Blog Archive: November 2013

NBN coming nearer

Posted By Greg Lehey

Mail message from Exetel today: We have been notified by NBN that an appointment has been made for a technician to visit your premises to complete the installation of the Fiber Broadband. Appointment date: Thursday, 12 December 2013, 8:00 AM - 12:00 PM Fiber broadband! Not even fibre. Still, I suppose fixed wireless is the invisible fibre. But after 2½ years of waiting, we finally have a date. The relief was overwhelming. Hopefully everything will go smoothly. ACM only downloads articles once.

Datacenter Renewable Power Done Right

Posted By James Hamilton

Facebook Iowa Data Center In 2007, the EPA released a study on datacenter power consumption at the request of the US Congress (EPA Report to Congress on Server and Data Center Efficiency).  The report estimated that the power consumption of datacenters represented about 1.5% of the US Energy Budget in 2005 and this number would double by 2010. In a way, this report was believable in that datacenter usage was clearly on the increase. What the report didnt predict was the pace of innovation in datacenter efficiency during that period.  Increased use, spurred increased investment, which has led to a near 50% improvement in industry leading datacenter efficiency.    Also difficult to predict at the time of the report was the rapid growth of cloud computing.

Deadline for Cascadia IT talk proposals extended to Dec 9:

Posted By Tom Limoncelli

The proposal deadline for LOPSA's Cascadia IT conference has been extended to 9 DEC. http://casitconf.org/casitconf14/call-for-proposals/

NBN wants residents

Posted By Greg Lehey

Looking Yet Again at the NBN rollout map for some reason, and it asked me if I wanted to take a survey after visiting the site (which involved explicitly closing the window when I was done). It confirmed my negative impression of the NBN bureaucracy, producing the smallest window I have ever seen: Without the frame it must be about 100×100 pixels. Once I had enlarged it, it wanted to know what kind of visitor I was, a button list of course. What kind didn't it mention?

DCW credit card security

Posted By Greg Lehey

One of the more interesting issues completing my purchase with Digital Camera Warehouse was that they didn't simply accept my credit card on the phone: they did a sample booking between $1 and $2 and asked me to check the sum and report it back to them. Given the horrendous lack of security in the online market, that seemed not to be a bad idea. Only problem was, of course, that ANZ didn't play along: the updates to the online banking site can take hours or even a day. So I had to call them up and get the information on the phone, with only my secret word as identification.

Friday Squid Blogging: Squid Worm Discovered

Posted By Bruce Schneier

This squid-like worm -- Teuthidodrilus samae -- is new to science. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

More on Stuxnet

Posted By Bruce Schneier

Ralph Langer has written the definitive analysis of Stuxnet: short, popular version, and long, technical version. Stuxnet is not really one weapon, but two. The vast majority of the attention has been paid to Stuxnet's smaller and simpler attack routine -- the one that changes the speeds of the rotors in a centrifuge, which is used to enrich uranium. But...

More bad language

Posted By Greg Lehey

While signing up with Exetel today, Shannon asked me if I wanted a modem. Huh? Why do you need a modem when NBN supplies a layer 2 bridge? She couldn't tell me either, of course, but it seems that she meant a switch or maybe a router. So why call it a modem? It seems that the central home networking box, including ADSL modem, a switch, NAT, firewall, and probably 802.11 access point, has come to be referred to as a modem. Now the successor devices no longer have the ADSL modem component, but the name has become established, and though it's no longer a modem, that's what they call it.

Finally! NBN!

Posted By Greg Lehey

Started writing up my diary for yesterday and brought up the NBN rollout map. And what do I see? So Aussie Broadband were only slightly wrong in their timing. And once again the NBN have demonstrated how completely useless their information is. Yesterday, just the day before it became available, they were pretending that the service wouldn't be available until August 2014. What a useless system. Hopefully the network side will be better. So: once again tried to sign up with Exetel. Called up 1300 393 835 and spoke to Shannon, who had all my details. Nevertheless she couldn't process my order until I gave her a mobile phone number.

No NBN, part 2

Posted By Greg Lehey

Exciting junk mail in the letterbox today: Could it be true? Have they finally got the Radiation Tower up and running? Took a look at the rollout map. Nothing. But then what do they know? Called up NBN on 1800 687 626 and spoke to Christine, who told me the same old story: construction commenced in August, and it normally takes 12 months to complete. Why do they repeat that nonsense? She seemed put out when I told her that that was nonsense, but promised to forward it to her superiors.

Stop monitoring whether or not your service is up!

Posted By Tom Limoncelli

99 percent of all monitoring that I see being done is done wrong. Most people think of monitoring like this: Step 1: Something goes down. Step 2: I am alerted. Step 3: I fix the problem as fast as I can. Step 4: I get a pat on the back if I was able to fix it "really fast". (i.e. faster than the RTO) If that's how you think of monitoring, then you are ALWAYS going to have down time. You've got down time "baked into" your process! Here's how we should think about monitoring: Step 1: I get an alert that something is "a bit off"; something that needs to be fixed or else there will be an outage.

Space Operas!

Posted By Tim Bray

Most geeks love em; some find the pleasure a little guilty. Gleaming silver ingots of engineering poetry reaching up out of gravitys mud carrying humanitys sparks into spaces blackness... and blowing each other up! Im here to recommend the work of James S.A. Corey, but the genre deserves a little survey. Kid stuff Yes, I grew up on E.E. Doc Smiths Lensmen books. Thats a horribly long time ago and I remember almost nothing, except for huge fleets of space battleships arranging themselves in surprising new attack formations: the Wedge, the Cone, the Cylinder. The price is down to free on Kindle for some of em; I suspect they havent aged well, but maybe Ill take one on a vacation someday.

