people who notice how nice the music sounds at our place ask me what they should buy, and I often begin with there are loads of options, but if you just buy whatever PSB speakers and NAD electronics fit in your budget, youll be pretty happy. Anyhow, PSB has been selling variations on the Alpha for a really long time, usually at a price point around $299/pair; stupidly good for the money.
CL XXVII: Cheap Audio
Weve finally arranged, after five full years of Cottage Life, for music playback. There were complicating factors, notably my being a deranged audiophile; and the installation isnt 100% complete. But it sounds nice, and Ive already saved $259,404.01! Downstream Wed always wanted music and, within the first year or so, snapped up a pair of PSB Alpha B1s. From time to time, people who notice how nice the music sounds at our place ask me what they should buy, and I often begin with there are loads of options, but if you just buy whatever PSB speakers and NAD electronics fit in your budget, youll be pretty happy. Anyhow, PSB has been selling variations on the Alpha for a really long time, usually at a price point around $299/pair; stupidly good for the money.
Back-to-Basics Weekend Reading - An Introduction to Spatial Database Systems
Storing and querying datasets that contain objects in a geometric space have always required special treatment. The choice of data structures and query algorithms can easily make the different between a query that runs in seconds or in days. Much of the fundamental work has been done in the late eighties and early nineties, for examples around topological relations (disjoint, meet, equal, overlap, contains, etc.) , direction relations (north, north-east, etc.) and distance relations (far, near), and also with respect to spatial data structures (a great survey by Hanan Samet). With location becoming a more important attribute to many modern datasets a solid understanding of the tradeoffs is important.
More eBooks with Android
I made one of the biggest decisions of my life in September 1962, over 50 years ago, when I started school at King's College, Taunton. We had a choice of one of four optional subjects to study: Biology, History, Geography and German. I really, really wanted to study both Biology and German. In the end, I chose German, and that decision determined the course of my lifeI ended up living in Germany for a total of 25 years. If I had chosen Biology, it, too, could have changed the course of my life. I almost certainly would never have lived in Germany, and there's a good chance that I would have ended up in some biological career instead of computers.
Android charge problems cornered
I'm still having issues with charging the Android tablet. I can leave it on charge overnight, and it will still be only partially charged. Then I charge it in the day, and it goes up to 100% charge within an hour or so. How can that be? Then it occurred to me: in all cases where it didn't charge properly, I was charging in the lounge room. The power point is some distance from my armchair, but the charger simply connects to the USB data cable, so I put a 5 m extension USB cable in between. The tablet recognizes the power and produces the rather silly status message Charging (AC), but it seems that there's something in the connection that makes it actually not charge.
Friday Squid Blogging: Bobtail Squid Photo
Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Opsec Details of Snowden Meeting with Greenwald and Poitras
I don't like stories about the personalities in the Snowden affair, because it detracts from the NSA and the policy issues. But I'm a sucker for operational security, and just have to post this detail from their first meeting in Hong Kong: Snowden had instructed them that once they were in Hong Kong, they were to go at an appointed...
Back-to-Basics Weekend Reading - An Introduction to Spatial Database Systems
Storing and querying datasets that contain objects in a geometric space have always required special treatment. The choice of data structures and query algorithms can easily make the different between a query that runs in seconds or in days. Much of the fundamental work has been done in the late eighties and early nineties, for examples around topological relations (disjoint, meet, equal, overlap, contains, etc.
Velocity NYC: Stack Exchange will be presenting!
Hey all my NYC peeps! Velocity comes to NYC in October. That's just a few weeks away! My awesome coworkers Steven, Nick, and George will be giving a talk about how ServerFault.com/StackOverflow.com works. It will also be the first public talk about "SE Status" our dashboard. Register today and I'll see you there!
More on the NSA Commandeering the Internet
If there's any confirmation that the U.S. government has commandeered the Internet for worldwide surveillance, it is what happened with Lavabit earlier this month. Lavabit is -- well, was -- an e-mail service that offered more privacy than the typical large-Internet-corporation services that most of us use. It was a small company, owned and operated by Ladar Levison, and it...
Android as eBook reader
The linear algebra course course has now completed, but I haven't finished all the lectures quite yet. There's a deadline in about 10 days to submit the final assignments, but I suspect I won't bother. Mohamed Ifadir pointed me to a book on the subject, which I downloaded to my Android tablet and read while waitingfar too longat the doctor's. It was enlightening for a number of reasons. Firstly, the book is completely different from the course I've been doing. Pretty much the first thing it discusses is Gaussian elimination, which in the course is only handled in the second-last week.
How Many Leakers Came Before Snowden?
Assume it's really true that the NSA has no idea what documents Snowden took, and that they wouldn't even know he'd taken anything if he hadn't gone public. The fact that abuses of their systems by NSA officers were largely discovered through self-reporting substantiates that belief. Given that, why should anyone believe that Snowden is the first person to walk...
The Federal Trade Commission and Privacy
New paper on the FTC and its actions to protect privacy: Abstract: One of the great ironies about information privacy law is that the primary regulation of privacy in the United States has barely been studied in a scholarly way. Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies' privacy policies through its authority to police...
What's wrong with my DNS?
Network connectivity has gone to hell again, and there's still no sign of the radiation tower, though on various occasions we've been told commencement dates round late June, late July and then 19 August, the latter two immediately before the non-event. I wish I knew why they tell us these things. And once again I was faced with DNS lookup failures, including NXDOMAIN for domains like ebay.com and google.com. Where's this coming from? I've been tracing for some time now, but I still haven't finished analysing it. One thing I have established is that the problem isn't just with Internode's name servers: I've seen requests go to the root name servers as well.
Tempo: not in the German sense
Tempo Australia is the company that provides support for ALDI electronics. I've had occasion to call them twice last week, each time leaving a message to call back, and I have already commented that it took them 2 days to call me back the first time. Today the other shoe dropped: a call back for the message I was forced to leave, after only 6 days. What a company! As Jürgen Lock commented, not the German use of the word Tempo, which means speed. ACM only downloads articles once.
Feds Target Polygraph-Beating Company
A company that teaches people how to beat lie detectors is under investigation....
FC4: Persona Questions
A couple of episodes back, commenter tom jones wrote, urging me to study Mozilla Persona: it seems all the questions you are discussing have already been solved by them. Well, then. [This is part of the Federation Conversation series.] This piece in particular left a lot of open questions in my mind, which appear at the end of the sections down below. None of them are rhetorical and Id like to hear what people think. So I went and looked at the Persona docs, and had some email back and forth with Lloyd Hilaeil, a Mozillian who works on it, and wired it into my testbed at favcolor.net and it sort of works.
