Blog Archive: December 2013

Olympus Viewer upgrade

Posted By Greg Lehey

Olympus have brought out an update to Viewer 3, their aptly named image processing software. Version 1.3, they say. Or maybe 1.2, depending on where you look. I've had trouble with Viewer in the past, so I took my time installing it, first saving the complete directory hierarchy of the previous installation, including the all-important help file (in German). Then I tried the automatic update from Viewer itself: Not the first time I've seen that incorrect claim. So I went to the web site and downloaded it again.

GotW #7c: Minimizing Compile-Time Dependencies, Part 3

Posted By Herb Sutter

Now the unnecessary headers have been removed, and avoidable dependencies on the internals of the class have been eliminated. Is there any further decoupling that can be done? The answer takes us back to basic principles of solid class design.   Problem JG Question 1. What is the tightest coupling you can express in C++? … … Continue reading →

GotW #7b Solution: Minimizing Compile-Time Dependencies, Part 2

Posted By Herb Sutter

Now that the unnecessary headers have been removed, it’s time for Phase 2: How can you limit dependencies on the internals of a class?   Problem JG Questions 1. What does private mean for a class member in C++? 2. Why does changing the private members of a type cause a recompilation? Guru Question 3. … … Continue reading →

January LOPSA NJ Chapter Meeting Announcement

Posted By Tom Limoncelli

The January speaker will be Tom Limoncelli on the topic of encouraging technical leadership within your team. LOPSA-NJ Thursday January 2, 2014 7PM Topic: Heroes of Technical Leadership Speaker: Thomas A. Limoncelli, Stack Exchange Date: Thursday, January 2, 2014 Time: 7:00pm (social), 7:30pm (discussion) Location: Lawrenceville, NJ (near Princeton) Pizza and Soda being brought to you by: INetU Please RSVP at http://www.lopsanj.org/rsvp Remember in October when Tom did a draft of his keynote talk from SpiceWorks? Thanks to the feedback it was completely rewritten. Come see what Tom actually presented at the SpiceWorks conference: A good system administrator does their job.

More about the NSA's Tailored Access Operations Unit

Posted By Bruce Schneier

Der Spiegel has a good article on the NSA's Tailored Access Operations unit: basically, its hackers. The article also has more details on how QUANTUM -- particularly, QUANTUMINSERT -- works. Another article discusses the various tools TAO has at its disposal. A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its...

When Free Software Isnt Better Talk

Posted By Benjamin Mako Hill

In late October, the FSF posted this video of a talk called When Free Software Isn’t (Practically) Better that I gave at LibrePlanet earlier in the year. I noticed it was public when, out of the blue, I started getting both a bunch of positive feedback about the talk as well as many people pointing […]

pkgNG in practice

Posted By Greg Lehey

One of the new things in FreeBSD 10 is the new package system. You should be able to just install all packages from a central repository. That was a long time coming after a security scare some time ago, but it's supposed to be there now, so I tried it out. The first thing is that the base system comes with a dummy program pkg(8), which was just clever enough to locate the current version of pkg on the web and install it. After that, tried installing bash, which first installed a repository based on the information in /etc/pkg/FreeBSD.conf, and then the shell.

How not to install FreeBSD

Posted By Greg Lehey

Once again, I've been dragging my heels updating my machine. And now FreeBSD release 10 is well on its way. So I installed it on a VM a few days ago, and today I finally got round to installing it on a real machine. How do you do that? I did it by copying the disk image from the VM to a file on eureka, starting a test box with the destination system disk as a second disk, repartitioning the disk and copying the image across. In the process, I changed the partitioning scheme from MBR to GPT. Finished copy, started the new system, and I got the old release 9.1 image!

Joseph Stiglitz on Trust

Posted By Bruce Schneier

Joseph Stiglitz has an excellent essay on the value of trust, and the lack of it in today's society. Trust is what makes contracts, plans and everyday transactions possible; it facilitates the democratic process, from voting to law creation, and is necessary for social stability. It is essential for our lives. It is trust, more than money, that makes the...

Avoiding the "cost center" mentality.

Posted By Tom Limoncelli

CIO Magazine 2013 State of the CIO Survey lists five stages of an IT organization from a business stakeholders' view: Cost center Service Provider IT Partner Business Peer Business Game Changer I don't think an IT department needs to start at one phase and work their way forward. However, I do think this list exemplifies the categories of IT organizations I've dealt with. If you think about the book "The Phoenix Project", it really is about how to leap ahead to be the last (best) category. I think that many people don't even know that anything other than "cost center" is a possibility.

Telstra: we never forget

Posted By Greg Lehey

I rant about Telstra so often that it's getting boring. But finally they've got round to informing me that the National Broadband Network is available in my area. Or have they? Not quite: Clifford Taylor? In Kliens Road? Yes, we bought the house from Cliff Taylor. But that was over 6½ years ago. How can they make such a mess of their data? It's not the first case: five years ago they revived not the previous owner, but the one before that, who had left the house in 1996.

Friday Squid Blogging: Kim Jong Un Tours Frozen Squid Factory

Posted By Bruce Schneier

Frozen squid makes him happy. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Good Books about Bad Places

Posted By Tim Bray

Christmas was populated as usual with family and food and happiness but this year I was stealing time from them (often sleep time) to read The Orphan Masters Son. The books an explosion of pain and craziness and love and strange, strange flavors, views from angles few could imagine at a place nobody reading it will likely  thank goodness  ever see. It dwells amid the horror of the Kim dynastys dystopic North Korea; which in my case is a little weird, because the only other book thats hit me this hard in recent years is Dogs at the Perimeter (more here), rooted in the Khmer Rouge Year Zero ravaging of Cambodias luckless people.

House design software, try 1

Posted By Greg Lehey

It would be nice to have some way of simulating the appearance of our new house in software. Nearly 15 years ago I bought some software for this sort of thing: 3D Home Architect by Brøderbund, for Microsoft of course and with dimensions firmly anchored in the non-metric past. Still, it wasn't bad and ran acceptably on the hardware of the day. But clearly time has moved on, and there should be better stuff available now. But what? Found an online design program that camedon't they allwith no documentation, and with a menu system that I can't interpret. About the only documentation appears to be a selection of video clips, something that I can't make friends with.