Evi Nemeth Update

Posted By Tom Limoncelli

http://www.katc.com/news/170-days-still-no-sign-of-the-nina

Tor Appliance

Posted By Bruce Schneier

Safeplug is an easy-to-use Tor appliance. I like that it can also act as a Tor exit node....

Expanding the Cloud: Enabling Globally Distributed Applications and Disaster Recovery

Posted By Werner Vogels

As I discussed in my re:Invent keynote earlier this month, I am now happy to announce the immediate availability of Amazon RDS Cross Region Read Replicas, which is another important enhancement for our customers using or planning to use multiple AWS Regions to deploy their applications. Cross Region Read Replicas are available for MySQL 5.6 and enable you to maintain a nearly up-to-date copy of your master database in a different AWS Region. In case of a regional disaster, you can simply promote your read replica in a different region to a master and point your application to it to resume operations.

Expanding the Cloud: Enabling Globally Distributed Applications and Disaster Recovery

Posted By Werner Vogels

As I discussed in my re:Invent keynote earlier this month, I am now happy to announce the immediate availability of Amazon RDS Cross Region Read Replicas, which is another important enhancement for our customers using or planning to use multiple AWS Regions to deploy their applications. Cross Region Read Replicas are available for MySQL 5.

The FBI Might Do More Domestic Surveillance than the NSA

Posted By Bruce Schneier

This is a long article about the FBI's Data Intercept Technology Unit (DITU), which is basically its own internal NSA. It carries out its own signals intelligence operations and is trying to collect huge amounts of email and Internet data from U.S. companies -- an operation that the NSA once conducted, was reprimanded for, and says it abandoned. [...] The...

New backup disks

Posted By Greg Lehey

To Officeworks to buy some new backup disks (or, as they put it, hard drives) for my photos. 4TB each, and to hedge my bets (and also tell them apart) I bought one Seagate, one Western Digital. How the old units fail with file systems of this size: Filesystem    512-blocks Used         Avail Capacity  Mounted on /dev/da2p1 7,812,344,416   16 7,734,220,960     0%    /photobackup Normally my backups are just of the day's photos, and they take about 10 minutes, mainly with rsync checking the directory trees of the two disks.

No NBN in Dereel

Posted By Greg Lehey

Phone call from Chris Bahlo during breakfast. The people from the NBN were there to install her antenna! Well, it's really David Yeardley's installationChris would never have chosen Telstraand they can be connected because the NBN has determined that they're in the range of the Rokewood tower, while we are not. But more to the point, nobody was home except for Minh Chau, and since she's under age, they wouldn't accept a signature from her. So one of us had to go over, and out of curiosity I volunteered. Unfortunately in vain: they had moved on, and would come back later, by which time David would be there.

US Working to Kill UN Resolutions to Limit International Surveillance

Posted By Bruce Schneier

This story should get more publicity than it has....

Surveillance as a Business Model

Posted By Bruce Schneier

Google recently announced that it would start including individual users' names and photos in some ads. This means that if you rate some product positively, your friends may see ads for that product with your name and photo attached—without your knowledge or consent. Meanwhile, Facebook is eliminating a feature that allowed people to retain some portions of their anonymity on...

Paving the way to hell

Posted By Greg Lehey

My programming languages course has now moved from Racket to Ruby, and the first assignment is due in soon. It's difficult to keep up with the sheer volume of lectures, but finally I started today: === grog@teevee (/dev/pts/4) ~/Coursera/Programming-Languages/assignments 3 -> ruby hw6runner.rb original /usr/local/lib/ruby/1.9/rubygems/custom_require.rb:36:in `require': cannot load such file -- tk (LoadError)         from /usr/local/lib/ruby/1.9/rubygems/custom_require.rb:36:in `require'         from /eureka/home/grog/Coursera/Programming-Languages/assignments/hw6graphics.rb:6:in `<top (required)>'         from /eureka/home/grog/Coursera/Programming-Languages/assignments/hw6provided.rb:3:in `require_relative'         from /eureka/home/grog/Coursera/Programming-Languages/assignments/hw6provided.rb:3:in `<top (required)>'         from hw6runner.rb:3:in `require_relative'         from hw6runner.rb:3:in `<main>' What's that?

Don't use Internet Explorer!

Posted By Greg Lehey

Participated in another silly survey today. About the most interesting part was at the beginning: How times change! ACM only downloads articles once. It's possible that this article has changed since being downloaded, but the only way you can find out is by looking at the original article.

Friday Squid Blogging: Magnapinna Squid Photo

Posted By Bruce Schneier

Neat photo. Video, too. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Reddit "Ask Me Anything"

Posted By Bruce Schneier

I just did an AMA on Reddit....

DxO support for E-M1

Posted By Greg Lehey

Rather to my surprise, DxO has already announced support for the Olympus OM-D E-M1. Which lenses? A number of Panasonic lenses as well as from Olympusbut only micro-FT lenses! In general the optical quality of the µFT lenses is less than that of the Four Thirds lensesthe only one that really qualifies as professional is the still-undeliverable M.Zuiko 12-40 mm To make up for that, they've decided that the E-M1 is a professional camera (my E-30 isn't), so I'd have to pay double the price for dropping support for my existing lenses. That would be the last straw. So off looking for alternatives.

