Blog Archive: September 2013

I'll be the speaker at LOPSA NJ Chapter meeting this Thursday.

Posted By Tom Limoncelli

I'll be rehearsing a talk on "IT Heroes" which I'm writing for a conference later this month. For more information visit the LOPSA NJ website. The meeting is near Princeton, NJ. Hope to see you there!

Assessing Progress with "DevOps Look-for's"

Posted By Tom Limoncelli

Teams working through The Three Ways need an unbiased way to judge their progress. That is, how do you know "Are we there yet?" Like any journey there are milestones. I call these "look-for's". As in, these are the things to "look for" to help you determine how a group is proceeding on their journey. Since there are 3 "ways" one would expect there to be 4 milestones, the "starting off point" plus a milestone marking the completion of each "Way". I add an additional milestone part way through The First Way. There is an obvious sequence point in the middle of The First Way where a team goes from total chaos to managed chaos.

Trying OsmAnd

Posted By Greg Lehey

Last month I did some brief investigation of navigation applications for Android. I briefly tried Sygic, but at the time I didn't have a holder for the tablet, so I decided to put it off. And then Sygic told me that it was a free 7 day trial copy, so by the time I got the tablet holder I couldn't use it any more without significant cost. That leaves a bad taste in my mouth: the toyshop claims it's free. And as a result I allowed my free trial to expire without being able to use it. So today I tried another one, OsmAnd Maps & Navigation.

Trying OsmAnd

Posted By Greg Lehey

Last month I did some brief investigation of navigation applications for Android. I briefly tried Sygic, but at the time I didn't have a holder for the tablet, so I decided to put it off. And then Sygic told me that it was a free 7 day trial copy, so by the time I got the tablet holder I couldn't use it any more without significant cost. That leaves a bad taste in my mouth: the toyshop claims it's free. And as a result I allowed my free trial to expire without being able to use it. So today I tried another one, OsmAnd Maps & Navigation.

Trying OsmAnd

Posted By Greg Lehey

Last month I did some brief investigation of navigation applications for Android. I briefly tried Sygic, but at the time I didn't have a holder for the tablet, so I decided to put it off. And then Sygic told me that it was a free 7 day trial copy, so by the time I got the tablet holder I couldn't use it any more without significant cost. That leaves a bad taste in my mouth: the toyshop claims it's free. And as a result I allowed my free trial to expire without being able to use it. So today I tried another one, OsmAnd Maps & Navigation.

Senator Feinstein Admits the NSA Taps the Internet Backbone

Posted By Bruce Schneier

We know from the Snowden documents (and other sources) that the NSA taps Internet backbone through secret-agreements with major U.S. telcos., but the U.S. government still hasn't admitted it. In late August, the Obama administration declassified a ruling from the Foreign Intelligence Surveillance Court. Footnote 3 reads: The term 'upstream collection' refers to NSA's interception of Internet communications as they...

More Coursera pain

Posted By Greg Lehey

When I was young I was fascinated by languages, both natural and computer. I certainly haven't given up on that interest, but the plethora of languages now available makes it difficult to keep up. So I've signed up for a Coursera course on programming languages. Now the first information is coming in: it's about programming languages in general, but it's taught using SML, Racket and Ruby. Of these, I have only ever heard of Ruby. The (apparently required) editor is Emacs, and they want a specific version of it. OK, time to install the rest. The convenient instructions cover Windows, Mac OS X and Linux, but not BSD.

More NiZn battery strangeness

Posted By Greg Lehey

It's been some time since I started using NiZn batteries, and in that time I've been quite happy with them. They discharge, of course, and today I found the internal unit of the lounge weather station (not the computer one) barely legible. Only yesterday it had looked perfectly normal. Took out the batteries and discovered that one battery had a voltage of 1.546, definitely discharged, while the other only had 0.170 V. According to what documentation I have seen, it should be unrecoverable. Put in a set of fresh (well, not used since last recharge) batteries and discovered that things were no better: one had 1.798 V, normal enough, while the other had 0.376 V.

Radiation tower progress

Posted By Greg Lehey

The site of the Radiation Tower has been quiet now for over two weeks. I've assumed that this is to allow the concrete of the base to harden, but it's also a concern because since the last real work we have a new, (NBN)-unfriendly government. So it was good to hear from Chris Yeardley today that Powercor had been on site and apparently installed a new transformer: It's some distance form the site, but that's where the power line runs.

Friday Squid Blogging: A Squid that Fishes

Posted By Bruce Schneier

The Grimalditeuthis bonplandi is the only known squid to use its tenticles to fish: Its tentacles are thin and fragile, and almost always break off when it's captured. For ages, people thought it lacked tentacles altogether until a full specimen was found in the stomach of a fish. Weirder still, its clubs have neither suckers nor hooks. Instead, they are...

Another Schneier Interview

Posted By Bruce Schneier

I was interviewed for Technology Review on the NSA and the Snowden documents....

How to build a private cloud? Do you run one?

Posted By Tom Limoncelli

I got email the other day asking for advice about building a private cloud. There are plenty of vendors out there that want to help you. There are also a lot of open source solutions. I'm not an expert in all of them, so I can't really give a lot of advice. However there is an impressive number of presentations about building and/or running private and public clouds at Usenix LISA this year. You should consider attending this conference. But here's a little secret about Usenix LISA. The presentations are great, but by just hanging out in the hallway chatting with people (the unofficial "hallway track") you'll get the "inside scoop" that most presentations won't tell you.

3D-Printed Robot to Break Android PINs

Posted By Bruce Schneier

Neat project. The reason it works is that the Android system doesn't start putting in very long delays between PIN attempts after a whole bunch of unsuccessful attempts. The iPhone does....

AirDroid

Posted By Greg Lehey

Received mail from William Witteman pointing at AirDroid, an application to make life with Android easier. It provides a web server that you can use to access the tablet from a real computer: It doesn't have any instructions, of courseafter all, it is an Android appand it also changes the names of directories, but it's not too difficult to guess what it does. I still need to play with it, but so far it looks very usable, and it might make the pain with copying files easier.

Women in System Administration

Posted By Tom Limoncelli

I keep reading all these horror stories about women being treated badly at technical conferences. I haven't seen a lot of positive stories. I think the conferences that are doing a good job need some recognition. That's why I've made a list of presentations being given by women at the next Usenix LISA conference. Conferences that are doing a good job of inclusion need to be highlighted. This year the conference is in Washington D.C., Nov 3-8.

Paradoxes of Big Data

Posted By Bruce Schneier

Interesting paper: "Three Paradoxes of Big Data," by Neil M. Richards and Jonathan H. King, Stanford Law Review Online, 2013. Abstract: Big data is all the rage. Its proponents tout the use of sophisticated analytics to mine large data sets for insight as the solution to many of our society's problems. These big data evangelists insist that data-driven decisionmaking can...

VZ Commodore hidden codes

Posted By Greg Lehey

Yesterday I tried without success to adapt the tricks to access hidden functionality of the VT Commodore trip computer to our new VZ Commodore. On reflection, it occurred to me that there was an obvious difference: the VT computer has only three buttons (Mode and up and down arrows). The VZ computer has all of these, and also a Set button. So tried that, and it worked. So: to enter the secret functions of the computer, ensure that the car is turned off. Hold down Mode and Set buttons, turn on the ignition and start the engine. It's not enough just to turn on the ignition.

Where did you learn to debug like that?

Posted By Tom Limoncelli

Debugging is an important system administration skill. I didn't realize there was so much to know about debugging until I worked at a computer repair shop in high school. PC repair has basically two techniques: Technique 1: remove all the cards and add them back until the system doesn't work. The last part you added was the problem. Technique 2: Remove cards one by one until the system works. The last part you removed was the problem. In system administration the technique is more about coming up with a mental model of how the system is supposed to work and testing each component to see that it is working that way.