FC4: Persona Questions
A couple of episodes back, commenter tom jones wrote, urging me to study Mozilla Persona: it seems all the questions you are discussing have already been solved by them. Well, then. [This is part of the Federation Conversation series.] This piece in particular left a lot of open questions in my mind, which appear at the end of the sections down below. None of them are rhetorical and Id like to hear what people think. So I went and looked at the Persona docs, and had some email back and forth with Lloyd Hilaeil, a Mozillian who works on it, and wired it into my testbed at favcolor.net and it sort of works.
Evading Internet Censorship
This research project by Brandon Wiley -- the tool is called "Dust" -- looks really interesting. Here's the description of his Defcon talk: Abstract: The greatest danger to free speech on the Internet today is filtering of traffic using protocol fingerprinting. Protocols such as SSL, Tor, BitTorrent, and VPNs are being summarily blocked, regardless of their legal and ethical uses....
Using Sygic
The trip to Bannockburn gave me a good opportunity to try out the Sygic navigation software on my Android tablet. It was a little more understandable than last time I tried. As I discovered when I got my first navigator, it takes a lot to understand navigation software, and initially you see the problems, not the advantages. But there were some good aspects too. Here some observations: Things weren't made any easier by the lack of a holder for the tablet, so I could only look at the screen by holding it in my hand, not something that you can do all the time.
The Tor Danger
If you have a reasonably full life, from time to time you have to look a temptation in the face and say no. For example Tor.com. No, not Tor the private-Internet thing, Tor the sci-fi publisher of Charlie Stross among many others, excellent and otherwise. Its seductive overly so. They feature fiendishly-clever rewatch (e.g. Deep Space Nine, which every discerning person knows is the only Star Trek series that matters) and reread series (currently including Zelaznys Amber). And of course, they sell books. With thoughtful, appreciative, beautifully-written essay-length appreciations. Which is to say, with fiendish effectiveness. And since its so easy to buy em these days, I did, a couple of times.
The Tor Danger
If you have a reasonably full life, from time to time you have to look a temptation in the face and say no. For example Tor.com. No, not Tor the private-Internet thing, but Tor the sci-fi publisher of Charlie Stross among many others, excellent and otherwise. Specifically, Tors Web site. Its seductive overly so. They feature fiendishly-clever rewatch (e.g. Deep Space Nine, which every discerning person knows is the only Star Trek series that matters) and reread series (currently including Zelaznys Amber). And of course, they sell books. With thoughtful, appreciative, beautifully-written essay-length appreciations. Which is to say, with fiendish effectiveness. And since its so easy to buy em these days, I did, a couple of times.
More on NSA Data Collection
There's an article from Wednesday's Wall Street Journal that gives more details about the NSA's data collection efforts. The system has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans. In some cases, it retains the written content of emails sent between...
Detaining David Miranda
Last Sunday, David Miranda was detained while changing planes at London Heathrow Airport by British authorities for nine hours under a controversial British law -- the maximum time allowable without making an arrest. There has been much made of the fact that he's the partner of Glenn Greenwald, the Guardian reporter whom Edward Snowden trusted with many of his NSA...
Microsoft to the rescue
I don't really like Microsoft software messing around in my computer, and today I wasn't too happy to see that Security essentials had found a potential threat. But this time it proved to be useful: That's almost certainly the thing that I was looking for two weeks ago. Found and removed, in the process pondering the abuse of the term quarantine. ACM only downloads articles once.
Protecting Against Leakers
Ever since Edward Snowden walked out of a National Security Agency facility in May with electronic copies of thousands of classified documents, the finger-pointing has concentrated on government's security failures. Yet the debacle illustrates the challenge with trusting people in any organization. The problem is easy to describe. Organizations require trusted people, but they don't necessarily know whether those people...
Usenix LISA "Build A Cloud Day", Fri, Nov 8, 2013 in DC (no charge!)
Considering all the security issues raised this year, isn't it time you built a private cloud? Build a Cloud Day will be dedicated to teaching users how to build and manage a cloud computing environment using free and open source software. The program is designed to expose attendees to the concepts and best practices around deploying cloud computing infrastructure. Attendees should expect to learn how to deploy a cloud computing environment using CloudStack and other cloud infrastructure tools that automate server and network configuration for building highly available cloud computing environments. Registration for Build A Cloud Day is free, but space is limited.
"The Next Generation Communications Privacy Act"
Orin Kerr envisions what the ECPA should look like today: Abstract: In 1986, Congress enacted the Electronic Communications Privacy Act (ECPA) to regulate government access to Internet communications and records. ECPA is widely seen as outdated, and ECPA reform is now on the Congressional agenda. At the same time, existing reform proposals retain the structure of the 1986 Act and...
Another dead tablet!
I had left the Android tablet on charge overnight, but when I came in this morning it had powered off. And I couldn't get it to start again. After some investigation I discovered that the battery was completely discharged, and that a normal USB connector didn't deliver enough power to charge it. Put it on the supplied charger (again!) and it started charging, and after a few hours the battery was fully charged. But how did that happen? I had left the thing in standby mode with the charger connected. How could the battery have discharged? Is this a bad batch of batteries, or is there some problem with the charging circuitry?
LOPSA NJ Chapter meeting: IBM Blue Gene /P, Thu, Sept 5, 2013
It isn't on the website yet, but the September meeting will have a special guest: Title: Anatomy of a Supercomputer: The architecture of the IBM Blue Gene /P. IBM refers to their Blue Gene family of super computers as 'solutions'. This talk will discuss the problems facing HPC that the Blue Gene architecture was designed to solve, focusing on the Blue Gene /P model. To help those unfamiliar with high-performance computing, the talk will begin with a brief explanation of high-performance computing that anyone should be able to understand. Mini-Bio: Prentice Bisbal first became interested in scientific computing while earning a BS in Chemical Engineering at Rutgers University.
CL XXVI: Driftscapes
Here in the top left corner of urban North America, we have a special relationship with wood. We live in it, sit on it, eat off it, and burn it for warmth and pleasure. Also, as part of Cottage Life, walk by the sea to admire the portions cast up. Well, and ephemeral log-draperies, where ephemeral means from the last high tide to the next. Consider the randomness: Each years climactic variation with input from surrounding soils and companions of every size (bear to microorganism); then after the tree found itself accidentally afloat subject to each waves attentions, the grinding against the rocks, then in stillness the light and wind put the final polish on what you see.
CL XXVI: Driftscapes
Here in the top left corner of urban North America, we have a special relationship with wood. We live in it, sit on it, eat off it, and burn it for warmth and pleasure. Also, as part of Cottage Life, walk by the sea to admire the portions cast up. Well, and ephemeral log-draperies, where ephemeral means from the last high tide to the next. Consider the randomness: Each years climactic variation with input from surrounding soils and companions of every size (bear to microorganism); then after the tree found itself accidentally afloat subject to each waves attentions, the grinding against the rocks, then in stillness the light and wind put the final polish on what you see.
