Blog Archive: April 2014

Tracking People from Smartphone Accelerometers

Posted By Bruce Schneier

It's been long known that individual analog devices have their own fingerprints. Decades ago, individual radio transmitters were identifiable and trackable. Now, researchers have found that accelerometers in smartphone are unique enough to be identifiable. The researchers focused specifically on the accelerometer, a sensor that tracks three-dimensional movements of the phone ­ essential for countless applications, including pedometers, sleep monitoring,...

Good Reads, April 2014

Posted By Tom Limoncelli

Heartbleed This month was really all about Heartbleed. A lot was written, but I'll highlight the 3 URLs worth reading. Heartbleed The site that broke the news to us all. What Heartbleed Can Teach The OSS Community About Marketing A problem with security is that it is difficult to explain. Here's a case study of doing it right. Please Put OpenSSL Out of Its Misery There was a big call for improving OpenSSL. Poul-Henning Kamp gives a blunt analysis. On a personal note... I think it's a shame OpenBSD's replacement can't be called OpenOpenSSL (literally... the license forbids forks from doing that).

The Quantified Toilet Hoax

Posted By Bruce Schneier

Good essay on the Quantified Toilet hoax, and the difference between public surveillance and private self-surveillance....

Cisco: top of my list of "difficult to upgrade" things

Posted By Tom Limoncelli

Heartbleed has reminded me what equipment and products I deal with that are difficult to upgrade. While most people think of DevOps as "rapidly deploying software that your coworkers wrote", it is really about creating a world where we are able to make changes... because change is required to experiment, and innovation requires experimentation... and that means being able to make changes. This includes not just in-house software releases, but all operational changes we do. This includes software and firmware releases we get from vendors. My new(-ish) job at StackExchange has me actually touching hardware instead of living in the virtualized, everything-is-done-for-you, world of Google.

Details of Apple's Fingerprint Recognition

Posted By Bruce Schneier

This is interesting: Touch ID takes a 88x88 500ppi scan of your finger and temporarily sends that data to a secure cache located near the RAM, after the data is vectorized and forwarded to the secure enclave located on the top left of the A7 near the M7 processor it is immediately discarded after processing. The fingerprint scanner uses subdermal...

Podcast: Internet service providers charging for premium access hold us all to ransom

Posted By Cory Doctorow

Here's a reading (MP3) of a my latest Guardian column, Internet service providers charging for premium access hold us all to ransom, which tries to make sense of the disastrous news that the Federal Communications Commission is contemplating rules to allow ISPs to demand bribes from publishers in exchange for letting you see the webpages … [Read more]

System migration, one small step

Posted By Greg Lehey

I've been gradually upgrading systems for several months now. Yvonne's machine is particularly down-rev: FreeBSD lagoon.lemis.com 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE #0: Mon May 31 16:22:12 CST 2010     [email protected]:/usr/obj/src/FreeBSD/svn/stable/8/sys/GENERIC  i386 One of the reasons I'm dragging my feet is because I don't want to find myself in a position on eureka where there's some show-stopper and I can't go back. So it makes sense to try upgrading Yvonne's machine first. OK, that's easy enough. Put a spare disk into my development machine, partition it, copy the root file system (which in my way of doing things includes /usr), then sync her /home directory across the net.

Advising Auth0

Posted By Tim Bray

You can find them at Auth0.com. As of now Im serving on their Advisory Board. Its not an actual job but yes, I do have a financial interest in their success, so you should take that into account when you read what I write. Why Auth0? Well, having spent a couple of years advocating back and forth between Google and the developer community around Identity issues, Ive become keenly aware of how under-served that community is. Modern identity tech is getting to the point where its irresponsible not to be deploying it; but the devil is in the details, and boy are there ever a lot of details.

A New Pencil-and-Paper Encryption Algorithm

Posted By Bruce Schneier

Handycipher is a new pencil-and-paper symmetric encryption algorithm. I'd bet a gazillion dollars that it's not secure, although I haven't done the cryptanalysis myself....

Gutting Net Neutrality also guts innovation, fairness and democracy

Posted By Cory Doctorow

My latest Guardian column, Internet service providers charging for premium access hold us all to ransom, explains what's at stake now that the FCC is prepared to let ISPs charge services for "premium" access to its subscribers. It's pretty much the worst Internet policy imaginable, an anti-innovation, anti-democratic, anti-justice hand-grenade lobbed by telcos who shout … [Read more]

New Fujifilm

Posted By Tim Bray

I just picked up a new Fujifilm X-T1. Its about the most-reviewed camera in recent history and theres very little I can add to that tsunami of words; so this is short. The pictures here were taken at a high-school-student written/directed/performed musical that my son was mixed up in. He can be spotted if you know what he looks like (hint: Not like me at all). I used the advanced technique of slapping the 35mm F/1.4 on the camera, setting everything on automatic, and pressing the shutter button. The X-T1 is great for this kind of thing; you can turn off the back screen and shoot with the eyepiece exclusively, so no glow-in-the-dark, and the shutter noise is silky, hardly audible.