Tom @ ACM Webinar on IPv6 and Security

Posted By Tom Limoncelli

I'll be introducing the speaker Dr. Johannes B. Ullrich of SANS Technology Institute when he talks about "The Security Impact of IPv6". I'll also be moderating the Q&A at the end. You can watch live via the web for free. Resister at http://bit.ly/16qG1Bc Wednesday, September 25, 2013, at noon ET/11 am CT/10 am MT/9 am PT/4 pm GMT

ACM Webinar on IPv6 and Security (Today)

Posted By Tom Limoncelli

I'll be the moderator of today's ACM Learning Webinar. The topic is "Security Implications of IPv6", the speaker is Dr. Johannes B. Ullrich, SANS Technology Institute. I'll be facilitating the question and answer section at the end. The event is free. To register for this free event, click here. This event is TODAY noon ET/11 am CT/10 am MT/9 am PT/4 pm GMT

Good Summary of Potential NSA Involvement in a NIST RNG Standard

Posted By Bruce Schneier

Kim Zetter has written the definitive story -- at least so far -- of the possible backdoor in the Dual_EC_DRBG random number generator that's part of the NIST SP800-90 standard....

Coming to San Francisco next week for SPFLs One City/One Book events

Posted By Cory Doctorow

As I've mentioned before, my novel Little Brother is the San Francisco Public Library's pick for its first One City/One Book citywide book-club. They're already in the middle of the three months' worth of events, from debates to robotics and crypto workshops to movie screenings (and much more), and I'm gearing up to head to … [Read more]

A browser for Android

Posted By Greg Lehey

Continued my attempts to play music on my Android tablet. The Music app is too stupid to access music from the Internet, and the Browser app refuses to play MP3 files. Another browser? I had tried Chrome, but I couldn't find a way to get it to save a Home location. On Andy Snow's recommendation I tried what he said was Dolphin Beta, but all I found was Dolphin, which proved to be too stupid to even rotate the display to the current orientation. Finally tried firefox, which seems to do the trick. Why is this all so difficult? ACM only downloads articles once.

Hidden trip computer functions

Posted By Greg Lehey

Callum Gibson had a comment on my discussion of the trip computer on our new VZ Commodore, and came up with this page, describing hidden functionality in the trip computer of a VT Commodore, the model that we have just traded in after nearly 14 years. Tried the tricks out on the VZ, but they didn't work. Tried other combinations, and managed to accidentally reset the service interval counter (hold down the up arrow and the down arrow, turn on the ignition and start the car). Maybe there's some other trick to get the hidden functions, but I didn't find it.

Myst is 20

Posted By Tim Bray

Not obvious even looking back, and one of my influences. Check out the excellent Lost to the Ages write-up on Grantland. With thanks, a rock&roll metaphor, and a terribly sad story. Sad story So I played Myst and was an early Riven adopter; played it right through and solved all those pathologically-enraging puzzles with (almost) no recourse to hint sites, and just as I finally broke through and freed Catherine, the fucking CD delaminated right there in the drive and the game melted down on-screen before my horrified eyes. So I never even saw whatever triumphal-victory sequence Riven offers. Im still mad; but its a pretty minor grievance against life.

FC8: On Trust

Posted By Tim Bray

All these technology and information-flow and money issues in the Federation Conversation are real, they matter. But none of them matter as much as trust. For flavor, heres commenter Dewald Reynecke: I don't trust Facebook/Google as far as I can throw them  I simply do not want to outsource my identity to an advertising company. Everybody has to trust somebody sometimes. But the Internet and the world are scary places; mistrust is a healthy component of sanity. And its complicated, because it isnt just people trusting (or not) Identity Providers (IDPs) and the apps using them. The apps and IDPs have trust decisions to make, too.

System administrators and programming

Posted By Tom Limoncelli

Someone asked me the other day if I had a "secret of my success". They didn't believe that I got this far on my good looks. (ha ha ha). For most of my career I've been on teams of people where some knew how to code and others didn't. The ones that could code were significantly more productive than the others. Currently I do most of my programming in Python and BASH. There is an excellent full-day tutorial on Python at this year's LISA. There are also full-day tutorials on Puppet, Chef, BASH Shell Scripting ("the command line" is more than just typing commands, eh?)

Apple's iPhone Fingerprint Reader Successfully Hacked

Posted By Bruce Schneier

Nice hack from the Chaos Computer Club: The method follows the steps outlined in this how-to with materials that can be found in almost every household: First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner...

Understanding Android

Posted By Greg Lehey

One obvious use of an Android tablet is to play music. Never mind that the speaker in this tablet sounds tinnier than anything I've heard in years: I'm expecting a bluetooth headset any time now. But how do I play things? The Music app seems incapable of downloading music files. OK, in this modern world, that's what a browser is for. So I tried that. Sorry, the player does not support that kind of audio file. What does that mean? It's an MP3, and it even has a file name advertising the fact! No specifics, nothing about what it thinks it is.

FC7: Users vs Apps

Posted By Tim Bray

When a person signs into an app, thats a transaction, and value is exchanged. Who comes out ahead on the deal? This is part of the Federation Conversation; Ill excerpt from Gary Royal in a comment on my Google+ post: Federated login has a clear benefit to the service provider (access to disaggregated user data, particularly that users social contacts), but only an ostensible benefit to end users (freedom from having to remember yet another password), so on that level its purely a swindle designed to obtain detailed information about a user in return for nothing. If thats true, Federated sign-in in is a raw deal and nobody should ever want to do it.

NSA Job Opening

Posted By Bruce Schneier

The NSA is looking for a Civil Liberties & Privacy Officer. It appears to be an internal posting. The NSA Civil Liberties & Privacy Officer (CLPO) is conceived as a completely new role, combining the separate responsibilities of NSA's existing Civil Liberties and Privacy (CL/P) protection programs under a single official. The CLPO will serve as the primary advisor to...

DevOps at LISA

Posted By Tom Limoncelli

A shout out to the conference planning committee of Usenix LISA this year. Narayan and Skaar did a great job! The amount of DevOps content is unbelievable. All 6 days have DevOps content that I want to attend from 9am to 5pm. It is going to run me ragged. I've put together a list of all the DevOps content I found in the program. Click here for my list. This year the conference is in Washington D.C., Nov 3-8.

Grants for Women attending Usenix LISA, Sept 30 deadline

Posted By Tom Limoncelli

Grants are available for women that want to attend Usenix LISA, in Washington D.C., Nov 3-8. This year the LISA '13 Grants for Women are Sponsored by Google. Five women will be selected from the applicants to receive $500 US to apply toward travel/accommodation costs. Apply today! (Sept. 30 deadline) The first time I ever attended a Usenix conference was on a student grant. If I recall correctly I received $80 for round-trip train fare between NJ and Washington D.C. As a student it felt like a million dollars. That was a long time ago.

Metadata Equals Surveillance

Posted By Bruce Schneier

Back in June, when the contents of Edward Snowden's cache of NSA documents were just starting to be revealed and we learned about the NSA collecting phone metadata of every American, many people -- including President Obama -- discounted the seriousness of the NSA's actions by saying that it's just metadata. Lots and lots of people effectively demolished that trivialization,...

The Fingerprint Hack

Posted By Tim Bray

Today, Germanys Chaos Computer Club claims to have hacked the iPhone 5s Touch ID. Since I now get paid to think about Identity stuff all the time, Ill think out loud about the question: Is Touch ID a good idea? Lets assume that: The CCC isnt lying. The crack isnt trivial; youre going to need some materials, time, and expertise. Lets split our question: First, is Touch ID worthwhile? Second, is it better or worse than a four-digit PIN? [BTW, just because banks use four digits doesnt mean you have to; I use five and know people who use six.]