Android navigation apps
More fun with the new Android tablet today. How do I keep track of apps? Yes, it stores information in the tablet. But what if the tablet dies? Ended up writing a page which is currently just a list of URLs (and how do you extract them on the tablet? No idea). Went looking for some GPS navigation apps, not helped by a lack of overlap between the reviews and what I could find in the toy shop. This page describes 5 of them, without links of course. Of those, I only found two. And the toy shop itself doesn't seem to want to let you know banal things like URLs.
Another sound hang
While watching TV this afternoon, I ended up with another hang in the sound system: Aug 23 13:45:44 teevee kernel: pcm0: chn_write(): pcm0:play:dsp0.p1: play interrupt timeout, channel dead Previously I had thought that this was related to running a flash player, but I hadn't done anything like that today. More discussion on IRC (doesn't it help to have IRC on your TV?) , and Callum Gibson pointed me at this problem report, which describes what appears to be exactly the same problem, and which claims to have a solution: # /boot/device.hints hint.hdac.0.msi="0" # /etc/sysctl.conf dev.hdac.0.polling=1 Callum also suggested the script he used to use: sudo sysctl -w ...
More Android investigations
So what do I do with my defective Android tablet? No call back from the service department, of course, so I called up ALDI and complained. No, they couldn't do much, though they took note of my complaint, but they were able to put me in contact with Tempo, where I was first asked if I had charged the thing overnight. Stupid questions, but as it happened I hadalthough it's not clear what difference that makes considering the battery was showing 100% charged and it was on the charger anyway. I was offered the opportunity of going and getting another one from ALDIthat's not a support, that's just normal business practice.
Friday Squid Blogging: New Research in How Squids Change Color
Interesting: Structural colors rely exclusively on the density and shape of the material rather than its chemical properties. The latest research from the UCSB team shows that specialized cells in the squid skin called iridocytes contain deep pleats or invaginations of the cell membrane extending deep into the body of the cell. This creates layers or lamellae that operate as...
Back-to-the-Future Weekend Reading - Distributed GraphLab: A Framework for Machine Learning and Data Mining in the Cloud
The intense travels around the world in the spring have kept me from keeping up on the historical reading that I would like to do, as such there have not been that many suggesting for the back-to-basics reading list. The fall is going be not that much different but I will make an effort to get back into a reading habit. I want to kick off the fall readings not with an historical paper but with two that detail GraphLab, an excellent framework for high performance machine learning that originally has been built by the Carlos Guestrin. GraphLab has been used to build several different data mining and graph processing toolkits and applications.
How Security Becomes Banal
Interesting paper: "The Banality of Security: The Curious Case of Surveillance Cameras," by Benjamin Goold, Ian Loader, and Angélica Thumala (full paper is behind a paywall). Abstract: Why do certain security goods become banal (while others do not)? Under what conditions does banality occur and with what effects? In this paper, we answer these questions by examining the story of...
Sysadmins/Devops needed for study
I met Jeevitha Mahendiran at Usenix LISA last year. She is studying sysadmins and what we do. She writes: I'm Jeevitha Mahendiran, Graduate Student/Research Assistant Faculty of Computer Science, Dalhousie University, Halifax, Canada. Currently doing a research on "Understanding the Use of Models and Visualization Tools in System Administration Work". The information that the you share regarding your work will be very helpful for my research. We are seeking participants to take part in a study about the tools used by system administrators. Participants will be asked to complete an anonymous and confidential survey that should take about 20-30 minutes to finish.
Why it matters that you cant own an electronic copy of the Oxford English Dictionary
In my latest Guardian column, I talk about the digital versions of the Oxford English Dictionary and the Historical Thesaurus of the Oxford English Dictionary, the two most important lexicographic references to the English language. As a writer, my print copies of the OED and HTOED are to me what an anvil is to a … [Read more]
Back-to-the-Future Weekend Reading - Distributed GraphLab: A Framework for Machine Learning and Data Mining in the Cloud
The intense travels around the world in the spring have kept me from keeping up on the historical reading that I would like to do, as such there have not been that many suggesting for the back-to-basics reading list. The fall is going be not that much different but I will make an effort to get back into a reading habit.
Hacking Consumer Devices
Last weekend, a Texas couple apparently discovered that the electronic baby monitor in their children's bedroom had been hacked. According to a local TV station, the couple said they heard an unfamiliar voice coming from the room, went to investigate and found that someone had taken control of the camera monitor remotely and was shouting profanity-laden abuse. The child's father...
Android tablet: it goes back
More playing with my Android tablet today. Turned it on and discovered that it claimed only 36% battery charge, which was strange considering that it had been on charge overnight. Took it into the office and checked again: 100%. There's clearly something wrong with the reporting. Apart from that, didn't get very far. I was able to load a ssh server for the device, which meant that I could at least access it from outside. Here partial output from top, which is too stupid to clear the screen between iterations: User 7%, System 6%, IOW 0%, IRQ 0% User 37 + Nice 9 + Sys 42 + Idle 527 + IOW 2 + IRQ 0 + SIRQ 3 = 620 PID PR CPU% S #THR VSS RSS PCY UID Name 10374 1 3% S ...
Evi Nemeth's life-raft spotted?
The search for Evi Nemeth and the others onboard the Nina has been restarted. The the crowd-sourced search of 56,000 satellite pictures appeared to find an orange/yellow object to the west of Norfolk island. The life-raft was orange: Read more: The Nina: Fresh search for missing yacht The project is being funded by donations. To donate visit the Danielle Wright Search Fund.
Susan Landau Article on the Snowden Documents
Really good article by Susan Landau on the Snowden documents and what they mean....
When is mv not a mv?
Watched All Creatures Great and Small on TV this evening. I don't want to delete the recordings when I'm done, so I move the recording to a subdirectory called Already: === grog@teevee (/dev/pts/0) /spool/DVDs/All-Creatures-Great-and-Small 15 -> mv Series-3-1-3 Already/ === grog@teevee (/dev/pts/0) /spool/DVDs/All-Creatures-Great-and-Small 16 -> rm Series-3-1-3<tab> Series-3-1-3 Series-3-1-3.fpos Series-3-1-3.time Huh? I just removed Series-3-1-3. Why is it still there? === grog@teevee (/dev/pts/0) /spool/DVDs/All-Creatures-Great-and-Small 17 -> ls -li Series-3-1-3 Already/Series-3-1-3 534949 -rw-r--r-- 1 grog lemis 2,006,484,992 19 Oct 2011 Already/Series-3-1-3 534949 -rw-r--r-- 1 grog lemis 2,006,484,992 19 Oct 2011 Series-3-1-3 In other words, it was already there.