The Library vs Frameworks Debate is Over

Posted By Terry Coatta

And nobody won. Its just that there isn't much of a difference any longer. One of the significant factors that differentiated a library from a framework was control flow. You called a library, it did something for you, and then gave you back a result. A framework, on the other hand, would call into your code when the framework decided it was necessary. And all the mechanism that was making that decision about when to call your code was 'hidden', making it harder to reason about your application as a whole. So there were a lot of arguments about whether frameworks were evil, etc.

Photo processing for Yvonne, 10 years on

Posted By Greg Lehey

Yvonne's new camera also opens opportunities for better processing, including distortion correction with DxO Optics Pro. But how do I explain it to her? Document it, of course. I've had a document on line for what proves to be well over 10 years, and times have changed. Surprisingly, it didn't take very long to write it, and Yvonne managed to use it without too many problems. The biggest issue I found was Microsoft: since it doesn't really understand the concept of users, files created on CIFS file systems belong to the user who mounted them (me) even when Yvonne is logged in, and so back in the Real World she can't modify the files.

Friday Squid Blogging: New Squid Exhibit at the Monterey Bay Aquarium.

Posted By Bruce Schneier

It's called "Tentacles." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

LOPSA-East: If you fly here, don't take the train.

Posted By Tom Limoncelli

The train station that is at Newark Airport is being repaired and is therefore shut down. The dates of this scheduled maintenance coincide exactly with the conference. Sigh. As a sysadmin, I appreciate the need for scheduled maintenance and appreciate that it was announced in advance. At least this isn't catching us by surprise. If you were planning on flying to Newark Airport, there are 3 ways you can get to the conference: The airport is supplying a shuttlebus to Newark Penn Station (NPS) (not to be confused with New YORK Penn Station). From there take the train. You can take a taxi all the way to the conference, which is expensive.

Blossoms

Posted By Tim Bray

Its spring. I have a garden, a camera, and a blog. What more need be said? This is our second year with this baby cherry tree. It has a scattering of blossoms; will there be fruit? Stay tuned. The tulips are just a bit past their peak, but still reward contemplation, the closer-up the better. Hm, Im not actually sure what this is and its actually not a wonderful picture, but I was charmed by the web. Of all the springy things each spring, the springiest is the fern eruption.

Getting the courage to do a lightning-talk (LOPSA-East)

Posted By Tom Limoncelli

LOPSA-East (and many conferences) have a session called "lightning-talks". This is where people do 5-minute talks. The talks range from technical to personal. It's invariably one of the most enjoyable sessions of the conference. You can generally sign up for a 5-minute slot usually right up until the session, though once the space is full it is full. If you have something to say but have been intimidated by the prospect of putting together a 45-minute talk, going through the whole proproposal process, and so on, this is a great way to get your feet wet. The audience is highly receptive to new ideas and new speakers.

Developing in the Cloud

Posted By Diomidis D. Spinellis

Running a top-notch software development organization used to be a capital-intensive endeavor, requiring significant technical and organizational resources, all managed through layers of bureaucracy. Not anymore. First, many of the pricey systems and tools that we developers need to work effectively are usually available for free as open source software. More importantly, cheap, cloud-based offerings do away with the setup, maintenance, and user support costs and complexity associated with running these systems. Here are just a few of the services and providers that any developer group can easily tap into (you can find many more listed here ):

Is Google Too Big to Trust?

Posted By Bruce Schneier

Interesting essay about how Google's lack of transparency is hurting their trust: The reality is that Google's business is and has always been about mining as much data as possible to be able to present information to users. After all, it can't display what it doesn't know. Google Search has always been an ad-supported service, so it needs a way...

Conversnitch

Posted By Bruce Schneier

Surveillance is getting cheaper and easier: Two artists have revealed Conversnitch, a device they built for less than $100 that resembles a lightbulb or lamp and surreptitiously listens in on nearby conversations and posts snippets of transcribed audio to Twitter. Kyle McDonald and Brian House say they hope to raise questions about the nature of public and private spaces in...

Reddit AMA about LOPSA-East

Posted By Tom Limoncelli

Ask me and the entire planning committee anything.

Expanding the Cloud: Docker Containers in Elastic Beanstalk

Posted By Werner Vogels

We launched Elastic Beanstalk in 2011 with support for Java web applications and Tomcat 6 in one region, and we’ve seen the service grow to 6 container types (Java/Tomcat, PHP, Ruby, Python, .NET, and Node.js) supported in 8 AWS regions around the world. The Elastic Beanstalk team spends a lot of time talking to AWS Developers, and in the last few months they’ve noticed a common theme in those conversations: developers tell us they’re interested in Docker, and ask if we are thinking about making it easy to run and scale Docker workloads in AWS.