The Fingerprint Hack

Posted By Tim Bray

Today, Germanys Chaos Computer Club claims to have hacked the iPhone 5s Touch ID. Since I now get paid to think about Identity stuff all the time, Ill think out loud about the question: Is Touch ID a good idea? Lets assume that: The CCC isnt lying. The crack isnt trivial; youre going to need some materials, time, and expertise. Lets split our question: First, is Touch ID worthwhile? Second, is it better or worse than a four-digit PIN? [BTW, just because banks use four digits doesnt mean you have to; I use five and know people who use six.]

Usenix LISA 2013: DevOps in every timeslot

Posted By Tom Limoncelli

There is a devops-related talk in every hour of this year's Usenix LISA conference. Usenix LISA Is a general conference with many tracks going on at any time. A little analysis finds there is always at least one DevOps related talk (usually more than one). This is very impressive. The problem, however, is that many of the talk titles don't make this clear. No worries, I've done the research for you. [I apologize in advance for any typo or errors. Please report any problems in the comments. The conference website has the latest information. Other lists of presentations: Programming, Unix/Linux administration technical skills, Cloud Computing, and Women at Usenix LISA.]

Usenix LISA 2013: Technical Skill-building for Linux/Unix admins

Posted By Tom Limoncelli

If you are an junior Linux/Unix sysadmin looking to advance your technical skills, here is a list of talks, workshops, and tutorials that you should attend at Usenix LISA 2013. These are skill-building, technical presentations. I only made exceptions for a few "soft topics" talks only if they are for junior sysadmins looking to advance their careers. [I apologize in advance for any typo or errors. Please report any problems in the comments. The conference website has the latest information. Other lists of presentations: DevOps, Programming, Unix/Linux administration technical skills, Cloud Computing, and Women at Usenix LISA.]

Usenix LISA 2013 Cloud system administration presentations

Posted By Tom Limoncelli

If you run private or public clouds (or want to) here is a list of talks, workshops, and tutorials that you should attend at Usenix LISA 2013. [I apologize in advance for any typo or errors. Please report any problems in the comments. The conference website has the latest information. Other lists of presentations: DevOps, Programming, Unix/Linux administration technical skills, and Women at Usenix LISA.]

Usenix LISA 2013: Women in Advanced Computing

Posted By Tom Limoncelli

This year's Usenix LISA conference has two exciting events about Women and Computing: Sunday, Nov 3, 2013: 9am-5pm: Workshop: Women in Advanced Computing (WiAC): Recognizing and Overcoming Bias-Ways to Make Your Workplace More Successful and Welcoming Leslie Hawthorn, Red Hat; Sheeri Cabral, Mozilla Format: Half Day Workshop (mixture of presentations and discussion) Thursday, Nov 7, 2013: 11:00 a.m.-12:30 p.m. Panel: Women in Advanced Computing Moderator: Rikki Endsley, USENIX Association; Panelists: Amy Rich, Mozilla Corporation; Deanna McNeil, Learning Tree International; Amy Forinash Format: Panel Participation by women at this year's conference is impressive. Here is a list of talks (I may be missing some, I'm going by first name which is an imperfect algorithm.)

Usenix LISA 2013: Learn to code

Posted By Tom Limoncelli

If you want to learn to program better, Usenix LISA 2013 has a number of excellent presentations. Usenix LISA 2013 Presentations that teach coding: Sunday, Nov 3, 2013: PowerShell Fundamentals Building Your PowerShell Toolkit Monday, Nov 4, 2013: Core Skills: Scripting for Automation Advanced Shell Programming Wednesday, Nov 6, 2013: Introduction to Chef The Python Programming Language Introduction to Puppet Enterprise Other lists of presentations: DevOps, Unix/Linux administration technical skills, Cloud Computing, and Women at Usenix LISA. [I apologize in advance for any typo or errors. Please report any problems in the comments. The conference website has the latest information.]

Back-to-Basics Weekend Reading - A Decomposition Storage Model

Posted By Werner Vogels

Traditionally records in a database were stored as such: the data in a row was stored together for easy and fast retrieval. Not everybody agreed that the "N-ary Storage Model" (NSM) was the best approach for all workloads but it stayed dominant until hardware constraints, especially on caches, forced the community to revisit some of the alternatives. Combined with the rise of data warehouse workloads, where there is often significant redundancy in the values stored in columns, and database models based on column oriented storage took off. The first practical modern implementation is probably C-Store by Stonebraker, et al. in 2005.

Friday Squid Blogging: How Bacteria Terraform a Squid

Posted By Bruce Schneier

Fascinating: The bacterium Vibrio fischeri is a squid terraformer. Although it can live independently in seawater, it also colonises the body of the adorable Hawaiian bobtail squid. The squid nourishes the bacteria with nutrients and the bacteria, in turn, act as an invisibility cloak. They produce a dim light that matches the moonlight shining down from above, masking the squid's...

Warning sign that your API sucks

Posted By Tom Limoncelli

People say things like, "Can you just send me a copy of data?" If people are taking your entire database as a CSV file and processing it themselves, your API sucks. (Overheard at an ACM meeting today)

Back-to-Basics Weekend Reading - A Decomposition Storage Model

Posted By Werner Vogels

Traditionally records in a database were stored as such: the data in a row was stored together for easy and fast retrieval. Not everybody agreed that the “N-ary Storage Model” (NSM) was the best approach for all workloads but it stayed dominant until hardware constraints, especially on caches, forced the community to revisit some of the alternatives.

Legally Justifying NSA Surveillance of Americans

Posted By Bruce Schneier

Kit Walsh has an interesting blog post where he looks at how existing law can be used to justify the surveillance of Americans. Just to challenge ourselves, we'll ignore the several statutory provisions and other doctrines that allow for spying without court oversight, such as urgent collection, gathering information not considered protected by the Fourth Amendment, the wartime spying provision,...

Bjarne and I are speaking in Chicago on Tuesday night

Posted By Herb Sutter

Bjarne Stroustrup and I are giving back-to-back talks on Tuesday night in Chicago, while we’re both in town for the standards meeting next week. Admission is free. Register by email here (and ignore the “it’s full note on the page” — see below.) Note that my talk will be 80% new material followed by the last […]

Google Knows Every Wi-Fi Password in the World

Posted By Bruce Schneier

This article points out that as people are logging into Wi-Fi networks from their Android phones, and backing up those passwords along with everything else into Google's cloud, that Google is amassing an enormous database of the world's Wi-Fi passwords. And while it's not every Wi-Fi password in the world, it's almost certainly a large percentage of them. Leaving aside...

Eiji Toyoda, Promoter of the Toyota Way, Dies at 100

Posted By Tom Limoncelli

I wonder if he know how much influence he had on DevOps culture. The Three Ways of DevOps are essentially The Toyota Way applied to system administration. Eiji Toyoda, Promoter of the Toyota Way and Engineer of Its Growth, Dies at 100

Editing JSON

Posted By Tim Bray

As sort of a 2% project, Im helping out over in the IETF, working on a revision of the JSON spec. I wrote back in February about the depressing floppiness of the JSON spec, which allows things that are just bugs to people like me who use JSON always and only to represent hashes and records and suchlike in network APIs. And if the API is a crypto/authentication thing, those bugs can be nasty exploits. (Think duplicate key or naked surrogate, and shudder.) What I hadnt realized was that there actually isnt a standalone anything you can link to and say This is the JSON spec; RFC 4627 is just a mime-type registration.