Android, try 2
Last year I had my first experience with Android tablets, and I was greatly impressednegatively. Since then a number of things have happened: I've discovered a use for them controlling Olympus cameras, and the current issue of c't magazine had numerous articles on hacking old tablets. As a result I took a look on eBay and discovered I could get a usable second-hand tablet for about $120 to $130. Then this week ALDI had a tablet on special: Apart from the normal functions, it has full telephony functions (though I wonder how to hold it) and GPS.
Other Elmores
Elmore Leonard died. He was an awfully good writer; Ive read loads of his books, some more than once or even twice, and regret it not a bit. There have been lots of grateful obits my favorite is by Joan Acocella in the New Yorker and they all say you should go read Get Shorty and yeah, its good, you should. So here are some more that arent usually in lists of his big hits but are really good too. Stick, from 1983, is actually a sequal to Swag, but I think its way better. Ernest Stickley is a loveable guy fresh out of jail for armed robbery who gets a really lousy chauffeuring job for a really irritating rich guy and, well, lots of amusing things happen and, as with most Leonards, you just know, you can feel it, that there are people like that doing things like that.
Other Elmores
Elmore Leonard died. He was an awfully good writer; Ive read loads of his books, some more than once or even twice, and regret it not a bit. There have been lots of grateful obits my favorite is by Joan Acocella in the New Yorker and they all say you should go read Get Shorty and yeah, its good, you should. So here are some more that arent usually in lists of his big hits but are really good too. Stick, from 1983, is actually a sequal to Swag, but I think its way better. Ernest Stickley is a loveable guy fresh out of jail for armed robbery who gets a really lousy chauffeuring job for a really irritating rich guy and, well, lots of amusing things happen and, as with most Leonards, you just know, you can feel it, that there are people like that doing things like that.
Puppet Camp DC, Tue, Nov 5, 2013 (free admission!)
If you are sad you can't attend PuppetConf 2013 this week, start planning for Puppet Camp DC. It is co-located with the Usenix LISA conference, which is Nov 6-9, 2013 in Washington D.C. Puppet Camp DC is a community-oriented, regional gathering of Puppet users and developers. You'll have the opportunity to talk to a diverse group of Puppet users, benefit from presentations delivered by prominent community members, and share experiences and discuss potential implementations of Puppet with your peers. Registration for Puppet Camp is free, but space is limited. To continue your "Automation" education USENIX is offering a discount to all Puppet Camp attendees.
Measuring Entropy and its Applications to Encryption
There have been a bunch of articles about an information theory paper with vaguely sensational headlines like "Encryption is less secure than we thought" and "Research shakes crypto foundations." It's actually not that bad. Basically, the researchers arguethat the traditional measurement of Shannon entropy isn't the right model to use for cryptography, and that minimum entropy is. This difference may...
Online streaming video
The signs are increasing that they'll finally start building the radiation tower soonScott Weston has claimed that work will start this week. So once again I'm looking at tariffsplans. Exetel has one one that looks interesting: 50 GB Peak and unmetered off peak. Off peak proves to be from 01:00 to 09:00, not exactly prime surfing time. But it's ideal to run cron jobs and pull down lots of pre-recorded TV programmes. But how? Yvonne asked me to find out about German TV, and Jürgen Lock was able to point me at Online TV recorder and Zattoo. The latter seems to be restricted to IP address ranges, and my current (Internode) address isn't part of it, but Exetel also offers a static IP address, so I could route my /24 to it.
FC3: Whos Watching You?
Worried about being watched? Me too. So whos doing it, and why, and what can they see, and what can you do about it? [This is part of the Federation Conversation series. Even though theres nothing here about federated identity, I think this background should be helpful in dealing with the (very sensible) paranoia about whos watching you.] The parties out there who are watching you fall into three groups: Spooks, people who want to hurt you, and people who want to monetize you. Spooks Im talking about your own governments employees. This is the era of Snowden and Manning and whichever ethically-exigent millennial comes along next; so we know, more or less, what it is they know.
FC3: Whos Watching You?
Worried about being watched? Me too. So whos doing it, and why, and what can they see, and what can you do about it? [This is part of the Federation Conversation series. Even though theres nothing here about federated identity, I think this background should be helpful in dealing with the (very sensible) paranoia about whos watching you.] The parties out there who are watching you fall into three groups: Spooks, people who want to hurt you, and people who want to monetize you. Spooks Im talking about your own governments employees. This is the era of Snowden and Manning and whichever ethically-exigent millennial comes along next; so we know, more or less, what it is they know.
Teens and Privacy
Not much surprising in this new survey. Many teens ages 12-17 report that they usually figure out how to manage content sharing and privacy settings on their own. Focus group interviews with teens suggest that for their day-to-day privacy management, teens are guided through their choices in the app or platform when they sign up, or find answers through their...
Finally a use for a tablet?
I've had my Olympus E-30 camera for over 4 years now, and I've taken over 60,000 photos with it. It's time to upgrade before the shutter decides to give in. I've been waiting for some time for Olympus to bring out its new high-end camera, and lately rumours have been increasing. And then somebody leaked a video of a new camera. In the meantime it has been removed again, but not before I saw it. Steve Huff has also written a detailed article on the subject, including several clips from the video. It's a mirrorless camera, looks pretty much like the existing OM-D E-M5 (where do they get these names from?)
Interview with Circulating Ideas library podcast
I did an interview with the Circulating Ideas library podcast (MP3) at the American Library Association conference this year. We talked about information politics, DRM and libraries, my own history with reading and books, and the future of librarianship.
The Cryptopocalypse
There was a presentation at Black Hat last month warning us of a "factoring cryptopocalypse": a moment when factoring numbers and solving the discrete log problem become easy, and both RSA and DH break. This presentation was provocative, and has generated a lot of commentary, but I don't see any reason to worry. Yes, breaking modern public-key cryptosystems has gotten...
GotW #7b: Minimizing Compile-Time Dependencies, Part 2
Now that the unnecessary headers have been removed, it’s time for Phase 2: How can you limit dependencies on the internals of a class? Problem JG Questions 1. What does private mean for a class member in C++? 2. Why does changing the private members of a type cause a recompilation? Guru Question 3. Below […]
GotW #7a Solution: Minimizing Compile-Time Dependencies, Part 1
Managing dependencies well is an essential part of writing solid code. C++ supports two powerful methods of abstraction: object-oriented programming and generic programming. Both of these are fundamentally tools to help manage dependencies, and therefore manage complexity. It’s telling that all of the common OO/generic buzzwordsincluding encapsulation, polymorphism, and type independencealong with most design patterns, […]
Who read my facebook password?
Rethinking yesterday's surprise Facebook password change, it occurred to me that one of the most likely scenarios was that this was a man-in-the-middle attack. Not the reported exploit, but the report itself: somebody could thus get hold of my new password. Clearly it would make sense to change it again. But how? Going through the Facebook personal details pages, I can tell people where I was born (Almaty) or where I live (Ulaanbaatar), but I couldn't find anywhere to change my password. In the end I turned to Google, who proved that I wasn't alone. This page looked good, so I tried to follow it: To change your facebook account password: Log in to your account ...