Expanding the Cloud: Docker Containers in Elastic Beanstalk

Posted By Werner Vogels

We launched Elastic Beanstalk in 2011 with support for Java web applications and Tomcat 6 in one region, and we've seen the service grow to 6 container types (Java/Tomcat, PHP, Ruby, Python, .NET, and Node.js) supported in 8 AWS regions around the world. The Elastic Beanstalk team spends a lot of time talking to AWS Developers, and in the last few months they've noticed a common theme in those conversations: developers tell us they're interested in Docker, and ask if we are thinking about making it easy to run and scale Docker workloads in AWS. Several weeks ago we made it simple to yum install Docker on your EC2 Instances running Amazon Linux, and today Elastic Beanstalk introduces the ability to deploy, manage, and scale Docker Containers.

The Security of Various Programming Languages

Posted By Bruce Schneier

Interesting research on the security of code written in different programming languages. We don't know whether the security is a result of inherent properties of the language, or the relative skill of the typical programmers of that language. The report....

Dan Geer on Heartbleed and Software Monocultures

Posted By Bruce Schneier

Good essay: To repeat, Heartbleed is a common mode failure. We would not know about it were it not open source (Good). That it is open source has been shown to be no talisman against error (Sad). Because errors are statistical while exploitation is not, either errors must be stamped out (which can only result in dampening the rate of...

Info on Russian Bulk Surveillance

Posted By Bruce Schneier

Good information: Russian law gives Russias security service, the FSB, the authority to use SORM (System for Operative Investigative Activities) to collect, analyze and store all data that transmitted or received on Russian networks, including calls, email, website visits and credit card transactions. SORM has been in use since 1990 and collects both metadata and content. SORM-1 collects mobile and...

Networking cameras

Posted By Greg Lehey

I've ranted in the past about the appalling quality of network support for my Olympus OM-D E-M1. But to be fair to the designers, it appears that they didn't originate this nonsense: they appear to have copied others. I've seen reviews of other cameras with the same fettered (or is that tethered?) view of networks. Yvonne's new camera has remarkably similar specifications to mine, but it doesn't have any networking capability. For that Olympus suggests the PENPAL PP1. This is a really professional unit: When OLYMPUS PENPAL is connected to the Accessory Port 2*1 on back of the OLYMPUS PEN E-PL2 camera, resized JPEG images (sizes: 640 x 480 (default), 1280 x 960 or 1920 x 1440 pixels) can be transferred easily to a Bluetooth device such as a smart phone, or to another camera with OLYMPUS PENPAL installed.

Friday Squid Blogging: Squid Jigging

Posted By Bruce Schneier

Good news from Malaysia: The Terengganu International Squid Jigging Festival (TISJF) will be continued and become an annual event as one of the state's main tourism products, said Menteri Besar Datuk Seri Ahmad Said. He said TISJF will become a signature event intended to enhance the branding of Terengganu as a leading tourism destination in the region. "Beside introducing squid...

Metaphors of Surveillance

Posted By Bruce Schneier

There's a new study looking at the metaphors we use to describe surveillance. Over 62 days between December and February, we combed through 133 articles by 105 different authors and over 60 news outlets. We found that 91 percent of the articles contained metaphors about surveillance. There is rich thematic diversity in the types of metaphors that are used, but...

Popular Cryptography

Posted By Tim Bray

Its like this: Everybody ought to be able to use strong cryptography any time theyre going to send anything to anybody. Ideally it should just happen, by default, but lets take baby steps. This is a messy rambling work diary on trying to put some of the pieces together to make that a little more practical than it is today. Sorry, this isnt introductory. Maybe when a few more pieces of the solution are in place Ill be able to write a painless Heres how you can do secure messaging piece. Lets assume you know what public-key encryption is and how Web APIs and Android apps work, and go from there.

Reverse Heartbleed

Posted By Bruce Schneier

Heartbleed can affect clients as well as servers....

Overreacting to Risk

Posted By Bruce Schneier

This is a crazy overreaction: A 19-year-old man was caught on camera urinating in a reservoir that holds Portland's drinking water Wednesday, according to city officials. Now the city must drain 38 million gallons of water from Reservoir 5 at Mount Tabor Park in southeast Portland. I understand the natural human disgust reaction, but do these people actually think that...

CL XXVIII: Bigger Glass

Posted By Tim Bray

We did an opening-up overnighter; another year of Cottage Life has begun! Attentive readers will have noticed that Ive become a Fujifilm fanboi, but at the cabin Im still a proud Pentaxian, because my longest Fuji lens only goes to 55mm and things on the island are further away. So lets see what you can do with bigger glass. First of all, you can point the mighty Pentax DA* 50-135 f/2.8 (which, objectively speaking, is still probably the best lens Ive ever owned) at sharp-looking boats. Another option is to wait for the sun to get low  I find that a bottle of good white wine helps  then prop a ridiculous antique like the Tokina SL-400 f5.6 on your knee and point it at faraway objects, large and small.