Monitoring network traffic

Posted By Greg Lehey

Now that I'm connected to the National Broadband Network, life should be so simple. But that assumes that I'm so simple. Firstly I still haven't got my head around the finer details of TCP flow control, in particular configuring it for FreeBSD, and secondly I no longer have a program that shows me how much traffic is going across the link. With HSPA I used a heavily hacked version of Edwin Groothuis' e169-stats, to be found on FreeBSD boxen at /usr/ports/net/. It keeps track of the traffic over an HSPA link. And what is there for real networks? Lots of different programs, of course, so many that it makes your head smoke.

Operation Vula

Posted By Bruce Schneier

"Talking to Vula" is the story of a 1980s secret communications channel between black South African leaders and others living in exile in the UK. The system used encrypted text encoded into DTMF "touch tones" and transmitted from pay phones. Our next project was one that led to the breakthrough we had been waiting for. We had received a request,...

Christmas Comic

Posted By Bruce Schneier

Amusing....

BUGS Christmas dinner

Posted By Greg Lehey

It's been nearly 4 years since the last BUGS barbecue. On that occasion, along with many others, we had five other active members of the #bugs IRC channel: Sue Blake (unixhag), Callum Gibson (callum), Edwin Groothuis (Mavvie) and Jashank (jashank) and Peter (AlephNull) Jeremy. Today we had 2: Chris Bahlo (fenix, present at the last, but as observer) and Jari Kirma (kirma). And then Jamie Fraser (fwaggle) announced an interest in meeting Jari, so off he set at 18:00 for an 80 km drive to arrive at 19:00and made it only a couple of minutes late. So in the end we had four BUGS people for dinner: It was also interesting because it's the first time any of us had met fwaggle, though you could be excused for getting the impression that ...

DHCP configuration isses

Posted By Greg Lehey

The first thing Jari needed was a connection to the Internet, of course. Since the National Broadband Network that's not a general problem, and I had already configured and SIGHUPped my DHCP server. But he had problems connecting, from my view not helped by the fact that his laptop runs MacOS X rather than FreeBSD. After a lot of messing around, discovered the cause: Dec 24 12:27:14 eureka dhcpd: DHCPDISCOVER from b8:f6:b1:18:2c:c9 via re0: network 192.109.197.0/24: no free leases But there was only one lease, and I had configured dozens of addresses.

Report on Syrian Malware

Posted By Bruce Schneier

Fascinating report from Citizen Lab on the use of malware in the current Syrian conflict (EFF summary and Wired article)....

Tracking flights

Posted By Greg Lehey

Now that I have a reasonable network connection, I can use services like flightradar24 without timeouts. Today was the perfect opportunity: Jari Kirma, whom I met in Helsinki 8 years ago, decided on Saturday to come to Australia for 5 days over Christmas (in addition to 2½ days in the air). Tracking was interesting: we could see him taking off on the last leg from Hong Kong, but then he disappeared over the South China Sea. He popped up a couple of times, over the Phillipines and the North of Australia, but disappeared somewhere in the Back of Bourke. Clearly this is indicative of radar coverage, but the site itself gave no explanation.

Updated Lampson's Hints for Computer Systems Design

Posted By Werner Vogels

This year I have not been able to publish many back-to-basics readings, so I will not close the year with a recap of those. Instead I have a video of a wonderful presentation by Butler Lampson where he talks about the learnings of the past decades that helped him to update his excellent 1983 “Hints for computer system design”.

More Things About TV

Posted By Tim Bray

Wow, when I asked Is 4K BS? three days before Christmas, I didnt expect much of a reaction, but is that little piece ever popular. A bunch of useful follow-ons appeared in the comments and on G+ and Twitter, so here they are. Never mind 4K, lots of 1080p screens are already being wasted because overaggressive or poorly-implemented upstream compression by the broadcasters. I really notice this on live sports. Some Sunday, when there are 3 or 4 different NFL games on, switch between them and if your sources are like mine, some will have way better pictures than others.

Updated Lampson's Hints for Computer Systems Design

Posted By Werner Vogels

This year I have not been able to publish many back-to-basics readings, so I will not close the year with a recap of those. Instead I have a video of a wonderful presentation by Butler Lampson where he talks about the learnings of the past decades that helped him to update his excellent 1983 "Hints for computer system design". The presentation was part of the Heidelberg Laureate Forum helt in September of this year. At the Forum many of the Abel, Fields and Turing Laureates held presentations. Our most famous computer scientists like Fernando Carbato, Stephen Cook, Edward Feigenbaum, Juris Hartmanis, John Hopcroft, Alan Kay, Vinton Cerf, etc.

Christmastime daddy-daughter podcast with Poesy

Posted By Cory Doctorow

Every year, there's a day or two between the date that my daughter's school shuts and the day that my wife's office shuts for Christmas holidays. Those are the official seasonal mid-week daddy-daughter days, and for the past two years, my daughter and I have gone to my office to record a podcast. Last year's … [Read more]

Lawful Interception 04

Posted By Cory Doctorow

Here's part four of a reading of my novella Lawful Interception, a sequel, of sorts, to Little Brother and Homeland. In addition to the free online read, you can buy this as an ebook single (DRM-free, of course!) (Image: Yuko Shimizu) Mastering by John Taylor Williams: [email protected] John Taylor Williams is a audiovisual and multimedia … [Read more]

NSA Spying: Who Do You Believe?

Posted By Bruce Schneier

On Friday, Reuters reported that RSA entered a secret contract to make DUAL_EC_PRNG the default random number generator in the BSAFE toolkit. DUA_EC_PRNG is now known to be back-doored by the NSA. Yesterday, RSA denied it: Recent press coverage has asserted that RSA entered into a secret contract with the NSA to incorporate a known flawed random number generator into...

Scaling Windows

Posted By Greg Lehey

My TCP traces across the National Broadband Network show that window scaling doesn't occur. Why not? A check of my system showed that the sysctl net.inet.tcp.rfc1323 was set to 0 (disable). But even after I enabled it, it didn't scale. More investigation needed, but I didn't have time today. ACM only downloads articles once. It's possible that this article has changed since being downloaded, but the only way you can find out is by looking at the original article.