Why Helsinki should host the WorldCon
Here's a video of me explaining why the Helsinki bid committee should be awarded the next World Science Fiction Convention -- it's a grab-bag of all the things I love about Finland. (Thanks, Eemeli)
Your account has been compromised
For some obscure reason I accessed Facebook again todayprobably by accident. But I wasn't expecting what I saw: Clearly that's not me. But how did they break my password? How did they break my password? Did they break my password? In any case, I reset it. And then a little later I got a message from my Microsoft box telling me that I needed to upgrade my Internet Explorer. I get so used to that sort of thing that I barely think about it.
Weather: off the scale
Horribly windy day todayI later discovered that they had had gusts of up to 140 km/h in some parts of Victoria. It wasn't that bad here, but it kept up all day long, so I spent much of the day watching TV, like the Climate Change course, which is still rather off-topic. Also kept an eye on my weather readings. I'm sure that the wind speed gauge shows too little; the maximum gust measured today was 35.8 km/h, but I suspect we had over 60 km/h in reality. But the real thing that got me was the drop in barometric pressure: And in the evening the readings, which should be one per minute, became more infrequent, and round 18:00 they stopped altogether: SELECT date, ...
Friday Squid Blogging: Squid Ink as Food Coloring
Alton Brown suggests it for ice cream. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Wired Names "Schneier on Security" to Best Blog List
I made the list of Wired's best "Government and Security" blogs....
Chromecast
It took like five minutes to get it set up. It works. Its great. Its only doing 5% of what it could. The second computer This paragraph here is googlebait for anyone else facing the one thing that confused us (well, my 14-year-old) about getting Chromecast going. After its set up, to enable Chromecast on the second and other subsequent computers, you just install the Chromecast Chrome extension. Now those are what I call some excellent setup instructions. Its not quite accurate; the screen that says set me up actually has abeautiful background photograph. Setup details We have it plugged into the back of the Marantz AV Receiver rather than the side of the TV.
Chromecast
It took like five minutes to get it set up. It works. Its great. Its only doing 5% of what it could. The second computer This paragraph here is googlebait for anyone else facing the one thing that confused us (well, my 14-year-old) about getting Chromecast going. After its set up, to enable Chromecast on the second and other subsequent computers, you just install the Chromecast Chrome extension. Now those are what I call some excellent setup instructions. Its not quite accurate; the screen that says set me up actually has abeautiful background photograph. Setup details We have it plugged into the back of the Marantz AV Receiver rather than the side of the TV.
Talking about the writing life
I did an interview with ShelfAwareness that came out well, I think (I wrote this a long while ago and it's just coming out now, so I have the necessary distance to say that). I particularly like my answer to "Name your five favorite authors": "My favorite authors are the ones living, dead, read and … [Read more]
Management Issues in Terrorist Organizations
Terrorist organizations have the same management problems as other organizations, and new ones besides: Terrorist leaders also face a stubborn human resources problem: Their talent pool is inherently unstable. Terrorists are obliged to seek out recruits who are predisposed to violence -- that is to say, young men with a chip on their shoulder. Unsurprisingly, these recruits are not usually...
Little Brother inspired Google to encrypt its users traffic
On yesterday's "This Week in Google," a Google engineer called Matt Cutts revealed that the company started encrypting its queries in 2008 after reading my novel Little Brother, in which one of the plot-elements is a guerrilla movement that gets a friendly ISP to encrypt a lot of its traffic so that the movement's own … [Read more]
Introducing my new tutorial: Evil Genius 101
Topics include: Helping your coworkers understand and agree to your awesome ideas Convincing your manager about anything (really!) Turning the most stubborn user into your biggest fan Getting others to trust you so they are more easily convinced Deciding which projects to do when you have more projects than time Making decisions based on data and evidence Driving improvements based on a methodology and planning instead of guessing and luck The only place you can find this class is at Usenix LISA, Nov 3-8, 2013 in Washington DC. Register TODAY! https://www.usenix.org/conference/lisa13
Usenix LISA training schedule published
https://www.usenix.org/conference/lisa13 The training this year has a lot of advanced topics that will bring a smile from anyone working in a DevOps environment. Tutorials on Jenkins, build-your-own-cloud, and a Googler will teach a class called "SRE University". There are a lot of specific technology tutorials: IPv6, file systems, Puppet, Python and a RaspberryPi class for people that want to move it beyond being a toy. I noticed a bunch of new security tutorials. I'll be teaching my new class 'Evil Genius 101' which is about how to convince your coworkers to get on board with your evil plans for world (or at least network) domination.
The NSA is Commandeering the Internet
It turns out that the NSA's domestic and world-wide surveillance apparatus is even more extensive than we thought. Bluntly: The government has commandeered the Internet. Most of the largest Internet companies provide information to the NSA, betraying their users. Some, as we've learned, fight and lose. Others cooperate, either out of patriotism or because they believe it's easier that way....
FC2: Single Point of Failure?
If you rely on an Identity Provider (IDP) to sign into lots of apps, here are two things to worry about: If the IDP gets hacked, do the bad guys get into all your apps? And if you lose your IDP account, are you locked out of all of them? [This is part of the Federation Conversation series.] The hacking issue Facebook and Google and so on are obviously big fat juicy targets for the bad guys. And, let me share a non-secret with you: Facebook and Google do get hacked. So does every other site on the Internet. The difference is that big IDPs hire teams of full-time experts to watch the dials, look for anomalous patterns, and run perimeter probes 24/7/365.
FC2: Single Point of Failure?
If you rely on an Identity Provider (IDP) to sign into lots of apps, here are two things to worry about: If the IDP gets hacked, do the bad guys get into all your apps? And if you lose your IDP account, are you locked out of all of them? [This is part of the Federation Conversation series.] The hacking issue Facebook and Google and so on are obviously big fat juicy targets for the bad guys. And, let me share a non-secret with you: Facebook and Google do get hacked. So does every other site on the Internet. The difference is that big IDPs hire teams of full-time experts to watch the dials, look for anomalous patterns, and run perimeter probes 24/7/365.
Time Magazine Names "Schneier on Security" to Best Blog List
My blog as made the Time magazine "The 25 Best Bloggers 2013 Edition" list. I can't believe this was published ten days ago, and I'm only just finding out about it. Aren't all you people supposed to be sending me links of things I might be interested in?...
Stories from MI5
This essay is filled historical MI5 stories -- often bizarre, sometimes amusing. My favorite: It was recently revealed that back in the 1970s -- at the height of the obsession with traitors -- MI5 trained a specially bred group of Gerbils to detect spies. Gerbils have a very acute sense of smell and they were used in interrogations to tell...