Twenty-first Century Home Repair

Posted By Tim Bray

What happened was, a horrible windstorm took a big branch off the neighbors maple; it reduced one of our eavestroughs to scrap metal on the way down. Getting it fixed was (surprisingly) Net-mediated and pain-free. I say surprisingly because every homeowner knows the pain of dealing with residential construction/repair contractors. Theyre hard to reach, they tend not to show up on schedule, their interest in your job is inversely proportional to its size, and theyre relentless upsellers: Fix that gutter? Im not sure its worthwhile, why dont we put in new gutters all around and hey, itd be a good time to re-do the roof while were up there! I looked up a couple rain-mitigation businesses online and called them both on a Thursday.

Tails

Posted By Bruce Schneier

Nice article on the Tails stateless operating system. I use it. Initially I would boot my regular computer with Tails on a USB stick, but I went out and bought a remaindered computer from Best Buy for $250 and now use that....

Video: Bart Gellman and me opening for Ed Snowden at SXSW

Posted By Cory Doctorow

Last month, Barton Gellman and I opened for Edward Snowden's first-ever public appearance, at the SXSW conference in Austin. The kind folks at SXSW have put the video online (the Snowden video itself was already up). I think we did a good job of framing the big questions raised by the Snowden leaks.

Book Title

Posted By Bruce Schneier

I previously posted that I am writing a book on security and power. Here are some title suggestions: Permanent Record: The Hidden Battles to Capture Your Data and Control Your World Hunt and Gather: The Hidden Battles to Capture Your Data and Control Your World They Already Know: The Hidden Battles to Capture Your Data and Control Your World We...

Auditing TrueCrypt

Posted By Bruce Schneier

Recently, Matthew Green has been leading an independent project to audit TrueCrypt. Phase I, a source code audit by iSEC Partners, is complete. Next up is Phase II, formal cryptanalysis. Quick summary: I'm still using it....

Homeland Audiobook

Posted By Cory Doctorow

Wil Wheaton reads this independently produced audio edition of Homeland, which also includes Jacob Appelbaum's reading of his own afterword, and Noah Swartz reading his brother Aaron Swartz's afterword.

SBS on demand: only in emergencies

Posted By Greg Lehey

SBS TV is currently running an interesting series, Putin, Russia and the West, which their terminally broken web site can't find. I started watching the second episode a couple of days ago, but couldn't recall finishing it. Still, never mind, that's what SBS on demand is for: watch recent episodes via the web. So I tried that. What a catastrophe! First I had to log in, and the web page blocked automatic filling in of the user name and password. Finally I had found the information, but after it played some particularly emetic, non-skippable commercials, I get the message this program is currently not available.

Schneier Talks and Interviews

Posted By Bruce Schneier

Here are three articles about me from the last month. Also these three A/V links....

Schneier Speaking Schedule: AprilMay

Posted By Bruce Schneier

Here's my upcoming speaking schedule for April and May: Stanford Law School on April 15. Brown University in Providence, RI -- two times -- on April 24. The Global Summit for Leaders in Information Technology in Washington, DC, on May 7. The Institute of World Politics on May 8. The University of Zurich on May 21. IT Security Inside in...

Solving Fujifilms Problem

Posted By Tim Bray

I got this new camera from Fujifilm; its outstanding, but has a really irritating software problem. Fuji could fix that on the double-quick and at the same time turn the problem into a marketing weapon. How? Two words: Open source. The camera is the X-T1, which has been reviewed to death, for example here and here and here, and is in short-supply, back-ordered at Amazon and everywhere else. Photo credit: Nexus 5. The problem Ill probably write more about the camera, but today I want to focus on its wireless features, of which there are three: You can remote-control the camera from a mobile device.

Time Management training at SpiceWorld Austin, 2014

Posted By Tom Limoncelli

I'll be doing a time management class at SpiceWorld. Read about my talk and the conference at their website. If you register, use code "LIMONCELLI20" to save 20%. See you there!

Interview with LOPSA-East Keynote: Vish Ishaya

Posted By Tom Limoncelli

Vish Ishaya will be giving the opening keynote at LOPSA-East this year. I caught up with him to talk about his keynote, OpenStack, and how he got his start in tech. The conference is May 2-3, 2014 in New Brunswick, NJ. If you haven't registered, do it now! Tom Limoncelli: Tell us about your keynote. What should people expect / expect to learn? Vish Ishaya: The keynote will be about OpenStack as well as the unique challenges of running a cloud in the datacenter. Cloud development methodologies mean different approaches to problems. These approaches bring with them a new set of concerns.

GoGo Wireless Adds Surveillance Capabilities for Government

Posted By Bruce Schneier

The important piece of this story is not that GoGo complies with the law, but that it goes above and beyond what is required by law. It has voluntarily decided to violate your privacy and turn your data over to the government....