Rerouting Internet Traffic by Attacking BGP

Posted By Bruce Schneier

Renesys is reporting that Internet traffic is being manipulatively rerouted, presumably for eavesdropping purposes. The attacks exploit flaws in the Border Gateway Protocol (BGP). Ars Technica has a good article explaining the details. The odds that the NSA is not doing this sort of thing are basically zero, but I'm sure that their activities are going to be harder to...

Exploring the ALDI tuner

Posted By Greg Lehey

Discussion about the ALDI tuner on IRC today. Jürgen Lock suggested that I try installing the webcamd port, so did that and tried it out: === root@teevee (/dev/pts/0) /usr/ports/multimedia/webcamd 8 -> webcamd Attached to ugen0.5[0] webcamd: Cannot find USB device Clearly it was lying: it did find /dev/ugen0.5. But why? It seems that to get debug output you need to rebuild the port, so did that and got lots of messages on the screen, many of them obviously errors. But the real one that stood out was: ERR: : : this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) Now isn't that something that should only appear in debug output?

New toy

Posted By Greg Lehey

A few weeks back I bought an infrared thermometer on eBay, and today it finally arrived. The main purpose is to measure the temperature of the pizza stone in the pizza oven, but of course that won't be for a while. In the meantime I played around with it a bit. One thing's clear: it's not the kind that you can stick into your ear and measure blood temperature. I tried that and got a temperature of about 23°. But pointing it at hot and cold objects show that it works, at least in principle. The trouble is that it's a spot measurement, so the variation between -18° and -14° in the deep freezer, or 190° in the corners of the oven to 210° in the middle, could be correct.

Counter-Surveillance

Posted By Tim Bray

Surveillance on the Internet is pervasive and well-funded; it constitutes a planetary-scale attack on people who need the Net. The IETF is grappling with the problem but the right path forward isnt clear. This story is being reported, but (near as I can tell) not by anyone whos on the actual mailing lists, reading whats being said. So, heres whats up. The story is long and unsimple, and therefore so is this ongoing fragment; sorry. On a perfect Internet Everyone would be confident that their traffic is private; only they and whoever theyre connecting to could ever see it. They wouldnt have to worry about what needs to be private and what doesnt because everything would be.

How to Avoid Getting Arrested

Posted By Bruce Schneier

The tips are more psychological than security....

New USB tuner

Posted By Greg Lehey

Yvonne back from shopping today with more toys from ALDI: two USB TV tuners and an 802.11 range extender. One of the tuners can go back unopened: there's no way to connect two to a standard TV cable. The other one probes under FreeBSD without revealing very much: Nov 19 17:30:26 teevee kernel: ugen0.5: <Realtek> at usbus0 Nov 19 17:30:26 teevee root: Unknown USB device: vendor 0x1d19 product 0x1101 bus uhub2 Nov 19 17:30:26 teevee root: Unknown USB device: vendor 0x1d19 product 0x1101 bus uhub2 So now I'll have to revisit the whole tuner setup under Linux.

ABS survey

Posted By Greg Lehey

While I was in town yesterday, somebody from the Australian Bureau of Statistics came by and told Yvonne that we had been selected for a Survey of Income and Housing. She left a letter, which proved to contain a Web Address, numerical user identifier and password, containing upper and lower case letters, digits and a special character. I was to go to this Web Address to say when it would be convenient to conduct a survey of unspecified duration. Do I want to do this? This kind of bad language raises prejudices which too often prove to be justified. They were today, too.

Fokirtor

Posted By Bruce Schneier

Fokirtor is a Linux Trojan that exfiltrates traffic by inserting it into SSH connections. It looks very well-designed and -constructed....

Visual C++ Compiler November 2013 CTP

Posted By Herb Sutter

We just shipped Visual C++2013 last month, but I announced at GoingNative in September that there would be more soon: another CTP (compiler preview) containing another batch of C++11/14 features, sometime in the fourth quarter. I’m happy to report that today we shipped the promised CTP. Compared to the “high probability in CTP” feature set I mentioned […]

Explaining and Speculating About QUANTUM

Posted By Bruce Schneier

Nicholas Weaver has a great essay explaining how the NSA's QUANTUM packet injection system works, what we know it does, what else it can possibly do, and how to defend against it. Remember that while QUANTUM is an NSA program, other countries engage in these sorts of attacks as well. By securing the Internet against QUANTUM, we protect ourselves against...

Comparing DxO releases

Posted By Greg Lehey

Comparing the processing times of DxO Optics Pro releases 8 and 9 also gave me an opportunity to compare the images themselves. They should be the same, right? Well, I've been applying the Artistic HDR profile (which they call a preset), and they seem to have fine-tuned that. The results are most visible in images with a lot of white, but unfortunately I didn't compare any of them, and given the processing time, I'll put it off for some other time. But even in more normal images some differences are obvious. To compare the images, visit the HTML version of this page with JavaScript enabled.

DxO release 9: faster after all

Posted By Greg Lehey

I've commented in the past both on the glacial speed of DxO Optics Pro and the chutzpah they had to claim that release 9 is even faster. My own tests confirmed only the former allegation. But over the last couple of days I've processed a large number of photos with release 9, and yes, indeed, it's notably faster. Here the times: Release       Image count       Time       Time per image (s)       CPU Time per image (s) ...