Is 4K BS?

Posted By Tim Bray

I hear that Sony & friends are going to start telling us that our HDTVs arent good enough and we all need to upgrade to 4K (which is twice the dimensions and 4 times the pixels of 1080p). NBC news says the experts are unconvinced, and quotes one of them, retina scientist, photographer, and blogger Bryan Jones. I thought Id do the numbers and yeah, I think its probably BS. In Jones widely-quoted piece Apple Retina Display, he argues that the literature shows the human eye has an angular resolution of about an arcminute (1/60 degree). So, sitting in front of an NFL game, it occurred to me to wonder how far apart, in arcminutes, the pixels in my TV are.

SkyMesh network speed

Posted By Greg Lehey

So now I finally have two functional connections via the National Broadband Network. How do they compare in speed? I haven't been overly happy with Exetel's performance, so this was of particular interest.

SkyMesh outage, day 3

Posted By Greg Lehey

For the past couple of days I've been running a couple of tcpdump processes on my laptop eucla, connected directly to the SkyMesh port of the National Broadband Network NTD. One traced all traffic, while another traced traffic that didn't relate to the local interface. I checked from time to time: the former showed dhclient try repeatedly to get an address, and no reply arriving. And then, round 11:09, I got a call from Kear of SkyMesh technical support. He suddenly found life in the link: 11:11:49.837739 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 48:f8:b3:b5:04:7b (oui Unknown), length 300 11:11:50.571587 IP ntp.skymesh.net.au.bootps > 181-209-181-180.cpe.skymesh.net.au.bootpc: BOOTP/DHCP, Reply, length 300 11:11:52.580733 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 48:f8:b3:b5:04:7b (oui Unknown), length 300 11:11:52.726601 IP 1-208-181-180.cpe.skymesh.net.au.bootps > 181-209-181-180.cpe.skymesh.net.au.bootpc: BOOTP/DHCP, Reply, length 300 11:11:52.731440 ARP, Request who-has 181-209-181-180.cpe.skymesh.net.au tell 1-208-181-180.cpe.skymesh.net.au, length 46 11:11:52.790918 ARP, ...

What Are Handsets For?

Posted By Tim Bray

I got a Nexus 5 from Google for Christmas; it replaces an old Nexus S used as a dumbphone. But in some ways I was happier with the S, even though the 5 is way more capable. Im thinking (once again) that Size Matters. Once again, you say? I have a special claim to the Size-Matters tech-blog territory. Back in 2009, I fell in love with the first 7" device, the original Galaxy Tab, and wrote a mega-review, then really drilled into the device-size trade-offs with Ten Theses on Tablets , then hammered on the issue some more in my Nexus 7 review.

Midwinter Veg Sauté

Posted By Tim Bray

I invented this dish this evening and everyone liked it; a hearty and fairly-healthy comfort-food vegetable dish. Ingredients Two medium-sized leeks Two pretty-big carrots One fat parsnip Quite a bit of butter Hard Italian cheese to grate Almond meal (I went looking in the pantry for breadcrumbs and came up empty but ran across this; I think breadcrumbs would have worked just fine.) Garlic salt Method Peel the carrots and parsnip then chop them up pretty small, small enough to stir-fry. Melt some butter in a cast-iron frying pan, hot enough that the butter is bubbling but not smoking, toss in the carrots and parsnips and stir them around until theyre fairly buttery.

Still more network pain!

Posted By Greg Lehey

Somehow networks just don't like me at the moment. Today cvr2 fell off the LAN again. More searching and finally found the problem: the cable between cvr2 and the switch in Yvonne's office. It goes under the house, and years ago I put it in and terminated it myself, apparently badly. The correct solution would be to try again, but I don't know if I ever want to put a CAT-5 cable together again. The new house will have Ethernet and fibre connections in every room. In the meantime, I put Yet Another cable over the floor. ACM only downloads articles once.

Olympus networking in practice

Posted By Greg Lehey

I'm in the process of finalizing our web Christmas card for this year, and once again I've taken a photo of Yvonne, myself and as many animals as we can fit in the picture. Last year I took the photos using the infrared remote control, which has the disadvantage that it's hard to hide: Now I have this 802.11 link between the camera and a tablet (but not a network: it refuses to connect with any other networking equipment except a phone), and OI.Share, the app that connects with the camera.

Looking for SkyMesh support

Posted By Greg Lehey

As promised, got a call from Dean at SkyMesh support today to do Level 1 fault analysis. Basically this required showing the IP addresses of the interfaces and the contents of the ARP cache. I explained to him that there was no traffic whatsoever, and that the only MAC addresses were of my own interface, but he didn't seem to understand. But that was all the information he wanted, and he hadn't even bothered to report that I was receiving no traffic at all, which clearly made his other questions meaningless. Another waste of time. And so far a 24 out of 24 hour outage.

2013 Capsicum year in review

Posted By Robert N. M. Watson

It’s been a busy year for Capsicum, practical capabilities for UNIX, so a year-end update seemed in order: The FreeBSD Foundation and Google jointly funded a Capsicum Integration Project that took place throughout 2013 — described by Foundation project technical director Ed Maste in a recent blog article. Pawel Jakub Dawidek refined several Capsicum APIs, improving [...]

Friday Squid Blogging: "What Does the Squid Say?"

Posted By Bruce Schneier

Minecraft parody. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Yes, I'm Leaving BT

Posted By Bruce Schneier

The Register reported that I am leaving BT at the end of the year. It quoted BT as saying: We hired Bruce because of his thought leadership in security and as part of our acquisition of Counterpane. We have agreed to part ways as we felt our relationship had run its course and come to a natural end. It has...

Eben Moglen and I Talk about the NSA

Posted By Bruce Schneier

Last week, Eben Moglen and I had a conversation about NSA surveillance. Audio and video are online....

SkyMesh: All your networks are belong to us

Posted By Greg Lehey

I signed up with SkyMesh a couple of days ago, and they had promised to send me details of how to connect to their National Broadband Network service. But nothing came. Then today the hardware arrived: a CiscoLinksys EA2700 router and SPA112 ATA. Also a welcome sheet giving me user names and passwords for the router, and network name and password for the 802.11 wireless network, and a second sheet with a picture of a fibre NTD, which looks quite different from a fixed wireless NTD, and instructions how to interconnect things: And that's all!