FreeBSD fixes OpenSSL bugtwice

Posted By Greg Lehey

Yesterday's forced upgrade of my OpenSSL installation also solved the Heartbleed issues. But that was the port security/openssl. There's also a version of OpenSSL in the base system. How do you know which you're using? The base program is /usr/bin/openssl, and the port is /usr/lcal/bin/openssl. Which do you execute? Depends only on the sequence of directories in your PATH environment variable. In my case, it's /usr/local/bin/openssl. You can check the version like this: === grog@eureka (/dev/pts/29) ~ 1 -> /usr/bin/openssl version OpenSSL 0.9.8y 5 Feb 2013 === grog@eureka (/dev/pts/29) ~ 2 -> /usr/local/bin/openssl version OpenSSL 1.0.1g 7 Apr 2014 But this is on my old, down-rev system, as the first output shows.

My Futuristic Tales of the Here and Now in Vodos indie science fiction bundle: comics, movies, novels, and more!

Posted By Cory Doctorow

Jamie from Vodo writes, "We've launched Otherworlds, our first indie sci-fi bundle! This pay-what-you-want, crossmedia collection includes the graphic novel collecting Cory's own 'Futuristic Tales of the Here and Now', Jim Munroe's micro-budget sci-fi satire 'Ghosts With Shit Jobs', Robert Venditti's New York Times Bestselling graphic novel 'The Surrogates', and Amber Benson/Adam Busch's alien office … [Read more]

Homeland audiobook, read by Wil Wheaton, is back on downpour.com

Posted By Cory Doctorow

For those of you who missed the audiobook in which Wil Wheaton reads my novel Homeland in the Humble Ebook Bundle, despair no longer! You can buy it DRM-free on the excellent Downpour.com, a site with many DRM-free audio titles. Homeland (audiobook)

Friday Squid Blogging: Bronze Giant Squid Sculpture

Posted By Bruce Schneier

A little too big for my house....

Spring on the Main

Posted By Tim Bray

Which is to say on Vancouvers Main Street, never actually been Main as such and isnt as cool as it thinks, but its my hood and full of life, and when the sun interrupts the long grey Pacific Northwest off-season, you can feel the life in the sidewalks and the buildings that are too old and shitty to gentrify, and even the hipster beards have better curl and loft. Also I got a new camera and that makes pictures seem to just take themselves. Lets ignore the camera for now, its just a prop to help me show off my home turf a bit.

More on Heartbleed

Posted By Bruce Schneier

This is an update to my earlier post. Cloudflare is reporting that its very difficult, if not practically impossible, to steal SSL private keys with this attack. Here's the good news: after extensive testing on our software stack, we have been unable to successfully use Heartbleed on a vulnerable server to retrieve any private key data. Note that is not...

Replace Kathleen Sebelius with a sysadmin!

Posted By Tom Limoncelli

Scientists complain that there are only 2 scientists in congress and how difficult they find it to explain basic science to their peers. What about system administrators? How many people in congress or on the president's cabinet have every had the root or administrator password to systems that other people depend on? Health and Human Services Secretary Kathleen Sebelius announced her resignation and the media has been a mix of claiming she's leaving in disgrace after the failed ACA website launch countered with she stuck it out until it was a success, which redeems her. The truth is, folks, how many of you have launched a website and had it work perfectly the first day?

Police Disabling Their own Voice Recorders

Posted By Bruce Schneier

This is not a surprise: The Los Angeles Police Commission is investigating how half of the recording antennas in the Southeast Division went missing, seemingly as a way to evade new self-monitoring procedures that the Los Angeles Police Department imposed last year. The antennas, which are mounted onto individual patrol cars, receive recorded audio captured from an officers belt-worn transmitter....

OpenSSL: Upgrade!

Posted By Greg Lehey

OpenSSL is certainly the the topic of the month, but that topic doesn't address my problem: why can I not access qpopper on my new server, while anybody else can (but not login, of course), and I can access qpopper on the old server with the same software? It wasn't a FreeBSD issue: I also tried with Linux both from my network (failed) and externally (worked). Asked on IRC, and most people confirmed that they could access it. Only Jamie Fraser had the same problems as I did. At least that took the emphasis off the network connection. In the meantime, I bitched and moaned about the fact that I had to have a certificate in the first place and have the choice of a paid signature or an untrusted certificate.

LISA CFP Deadline Extended to Fri, 4/18!

Posted By Tom Limoncelli

Whether you are submitting a talk proposal, workshop, tutorial, or research paper, the call for participation submission deadline has been extended to Friday, 4/18! Submit today!

Another OpenSSL issue

Posted By Greg Lehey

Today was the day that the Heartbleed bug was announced. Did I care? I had my own OpenSSL issues. Mainly for Chris Bahlo's sake we run qpopper on our external server, and today I had to migrate it. I failed. I suppose part of the issue is my aversion to the entire thing. It requires certificates, and you have the choice of paying money to somebody to sing the certificates, or be our own certificate authority. Since this is only for our personal use, we're more than happy to take the second choice, and that's what we've been doing for nearly 5 years.