Microsoft bashing, 15 years on

Posted By Greg Lehey

Mail from Bob Nelson today, who had dug out an old copy of The Complete FreeBSD, third edition. He was concerned by a couple of things I said about Microsoft. Now it's not exactly a secret that I don't like Microsoft, but nevertheless it was interesting to see what it was that concerned him. The first was a reference to Microsoft's Operating System Bob thought that the quotes were inappropriate. But in the context, no, they weren't. I was referring to Windows 95, which was not an operating system at all, but a graphical interface to MS-DOS. Calling it an operating system would be like calling X an operating system.

Friday Squid Blogging: Squid Fishermen Seen from Space

Posted By Bruce Schneier

Cool photo. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Various Schneier Audio and Video Talks and Interviews

Posted By Bruce Schneier

News articles about me (or with good quotes by me). My talk at the IETF Vancouver meeting on NSA and surveillance. I'm the first speaker after the administrivia. Press articles about me and the IETF meeting. Other video interviews with me....

I Sold Some Bitcoins

Posted By Tim Bray

I held the flimsy scrap of printout up to the Bitcoin ATMs scanner, tapped its screen, and ten crisp hundred-dollar bills shot into the delivery tray at the bottom. Maybe Bitcoin is real? What happened was, back in April when Bitcoin was last spiking, I bought a few, not using any of the exchanges (setup seems pretty heavyweight) but from another enthusiast, with cash. The price headed for the basement as soon as I loaded up, so I was feeling kind of stupid. But now its spiking again; nobody knows why, but I hear hints of big pools of money hovering, wanting into this asset class.

DevBeat

Posted By Tim Bray

This was an odd but not-bad little developers event in San Fran put on by VC-biz pub VentureBeat. Im not 100% sure what DevBeat 2013 was trying to be, but anyhow the venue was cool and I got a neat picture of RMS. The contrast between the beautifully-groomed venture reporters and the scruffy geeks was pretty stark. And the program was patchy; putting on Alex Payne is always a good idea (I recommend his Monktoberfest preso), but having an advertised big-name star appearing Skype-only was a little off. And then there was RMS. Richard Stallman. Per his request, this work is licensed under aCreative Commons Attribution-ShareAlike 3.0 Unported License.

Security Tents

Posted By Bruce Schneier

The US government sets up secure tents for the president and other officials to deal with classified material while traveling abroad. Even when Obama travels to allied nations, aides quickly set up the security tent -- which has opaque sides and noise-making devices inside -- in a room near his hotel suite. When the president needs to read a classified...

Tools for Android

Posted By Greg Lehey

I'm gradually making friends with Android, but it's not easy. Under the surface it looks almost like a real machine: u0_a83@android:/ $ df Filesystem             Size   Used   Free   Blksize /dev                   403M    64K   402M   4096 /mnt/asec              403M     0K   403M   4096 /mnt/obb               403M     0K   403M   4096 /system                531M   322M   208M   4096 /system/media           98M    67M    31M   4096 /cache                  98M     4M    94M   4096 /persist                 9M   ...

A Fraying of the Public/Private Surveillance Partnership

Posted By Bruce Schneier

The public/private surveillance partnership between the NSA and corporate data collectors is starting to fray. The reason is sunlight. The publicity resulting from the Snowden documents has made companies think twice before allowing the NSA access to their users' and customers' data. Pre-Snowden, there was no downside to cooperating with the NSA. If the NSA asked you for copies of...

(V)C++ recorded talks at VS 2013 Launch

Posted By Herb Sutter

As part of today’s VS 2013 launch, in addition to the live talks and Q&A we also have some recently recorded talks that are now also live. My talk is a quick 20-minute tour of the new ISO C++ conformance features in VC++ 2013 — nothing I haven’t said before, so if you’ve seen my […]

Microsoft Retiring SHA-1 in 2016

Posted By Bruce Schneier

I think this is a good move on Microsoft's part: Microsoft is recommending that customers and CA's stop using SHA-1 for cryptographic applications, including use in SSL/TLS and code signing. Microsoft Security Advisory 2880823 has been released along with the policy announcement that Microsoft will stop recognizing the validity of SHA-1 based certificates after 2016. More news. SHA-1 isn't broken...

Live Visual C++ Q&A today

Posted By Herb Sutter

As part of the VS 2013 launch today, in a few hours I will be joining Tarek Madkour and Ale Contenti on camera for about half an hour to answer questions about VC++2013. Tarek and Ale are two of the three-manager triad who run our VC++ team. Visual C++ in 2013 and Beyond with Charles […]

AWS re:Invent 2013

Posted By Werner Vogels

Today we are kicking off AWS re:Invent 2013. Over the course of the next three days, we will host more than 200 sessions, training bootcamps, and hands on labs taught by expert AWS staff as well as dozens of our customers. This years conference kicks off with a keynote address by AWS Senior Vice President Andy Jassy, followed by my keynote on Thursday morning. Tune in to hear the latest from AWS and our customers. If youre not already here in Vegas with us, you can sign up to watch the keynotes on live stream here. Outside of the keynotes, there are an incredible number of sessions offering a tailored experience whether you are a developer, startup, executive, partner, or other.

Coming to Melbourne next week for four events

Posted By Cory Doctorow

I'm heading to Melbourne, Australia next week to do a series of events with the Center for Youth Literature of the State Library of Victoria. I'm doing four events: The science of fiction, Creative versus Commons, Digital fiction masterclass, and Future fiction with teens. I hope you'll come out to them!

Another QUANTUMINSERT Attack Example

Posted By Bruce Schneier

Der Speigel is reporting that the GCHQ used QUANTUMINSERT to direct users to fake LinkedIn and Slashdot pages run by -- this code name is not in the article -- FOXACID servers. There's not a lot technically new in the article, but we do get some information about popularity and jargon. According to other secret documents, Quantum is an extremely...