Editing JSON

Posted By Tim Bray

As sort of a 2% project, Im helping out over in the IETF, working on a revision of the JSON spec. I wrote back in February about the depressing floppiness of the JSON spec, which allows things that are just bugs to people like me who use JSON always and only to represent hashes and records and suchlike in network APIs. And if the API is a crypto/authentication thing, those bugs can be nasty exploits. (Think duplicate key or naked surrogate, and shudder.) What I hadnt realized was that there actually isnt a standalone anything you can link to and say This is the JSON spec; RFC 4627 is just a mime-type registration.

Yochai Benkler on the NSA

Posted By Bruce Schneier

Excellent essay: We have learned that in pursuit of its bureaucratic mission to obtain signals intelligence in a pervasively networked world, the NSA has mounted a systematic campaign against the foundations of American power: constitutional checks and balances, technological leadership, and market entrepreneurship. The NSA scandal is no longer about privacy, or a particular violation of constitutional or legislative obligations....

The Limitations of Intelligence

Posted By Bruce Schneier

We recently learned that US intelligence agencies had at least three days' warning that Syrian President Bashar al-Assad was preparing to launch a chemical attack on his own people, but wasn't able to stop it. At least that's what an intelligence briefing from the White House reveals. With the combined abilities of our national intelligence apparatus -- the CIA, NSA,...

Give us a real backbone network

Posted By Greg Lehey

Now that the Coalition has won the election, plans for a sensible National Broadband Network have been canned. It's not true that nobody's happy about that: clearly Tony Abbott and maybe Malcolm Turnbull are. But a very large number of voters are not. Now there's a petition for the coalition to continue with the FTTH approach. As I write this, they have collected 250,000 signatures in a little over a week. That's impressive enough as a figure, but it's all the more interesting in that it represents over 1% of the population of Australia. I've signed, of course; I wonder if it will have any effect.

Main Street Photo Fun

Posted By Tim Bray

In which I take some ordinary street shots and overprocess them for fun. Vancouver likes street culture, especially around The Main (which is central and cant be ignored but not actually anyones Main street). I took the kids down to the the Main Street Shift Autumn Festival on Sunday and came back with pix. Theyre nothing special; Im mostly just showing off what you can do with a Fujifilm X-E1 in a pinch, with extra glamor from the nifty Nik Silver Efex software that I get for free because Im at Google. Food It aint a street party without street food; my 7-year-old had a cinnamon-apple-tart, an organic popsicle, and a mango lassi.

Main Street Photo Fun

Posted By Tim Bray

In which I take some ordinary street shots and overprocess them for fun. Vancouver likes street culture, especially around The Main (which is central and cant be ignored but not actually anyones Main street). I took the kids down to the the Main Street Shift Autumn Festival on Sunday and came back with pix. Theyre nothing special; Im mostly just showing off what you can do with a Fujifilm X-E1 in a pinch, with extra glamor from the nifty Nik Silver Efex software that I get for free because Im at Google. Food It aint a street party without street food; my 7-year-old had a cinnamon-apple-tart, an organic popsicle, and a mango lassi.

Surreptitiously Tampering with Computer Chips

Posted By Bruce Schneier

This is really interesting research: "Stealthy Dopant-Level Hardware Trojans." Basically, you can tamper with a logic gate to be either stuck-on or stuck-off by changing the doping of one transistor. This sort of sabotage will not be noticed on any visual reverse-engineering of the chip -- remove all the layers, generate the netlist-style reverse engineering, and so on. And it...

Tom Tomorrow from 1994

Posted By Bruce Schneier

This was published during the battle about the Clipper Chip, and is remarkably prescient....

How to foil NSA sabotage: use a dead mans switch (podcast)

Posted By Cory Doctorow

In this week's podcast, I read aloud a recent Guardian column, "How to foil NSA sabotage: use a dead man's switch, which proposes a "dead-man's switch" service that'll tip people off when the NSA serves a secret order demanding that Web operators sabotage their systems. No one's ever tested this approach in court, and I … [Read more]

A new video series: Forge Diaries

Posted By Niels Provos

A new video series: Forge Diaries

Posted By Niels Provos

A new video series: Forge Diaries

Posted By Niels Provos

Reforming the NSA

Posted By Bruce Schneier

Leaks from the whistleblower Edward Snowden have catapulted the NSA into newspaper headlines and demonstrated that it has become one of the most powerful government agencies in the country. From the secret court rulings that allow it collect data on all Americans to its systematic subversion of the entire Internet as a surveillance platform, the NSA has amassed an enormous...

Homeland UK edition launch this Wednesday at Londons Forbidden Planet Superstore

Posted By Cory Doctorow

Hey, Londoners! I'm launching the UK edition of Homeland this Wednesday at the Forbidden Planet Megastore from 18h-19h. This is the sequel to Little Brother, and it includes the novella Lawful Interception, which follows on from the action in Homeland. If you're not a Londoner, don't despair! Forbidden Planet has a great mail-order service and … [Read more]

NAT: safe from intrusion

Posted By Greg Lehey

Like many other networks running IPv4, I connect my local network to the Internet via NAT. I don't like the concept: I have a real /24 address block, but I can't connect it via this network. It also means that I have to maintain an external web server, because my local web server http://wwww.lemis.com/ is not accessible. Or so I thought. Today I saw a surprising set of messages: [Sun Sep 15 16:59:52 2013] [error] [client 58.211.18.184] File does not exist: /usr/local/www/data/admin [Sun Sep 15 16:59:53 2013] [error] [client 58.211.18.184] File does not exist: /usr/local/www/data/db [Sun Sep 15 16:59:54 2013] [error] [client 58.211.18.184] File does not exist: /usr/local/www/data/dbadmin [Sun Sep 15 16:59:55 2013] [error] [client 58.211.18.184] File does not exist: /usr/local/www/data/myadmin [Sun Sep 15 16:59:56 2013] [error] [client 58.211.18.184] File does not exist: /usr/local/www/data/mysql [Sun Sep 15 16:59:57 2013] [error] [client ...

Five years uptime: really?

Posted By Greg Lehey

I booted my external web server, w3.lemis.com, on 28 September 2008 just before midnight UTC. Since it reached 600 days uptimethe longest I had ever experienced, even at Tandem ComputersI started monitoring it every day. And then 3 months ago the unthinkable happened: they had to move data centres, after 1,733 days' uptime. Fortunately w3 is a virtual machine, and they were able to save the machine state and resume execution in the new data centre. But is that reasonable to assume that the uptime remains despite being put on ice for 100 minutes? I think so. There are a number of issues with keeping a machine up: Hardware reliability.

FC6: Who Are You?

Posted By Tim Bray

This is part of the Federation Conversation, where commenter Jashan worried, reasonably enough: Users tend to forget which of the gazillion available services they have registered at your site with. And then they're too lazy to try all the possibilities. And then they're gone. Ouch! On the other hand, they might show up at your IDP-free site and forget what username theyd logged in with. Or they remember that but forget the password. And then they worry theyre trying the wrong username. Which is to say, as with many other Identity issues, there are a lot of ways to end up completely hooped.

FC6: Who Are You?

Posted By Tim Bray

This is part of the Federation Conversation, where commenter Jashan worried, reasonably enough: Users tend to forget which of the gazillion available services they have registered at your site with. And then they're too lazy to try all the possibilities. And then they're gone. Ouch! On the other hand, they might show up at your IDP-free site and forget what username theyd logged in with. Or they remember that but forget the password. And then they worry theyre trying the wrong username. Which is to say, as with many other Identity issues, its hard. But we can agree: The less cognitive load it takes to get into your site, the more people will.

Take Back the Internet

Posted By Bruce Schneier

Government and industry have betrayed the Internet, and us. By subverting the Internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our Internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our...

How to Remain Secure Against the NSA

Posted By Bruce Schneier

Now that we have enough details about how the >NSA eavesdrops on the Internet, including today's disclosures of the NSA's deliberate weakening of cryptographic systems, we can finally start to figure out how to protect ourselves. For the past two weeks, I have been working with the Guardian on NSA stories, and have read hundreds of top-secret NSA documents provided...