Heartbleed

Posted By Bruce Schneier

Heartbleed is a catastrophic bug in OpenSSL: "The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows...

Migrating external servers

Posted By Greg Lehey

I had intended to take my time migrating my web server to the new platform. RootBSD have given me a month, and so far it has only been a week. But then I heard from Stephen Rothwell that he's migrating ozlabs.org to a new platform tomorrow. That will involveoh horror!one hour's downtime, and it will also require a change in IP address, which is a bit of work in itself. So: what do I need to do to get the new platform up and running? Web server, mail server (for web-generated error messages) and DNS. The web server's already running, but without PHP.

Interview with LOPSA-East Keynote: Elizabeth Krumbach Joseph

Posted By Tom Limoncelli

Elizabeth Krumbach Joseph will be giving the closing keynote at LOPSA-East this year. I caught up with her to talk about her keynote, source code management, and Star Wars. The conference is May 2-3, 2014 in New Brunswick, NJ. If you haven't registered, do it now! (We'll have an interview with the opening keynote, Vish Ishaya, soon.) Tom Limoncelli: Tell us about your keynote. What should people expect / expect to learn? Elizabeth Krumbach Joseph: Over the past few years there have been a number of high profile incidents and news stories around the subject of women in technology. In my keynote I'll be giving some solid advice for how the technology industry, and each of us, can do a better job of attracting and keeping talent.

Vancouveriana

Posted By Tim Bray

Two pairs of pictures that could only have been taken right here in my hometown. City Hall Its design is, admittedly, vaguely Stalinist; an effect relieved by the disorderly tree-filled jumble around it, and especially by the pink neon clock. Ive seen a million pictures of it but never from this angle before. Since the building is sort of monochrome I decided to try a B&W treatment of another shot, and it worked OK. Disclosure: The building has a flagpole and a radio antenna,but I amputated them. The harbour Its the reason Vancouver exists, so we should respect it. What happened was, I was out with an Ingress flash-farm posse, and I have to say it was really damn pleasant strolling around Waterfront Park with the sun setting, chatting with the people.

"Unbreakable" Encryption Almost Certainly Isn't

Posted By Bruce Schneier

This headline is provocative: "Human biology inspires 'unbreakable' encryption." The article is similarly nonsensical: Researchers at Lancaster University, UK have taken a hint from the way the human lungs and heart constantly communicate with each other, to devise an innovative, highly flexible encryption algorithm that they claim can't be broken using the traditional methods of cyberattack. Information can be encrypted...

Firmware update, Nikon style

Posted By Greg Lehey

One of my main objections to Olympus' Digital Camera Updater is that it exists. I know from the existence of the Canon Hack Development Kit that Canon/business/imaging.html does it via the memory card. What about Nikon? Checked, and yes, they do it that way too. But in the process I discovered a firmware update for my old CoolPix L1. OK, that's worth trying for comparison's sake, even though the update doesn't reallly mean anything to me: With a PictBridge connection to certain printers, images with a file size greater than 1 MB - those captured at higher quality settings such as 6M* High (2816*) - began printing irregularly part way through the printing process.

A day wasted with Olympus firmware updates

Posted By Greg Lehey

Yesterday I managed to upgrade the firmware for my Olympus Zuiko Digital ED 70-300mm telephoto using the Olympus E-30 and Microsoft Vista, but by then the day was over, so I didn't get round to upgrading the firmware for the E-M1. That should be pretty straightforward with Vista, but I wanted to understand why it didn't work with Windows 7. Called up Olympus support on 1300 659 678 and spoke to Vivian, who told me that it was a Windows error, and that they couldn't help.

C++ and Beyond ?Encore? in 2014: Sep 29 ? Oct 1, Stuttgart, Germany

Posted By Herb Sutter

A lot of you have been asking me whether there will be some sort of C++ and Beyond in 2014. Also, over the past few years many of you have also asked me if there will ever be a C&B outside North America. I’m pleased to report that we are doing a ‘European Encore’ event […]

C++ and Beyond Encore in 2014: Sep 29  Oct 1, Stuttgart, Germany

Posted By Herb Sutter

A lot of you have been asking me whether there will be some sort of C++ and Beyond in 2014. Also, over the past few years many of you have also asked me if there will ever be a C&B outside North America. I’m pleased to report that we are doing a ‘European Encore’ event […]

The Youngest Security Researcher

Posted By Bruce Schneier

Five-year-old finds login vulnerability in Microsoft Xbox....

Updating firmware, Olympus style

Posted By Greg Lehey

Olympus has released new firmware for the E-M1, so today I tried to install it. What a catastrophe! Other vendors do it correctly and supply a downloadable file that can then be copied to the camera via USB. But Olympus has a special program to do this, and of course it only runs on certain softwareand hardware, it seems. From their system requirements: This software requires a computer with a pre-installed operating system. Operation is not guaranteed when using a home-built PC or upgraded operating system. It's a good thing Olympus doesn't make computers, or they might restrict its use to their own computers.