Circumventing Communications Blackouts
Rangzen looks like a really interesting ad hoc mesh networking system to circumvent government-imposed communications blackouts. I am particularly interested in how it uses reputation to determine who can be trusted, while maintaining some level of anonymity. Academic paper: Abstract: A challenging problem in dissent networking is that of circumventing large-scale communication blackouts imposed by oppressive governments. Although prior work...
Book Review: Rise of the Warrior Cop
Rise of the Warrior Cop: The Militarization of America's Police Forces, by Radley Balko, PublicAffairs, 2013, 400 pages. War as a rhetorical concept is firmly embedded in American culture. Over the past several decades, federal and local law enforcement has been enlisted in a war on crime, a war on drugs and a war on terror. These wars are...
Comment delays and spam
In recent months, more comment spam has been getting through. To deal with it, I’ve had to tighten up and hold more comments for moderation, which means some comments may be delayed in appearing until I manually approve them. Also, I’ve noticed that WordPress seems to have similarly tightened their settings for auto-identifying spam that […]
Making Mobile App Development Easier with Cross Platform Mobile Push
This year as I hosted AWS Summits in 12 different cities around the world, I met thousands of developers who are building powerful new applications for smartphones, tablets and other connected devices, all running mobile cloud backends on AWS. These developers want to engage their users with timely, dynamic content even when the users havent opened their mobile apps. For example, baseball fans want to know as soon as their favorite team player hits a home run, so they can watch a video replay and catch the rest of the game. The rising proliferation of cheap and powerful sensors means not only apps but smart devices want to communicate important information.
The 2013 Cryptologic History Symposium
The 2013 Cryptologic History Symposium, sponsored by the NSA, will be held at John Hopkins University this October....
Making Mobile App Development Easier with Cross Platform Mobile Push
This year as I hosted AWS Summits in 12 different cities around the world, I met thousands of developers who are building powerful new applications for smartphones, tablets and other connected devices, all running mobile cloud backends on AWS. These developers want to engage their users with timely, dynamic content even when the users haven?t opened their mobile apps.
GotW #7a: Minimizing Compile-Time Dependencies, Part 1
GotW #7a: Minimizing Compile-Time Dependencies, Part 1 Managing dependencies well is an essential part of writing solid code. C++ supports two powerful methods of abstraction: object-oriented programming and generic programming. Both of these are fundamentally tools to help manage dependencies, and therefore manage complexity. It’s telling that all of the common OO/generic buzzwordsincluding encapsulation, polymorphism, […]
GotW #94 Solution: AAA Style (Almost Always Auto)
Toward correct-by-default, efficient-by-default, and pitfall-free-by-default variable declarations, using “AAA style”& where “triple-A” is both a mnemonic and an evaluation of its value. Problem JG Questions 1. What does this code do? What would be a good name for some_function? template<class Container, class Value>void some_function( Container& c, const Value& v ) { if( find(begin(c), end(c), […]
NSA Increasing Security by Firing 90% of Its Sysadmins
General Keith Alexander thinks he can improve security by automating sysadmin duties such that 90% of them can be fired: Using technology to automate much of the work now done by employees and contractors would make the NSA's networks "more defensible and more secure," as well as faster, he said at the conference, in which he did not mention Snowden...
Podcast of Metadata a wartime drama
In the currently installment of my podcast, I read aloud a recent Guardian column, "Metadata a wartime drama, which imagines a dialog between Alan Turing and Winston Churchill that might have taken place if the UK Home Secretary Theresa May had been Turing's line-manager All we can tell with this analysis is who is … [Read more]
Security at Sports Stadiums
Lots of sports stadiums have instituted Draconian new rules. Here are the rules for St. Louis Rams games: Fans will be able to carry the following style and size bag, package, or container at stadium plaza areas, stadium gates, or when approaching queue lines of fans awaiting entry into the stadium: Bags that are clear plastic, vinyl or PVC and...
Lost photos
A couple of days ago I discovered that some old photos were no longer on my web site, notably those taken on 2 December 2000 and 3 December 2000 Today it seemed to be a good idea to see if any more were missing. Indeed, there wereno less than 390 of them! Most of them proved not to be missing: only the entry in the date index was gone. How did that happen? Fortunately, it's relatively trivial to recreate it, so spent some time doing that, in the process discovering that a large number required further attention. That'll keep me going for a while.
Baseball Goobers
Im talking about the little status-readout thingies that they have up on the TV screen when a ball game is on. Heres one. They present an interesting design problem. The data on display is: Team names: Two, conventionally represented as two- to four-letter strings. Score: Two small integers. Inning: One small integer, plus a one-bit top/bottom indicator. Balls and strikes: Two very small integers, where by very small I mean they can be represented as binary values: three for balls and two for strikes. Outs: One very small integer. On-base status: Three one-bit values. (Optionally) Speed of the last pitch.
Web browser font sizes
Most web browsers offer to set a minimum font size so that you can read things even if some leet web programmer has decided to write his pages with fonts that would not be too big on a 640×480 screen. On a 2560×1440 display, they render like flyspeck. The web programmers don't like that. Neither do their pages. A case in point is the Naxos Music Library, which I like to run on teevee, my TV computer. The screen is 1.27 m wide and 3.5 m from my armchair, so each of the 1,920 pixels subtends an angle of only 0.01°.
Wedged sound hardware: a clue?
While watching TV this afternoon, did some reading, and played some music from the Naxos Music Library on teevee. When I returned to playing video lectures, the sound hung again. That's the third time in as many days, after I had had no trouble for months. And then it dawned on me: I think that every time it hung was after playing something from Naxos. That's played with some flash player and firefox. Is there some issue with that? How else can I play the stuff? But at least it's a lead. ACM only downloads articles once.
Friday Squid Blog: Rickshaw Cart Woodblock Print
With a squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Lavabit E-Mail Service Shut Down
Lavabit, the more-secure e-mail service that Edward Snowden -- among others -- used, has abruptly shut down. From the message on their homepage: I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I...
Unix/Linux "bash" shell users:
Do not do this at home: https://gist.github.com/solidsnack/4744661 That's just wrong.
Latest Movie-Plot Threat: Explosive-Dipped Clothing
It's being reported, although there's no indication of where this rumor is coming from or what it's based on. ...the new tactic allows terrorists to dip ordinary clothing into the liquid to make the clothes themselves into explosives once dry. "It's ingenious," one of the officials said. Another senior official said that the tactic would not be detected by current...
Unstoppable fack
While rebooting teevee, saw a message fly past: Aug 8 20:29:03 teevee kernel: WARNING: /home was not properly dismounted Huh? I hadn't crashed the system: it was an orderly reboot. But further examination showed that I had an error in /etc/fstab and wasn't fscking the /home file system. With soft updates that isn't as big a problem as it might seem, and who knows how long this has been going on for? Looking at my old log files, it goes back at least a couple of weeks.