Google funding of open-source security projects

Posted By Robert N. M. Watson

I was pleased to contribute to a recent blog article by Ben Laurie, a frequent collaborator with the Cambridge security group, on the Google Open Source Programs Office blog. We describe open-source security work OSPO has sponsored over the last couple of years, including our joint work on Capsicum, and its followup projects funded jointly [...]

The price of free apps

Posted By Greg Lehey

More playing around with my Android tablets today. Gradually I'm getting the bigger one to do the things that I want. GPS worksbetter than on the small one, I can use it as a phone if I can stand the thought, and at least it doesn't change its MAC address every time it's booted, like the small one does. The PIN-based WPS also doesn't seem to require reinitialization all the time. What about navigation? Last month I tried Sygic and was relatively happy with it. But there was some strangeness about the software: although the toyshop called it free, there was some mention of having to pay.

Wireless AP, try 2

Posted By Greg Lehey

I've got to say one thing for the eBay seller who sold me the now defunct wireless access point: he's fast. I bought the original on Saturday, it was posted on Monday, arrived on Tuesday and died on Wednesday. I contacted him and he sent another one (without waiting for the return of the first) on Thursday, and I got it today. Looking at the device, it had a protective plastic film on the top side. Normally I don't remove these until I'm sure I'm going to keep them. But this one covered the cooling holes. Is that the reason why the first one died?

Friday Squid Blogging: Squid Fishing in the Cook Islands

Posted By Bruce Schneier

Diamondback squid could be a source of food. No word on taste. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Radio Interviews with Me

Posted By Bruce Schneier

Four interviews with me on the NSA....

New NSA Leak Shows MITM Attacks Against Major Internet Services

Posted By Bruce Schneier

The Brazilian television show "Fantastico" has exposed an NSA training presentation that discusses how the agency runs man-in-the-middle attacks on the Internet. The point of the story was that the NSA engages in economic espionage against Petrobras, the Brazilian giant oil company, but I'm more interested in the tactical details. The video on the webpage is long, and includes what...

Interview with South Africas Tech Central

Posted By Cory Doctorow

I just got back from South Africa's Internet Service Provider Association annual conference, iWeek 13. While there, I sat down with TechCentral's Craig Wilson for an interview (MP3) -- about privacy, the NSA, DRM and the future of the Internet.

Reader Q&A: Will C++ remain indispensable&?

Posted By Herb Sutter

A reader wrote me today to ask the following. Since this is a FAQ, I thought I’d post the answer here. With the advent of C++11 and upcoming C++14 and C++1y, the language has strapped much of the digital electronics industry under its belt. High performance software, Libraries, Embedded, Research, Web backends, our everyday software, […]

Did I Actually Say That?

Posted By Bruce Schneier

I'm quoted (also here) as using this analogy to explain how IT companies will be damaged by the news that they've been collaborating with the NSA: "How would it be if your doctor put rat poison in your medicine? Highly damaging," said Bruce Schneier, a US computer security expert. Not the most eloquent I've been recently. Clearly I need to...

Little Brother bus-ads in San Francisco

Posted By Cory Doctorow

How cool is this? My novel, Little Brother, is the San Francisco Public Library's "One City One Book pick for 2013, which means that it's the book for the annual "citywide book-club." The library is advertising the initiative with bus-shelter, bus- and coffee-sleeve-ads all over town, and the librarians just tweeted me this pic of … [Read more]

Ed Felten on the NSA Disclosures

Posted By Bruce Schneier

Ed Felten has an excellent essay on the damage caused by the NSA secretly breaking the security of Internet systems: In security, the worst case -- the thing you most want to avoid -- is thinking you are secure when you're not. And that's exactly what the NSA seems to be trying to perpetuate. Suppose you're driving a car that...

Radiation Tower progress

Posted By Greg Lehey

Every time we drive into town, we look at the site of the radiation tower. The components of the tower itself are now there: The site is visible in front of the trees in the first image. ACM only downloads articles once.

New wireless router

Posted By Greg Lehey

Got my new, el-cheapo wireless router today. The login screen speaks volumes: XXX Systems! But it has a lot of features, and seems to do what I want to do. In fact, I'd be completely happy with itmaybeif it hadn't died after two hours. All LEDs off except for power, and no way of turning it on again. And now the fun of returning the thing. I should have kept the ALDI boxes I bought a while back. ACM only downloads articles once.

Matthew Green Speculates on How the NSA Defeats Encryption

Posted By Bruce Schneier

This blog post is well worth reading, and not just because Johns Hopkins University asked him to remove it, and then backed down a few hours later....

Tom's guide for Tourists Visiting NYC (special Sept 11th anniversary edition)

Posted By Tom Limoncelli

Welcome to our fine city! Some say its the greatest city in the world. We love tourists and we want you to visit. NYC has some of the finest theater, museums, shopping, history and dining. I know NYC has a reputation for being unsafe but its actually one of the safest places for tourists to visit. Which brings me to Tom's 4 point guide to visiting NYC: Point 1: Dine well. Say away from the following restaurants: Applebee's, Olive Garden, Hard Rock Cafe, Burger King and McDonalds. Seriously, folks! You are in NYC! Eat someplace you can't find in your own town.

iPhone Fingerprint Authentication

Posted By Bruce Schneier

When Apple bought AuthenTec for its biometrics technology -- reported as one of its most expensive purchases -- there was a lot of speculation about how the company would incorporate biometrics in its product line. Many speculate that the new Apple iPhone to be announced tomorrow will come with a fingerprint authentication system, and there are several ways it could...

Equine insurance, continued

Posted By Greg Lehey

We're still trying to insure Yvonne's new horse. It's not helped by the insurers. They have online descriptions of what they do and don't cover, of course, with lots of Big Fat Words, and a number of things that appear to contradict the statements of the agent. Sent him not one, but a total of three emails trying to get him to respond to the issues. We failed. It seems that the idea of actually reading an email message and responding to it is no longer Modern. Of course, it doesn't help that people in the Microsoft Space write their replies in a place where they can no longer see what they're replying to, but you'd think that a Professional would find a solution to that problem.

Differential Debugging

Posted By Diomidis D. Spinellis

If estimating the time needed for implementing some software is difficult, coming up with a figure for the time required to debug it is nigh on impossible. Bugs can lurk in the most obscure corners of the system, or even in the crevices of third-party libraries and components. Ask some developers for a time estimate, and dont be surprised if an experienced one snaps back, Ive found the bug when Ive found the bug. Thankfully, there are some tools that allow methodical debugging, thereby giving you a sense of progress and a visible target. A method Ive come to appreciate over the past few months is differential debugging.

iPhone 5c and 5s

Posted By Tim Bray

Dont they look great? I might get one (no, really). Theyre interesting... Lets play Apple Pundit! You might get one?! Well, its like this: Since June, I actually havent had a smartphone; just an ancient account-free Nexus S that I use for voice, SMS, and occasional hot spots. Im not starved for mobile Internet because my 16G Nexus 7 with celullar data has been a champ, makes me very happy every day, is a terrific world traveler, excels at email and Web and The Economist and Ingress and Twitter and G+ and Kindle and MLB.tv. Ill probably replace it with one of the new ones because, well, have you held one?

iPhone 5c and 5s

Posted By Tim Bray

Dont they look great? I might get one (no, really). Theyre interesting... Lets play Apple Pundit! You might get one?! Well, its like this: Since June, I actually havent had a smartphone; just an ancient account-free Nexus S that I use for voice, SMS, and occasional hot spots. Im not starved for mobile Internet because my 16G Nexus 7 with celullar data has been a champ, makes me very happy every day, is a terrific world traveler, excels at email and Web and The Economist and Ingress and Twitter and G+ and Kindle and MLB.tv. Ill probably replace it with one of the new ones because, well, have you held one?