AWS re:Invent 2013

Posted By Werner Vogels

Today we are kicking off AWS re:Invent 2013. Over the course of the next three days, we will host more than 200 sessions, training bootcamps, and hands on labs taught by expert AWS staff as well as dozens of our customers. This year?s conference kicks off with a keynote address by AWS Senior Vice President Andy Jassy, followed by my keynote on Thursday morning.

Positive NBN news

Posted By Greg Lehey

We've all been more than a little unhappy about the direction the new Australian government is taking with the National Broadband Network, as I've commented repeatedly in the past. And so far there seems to be no sign of a change of directionuntil today. Now it seems that Simon Hackett is joining the board of the NBN. That's hopefully good news. Simon has a much better understanding of the issues than most of the people on the NBN, very much including the current government. Hopefully he'll be able to maintain his viewpoints. Certainly the public opinion is very positive. ACM only downloads articles once.

Reminder: VC++2013 upgrade SKU available until end of January

Posted By Herb Sutter

Recap: Back in June, Microsoft: announced that were were moving to a faster cadence and shipped VS 2013 one year after VS 2012; announced that new ISO C++ conformance features from the November 2012 CTP (and more) would be available in VS 2013, but not in VS 2012 Updates; and didn’t announce pricing for VS […]

Cryptographic Blunders Revealed by Adobe's Password Leak

Posted By Bruce Schneier

Adobe lost 150 million customer passwords. Even worse, they had a pretty dumb cryptographic hash system protecting those passwords....

Little Brother in the Canada Reads Top Ten

Posted By Cory Doctorow

Holy. Cats. My novel Little Brother has made it into the CBC's Canada Reads Top Ten. It is in astoundingly great and humbling company, including Margaret Atwood's Year of the Flood and Joseph Boyden's The Orenda. I'm so, so pleased by this -- thank you to everyone who supported the book. And I hope you … [Read more]

Bizarre Online Gambling Movie-Plot Threat

Posted By Bruce Schneier

This article argues that online gambling is a strategic national threat because terrorists could use it to launder money. The Harper demonstration showed the technology and techniques that terror and crime organizations could use to operate untraceable money laundering built on a highly liquid legalized online poker industry -- just the environment that will result from the spread of poker...

(Re)Learning programming

Posted By Greg Lehey

I've been programming for nearly 45 years now, but I've always been interested in programming languages, and so a couple of months ago I signed up for an online Programming languages course from the University of Washington. It's been interesting. One of the things about programming languages is that each has its own way of doing things. Yes, you can write FORTRAN in any language, and Rasmus Lerdorf has told me Programming in PHP is simple. Just write C and put a $ in front of the variables. But it's not that simple, and the course shows idioms that I wouldn't have thought of myself.

Bike Fixers

Posted By Tim Bray

Implicit in the Maker movement is a Fixer movement, and thats what Our Community Bikes is. Theyre right round the corner from us, and my 14-year goes there to patch up his commuter vehicle. Last Saturday, he went down to replace a hopelessly-busted inner tube, and when he hadnt come back after a couple hours I strolled over and helped out a little with some brake readjustments. The space is intense. Its also colorful, as long as you dont mind your colors with grease-stains. Hammer time! If you followed the link above, you will have noticed the unsubtle inclusiveness: Gender, ethnicity, able-bodied-ness, you name it.

Dan Geer Explains the Government Surveillance Mentality

Posted By Bruce Schneier

This talk by Dan Geer explains the NSA mindset of "collect everything": I previously worked for a data protection company. Our product was, and I believe still is, the most thorough on the market. By "thorough" I mean the dictionary definition, "careful about doing something in an accurate and exact way." To this end, installing our product instrumented every system...

IETF 88

Posted By Tim Bray

I attended because I cared about work going on in the JSON and OAuth working groups, and because it was here in Vancouver. But this meeting was focused on pervasive surveillance of the Internet, and how to make it more expensive. This is worth everyones attention and deserves more explanation than Ive seen in the mainstream media. Having said that about the mainstream, Besieged, in The Economist, is not terrible. The Flavor of the IETF If you read The Tao of IETF youll know most of the things that matter, and if you care about the Internet you likely should.

Solar at Scale: How Big is a Solar Array of 9MW Average Output?

Posted By James Hamilton

I frequently get asked why not just put solar panels on data center roofs and run them on that. The short answer is datacenter roofs are just way too small. In a previous article (I Love Solar But&) I did a quick back of envelope calculation and, assuming a conventional single floor build with current power densities, each square foot of datacenter space would require roughly 362 sq ft of solar panels. The roof would only contribute roughly 1% of the facility requirements. Quite possibly still worth doing but there is simply no way a roof top array is going to power an entire datacenter.

Fresh From the Graveyard

Posted By Tim Bray

What happened was, I visited Vancouvers Mountain View Cemetery, my 7-year-old daughter in tow. It was wet and grey. She was bored so I gave her a camera. Im not gonna claim shes a budding genius photographer; just that a kid with a pretty good camera and no preconceptions can surprise you. Of course, anyone knows you can make good pictures of flowers. Seven-year olds are apparently untroubled by fakeness in flowers. Also, they dont know that the cameras supposed to be held level. And they cant see any reason not to take extreme-wide-angle shots of an evergreen theyre standing in front of.