Exetel: support? What's that?

Posted By Greg Lehey

Now that the National Broadband Network connection is up and running, it's time to terminate my contract with Internode and update my private web pages with ISP contact information. I had most of the information for Exetel, but not the email address for technical support. Finally stumbled across this page, which offered to answer my questions. Clearly not one that it expected: Later I found out that they do, in fact, have a help desk page where you can log faults. But that wasn't visible from my search.

T-Mobile Fired Me

Posted By Tim Bray

I like using the Internet while I visit the United States, which I do often. T-Mobile used to offer a service that worked well for people like me; I was a cheerful customer, but now theyve told me to go away. It used to work like this: Youd visit a US T-Mobile store once, get a pay-as-you-go account, and fill it up online before you visited. The pricing was irritatingly different for tablets and phones, but reasonable either way. But they changed their web site so I can no longer use my Canadian credit card: The form that you enter that on requires a US State and Zip code.

Acoustic Cryptanalysis

Posted By Bruce Schneier

This is neat: Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be...

Network problems, part 2

Posted By Greg Lehey

The National Broadband Network connection wasn't the only network problem I've been having recently. A couple of times recently I have lost connections to cvr2, my TV recording computer. That almost certainly relates to a dubious switch in Yvonne's office, so I changed that. Then I tried to move a recording from cvr2 to teevee, the TV computer in the lounge room. The transfer rates were terrible! In fact, they were slower than the NBN connection, only round 480 kB/s. Now my network topology has just growed, and it's somewhat baroque. From cvr2 the data goes to the switch I had just replaced, and then to the 100 Mb/s switch in my office, thence into a power line adapter to the lounge room, and then through an 802.11 access point to teevee.

Network problems, part 1

Posted By Greg Lehey

I'm still wondering where the problems are with my network throughput. My Speedtest results are not quite consistentof coursebut they're always far short of the 25 Mb/s downlink speed that I'm paying for. On IRC, Andy Snow suggested using axel to test download speeds. Why? Because TCP has throughput limitations, depending on the window size. OK, possibly that's an issue, so I tried it, downloading a 100 MB file. Here the results (octopus.com.au is Andy's domain): === grog@eureka (/dev/pts/11) /var/tmp 27 -> axel -n 10 -a http://octopus.com.au/speedtest100mb.bin Downloaded 99.3 megabytes in 1:56 seconds.

Tor User Identified by FBI

Posted By Bruce Schneier

Eldo Kim sent an e-mail bomb threat to Harvard so he could skip a final exam. (It's just a coincidence that I was on the Harvard campus that day.) Even though he used an anonymous account and Tor, the FBI identified him. Reading the criminal complaint, it seems that the FBI got itself a list of Harvard users that accessed...

Closing

Posted By Ulrich Drepper

I will not use this blog anymore. Instead I am hosting one on my own server with a much simpler (self-written) platform. Use the RSS file here.

Telstra: we can do worse!

Posted By Greg Lehey

Over the years I've developed a healthy hatred of Telstra in all things networking, as I've documented here and here. But what I've seen in connection with the National Broadband Network installation in Dereel blows my mind. I commented on the first one, assuming that it was a contract issue. But no, the phone they cut off was supplied by a competitor! That sounds like it should be a criminal act. And as far as I can see, after 4 days, the phone is still cut off. And then Yvonne received a message from a friend: Updated to the NBN today and it will be installed on the 13/01/14.

Debugging Android networking

Posted By Greg Lehey

While in town, tried again to use my Android tablet on the phone network. Yes, I got a message saying that the phone was on the (which?) network, and my Access Point Name was correct. But, it seems, no Internet connection. What really annoys me is that there seems to be no way to debug these things. ACM only downloads articles once.

Network speed: what should I expect?

Posted By Greg Lehey

More playing around with Speedtest today. Clearly it's an approximate test at best, and for some reason it has decided that I'm in Cairns, nearly 3,000 km away, and so it appears to choose servers in Papua New Guinea, though I suppose they're really in northern Queensland. But even when I correct that and select local servers, the best downlink speed I have ever had was 14.73 Mb/s, and normally it's round 10 Mb/s. I've started to keep a statistics page to monitor the speeds. When SkyMesh provisions the connection, it'll be very interesting to see the difference. ACM only downloads articles once.

How does Bitcoin work?

Posted By Tom Limoncelli

A brilliant description. It's certainly the best explanation I've ever seen. For the first time I actually understood how it works.http://www.youtube.com/watch?v=Lx9zgZCMqXE

Security Vulnerabilities of Legacy Code

Posted By Bruce Schneier

An interesting research paper documents a "honeymoon effect" when it comes to software and vulnerabilities: attackers are more likely to find vulnerabilities in older and more familiar code. It's a few years old, but I haven't seen it before now. The paper is by Sandy Clark, Stefan Frei, Matt Blaze, and Jonathan Smith: "Familiarity Breeds Contempt: The Honeymoon Effect and...

Play Little Brother Jeopardy! online

Posted By Cory Doctorow

Don Liebold teaches High School English in Milwaukee, where he and his class read my novel Little Brother. He writes: "To celebrate finishing the book, we are playing Jeopardy tomorrow in class. Here is round 1, and here is round 2. Those are tough questions! I missed a couple!

Lawful Interception 03

Posted By Cory Doctorow

Here's part three of a reading of my novella Lawful Interception, a sequel, of sorts, to Little Brother and Homeland. In addition to the free online read, you can buy this as an ebook single (DRM-free, of course!) (Image: Yuko Shimizu) Mastering by John Taylor Williams: [email protected] John Taylor Williams is a audiovisual and multimedia … [Read more]

More Android networking

Posted By Greg Lehey

So why did my Android tablet not connect yesterday? How do I even configure it? Asked on IRC and got the startling instructions to go to settings/WIRELESS & NETWORKS/More.../Mobile network settings/Access Point Names. Access point names? What do access points have to do with mobile phones? Anyway, selected new APN, clearly an undocumented abbreviation meaning Access Point Name, and was asked for a whole lot of information. How to fill it out? Ask Internode support, I suppose. There I found a general setting page which hardly overlapped at all with the display on the Android: ...