The TSA Is Legally Allowed to Lie to Us

Posted By Bruce Schneier

The TSA does not have to tell the truth: Can the TSA (or local governments as directed by the TSA) lie in response to a FOIA request? Sure, no problem! Even the NSA responds that they "can't confirm or deny the existence" of classified things for which admitting or denying existence would (allegedly, of course) damage national security. But the...

My One C++ talk from GoingNative is now posted

Posted By Herb Sutter

I see the recording went live this morning. Thanks again to all the speakers and in-room and worldwide attendees for coming and watching! Day 2 Keynote: One C++ Herb Sutter My favorite part was seeing the response to the challenge to write a cool graphical interactive C++ program from scratch in 24 hours using a […]

Visual Studio 2013 RC is now available

Posted By Herb Sutter

At Build in June, we announced that VC++ 2013 RTM “later this year” would include the ISO conformance features in the June preview (explicit conversion operators, raw string literals, function template default arguments, delegating constructors, uniform initialization and initializer_lists, and variadic templates) plus also several more to be added between the Preview and the RTM: […]

Government Secrecy and the Generation Gap

Posted By Bruce Schneier

Big-government secrets require a lot of secret-keepers. As of October 2012, almost 5m people in the US have security clearances, with 1.4m at the top-secret level or higher, according to the Office of the Director of National Intelligence. Most of these people do not have access to as much information as Edward Snowden, the former National Security Agency contractor turned...

Fighting back against NSA sabotage with a dead-mans switch

Posted By Cory Doctorow

My latest Guardian column, "How to foil NSA sabotage: use a dead man's switch," conducts a thought-experiment for a "dead-man's switch" to undermine the system of secret surveillance orders used by American government agencies. If you're worried about getting a secret order to sabotage your users' security, you could send a dead-man's switch service a … [Read more]

Excess Automobile Deaths as a Result of 9/11

Posted By Bruce Schneier

People commented about a point I made in a recent essay: In the months after 9/11, so many people chose to drive instead of fly that the resulting deaths dwarfed the deaths from the terrorist attack itself, because cars are much more dangerous than airplanes. Yes, that's wrong. Where I said "months," I should have said "years." I got the...

FC5: Manage Those Passwords!

Posted By Tim Bray

Inventing good passwords is hard and so is remembering them, thats part of the problem. So, how about we get computers to do the tedious stuff for us? Turns out you can, using something called a Password manager. Are these things going to end the Federation Conversation? [This piece is part of that conversation.] Introduction If you already use a password manager and know the basics, you can hop down to the Thought experiment section. First: To those of you who have a lot of passwords and arent using a password manager, Id say: Start now. Second: If youre wondering which to use, David Stroms Best tools for protecting passwords is pretty good, even though its enterprise-focused and spends time on management options that I dont care about.

FC5: Manage Those Passwords!

Posted By Tim Bray

Inventing good passwords is hard and so is remembering them, thats part of the problem. So, how about we get computers to do the tedious stuff for us? Turns out you can, using something called a Password manager. Are these things going to end the Federation Conversation? [This piece is part of that conversation.] Introduction If you already use a password manager and know the basics, you can hop down to the Thought experiment section. First: To those of you who have a lot of passwords and arent using a password manager, Id say: Start now. Second: If youre wondering which to use, David Stroms Best tools for protecting passwords is pretty good, even though its enterprise-focused and spends time on management options that I dont care about.

Usenix LISA overlaps election day!

Posted By Tom Limoncelli

Usenix LISA is early this year. This means two things: It isn't overlapping the December holiday rush (yeah!) but it overlaps with election day (boo!) . New Jersey has an important election this year. I don't want to miss it. Therefore I'm sending away for my New Jersey Application For Vote by Mail Ballot right away. In all states you can vote by Absentee Ballot but you can't do it "same day". You have to write in to apply well in advance and mail it in (depending on the state) far in advance of the real election day. Information on how to do this in your state is available online.

Ingress Ebb and Flow

Posted By Tim Bray

The last Ingress fragment here was back in May, reflective of the fact that I, like many who leveled all the way up, lost interest and drifted away. But Ive been out a bit in the last couple of weeks; in particular spending quality time in graveyards. the game remains an interesting and under-reported story. Previously in this series: Ingress, Things About Ingress, Ingress, Month 3, Ingress Weekly, Ingress Tourism, Advanced Ingress, and Ingress Chase Scene. Where we play Ingress; for details, read on. Time and numbers Thats what the games about; in any given locality, the faction that can bring out more L8 players for more hours is going to dominate the map.

Ingress Ebb and Flow

Posted By Tim Bray

The last Ingress fragment here was back in May, reflective of the fact that I, like many who leveled all the way up, lost interest and drifted away. But Ive been out a bit in the last couple of weeks; in particular spending quality time in graveyards. the game remains an interesting and under-reported story. Previously in this series: Ingress, Things About Ingress, Ingress, Month 3, Ingress Weekly, Ingress Tourism, Advanced Ingress, and Ingress Chase Scene. Where we play Ingress; for details, read on. Time and numbers Thats what the games about; in any given locality, the faction that can bring out more L8 players for more hours is going to dominate the map.

My New PGP/GPG and OTR Keys

Posted By Bruce Schneier

You can find my new PGP public key and my OTR key fingerprint here....

Friday Squid Blogging: Giant Squid Found Off the Coast of Spain

Posted By Bruce Schneier

The incomplete specimen weighs over 160 lbs. And here's a map of squid spottings. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Friday Squid Blogging: Giant Squid Found Off the Coast of Spain

Posted By Bruce Schneier

The incomplete specimen weighs over 160 lbs. And here's a map of squid spottings. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Another Interview

Posted By Bruce Schneier

I was interviewed by MinnPost....

Another Interview

Posted By Bruce Schneier

I was interviewed by MinnPost....

Conspiracy Theories and the NSA

Posted By Bruce Schneier

I've recently seen two articles speculating on the NSA's capability, and practice, of spying on members of Congress and other elected officials. The evidence is all circumstantial and smacks of conspiracy thinking -- and I have no idea whether any of it is true or not -- but it's a good illustration of what happens when trust in a public...

Conspiracy Theories and the NSA

Posted By Bruce Schneier

I've recently seen two articles speculating on the NSA's capability, and practice, of spying on members of Congress and other elected officials. The evidence is all circumstantial and smacks of conspiracy thinking -- and I have no idea whether any of it is true or not -- but it's a good illustration of what happens when trust in a public...

The NSA's Cryptographic Capabilities

Posted By Bruce Schneier

The latest Snowden document is the US intelligence "black budget." There's a lot of information in the few pages the Washington Post decided to publish, including an introduction by Director of National Intelligence James Clapper. In it, he drops a tantalizing hint: "Also, we are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic." Honestly, I'm...

The NSA's Cryptographic Capabilities

Posted By Bruce Schneier

The latest Snowden document is the US intelligence "black budget." There's a lot of information in the few pages the Washington Post decided to publish, including an introduction by Director of National Intelligence James Clapper. In it, he drops a tantalizing hint: "Also, we are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic." Honestly, I'm...

Dutch Enterprises and The Cloud

Posted By Werner Vogels

This spring I travelled through Europe for the AWS Global Summit series. In my many conversations with customers, and with the media, I encountered surprise and excitement about the extent that European enterprises have already been using the Amazon Web Services for some time. Whether it is large telecommunications manufactures like Nokia Siemens Networks running their real-time data analytics for network operators on AWS, or a luxury hotel chain like Kempinski moving their core IT functions to AWS such that they can get out of the IT business, or a major newspaper corporation like News International, who plan to have 75% of their infrastructure running on AWS within 3 years to improve their agility, European enterprises have been moving to the cloud for some time to become more agile and competitive.