Friday Squid Blogging: Tree Yarn-Bombed

Posted By Bruce Schneier

This tree http://www.thisiscolossal.com/2013/10/a-yarn-bombed-tree-squid/">in San Mateo, CA, has been turned into a giant blue squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

More GPS navigation apps

Posted By Greg Lehey

I still haven't found a good Android navigation app. I'm going to Melbourne tomorrow, so it's a good test. Spent some time looking for other apps, and came up with a package I can no longer trace. It has some other name somewhere, but it just identifies itself as Navigator. I had thought that it was NavFree, but the description in the toyshop looks very different. It's also based on OpenStreetMap. Is the navigation any better? No. It was almost impossible to enter the details of where my cousin Mick lives (it didn't believe that the street number existed), and finding the South Melbourne Market took me 5 minutes offline.

Emmylou, Richard, Rodney

Posted By Tim Bray

This tour is currently in progress, billed as Emmylou Harris and Rodney Crowella with Richard Thompson. If any of those names resonate, go see it. Vancouvers show was at The Orpheum, quite appropriate I think. Heres an architectural detail: Just like that bit in the picture, the Emmylou/Rodney set was beautifully-designed, perfectly-executed, and entirely traditional. Not a single lick or harmony or bridge was offered that hasnt been offered a thousand times before; they were mostly born in honkey-tonks and now live in fancy concert halls, and theres nothing wrong with either of those things. And there was nothing wrong with the concert.

Another Snowden Lesson: People Are the Weak Security Link

Posted By Bruce Schneier

There's a story that Edward Snowden successfully socially engineered other NSA employees into giving him their passwords....

Why the Government Should Help Leakers

Posted By Bruce Schneier

In the Information Age, it's easier than ever to steal and publish data. Corporations and governments have to adjust to their secrets being exposed, regularly. When massive amounts of government documents are leaked, journalists sift through them to determine which pieces of information are newsworthy, and confer with government agencies over what needs to be redacted. Managing this reality is...

Comparing DxO PRIME

Posted By Greg Lehey

As planned, spent some time converting the photos taken on 30 January 2010 with the new DxO Optics Pro version 9, including the blue moon with the ice-age-glacial PRIME denoising functionality53 minutes for 7 images! And the results? It's still hard to say. The original images were processed with ufraw, not the best software in the world. DxO gave generally better-looking results. But there's not that much difference in the noise. In sequence are the image as processed by ufraw, the same image as optimized by Ashampoo photo optimizer, DxO with the High profile and DxO with the PRIME profile: The differences in the crop are due to the fact that ufraw uses the ...

Summary of "Evil Genius 101" Tutorial

Posted By Tom Limoncelli

Ben Cotton wrote up a summary of my Evil Genius 101 tutorial: https://www.usenix.org/blog/evil-genius-101 Thanks for the great summary, Ben! (Ben Blogs at FunnelFiasco)

Risk-Based Authentication

Posted By Bruce Schneier

I like this idea of giving each individual login attempt a risk score, based on the characteristics of the attempt: The risk score estimates the risk associated with a log-in attempt based on a user's typical log-in and usage profile, taking into account their device and geographic location, the system they're trying to access, the time of day they typically...

Modem comparisons

Posted By Greg Lehey

My wireless network congestion continues, though it's currently not as bad as it has been. But Internode support have sent me a new modem to see if that will make any difference. Yes, it did. It's a Huawei E3131, and my system doesn't recognize it: Nov  6 10:43:12 eureka kernel: ugen6.4: <HUAWEI> at usbus6 Nov  6 10:43:14 eureka root: Unknown USB device : vendor 0x12d1 product 0x1c05 bus uhub8 Nov  6 10:43:14 eureka kernel: ugen6.4: <HUAWEI> at usbus6 In particular, it doesn't create any device nodes, so I can't use it.

More DxO investigation

Posted By Greg Lehey

As planned, continued today looking at the new DxO Optics Pro version 9. It's certainly interesting. The first thing I needed to do was to process the images from the GPS navigator as part of the article on GPS navigation apps. I couldn't be bothered to mount the camera on a tripod, so I took the images hand-held with the camera sensitivity set to 36° (3200) ISO. That created quite noisy images, just what I needed to try their new PRIME denoising, a term that proves to stand for Probabilistic Raw IMage Enhancement. One thing's sure: it's slow. And when processingexporting a second image, I discovered: I had to wait for the first image to complete before I could start the second, presumably because of some limitation in their processingexporting logic.

Deception in Fruit Flies

Posted By Bruce Schneier

The wings of the Goniurellia tridens fruit fly have images of an ant on them, to deceive predators: "When threatened, the fly flashes its wings to give the appearance of ants walking back and forth. The predator gets confused and the fly zips off." Click on the link to see the photo....

Elliptic Curve Crypto Primer

Posted By Bruce Schneier

This is well-written and very good....

Web server down time

Posted By Greg Lehey

Stephen Rothwell updated our communal OzLabs weather server today, while I was in Geelong. It didn't take long to find that things didn't go well for http://www.lemis.com/. Error 403 (Permission denied) on all pages. Contacted Stephen and discovered that I hadn't read his warning letter closely enough, and that I needed a configuration change. Fortunately that didn't take too long. ACM only downloads articles once.

Navigation apps revisited

Posted By Greg Lehey

The journey to Geelong was useful for another purpose: another comparison of OsmAnd Maps & Navigation and the Nav N Go in my dedicated navigator. It was interesting: OsmAnd Maps took well over a minute to calculate a route back home from Geelong, a distance of 80 km. There's clearly a lot of room for improvement there. When it did, it was a very different shortest route than what Nav N Go calculated.