More sound problems
I've had a sporadic problem with teevee, my TV computer: from time to time the sound hardware wedges. I get this message: Aug 8 20:24:49 teevee kernel: pcm0: chn_write(): pcm0:play:dsp0.p1: play interrupt timeout, channel dead I've done some investigation, but so far I can't find a way to recover from the problem: I have to reboot. The fact that a reboot (without power cycling) fixes the problem suggests that there's a programmatic way to do it, but I haven't found it yet. So far it's been pretty sporadic, but this is the second time now in a couple of days.
FC 1: Who Learns What
When you click on the dark-blue button to sign in with Facebook (or bright red for Google) what does Facebook (or Google) learn about you? What does the app youre signing into learn about you? Uncertainty makes people nervous about federated login. [This is part of the Federation Conversation series.] And the answer is... It depends. Sorry. It just isnt simple. But the single most important thing is simple, and goes like this: You shouldnt have to guess! Since the answer is kind of complicated and depends on a whole bunch of factors, its entirely unreasonable for either the app youre signing into (lets call it the RP, identigeek jargon for Relying Party) or the Identity Provider (IDP) to expect you to know which information flows where.
Twitter's Two-Factor Authentication System
Twitter just rolled out a pretty nice two-factor authentication system using your smart phone as the second factor: The new two-factor system works like this. A user enrolls using the mobile app, which generates a 2048-bit RSA keypair. The private key lives on the phone itself, and the public key is uploaded to Twitters server. When Twitter receives a new...
So your management fails at IT, huh?
Recently on a mailing list sysadmins were describing horrible management they've experienced. Here is my reply: First, I want to say that my heart goes out to all of you describing terrible working conditions, bad management, and so on. I have huge amounts of sympathy for you all. Health is more important than anything else. If your job is driving you crazy and giving you high BP, my prescription is, 'Try, try, then quit'. Try to change things, talk to management, work to create the workplace you desire. Try again, I'm sure you feel like you've tried a lot, but people aren't mind-readers...
Kip Hawley on Fixing the TSA
The further Kip Hawley has gotten from running the TSA, the more sense he has started to make. This is pretty good....
XCompose: new insights
Mail from pmarin today about my Compose key problems. He reminded me of one point that I noted when I first mentioned it: For GTK and QT, set the environment variables: export GTK_IM_MODULE=xim export QT_IM_MODULE=xim I don't use anything like that, so I didn't set it. But wait, doesn't the browser build pull in all sorts of libraries?
What Does App Mean?
Ive been Web-centric for a long time, and generally thought of what programmers build as sites. Then I was in Android and what everyone developed was apps. Now Im in a generalist role and, uh, a little unclear as to how to refer, generally, to what software builders build. Its a real problem if you do a lot of advocacy, like me. I often want to start a sentence Suppose youre building an X and you need to... Whats X? Ive found myself forced into klunky constructions such as site or service or app and back-end. Because its like this: Anyone who sets out to build a nontrivial piece of software these days is building some back-end server-side stuff and some browser-focused JS stuff and probably two mobile apps, iOS and Android.
Restoring Trust in Government and the Internet
In July 2012, responding to allegations that the video-chat service Skype -- owned by Microsoft -- was changing its protocols to make it possible for the government to eavesdrop on users, Corporate Vice President Mark Gillett took to the company's blog to deny it. Turns out that wasn't quite true. Or at least he -- or the company's lawyers --...
Print on demand
Exactly on time, my freshly printed Linear Algebra book arrived today. It doesn't look at all bad from a production point of view. No flyleaf, and clearly formatted with TeX , but the production quality appears at least as good as many conventional books, and significantly better than some. That's quite impressive. So I went looking at how createspace, the printer, do business from the author's point of view. I couldn't make much sense of it: The tabs at the top are almost illegible, and the link at the bottom to highest royalties isn't a link at all, just an underlined textor so I thought until I looked at the HTML source: <dt>Competitive Royalties</dt><dd>Some of the <a onclick="javascript:setContent(5);">highest royalties</a><!-- link ...
Federation Conversation
I published Why Federate? last week, arguing that apps should get out of the password business. Ouch! I got ferocious pushback in my comments, on Twitter, and on the accompanying G+ post. Take a minute and read a few. Clearly we need to have a conversation. So nobody likes federation? Its not that bad. First, my readership is impossibly geeky, way out on the edge of all the curves. Second, theres a big difference between talking to app builders and app users. Third, even given all that, I got twice as many +1s as negative comments. But Im not going to pretend I wasnt surprised; among other things, I hardly ever hear this flavor of response face-to-face.
Has Tor Been Compromised?
There's speculation that the FBI is responsible for an exploit that compromised the Tor anonymity service. Note that Tor nodes installed or updated after June 26 are secure....
NSA Surveillance and Mission Creep
Last month, I wrote about the potential for mass surveillance mission creep: the tendency for the vast NSA surveillance apparatus to be used for other, lesser, crimes. My essay was theoretical, but it turns out to be already happening. Other agencies are already asking to use the NSA data: Agencies working to curb drug trafficking, cyberattacks, money laundering, counterfeiting and...
Why writers should stand up for libraries
Earlier this summer, I worked with the American Library Association on their Authors for Library Ebooks project -- which is asking authors to call on their publishers to offer ebooks to libraries at a fair price. Right now, libraries pay several times more for ebooks than people off the street -- up to six times … [Read more]
Premature optmztion is rt of all evl
Much of Linear algebra relates to things like image compression, and I'm currently learning some interesting facts. But then I was pointed at this page, showing some serious dangers of the techniques. In the case in point, it seems that two different Xerox photocopiers changed texts to other plausible, but incorrect texts. Here one example of a copy of a building plan where the area specification changed from 14,13 m² to 21,11 m²: How can that happen? This kind of detail occurs many times in the plan (it's a description of the room, along with its floor area), and the incorrect copy matches a correct detail elsewhere on the plan.
TPOSANA BugHunt Announced!
"The Practice of System and Network Administration" (TPOSANA) is now 7 years old (with some chapters virtually unmodified since the first edition, 12 years ago). We are preparing to update the book and create a 3rd edition but we need your help! We're looking for your input! Yes, you! Our valued readers! We're re-reading all 1,100 pages to find parts that are obsolete or need updating but we need your help. We've decided to crowd-source this part of the project. You are probably a better judge of what is missing, obsolete, or needs updating. Pick a chapter, a page, or a section and file bugs against any issues you find.