Dutch Enterprises and The Cloud

Posted By Werner Vogels

This spring I travelled through Europe for the AWS Global Summit series. In my many conversations with customers, and with the media, I encountered surprise and excitement about the extent that European enterprises have already been using the Amazon Web Services for some time.

Android: So nice, so nice, we do it twice

Posted By Greg Lehey

Between looking for cars and contacting Yvonne, I had some time over. In to ALDI to see if they had an accessory pack for my Android tablet. No, but they had one for a slightly older 10.1" model, and even that tablet still in stock. OK, that might be worth trying out, so I bought both. For a tablet hater, I'm not exactly true to form. ACM only downloads articles once.

DynamoDB for Location Data: Geospatial querying on DynamoDB datasets

Posted By Werner Vogels

Over the past few years, two important trends that have been disrupting the database industry are mobile applications and big data. The explosive growth in mobile devices and mobile apps is generating a huge amount of data, which has fueled the demand for big data services and for high scale databases. Meanwhile, mobile app developers have shown that they care a lot about getting to market quickly, the ability to easily scale their app from 100 users to 1 million users on day 1, and the extreme low latency database performance that is crucial to ensure a great end-user experience. These factors have made DynamoDB a compelling database for mobile developers, who happen to be among the biggest adopters of this technology.

The NSA is Breaking Most Encryption on the Internet

Posted By Bruce Schneier

The new Snoden revelations are explosive. Basically, the NSA is able to decrypt most of the Internet. They're doing it primarily by cheating, not by mathematics. It's joint reporting between the Guardian, the New York Times, and ProPublica. I have been working with Glenn Greenwald on the Snowden documents, and I have seen a lot of them. These are my...

The NSA Is Breaking Most Encryption on the Internet

Posted By Bruce Schneier

The new Snowden revelations are explosive. Basically, the NSA is able to decrypt most of the Internet. They're doing it primarily by cheating, not by mathematics. It's joint reporting between the Guardian, the New York Times, and ProPublica. I have been working with Glenn Greenwald on the Snowden documents, and I have seen a lot of them. These are my...

The Effect of Money on Trust

Posted By Bruce Schneier

Money reduces trust in small groups, but increases it in larger groups. Basically, the introduction of money allows society to scale. The team devised an experiment where subjects in small and large groups had the option to give gifts in exchange for tokens. They found that there was a social cost to introducing this incentive. When all tokens were "spent",...

The Effect of Money on Trust

Posted By Bruce Schneier

Money reduces trust in small groups, but increases it in larger groups. Basically, the introduction of money allows society to scale. The team devised an experiment where subjects in small and large groups had the option to give gifts in exchange for tokens. They found that there was a social cost to introducing this incentive. When all tokens were "spent",...

Journal of Homeland Security and Emergency Management

Posted By Bruce Schneier

I keep getting alerts of new issues, but there are rarely articles I find interesting....

Journal of Homeland Security and Emergency Management

Posted By Bruce Schneier

I keep getting alerts of new issues, but there are rarely articles I find interesting....

Google StreetView visits my office... literally!

Posted By Tom Limoncelli

One of the enticements to work at Stack Exchange was that I would be given my own office and it would have a door that closes. What a luxury! Was I special? No, our CEO believes that all engineers should have private offices so they can have peace and quiet when they're trying to get work done. Not that we're unsocial. We use chat rooms and video conferences constantly. Considering that half my team works remotely, we'd be communicating that way anyhow. Shortly after I started my new job I went away for 2 weeks to get married and go on a honeymoon in Maui.

I have cancelled my appearance at Campus Party London tonight

Posted By Cory Doctorow

On close inspection, I saw that the contract they wanted me to speak under required me: * to exclusively assign all rights to the talk to them; * to indemnify them against all claims (including nuisance claims) arising from the talk (meaning that they could simply hand money to nuisance complainants and send me the … [Read more]

DynamoDB for Location Data: Geospatial querying on DynamoDB datasets

Posted By Werner Vogels

Over the past few years, two important trends that have been disrupting the database industry are mobile applications and big data. The explosive growth in mobile devices and mobile apps is generating a huge amount of data, which has fueled the demand for big data services and for high scale databases.

LOPSA NYC: Etsy: Feature Flagging your Infrastructure for Fun and Profit

Posted By Tom Limoncelli

The first part of the meeting will be about Etsy's deployment infrastructure. The second half of the meeting will be a chance to discuss the talk, brain storm future topic ideas, and hopefully get more presenters. Date? Tuesday, September 10, 2013 When? 7:00 pm Where? 120 West 45th St, 39th Floor, New York, NY 10036 For more info: http://www.lopsa-nyc.org/content/feature-flag

Human/Machine Trust Failures

Posted By Bruce Schneier

I jacked a visitor's badge from the Eisenhower Executive Office Building in Washington, DC, last month. The badges are electronic; they're enabled when you check in at building security. You're supposed to wear it on a chain around your neck at all times and drop it through a slot when you leave. I kept the badge. I used my body...

Human-Machine Trust Failures

Posted By Bruce Schneier

I jacked a visitor's badge from the Eisenhower Executive Office Building in Washington, DC, last month. The badges are electronic; they're enabled when you check in at building security. You're supposed to wear it on a chain around your neck at all times and drop it through a slot when you leave. I kept the badge. I used my body...

The team I'm on at Stack Exchange is hiring

Posted By Tom Limoncelli

Here's the job advert. We're looking for someone who will be heavy on the developer side of SRE. If you are interested in OpenTSDB, you'll be very interested in this position. Stack Exchange is the company behind ServerFault.com, StackOverflow.com, and 104 other StackExchange.com sites. I joined the company recently and I really love it here. Check out the advert!

City of Trees and Cranes

Posted By Tim Bray

Vancouver I mean, of course. Were big on trees, and growing, so its hard to take a picture without one or the other. What happened was, we were at a rooftop barbecue more or less at the center of this map; the area is called False Creek Flats, a label I love. Its mostly empty space on the map north of where we were, which however isnt empty in the slightest. Theres a lot happening here. Id like to draw your attention to: The new brewery under construction in the foreground; Red Truck Beer, and some of their beers arent bad.

City of Trees and Cranes

Posted By Tim Bray

Vancouver I mean, of course. Were big on trees, and growing, so its hard to take a picture without one or the other. What happened was, we were at a rooftop barbecue more or less at the center of this map; the area is called False Creek Flats, a label I love. Its mostly empty space on the map north of where we were, which however isnt empty in the slightest. Theres a lot happening here. Id like to draw your attention to: The new brewery under construction in the foreground; Red Truck Beer, and some of their beers arent bad.

SHA-3 Status

Posted By Bruce Schneier

NIST's John Kelsey gave an excellent talk on the history, status, and future of the SHA-3 hashing standard. The slides are online....

Tomorrow

Posted By Herb Sutter

You will want to watch Chandler Carruth’s talk tomorrow at GoingNative. It will be livestreamed here starting at 2:30pm North American Pacific time. (See timeanddate.com for other time zones.) Watch for the Ghostbusters reference. That is all. Filed under: Uncategorized

How publishers should learn to stop worrying and love library ebook lending

Posted By Cory Doctorow

My latest Locus column, Libraries and E-books, talks about the raw deal that libraries are currently getting from the big five publishers on ebook pricing (libraries pay up to five times retail for their ebooks, and are additionally burdened with the requirement to use expensive, proprietary collection-management tools). I point out that libraries are effectively … [Read more]

Business Opportunities in Cloud Security

Posted By Bruce Schneier

Bessemer Venture Partners partner David Cowan has an interesting article on the opportunities for cloud security companies. Richard Stiennnon, an industry analyst, has a similar article. And Zscaler comments on a 451 Research report on the cloud security business....