Springies

Posted By Tim Bray

The name is a back-formation from selfie, obviously. Herewith four botanicals only conceivable in the season after winter. First, a magnolia blossom emerging from its carapace; I didnt open the shutters wide enough to blur out the background but its still kinda cute. Next, a white camellia with red spots; not a terribly common flavor unless my Internet search results mislead me. Does anyone out there know what this kind is called? Finally, Sakura; all sorts of focus problems but still, it made me happy to see them, and I hope it helps your mood too. We have just maybe survived this winter.

How to fill 32 GB memory

Posted By Greg Lehey

While processing my photos this morning, I discovered that I was using 70% (7 GB) of swap. How could that happen? I have 32 GB of memory in this box. Further investigation showed that I had left a wireshark process running, and it had collected in the order of 32 million packetsand stored them all in memory!   PID USERNAME      THR PRI NICE   SIZE    RES STATE   C   TIME   WCPU COMMAND 14334 root            1  21    0 24819M 20095M select  7  22:26  5.27% wireshark A good reason to keep an eye on these things.

Microsoft space programs: why so slow?

Posted By Greg Lehey

I've been grumblingwith good reasonabout the speed of my Microsoft-based programs for some time. I used to think that DxO Optics Pro was particularly slow, but the other ones I'm using aren't noticeably faster, and Olympus Viewer is significantly slower. In particular, display refreshing is a matter of chance, and some things are orders of magnitude slower than on FreeBSD. Part of this is the insistence on showing unrecognizable images of each file. Today I measured the time it took DxO to start up and get as far as being able to do anything useful: Time       Elapsed       Status ...

Ethical Privacy Choices

Posted By Tim Bray

Heres a little rant I posted to an IETF mailing list thread on whether the IETF should move its public-facing services to private-by-default mode. Someone posted a reply suggesting that the user gets to choose the degree of security that they consider appropriate. Here, I think, is a key issue. I disagree. What?! How can I possibly disagree with user choice? Because, a huge majority of people: Arent aware that there is a choice to be made, and shouldnt need to be, Do not understand the technical issues surrounding the choice, and shouldnt have to, Do not understand the legal/policy issues surrounding the choice, and shouldnt have to.

Friday Squid Blogging: Squid + Security in a Cartoon

Posted By Bruce Schneier

Funny....

Yesterday?s Build talk is now online

Posted By Herb Sutter

That was fast!

Yesterdays Build talk is now online

Posted By Herb Sutter

That was fast! Filed under: C++, Microsoft

How to...

Posted By Tom Limoncelli

Here's a thought to begin your weekend: How to stop time: kiss. How to travel in time: read. How to escape time: music. How to feel time: write. How to waste time: social media.— Matt Haig (@matthaig1) March 8, 2014

Mass Surveillance by Eavesdropping on Web Cookies

Posted By Bruce Schneier

Interesting research: Abstract: We investigate the ability of a passive network observer to leverage third-party HTTP tracking cookies for mass surveillance. If two web pages embed the same tracker which emits a unique pseudonymous identifier, then the adversary can link visits to those pages from the same user (browser instance) even if the users IP address varies. Using simulated browsing...

... and stoop to build 'em up with worn-out tools

Posted By Greg Lehey

It's been over a day since I got a patch to ls(1) from Kirk McKusick. Why didn't I commit it? First I needed to bring my FreeBSD -CURRENT system up to date. Then I discovered that the disk was PATA and thus no longer fitted into my test box. Still, I had an older box lying around, the remains of my teevee computer after Yet Another Power Surge killed the USB bus and the Ethernet interface, so put the disk into it and started bringing -CURRENT up to date. And that took 24 hours! On rebooting, I didn't have any Ethernet devices!

N5-Cam VII: Long Train Ride

Posted By Tim Bray

On March 1st I went from Barcelona to London by train. It was amusing and relaxing; If you can spare a day and some money, I recommend it. You get on a Spanish Renfe train at 9AM-ish from Barcelona Sants, arrive at Paris Gare de Lyon at 4-ish, get on the Eurostar from Gare du Nord at 5:20-ish, and arrive at London St. Pancras at 6:15. Buying the ticket from Renfe and Eurostar using a computer in Canada turned out to be hard; Web search totally tailed to turn up a useful vendor, but I complained on Twitter and got a pointer to Loco2, who apparently exist to do exactly that.