CSS Drop Shadows

Posted By Tim Bray

In early 2006, I added drop shadows to all the pictures here at ongoing; to do it I had to construct a 500-line Java program. At the time I remarked that CSS should just support drop shadows, and now it does. Heres how it looks: More or less exactly the same as my hand-constructed shadows, near as I can tell. So as of today, the whole sites a little lighter and faster and smarter. My thanks to the CSS designers and browser builders. Oh, hows it done?

HTTP Encryption Live-blog

Posted By Tim Bray

The IETF HTTP Working Group is in a special place right now. It held a meeting this morning at IETF 88 on encryption and privacy; the room was packed and, just possibly, needles that matter were moved. Whats special, you ask? Well, most standards-writing committees labor in obscurity, ignored by the actual engineers who build the world. Or alternatively, ignored by the vendors that matter, while the rest try to use the standards process to claw their way into a closed market. Not HTTP; the guys from Chrome and Firefox and IE are in there with hammers and shovels, building the stuff in parallel with writing the specs for it, pointing out spec problems with refreshing reports like we tried it in release 16.2 and it broke 23% of clients. The goal What the people I respect want is for everything (yes, absolutely everything) transmitted across the Web to ...

How to provide infinite disk storage

Posted By Tom Limoncelli

A user recently asked for a lot of disk space. Not just a lot of disk space, but growing at an astounding rate per month. (Not big for some places, but bigger than my current employer was used to providing). It was an archive that would start large and grow in leaps and bounds. It had to be actual disk (not tape or other off-line technology) because the data would be accessed constantly. He joked that what he really wanted was infinite disk space. I replied, "I can give you infinite storage." and I wasn't joking. He told me to prove it so I explained: Your data will start large and grow quickly.

The Story of the Bomb Squad at the Boston Marathon

Posted By Bruce Schneier

This is interesting reading, but I'm left wanting more. What are the lessons here? How can we do this better next time? Clearly we won't be able to anticipate bombings; even Israel can't do that. We have to get better at responding. Several years after 9/11, I conducted training with a military bomb unit charged with guarding Washington, DC. Our...

Settling in Seattle

Posted By Benjamin Mako Hill

I defended my dissertation three months ago. Since then, it feels like everything has changed. I’ve moved from Somerville to Seattle, moved from MIT to the University of Washington, and gone from being a graduate student to a professor. Mika and I have moved out of a multi-apartment cooperative into into a small apartment we’re […]

More bad language

Posted By Greg Lehey

So today I've had two different new examples of bad language: income stream products and export. What's wrong with them? They're bad in different ways. Income stream product is clearly intended to be very specific. Presumably stream implies continuous, relatively even income, and product is some kind of wrapper. But that's a guess. To be specific, it also needs to be completely understandable. Presumably the people at Centrelink know exactly what it means and how it differs from other jargon terms that would sound the same to me. But unless you can look it up in a dictionary, they shouldn't be using it when communicating with the general public.

New DxO release

Posted By Greg Lehey

A couple of weeks ago DxO released version 9 of DxO Optics Pro, of which they said, with amazing chutzpah: DxO Optics Pro is now even faster That's of a photo processing package that is an order of magnitude slower than any other I know. Still, any speed improvement is good, so today I decided to try it out. The user interface has changed: previously there were the relatively understandable tabs Organize (climb trees to find the files you want to process), Customize (select what you want to do with them) and Process (produce the corresponding output images).

NBN letdown

Posted By Greg Lehey

On the dot of 9:00 this morning, called up Exetel (1300 393 835, Option 1), spoke to Bernie and asked her to reinstate the order that they rejected last month. Yes, indeed, they still had all the details, but they'd have to reenter it manually. Their problem, I suppose, since they were prepared to do it. But of course the NBN info still showed no service from the Radiation Tower, so they couldn't accept it. Called up the NBN and spoke to Adam, who told me that the tower was indeed not in service, but some people, notably in Browns Road (which goes past the edge of Chris Bahlo's property) already had service.

Security in Internet Protocols

Posted By Tim Bray

IETF 88 is going to be a pretty hot meeting, what with the world learning about lots of ugly attacks against everyones privacy and security. At the end of the day this is a policy problem not a technology problem; but to the extent that anything can be done at the technology level, a lot of the people who can do it are here. So I think these discussions matter, and Im going to do some rare semi-live-blogging to relay interesting news as it develops. Im starting with a report from something called the Apps Area Working Group. Mondays meeting took a very useful, methodical walk-through of the state of the security/encryption art in each of the major application Internet protocols.

More NSA Revelations

Posted By Bruce Schneier

This New York Times story on the NSA is very good, and contains lots of little tidbits of new information gleaned from the Snowden documents. The agencys Dishfire database -- nothing happens without a code word at the N.S.A. -- stores years of text messages from around the world, just in case. Its Tracfin collection accumulates gigabytes of credit card...

Fighting patent trolls and corruption with the Magnificent Seven business-model

Posted By Cory Doctorow

My new Locus column, Collective Action, proposes a theory of corruption: the relatively small profits from being a jerk are concentrated, the much larger effects are diffused, which means that the jerks can afford better lawyers and lobbyists than any one of their victims. Since the victims are spread out and don't know each other, … [Read more]

badBIOS

Posted By Bruce Schneier

Good story of badBIOS, a really nasty piece of malware. The weirdest part is how it uses ultrasonic sound to jump air gaps. Ruiu said he arrived at the theory about badBIOS's high-frequency networking capability after observing encrypted data packets being sent to and from an infected machine that had no obvious network connection with -- but was in close...