Expanding the Cloud: More memory, more caching and more performance for your data

Posted By Werner Vogels

Today, we added two important choices for customers running high performance apps in the cloud: support for Redis in Amazon ElastiCache and a new high memory database instance (db.cr1.8xlarge) for Amazon RDS. As we prepared to launch these features, I was struck not only by the range of services we provide to enable customers to run fully managed, scalable, high performance database workloads, including Amazon RDS, Amazon DynamoDB, Amazon Redshift and Amazon ElastiCache, but also by the pace at which these services are evolving and improving. Since you now have lots of choices to address your high performance database needs, I decided to write this blog to help you select the most appropriate services for your workload using lessons I have learnt by scaling the infrastructure for Amazon.com.

Finally! The Radiation Tower!

Posted By Greg Lehey

Yvonne called me on the way to town this morning: they've started building the Radiation Tower. Later out to take a look: So finally it has started! What a wait it's been: 6 December 2011: They want to be finished by June 2012, but that will depend on how many spanners Wendy wants to throw into the works. And indeed she did.

Syrian Electronic Army Cyberattacks

Posted By Bruce Schneier

The Syrian Electronic Army attacked again this week, compromising the websites of the New York Times, Twitter, the Huffington Post, and others. Political hacking isn't new. Hackers were breaking into systems for political reasons long before commerce and criminals discovered the Internet. Over the years, we've seen U.K. vs. Ireland, Israel vs. Arab states, Russia vs. its former Soviet republics,...

Expanding the Cloud: More memory, more caching and more performance for your data

Posted By Werner Vogels

Today, we added two important choices for customers running high performance apps in the cloud: support for Redis in Amazon ElastiCache and a new high memory database instance (db.cr1.8xlarge) for Amazon RDS. As we prepared to launch these features, I was struck not only by the range of services we provide to enable customers to run fully managed, scalable, high performance database workloads, including Amazon RDS, Amazon DynamoDB, Amazon Redshift and Amazon ElastiCache, but also by the pace at which these services are evolving and improving.

Livestreamed talk at GoingNative this week: One C++

Posted By Herb Sutter

Don’t forget that the year’s great C++-fest GoingNative 2013 starts tomorrow morning and will be livestreamed on the Channel 9 home page. Don’t miss the opening keynote by Bjarne Stroustrup at 9:00am Seattle time on Wednesday. It will be followed by many other insightful and enlightening talks, from many of the gurus of C++. The […]

Our Newfound Fear of Risk

Posted By Bruce Schneier

We're afraid of risk. It's a normal part of life, but we're increasingly unwilling to accept it at any level. So we turn to technology to protect us. The problem is that technological security measures aren't free. They cost money, of course, but they cost other things as well. They often don't provide the security they advertise, and -- paradoxically...

Sony RX100 II

Posted By Tim Bray

I lost my much-beloved Canon S100 by leaving it on an airplane  how stupid is that?  so I got the new RX100 II (Sony, DPR, Sony); also called the M2 in places including its photos EXIF data, but II seems more official. The choice was easy, given my previously-stated belief that the best camera inventory is a large-sensor interchangeable-lens body wearing an opinionated prime lens, and a decent pocket cam with a zoom: If you really need a zoom lens, why not get one that has a pretty good camera built-in?. And many reviewers have asserted that the RX100 is the best pocket zoom you can get.

Sony RX100 II

Posted By Tim Bray

I lost my much-beloved Canon S100 by leaving it on an airplane  how stupid is that?  so I got the new RX100 II (Sony, DPR, Amazon); also called the M2 in places including its photos EXIF data, but II seems more official. The choice was easy, given my previously-stated belief that the best camera inventory is a large-sensor interchangeable-lens body wearing an opinionated prime lens, and a decent pocket cam with a zoom: If you really need a zoom lens, why not get one that has a pretty good camera built-in?. And many reviewers have asserted that the RX100 is the best pocket zoom you can get.

LaTeX dvipdf tip: -dFirstPage/-dLastPage doesn't work

Posted By Tom Limoncelli

Spoiler alert: it works with Ghostscript 9.09 but not Ghostscript 9.06. I'm writing this mostly to vent. Here's the story. Most of my books are written using the LaTeX formatting system. The latex command outputs a .dvi file, and there are programs that translate dvi to PostScript, pdf, HP LaserJet language, and so on. I'm writing a script that generates one PDF file for each chapter. You'd think this would be easy, and it mostly is. There's some great advice here and here. (Both links are to Stack Exchange sites, btw) My original plan was to call dvipdf then re-process the PDF using pdftk (The PDF ToolKit) or Ghostscript.

1983 Article on the NSA

Posted By Bruce Schneier

The moral is that NSA surveillance overreach has been going on for a long, long time....

More nadir stitching

Posted By Greg Lehey

Spent much of the day today attacking my full 360°×180° panoramas. They were difficult for a number of reasons, not all of them related to the nadir. First was the panorama of the verandah centre: the initial flash panorama worked fine, but the flat version kept failing: enblend --compression=LZW -m 10000 -w -f9000x6597 -o verandah-centre.tif -- verandah-centre0000.tif verandah-centre0001.tif verandah-centre0002.tif verandah-centre0003.tif verandah-centre0004.tif verandah-centre0005.tif verandah-centre0006.tif verandah-centre0007.tif verandah-centre0008.tif verandah-centre0009.tif verandah-centre0010.tif verandah-centre0011.tif verandah-centre0012.tif verandah-centre0013.tif verandah-centre0014.tif verandah-centre0015.tif verandah-centre0016.tif verandah-centre0017.tif verandah-centre0019.tif verandah-centre0020.tif verandah-centre0021.tif verandah-centre0022.tif verandah-centre0023.tif enblend: info: loading next image: verandah-centre0000.tif 1/1 ... enblend: info: loading next image: verandah-centre0022.tif 1/1 enblend: warning: failed to detect any seam enblend: mask is entirely black, but white image was not identified as redundant enblend: info: remove invalid output image "verandah-centre.tif" gmake: *** [verandah-centre.tif] Error 1 Why that?

Still more USB strangenesses

Posted By Greg Lehey

I took a number of photos of the nadir setup with my old Nikon “Coolpix” L1, and then transferred them to computer via USB. And then I forgot to disconnect for a couple of hours. When I did, the camera was warm, the batteries (freshly charged NiZn) were also hot and discharged. Why? The camera can't charge the batteries via USB, so when it's on USB, it shouldn't have any connection to the batteries at all. ACM only downloads articles once.

Other Android insights

Posted By Greg Lehey

Writing yesterday's article on eBooks required screen shots from the Android tablet. How do you do that? Went looking in the toy shop, but the things I found didn't look very good, and most were either for a specific tablet, or they required rooting, something that I don't want to attempt yet. So I went off looking on Google. It's simple (and intuitive!) : the system has a built-in screen shot facility. Just hold down Vol-- and the power button for a second or two, and it makes a clicking noise and saves the screen contents. Where? With a bit of finger-sliding (starting at the Gallery icon), it gives you a useful information page: OK, how do I get that to a ...

USB charging problems understood

Posted By Greg Lehey

Why did my Android tablet not charge when connected to the charger via the USB extension cable? On IRC, Jürgen Lock suggested that the resistance might be too high. Nonsense, I thought, and did a quick calculation: the charger is rated at 2 A, and I've already established that the tablet needs more than 1 A to run. So what would we need to get a voltage drop of, say, 0.5 V? R = E / I, so the surprising result is: 0.25 ©. That's not much. Clearly what I should do is to measure the voltage at the device when connected in this way.