Back with SkyMesh again?

Posted By Greg Lehey

It's been three years since SkyMesh terminated my satellite connection, thereby doing me a favour. And today, somewhat later than others, I got an offer from them to connect me to the NBN. More waste paper basket fodder? It's interesting enough to read what people offer, and this one was particularly interesting: no prices. In fact, I couldn't find their prices for NBN fixed wireless anywhere on their site. It seems they only got put up after my search: now they're here.

NBN connect via FreeBSD

Posted By Greg Lehey

I've had difficulties connecting to the NBN with FreeBSD: the FreeBSD PPPoE implementation violates RFC 2516. Took at look at the code (/usr/src/sys/netgraph/ng_pppoe.c), which didn't show any obvious bug. Here round line 1462, where we're building the PADR:          insert_tag(sp, utag);           /* Host Unique */          if ((tag = get_tag(ph, PTT_AC_COOKIE)))                  insert_tag(sp, tag);    /* return cookie */          if ((tag = get_tag(ph, PTT_AC_NAME))) {                  insert_tag(sp, tag);    /* return it */                  send_acname(sp, tag);          }          insert_tag(sp, ...

MyNetFone: only one connection after all

Posted By Greg Lehey

I had been rather surprised yesterday to discover that I could register my Android tablet with MyNetFone while my ATA was still registered. Today I discovered the truth: yes, the SIP LED was still lit on the ATA, but nobody was home. I had to stop the VoIP application on the tablet, and also power cycle the ATA, before I could use it again. This isn't a bug, of course: it's only one line. But it is a feature. Now when I go anywhere I can turn off the ATA and take my home phone number with me. No need for two phone numbers, no need for redirection.

Hello world!

Posted By Robert V. Binder

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

Attacking Online Poker Players

Posted By Bruce Schneier

This story is about how at least two professional online poker players had their hotel rooms broken into and their computers infected with malware. I agree with the conclusion: So, what's the moral of the story? If you have a laptop that is used to move large amounts of money, take good care of it. Lock the keyboard when you...

VoIP over Android

Posted By Greg Lehey

Finally VoIP is working at home. Why shouldn't it work on an Android tablet as well? Did some looking round and came up with Zoiper, which installed. And the service provider? In principle MyNetFone SuperSaver is free but for the calls, so it would make sense to sign up for a second account. But they wanted $20 for bring your own hardware. Not something I want to do for a test. Tried registering with the same account number, and to my surprise it worked, and the VoIP adapter still showed that it was registered too. That's strange. Anyway, it worked, so when we were in Ballarat, I tried it with the Internode SIM card.

Photo processing software changes

Posted By Greg Lehey

The new Olympus OM-D E-M1 also requires changes to my photo processing. Since DxO Optics Pro no longer supports my lens combinations, I have to use Olympus Viewer to convert the raw images to TIFF. I then (currently) use DxO to apply other corrections, but it's clear that once I don't have lens corrections, DxO doesn't have much to offer. Viewer is a pain! It seems to continually reset the options I have set, including the paths to where I want to save the image. I think I'll have to give up and make its choice of path a symlink to where I really want the images.

Debugging the PPPoE connection

Posted By Greg Lehey

Finally got round to looking at the PPPoE connection problems from a couple of days ago. Not a good advertisement for FreeBSD: it is in violation of RFC 2516. Here the view from wireshark: The session starts with eureka sending out a PADI broadcast. Interestingly, it gets two PADOs in reply. That's explicitly allowed by the RFC, but I hadn't expected it. It then sends a PADR to the first one, and gets a confirmatory PADS. That's all that PPPoE needs, and the rest goes on with the PPP LCP.

Content-free

Posted By Tim Bray

Im thinking about successful new communication channels, and how we talk about whats in them. On Twitter, we say tweets. In the blogosphere and on Facebook, posts; also rants, reviews, and flames. Facebook has likes and now everything has links. But I note the entire absence of content; the word, I mean. Yay! Ive loathed it ever since its first powerpoint-pitch appearance, meaning shit we dont actually care about but will attract eyeballs and make people click on ads. Except for they dont say people, they say users, a symptom of another attitude problem. With every year that passes, its increasingly clear that the appearance of content in any business plan is a symptom of (likely fatal) infection by cluelessness; and a good predictor of failure.

Streaming Internet video

Posted By Greg Lehey

So now we have a real Internet connection, we can get films and other TV programmes off the web, right? Well, yes, but how? Looking at YouTube, the films on offer are old and boring. And today to start things off, I wanted to find something as a surprise for Yvonne: Et la Tendresse... Bordel !, a reminder of her days in France. No difficulty finding it: as usual, Google is your friend. But then? The links promised free downloads. Are they legal? I still don't know, but since some of them do it quickly for money or slowly for free, I'm guessing yes.

Understanding the NBN

Posted By Greg Lehey

I'm not the only person who has connected to the National Broadband Network, of course, and there was a lot of discussion on the Dereel Facebook page today. It's amazing how many people have chosen Telstra as an ISP. And already Telstra's bureaucracy has claimed at least one victim: swapped their current Internet line for NBN and had their phone disconnected. How could that happen? Presumably the phone was on the same contract as the Internet service, and nobody bothered to tell them. Spent some time on Facebook answering questions, but Facebook is such a pain, so I put together a web page with general information.

Friday Squid Blogging: Squid Bow Tie

Posted By Bruce Schneier

Snappy-looking bow tie. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

President Obama and the Intelligence Community

Posted By Bruce Schneier

Really good article from the New Yorker....

World War II Anecdote about Trust and Security

Posted By Bruce Schneier

This is an interesting story from World War II about trust: Jones notes that the Germans doubted their system because they knew the British could radio false orders to the German bombers with no trouble. As Jones recalls, "In fact we did not do this, but it seemed such an easy countermeasure that the German crews thought that we might,...

NBN performance

Posted By Greg Lehey

So now I have a network link with 25 Mb/s down and 5 Mb/s up. How much of this am I really getting? Not very much, it seems. Repeated test with speedtest suggest about 8Mb/s down and 4 Mb/s up. Is that NBN or Exetel? To be observed. ACM only downloads articles once. It's possible that this article has changed since being downloaded, but the only way you can find out is by looking at the original article.