Open office hours at LISA

Posted By Tom Limoncelli

This just in... I'll be having office hours on Thursday from 2-3:30pm at LISA. Stop by for one-on-one time management counseling. It isn't listed yet on the website but will be soon: https://www.usenix.org/conference/lisa13/hack-space

"Evil Genius 101" class via livestream

Posted By Tom Limoncelli

If you can't make it to LISA this year but want to see my devops-tastic, "Evil Genius 101" class, you can buy the livestream: https://www.usenix.org/conference/lisa13/video/usenix-training-video-stream-half-day-lisa-13-evil-genius-101 You can watch many different LISA presentations livestreamed here: https://www.usenix.org/conference/lisa13/live-streaming

Tom @ Usenix LISA 2013, Washington DC, Nov 3-8, 2013

Posted By Tom Limoncelli

Tom will be teaching 2 tutorials, doing a book signing, and including the all-new Evil Genius 101 half-day class.   Tuesday AM: Half-day tutorial: Advanced Time Management: Team Efficiency Updated!   Tuesday PM: Half-day tutorial: Evil Genius 101 New!   Thursday, 1-1:30PM: Book Signing in Exhibit Hall C   Thursday, 2-3:30PM: "Time Management Office Hours" (one-on-one time management counseling) New!   Friday, 9-10:30AM: Guru Session "Time Management for Sysadmins" (Harding Room) Sun, 03 Nov 2013 03:50:41 UTC

Young brothers explain Bayess theorem

Posted By Cory Doctorow

These two young fellows are brothers from Palo Alto who've set out to produce a series of videos explaining the technical ideas in my novel Little Brother, and their first installment, explaining Bayes's Theorem, is a very promising start. I'm honored -- and delighted! Technology behind "Little Brother" - Jamming with Bayes Rule

Radiation Tower: finally!

Posted By Greg Lehey

The Radiation Tower is finished! Or at least, that's what Yvonne found in Facebook: Yeah baby, booked in for the NBN today, been told the technician will be out in the next couple of weeks to hook us up......bye bye 15 gig @ $89 yippee........ I can't check myself: it seems I've been removed from the group. And of course the coverage map doesn't show any change, but what else is new? Hopefully it'll be installed before my current month of wireless coverage ends on the 20th. ACM only downloads articles once.

Nifty Refresh-token Trick

Posted By Tim Bray

What happened was, HR wanted to set up a partner to offer benefits for active Googlers only, and thus we discovered an OAuth 2-based trick that I bet will work in lots of other situations too. The scenario HR wanted to set up this financial-services company (lets call them FSCo) with a special deal for Googlers. So FSCo needed a way to test whether someones an employee. But the financial services might survive their employment, so FSCo also needs an independent relationship with the people who use them. Heres how it works Suppose some Googler, lets say Ed Xample, wants to sign up.

Canada Reads top-ten voting ends this weekend

Posted By Cory Doctorow

As I mentioned last week, the CBC's Canada Reads list of top 40 Canadian books is up, and it's got a really commendable, wide-ranging variety of titles in it (including my own novel Little Brother). The CBC is asking for readers to choose their favorites by tomorrow, at which point they'll release the top ten … [Read more]

Friday Squid Blogging: 8-Foot Giant Squid Pillow

Posted By Bruce Schneier

Make your own 8-foot giant squid pillow. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

A Template for Reporting Government Surveillance News Stories

Posted By Bruce Schneier

This is from 2006 -- I blogged it here -- but it's even more true today. Under a top secret program initiated by the Bush Administration after the Sept. 11 attacks, the [name of agency (FBI, CIA, NSA, etc.)] have been gathering a vast database of [type of records] involving United States citizens. "This program is a vital tool in...

Reading Group at Harvard Law School

Posted By Bruce Schneier

In Spring Semester, I'm running a reading group -- which seems to be a formal variant of a study group -- at Harvard Law School on "Security, Power, and the Internet. I would like a good mix of people, so non law students and non Harvard students are both welcome to sign up....

Hospitals are the Mainframe of the medical industry

Posted By Tom Limoncelli

Hospitals are the mainframe of the medical industry. Computers used to be rare and expensive. Every bit, every CPU cycle needed to be carefully groomed, petted, and softly whispered sweet things to, protected and managed. The best way to do this was to make one big computer, the central mainframe, and have everyone worship it like a god, accessed only through 24x80 text-only glass video tubes. Then came PCs. PCs are so cheap you can waste CPU cycles on silly things like... ease-of-use feature, applications that enable communication between people, graphical user interfaces, games, surfing the web, etc. Medical equipment used to be rare and expensive.

Is Cisco finally understanding that SDN is real?

Posted By Tom Limoncelli

I've been talking about SDN and OpenFlow for a while. It is slowly becoming a reality. This article is one of the warning signs: Here's What Happened When Cisco Lost A $1 Billion Deal With Amazon Let me put the financial impact into more down-to-earth terms. How does Cisco make money? Well, you buy a switch or router and that's good. Then you buy more and that's good too. Then you grow so large that the routing table has gotten too big to be calculated by the CPU/RAM on all the old equipment. Therefore to buy the next device you also have to buy upgrades for all previous devices.

Close-In Surveillance Using Your Phone's Wi-Fi

Posted By Bruce Schneier

This article talks about applications in retail, but the possibilities are endless. Every smartphone these days comes equipped with a WiFi card. When the card is on and looking for networks to join, it's detectable by local routers. In your home, the router connects to your device, and then voila ­ you have the Internet on your phone. But in...