Reader Q&A: Generic lambdas

Posted By Herb Sutter

Tim just added this comment on the GotW #3 Solution blog post from last year: Are you sure you can use auto in lambda like this?I can not compile the code and I’m pretty sure auto does not work here. If you mean auto as a lambda parameter type, such as [](auto& s){ use(s); } […]

Reader Q&A: Generic lambdas

Posted By Herb Sutter

Tim just added this comment on the GotW #3 Solution blog post from last year: Are you sure you can use auto in lambda like this?I can not compile the code and I’m pretty sure auto does not work here. If you mean auto as a lambda parameter type, such as [](auto& s){ use(s); } […]

Build talk tomorrow: Modern C++ ? What you need to know

Posted By Herb Sutter

If you’re at Build in San Francisco tomorrow afternoon, I invite you to swing by and spend an hour with us in session 2-661: Modern C++: What you need to know by Herb Sutter Build 2014, Room 20052:30-3:30 pm, Thursday April 3, 2014 If you’re new to C++, this talk is aimed directly at you. […]

Build talk tomorrow: Modern C++  What you need to know

Posted By Herb Sutter

If you’re at Build in San Francisco tomorrow afternoon, I invite you to swing by and spend an hour with us in session 2-661: Modern C++: What you need to know by Herb Sutter Build 2014, Room 20052:30-3:30 pm, Thursday April 3, 2014 If you’re new to C++, this talk is aimed directly at you. […]

Ephemeral Apps

Posted By Bruce Schneier

Ephemeral messaging apps such as Snapchat, Wickr and Frankly, all of which advertise that your photo, message or update will only be accessible for a short period, are on the rise. Snapchat and Frankly, for example, claim they permanently delete messages, photos and videos after 10 seconds. After that, there's no record. This notion is especially popular with young people,...

Why I dont believe in robots

Posted By Cory Doctorow

My new Guardian column is "Why it is not possible to regulate robots," which discusses where and how robots can be regulated, and whether there is any sensible ground for "robot law" as distinct from "computer law." One thing that is glaringly absent from both the Heinleinian and Asimovian brain is the idea of software … [Read more]

ls: our grandfathers' cruft

Posted By Greg Lehey

Mail from Kirk McKusick today enclosing a patch to ls from Igor Sobrado of the OpenBSD project. It seems that FreeBSD ls (and maybe ls from some other BSDs) doesn't conform to the standard. The -f (don't sort) flag must imply the -a (show entries starting with a dot) flag: -f List the entries in directory operands in the order they appear in the directory. The behavior for non-directory operands is unspecified. This option shall turn on -a. When -f is specified, any occurrences of the -r, -S, and -t options shall be ignored and any occurrences of the -A, [XSI] -g, -l, -n, [XSI] -o, and -s options may be ignored.

New machine

Posted By Greg Lehey

Chris Bahlo and I have had a virtual server with RootBSD for nearly 6 years. Although my professional life was very much related to high availability, this one beat everything I have experienced. It's sad that hardware failure took it down just 2 weeks before the 5 year anniversary, but that's still 1,733 days uptime, nothing to sneeze at. The down side, of course, is that the operating system is 6 years down-rev. In addition, the disk space is minusculeonly 10 GBso I've been hosting my many photos with my friends at Ozlabs. But their conditions are changing, and one of the problems is that I am generating half their traffic.

Introducing the Python Time Travel Debugger

Posted By Tom Limoncelli

Today I'm open sourcing a productivity tool that I've been very excited about: A time-travel extension to the Python Debugger (PDB). Have you ever been using PDB to step through a program and suddenly realize you wish you could jump back in time and know what a variable used to contain? This version of PDB adds the ability to jump back in time to the state of your program as it was in the past. You can examine variables and even continue execution from that point forward (though that is dangerous because it may harm the time space continuum.) How it works: As you know, time is the 4th dimension.

LOPSA-East 2014 is one month away! Register today!

Posted By Tom Limoncelli

I'll be presenting a few different talks at LOPSA-East, in New Brunswick, NJ, May 2-3, 2014. Tutorials: Introduction to Time Management (half day) Evil Genius 101 (half day) Talks: Sneak peek at my next book: The Practice of Cloud Administration (this is the ONLY conference that will be getting a sneak peek before it is released this September) The Stack at Stack Exchange (how stackexchange.com works) Tom's Top 5 Time Management Tips Hope to see you there! Register today! http://lopsa-east.org/2014/

Velocity Santa Clara best price deals end April 3rd

Posted By Tom Limoncelli

Seventh Movie-Plot Threat Contest

Posted By Bruce Schneier

As you might expect, this year's contest has the NSA as the villain: The NSA has won, but how did it do it? How did it use its ability to conduct ubiquitous surveillance, its massive data centers, and its advanced data analytics capabilities to come out on top? Did it take over the world overtly, or is it just pulling...

Wireless camera access: new hardware

Posted By Greg Lehey

On 21 February 2014 I bought a USB wireless LAN adapter on eBay: After a month, there was still no sign of it, so I asked for and got a refund, then purchased a new one. Today the first one arrived: it hadn't been posted until 15 March 2014, over three weeks after purchase and only a couple of days before the refund. No wonder it didn't arrive on time. And how does it work? Mar 31 14:48:32 stable-amd64 root: Unknown USB device: vendor 0x148f product 0x5370 bus uhub3 Still, that's enough to google for, and the first hit related to FreeBSD.