Configuring for NBN

Posted By Greg Lehey

That wasn't the end of the story, of course. I really wanted to run PPPoE from eureka, my main FreeBSD machine. And that didn't go as smoothly. Reading the logs didn't make much sense to me, so I put if off until later. And now we can use VoIP normally! Turned the adapter (a NetComm V210p) back on, but it didn't register. Why? While messing around, realized that I was still connected via the Internode link, so whatever the problem was, it had nothing to do with the NBN. Played around with various settings, at one point setting NAT to on.

NBNFinally!

Posted By Greg Lehey

Today was the day scheduled for the installation of my connection to the National Broadband Network. They had given a time window between 8:00 and 12:00 to perform the installation, so I was up and about by 7:30, walking around like a tiger in a cage. No sign of them at 8:00, of course. That's to be expected. No sign at 9:00. Well, they could be late. No sign at 10:00. How long are they going to be? Were they given the wrong phone number? As Andy Snow put it: PID USERNAME  PRI NICE   SIZE    RES STATE   C    TIME   WCPU COMMAND 612 nbnco      44    0 98268K 44424K zombie  0 1367:16 99.95% install --location dereel Round 10:30 I finally said Where's the bloody NBN?.

How the NSA Tracks Mobile Phone Data

Posted By Bruce Schneier

Last week the Washington Post reported on how the NSA tracks mobile phones world-wide, and this week they followed up with source documents and more detail. Barton Gellman and Ashkan Soltani are doing some fantastic reporting on the Snowden NSA documents. I hope to be able to do the same again, once Pierre Omidyar's media venture gets up and running....

NSA Tracks People Using Google Cookies

Posted By Bruce Schneier

The Washington Post has a detailed article on how the NSA uses cookie data to track individuals. The EFF also has a good post on this. I have been writing and saying that government surveillance largely piggy backs on corporate capabilities, and this is an example of that. The NSA doesn't need the cooperation of any Internet company to use...

Taking DynamoDB beyond Key-Value: Now with Faster, More Flexible, More Powerful Query Capabilities

Posted By Werner Vogels

We launched DynamoDB last year to address the need for a cloud database that provides seamless scalability, irrespective of whether you are doing ten transactions or ten million transactions, while providing rock solid durability and availability. Our vision from the day we conceived DynamoDB was to fulfil this need without limiting the query functionality that people have come to expect from a database.

Taking DynamoDB beyond Key-Value: Now with Faster, More Flexible, More Powerful Query Capabilities

Posted By Werner Vogels

We launched DynamoDB last year to address the need for a cloud database that provides seamless scalability, irrespective of whether you are doing ten transactions or ten million transactions, while providing rock solid durability and availability. Our vision from the day we conceived DynamoDB was to fulfil this need without limiting the query functionality that people have come to expect from a database. However, we also knew that building a distributed database that has unlimited scale and maintains predictably high performance while providing rich and flexible query capabilities, is one of the hardest problems in database development, and will take a lot of effort and invention from our team of distributed database engineers to solve.

NBN installation failures

Posted By Greg Lehey

Tomorrow's the Big Day when I get connected to the National Broadband Networkmaybe. It seems that the coverage maps are a best-case scenario. Spent a while setting up a Google Map showing installation locations. Now I just need to get people to add their locations and state whether it was a success or a failure. ACM only downloads articles once.

The Birth of Standard Error

Posted By Diomidis D. Spinellis

Earlier today Stephen Johnson, in a mailing list run by the The Unix Heritage Society , described the birth of the standard error concept: the idea that a program's error output is sent on a channel different from that of its normal output. Over the past forty years, all major operating systems and language libraries have embraced this concept.

Preparing for NBN

Posted By Greg Lehey

The first NBN installations took place in Dereel today. There were reportsas expectedof superb throughput, but not all were successful: two installations, in Browns Road and Golden Reef Road, had to be aborted because of lack of signal. Browns Road I can understand, but Golden Reef Road is almost in the middle of Dereel. If they have problems there, some designer hasn't done his homework properly. My installation is on Thursday. What do I need to do to make things work? One is to find a place to put the network termination device (officially NTD, but which they call a connection box in their end-user documentation).

Little Brother stageplay now available for local performances

Posted By Cory Doctorow

Josh Costello is the playwright who created the award-winning, sold-out stage adaptation of my novel Little Brother. Now, he writes, "The stage adaptation of Cory's novel Little Brother was a big hit in San Francisco in 2012, and the script is now available for licensing. Want to see Little Brother on stage in your city? … [Read more]

NSA Spying on Online Gaming Worlds

Posted By Bruce Schneier

The NSA is spying on chats in World of Warcraft and other games. There's lots of information -- and a good source document. While it's fun to joke about the NSA and elves and dwarves from World of Warcraft, this kind of surveillance makes perfect sense. If, as Dan Geer has pointed out, your assigned mission is to ensure that...

Coming to Edinburgh tomorrow night

Posted By Cory Doctorow

Tomorrow night, I'll be at Edinburgh's Pulp Fiction Books for a talk and signing! It's free to attend (but ticketed, due to limited space), and runs from 7PM to 8:30. Hope to see you!

Peak indifference to surveillance

Posted By Cory Doctorow

In my latest Guardian column, I suggest that we have reached "peak indifference to spying," the turning point at which the number of people alarmed by surveillance will only grow. It's not the end of surveillance, it's not even the beginning of the end of surveillance, but it's the beginning of the beginning of the … [Read more]

Networking in the new house

Posted By Greg Lehey

It's only 3 days until the NBN installer arrives and hopefully connects me up. And in only a few months we will move home. What happens to my NBN connection? Called up the NBN and spoke to Chloë, who didn't quite seem to understand the issue. But yes, there is enough bandwidth available to service everybody in the rollout area (marked in purple), currently very much including Stones Road: ACM only downloads articles once.