Teaching Computers Shows Us How Little We Understand About Ourselves
In this week's podcast, I read aloud my latest Locus Magazine column, "Teaching Computers Shows Us How Little We Understand About Ourselves": http://www.locusmag.com/Perspectives/2013/07/cory-doctorow-teaching-computers-shows-us-how-little-we-understand-about-ourselves/ which concerns itself with the ways that we're recklessly formalizing critical elements of human identity such as "names" and "families" for the convenience of corporations and their IT systems and business-models. "When … [Read more]
The Public/Private Surveillance Partnership
Imagine the government passed a law requiring all citizens to carry a tracking device. Such a law would immediately be found unconstitutional. Yet we all carry mobile phones. If the National Security Agency required us to notify it whenever we made a new friend, the nation would rebel. Yet we notify Facebook. If the Federal Bureau of Investigation demanded copies...
Maps, projections and coordinates
More watching the video lectures of the linear algebra course today. I've complained about them in the past, but there are also some interesting trivia in the lectures. It seems that René Descartes had similar problems to me when getting up in the morning. The story goes that while he was lying in bed one morning (or afternoon, or evening) while he was bored (or maybe sick or insomniac), he saw a fly walking over the ceiling and contemplated how best to describe its position.
Compose key revisited
For 2½ years now I've been using an .XCompose file supplied to me by Marin, ostensibly from Plan 9 from User Space. It has worked well, and about the only issue I had is that the key description file didn't quite match the man page. And then this evening I wanted to enter some Russian text into the web browser on teevee, the TV computer. Beep. Did I have those key bindings right? Compose-@-L should give . But as soon as I entered @ it beeped. How about Greek? Compose-*-L should give . At least I could enter the entire sequence before it beeped.
Re-Enter Sandman
Which is to say, Kill City Blues by Richard Kadrey is out; the fifth Sandman Slim book. The books have a silly theological backdrop, nifty characters (all intensely human even if nominally demiurges or Nephilim or whatever), terrific atmospherics, good fight pieces, and (especially) razor-sharp hard-boiled dialog. Theyre full of gags and erudite-pop-culture references and youll find yourself doing plenty of smiling. Kill City Blues If youre hooked like me and havent snapped this up, go right ahead, its up there with the rest. If youre not yet, dont; go back and do the series in order; otherwise some of it will lose you.
My talk at Finlands Assembly
I went to Finland on Friday to give a talk at Assembly, the amazing games/demoscene/technology conference held annually in Helsinki. The organizers have already got the video online! The world is made of computers, and so every problem has a computer in the middle of it. Naturally, politicians with problems to solve turn to the … [Read more]
Chrome image updating
I view images with Chrom* on my highest-resolution monitor, and today's reprocessing should have shown the results well. But the new images didn't display! I had renamed the old images and given the new images the previous name of the old images, and Chrom* continues to display the old images long after they're gone. At first I thought I had made a mistake, but no, firefox shows them correctly. Ctrl-Shift-R doesn't help. Not even stopping and restarting helps! What a pain. ACM only downloads articles once.
AV Receiver
Being the story of how I stumbled into buying one, and why you might want to also. If youre any kind of Home-Theater weenie youve already had one for a decade or more and you can safely skip this. On the other hand, if, like me, the collection of boxes plugged into the big TV has grown like fungus and the rats-nest of wires behind it has become intimidating, read on. Back Story Going back to 2004, this blog has chronicled our journey into high-def, subwooferdom, region-free disk technology, and Roku. In related news, since Im a deranged two-channels-should-be-enough audiophile, I decided I didnt care about that surround-sound crap; so Id been driving the decent little speakers and subwoofer, all from PSB, with an elderly but pleasing NAD integrated stereo amp.
My workflow in the WSJ
I'm profiled in today's Wall Street Journal, where they asked me about the tools I use to be productive, safe and happy on the road and at home. Airport Wi-Fi is costly, slow and often heavily censored. I get around this by setting up my Android phone to share its cellular data connection as a … [Read more]
Doctor of Philosophy
On Wednesday, I successfully defended my PhD dissertation in front of a ridiculously packed house at the MIT Media Lab. I am humbled by the support shown by the MIT Sloan, Media Lab, and Harvard communities. Earlier today, I finished up paperwork and submitted my archival copies. I’m done. Although I’ve often heard PhDs described […]
Friday Squid Blogging: Squid Watch
I like watches with no numbers. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
XKeyscore
The Guardian discusses a new secret NSA program: XKeyscore. It's the desktop system that allows NSA agents to spy on anyone over the Internet in real time. It searches existing NSA databases -- presumably including PRISM -- and can create fingerprints to search for all future data collections from systems like TRAFFIC THIEF. This seems to be what Edward Snowden...
Cryptography Engineering Book Review
Good review of the strengths and weaknesses of Cryptography Engineering and Applied Cryptography. Best -- at least to me -- is the list of things missing, which we'll have to address if we do another edition....
Oxford Visuals
I went for a couple days for the OED Symposium (about which I have a huge ongoing splodge in progress) and of course took a camera. When it gets warm, windows have to be held open, with whatever is to hand. Well, maybe not; look close and you can see the boot is chained in place; so I guess its ironic and postmodern and so on. Appropriate in an academic town. The black taxis arent a London thing, theyre a Britain thing. But I love the way they look. Loading out after the Gloucester Green market; looks like these dudes did a good days business.
The Oxford English Dictionary
The OED means a whole lot to me; professionally, I owe it everything. My work on it was 26 (!) years ago, but then this spring I got an invitation to their Symposium, which happened last week, and there was only one possible answer. Im profoundly grateful they asked, and would do it again in a flash. This entry, like the OED, is extreme in length and prone to rambling; but, I hope, also like the dictionary in that it might provide pleasure to people who like words for their own sake. The Symposium was at the Randolph Hotel in Oxford; about as old-school inside as out.
False Positives and Ubiquitous Surveillance
Searching on Google for a pressure cooker and backpacks got one family investigated by the police. More stories and comments. This seems not to be the NSA eavesdropping on everyone's Internet traffic, as was first assumed. It was one of those "see something say something" amateur tips: Suffolk County Criminal Intelligence Detectives received a tip from a Bay Shore based...
Economist Cyberwar Debate
Richard Bejtlich and Thomas Rid (author of the excellent book Cyber War Will Not Take Place) debate the cyberwar threat on the Economist website....
Scientists Banned from Revealing Details of Car-Security Hack
The UK has banned researchers from revealing details of security vulnerabilities in car locks. In 2008, Phillips brought a similar suit against researchers who broke the Mifare chip. That time, they lost. This time, Volkswagen sued and won. This is bad news for security researchers. (Remember back in 2001 when security researcher Ed Felten sued the RIAA in the US...
Google: don't be evil?
Like many people, I've been watching the increasing influence of Google with a mixture of admiration and concern. How can a company of that size remain true to its motto? And so I get more concerned every time I see something pointing away from this premise. Today I read an article in Wired about unnecessary restrictions on use of Google Fiber. It seems that the terms of service prohibit servers, whatever they may be. The article goes on to assume evil intent behind these limitations. That's possible, but the article doesn't make it plausible enough. They forget Hanlon's razor. What's a server?