Feuerzangenbowle

Posted By Tim Bray

I looked it up: A traditional German alcoholic drink for which a rum-soaked sugarloaf is set on fire and drips into mulled wine. It was a tasty treat, on offer at Vancouvers Christmas Market, which was a treat for the eyes, so I took pictures. There were little kids singing carols: Cute overload! There were Croatian dancers and an old-fashioned merry-go-round, and lots of booths selling bright things. Some of the decorations were worth zooming in on. Ive been to real Christmas Markets, in Würzburg and Antwerp, and theyre good fun.

Surveillance and the Media

Posted By Tim Bray

As I write this Im angry at the CBC, Canadas national broadcaster, for their shoddy, shallow coverage of reformgovernmentsurveillance.com (lets say RGS for short). But the trap they fell into is probably attractive to many flavors of media. The 6PM news report opened with a few seconds of Zuckerberg saying he thought the government was blowing it in this space, then another few words from Zoe Lofgren talking about the NSA putting American business at a disadvantage. (Do ya think?!) Then there was a sudden 180° shift into hard polemics, with a snotty British professor opining that it was all the companies fault because they were sucking up the information, and the NSA wouldnt come after it if the companies werent collecting it, would they?

Lawful Interception 02

Posted By Cory Doctorow

Here's part two of a reading of my novella Lawful Interception, a sequel, of sorts, to Little Brother and Homeland. In addition to the free online read, you can buy this as an ebook single (DRM-free, of course!) (Image: Yuko Shimizu) Mastering by John Taylor Williams: [email protected] John Taylor Williams is a audiovisual and multimedia … [Read more]

Grace Hopper on Letterman, 1986

Posted By Herb Sutter

Google’s doodle today reminded me of Grace Hopper’s amazing contributions. I enjoyed this 10-minute video, and you might as well: Grace Hopper on Letterman in 1986 on the occasion of her (final) retirement. It’s not deep, but especially in the second half Amazing Grace demonstrates how to talk to a non-specialist audience. Good reminders for all of us who […]

Bitcoin Explanation

Posted By Bruce Schneier

This is the best explanation of the Bitcoin protocol that I have read....

Today I applied to get my LOPSA LPR

Posted By Tom Limoncelli

https://lopsa.org/LPR You should too. The LOPSA Professional Recognition Program (LPR) is not a certification. It is a recognition that the person in question met or exceeded the standards for professional practice. In particular, it certifies that the person has agreed to abide by the LOPSA Code of Ethics and works to keep their skills current in the last year. I've always been an advocate for some kind of program that would raise the bar among system administrators, encourage professionalism, and spread the word about the Code of Ethics. I'm glad to see LOPSA giving this a try and I think everyone should support it.

Microsoft photo software doesn't like me

Posted By Greg Lehey

I've already commented on the fact that DxO Optics Pro Elite doesn't recognize the Olympus E-M1. But it seems it just doesn't want to do it for me. It works fine for others. Why? There are lots of bugs in DxO, but the likeliest one I can think of is that it recognizes my email address as licensee for the standard edition, and even the trial version won't work properly in Elite mode. And then there's Olympus Viewer 3, which comes without documentation. But only for me, it seems. Others have a file OLYMPUSViewer3.chm with some kind of help text.

Still more E-M1 experience

Posted By Greg Lehey

More playing around with the Olympus OM-D E-M1 today. I was particularly concerned with the quality of the photos that I took yesterday, which seemed far too dark as processed by Olympus Viewer 3. Spent some time looking for documentation, but I've come to the conclusion that here, too, there is none: This was immediately after a fresh install. Searching the web found nothing. Searching the file system found only a README written one line per paragraph, something that even the Microsoft tools don't seem to be able to handle: It's hardly believable that people can provide software with no documentation at ...

Friday Squid Blogging: Hoax Squid-Like Creature

Posted By Bruce Schneier

The weird squid-like creature floating around Bristol Harbour is a hoax. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

New Book: Carry On

Posted By Bruce Schneier

I have a new book. It's Carry On: Sound Advice from Schneier on Security, and it's my second collection of essays. This book covers my writings from March 2008 to June 2013. (My first collection of essays, Schneier on Security, covered my writings from April 2002 to February 2008.) There's nothing in this book that hasn't been published before, and...

How to Ice the Testing BackBlob

Posted By Robert V. Binder

How Agile development is being eaten by the Testing BackBlob and what to do about it

Bruce Schneier Facts T-Shirts

Posted By Bruce Schneier

0-Day Clothing has taken 25 Bruce Schneier Facts and turned them into T-shirts just in time for Christmas....

The Frictionless Development Environment Scorecard

Posted By Diomidis D. Spinellis

The environment we work in as developers can make a tremendous difference on our productivity and well-being. Ive often seen myself get trapped in an unproductive setup through a combination of inertia, sloth, and entropy. Sometimes I put-off investing in new, better tools, at other times I avoid the work required to automate a time-consuming process, and, also, as time goes by, changes in my environment blunt the edge of my setup. I thus occasionally enter into a state where my productivity suffers death by a thousand cuts.

Telepathwords: A New Password Strength Estimator

Posted By Bruce Schneier

Telepathwords is a pretty clever research project that tries to evaluate password strength. It's different from normal strength meters, and I think better. Telepathwords tries to predict the next character of your passwords by using knowledge of: common passwords, such as those made public as a result of security breaches common phrases, such as those that appear frequently on web...

Reader Q&A: Book recommendations

Posted By Herb Sutter

Vigen Isayan emailed me today to ask: What book(s) you would recommend for learning 1. design patterns, and 2. concurrency programming. Off the top of my head: 1. For Design Patterns, the greatest is still the original “Gang of Four” Design Patterns book. The design patterns are mostly universal, and the implementations happen to focus on […]

Heartwave Biometric

Posted By Bruce Schneier

Here's a new biometric I know nothing about: The wristband relies on authenticating identity by matching the overall shape of the user's heartwave (captured via an electrocardiogram sensor). Unlike other biotech authentication methods -- like fingerprint scanning and iris-/facial-recognition tech -- the system doesn't require the user to authenticate every time they want to unlock something. Because it's a wearable...

Ask Slashdot: Application Security Non-existent, Boss Doesn't Care. What To Do?

Posted By Tom Limoncelli

I'm really sick and tired of Slashdot doing posts like this, but it isn't slashdots fault. It's our industry's fault. Here's the question: "I am a senior engineer and software architect at a fortune 500 company and manage a brand (website + mobile apps) that is a household name for anyone with kids. This year we migrated to a new technology platform including server hosting and application framework. I was brought in towards the end of the migration and overall it's been a smooth transition from the users' perspective. However it's a security nightmare for sysadmins (which is all outsourced) and a ripe target for any hacker with minimal skills.

The Problem with EULAs

Posted By Bruce Schneier

Some apps are being distributed with secret Bitcoin-mining software embedded in them. Coins found are sent back to the app owners, of course. And to make it legal, it's part of the end-user license agreement (EULA): COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and...

Posted By Diomidis D. Spinellis

Paragraph for the RSS feed

LOPSA-East 2014: Call for Participation

Posted By Tom Limoncelli

[forwarded from Evan Pettrey, this year's LOPSA-East chair] Greetings! LOPSA-East is pleased to announce that we have released our Call for Participation for our 2014 conference. Everybody with a passion for technology and a willingness to share with others in our industry are encouraged to submit! Full details of the CFP can be found on our website at: http://lopsa-east.org/2014/ Important Dates: Deadline for all Submissions - Wednesday, January 22nd, 2014 (midnight EST) Decisions Sent to All Submitters - Monday, February 3rd, 2014 Schedule Published - Monday, February 10th, 2014 Registration Opens - Friday, February 14th, 2014 LOPSA-East '14 Conference - Friday, May 2nd - Saturday, May 3rd We look forward to seeing your submissions!

Evading Airport Security

Posted By Bruce Schneier

The news is reporting about Evan Booth, who builds weaponry out of items you can buy after airport security. It's clever stuff. It's not new, though. People have been explaining how to evade airport security for years. Back in 2006, I -- and others -- explained how to print your own boarding pass and evade the photo-ID check, a trick...

Keeping Track of All the Snowden Documents

Posted By Bruce Schneier

As more and more media outlets from all over the world continue to report on the Snowden documents, it's harder and harder to keep track of what has been released. The EFF, ACLU, and Cryptome are all trying. None of them is complete, I believe. Please post additions in the comments, and I will do my best to feed the...

Lawful Interception 01

Posted By Cory Doctorow

In this week's installment of my podcast, I break my long hiatus with the first part of a reading of my novella Lawful Interception, a sequel, of sorts, to Little Brother and Homeland. In addition to the free online read, you can buy this as an ebook single (DRM-free, of course!). If you grow up … [Read more]

Suddenly summer

Posted By Greg Lehey

It's summer! And the weather shows it: That's a big difference from the last two months, which were far cooler than the seasonal average: mysql> SELECT year(date), avg(outside_temp) FROM observations WHERE month(date) > 9   AND month(date) < 12 GROUP BY year(date); +------------+-------------------+ | year(date) | avg(outside_temp) | +------------+-------------------+ |       2009 |  17.5731496596709 | |       2010 |    14.36821202979 | |       2011 |  15.1622464410373 | |       2012 |  14.9027108163907 | |       2013 |  13.4479453197917 | +------------+-------------------+ And for some reason, weather station readings were very erraticat times over 30 minutes passed without a reading coming through.

Browser Safety Details

Posted By Tim Bray

Privacy on the Net isnt a binary on/off thing, its a continuum. Anything we can do to increase it is good; which includes handling corner cases. What happened was, during the last IETF, Paul Hoffman, an IETF veteran and friend, was staying in our spare room. We were sitting up talking about privacy, looking at a WordPress blog, and this weird thing happened: We typed in its address with https: at the front, and it showed up as locked/HTTPS in some browsers but not others. It took quite a bit of poking around to figure out. Whats actually happening First, wordpress.com is perfectly happy to accept secure HTTPS connections.

Tomorrow is Giving Tuesday: Here are the organizations I support (and you should too)

Posted By Tom Limoncelli

You know Black Friday and Cyber Monday... did you know that tomorrow (Dec 3) is "Giving Tuesday"? Many charities receive most of their donations in December as people rush to donate before the tax year is over. These donations determine if in 2014 they'll be able to grow or will they have to cut back. I'd like to highlight three charities that I think are having a huge impact on our world and encourage you to donate too: USENIX Annual Fund. You probably think of USENIX as the organization that hosts the LISA conference. It is so much more. However what I'd like to point out is that they are on the cutting edge of keeping academic publications "open access".

The TQP Patent

Posted By Bruce Schneier

One of the things I do is expert witness work in patent litigations. Often, it's defending companies against patent trolls. One of the patents I have worked on for several defendants is owned by a company called TQP Development. The patent owner claims that it covers SSL and RC4, which is does not. The patent owner claims that the patent...

Lawful Interception 01

Posted By Cory Doctorow

In this week's installment of my podcast, I break my long hiatus with the first part of a reading of my novella Lawful Interception, a sequel, of sorts, to Little Brother and Homeland. In addition to the free online read, you can buy this as an ebook single (DRM-free, of course!). If you grow up … [Read more]

How Antivirus Companies Handle State-Sponsored Malware

Posted By Bruce Schneier

Since we learned that the NSA has surreptitiously weakened Internet security so it could more easily eavesdrop, we've been wondering if it's done anything to antivirus products. Given that it engages in offensive cyberattacks -- and launches cyberweapons like Stuxnet and Flame -- it's reasonable to assume that it's asked antivirus companies to ignore its malware. (We know that antivirus...

Keeping EXIF data in a database

Posted By Greg Lehey

I have something like 100,000 distinct photos on my system, and with all copies in different sizes, data formats and qualities, it's over 500,000. How do I keep track of the EXIF data? Specifically at the moment I'm wondering which lenses I use the most, and at what focal lengths. Clearly l need to store the information in a database. That's so clear, in fact, that there must be software out there that does it. But a Google search didn't come up with anything very promising.

NBN installation, bad language and survey

Posted By Greg Lehey

Where do I put the network termination box for my NBN service? It's designed to be mounted on a wall inside the house, preferably close to a power point. We're going to be moving house in the foreseeable future, so it makes sense to consider where the new owner of the house would like to have it. Clearly it should be somewhere near the existing network infrastructure. That's mainly the south half of the house; my powerline network adapters that connect to the north are so flaky that they may not be as fast as the NBN downlink.