Blog Archive: May 2014

Sat, 31 May 2014 15:00:00 UTC

Good Reads, May 2014

Posted By Tom Limoncelli

A summary of the interesting articles I've found this month. What is Site Reliability Engineering? An interview with Ben Treynor (Google VP, Site Reliability Engineering) -- SRE isn't just a new name for system administration, it is an entirely new business philosophy. Distributed Systems and the End of the API -- APIs are like assembly language. Nobody programs in assembly language any more. So what's the high-level equivalent? Big Cable says broadband investment is flourishing, but their own data says it's falling -- Remember folks, these are the companies that keep telling the media that people don't want gigabit broadband. The Unreasonable Effectiveness of Checklists -- Checklists are awesome...

Fri, 30 May 2014 21:10:05 UTC

Friday Squid Blogging: Squid-Shaped Pancakes

Posted By Bruce Schneier

Here are pictures of squid-shaped pancakes. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 30 May 2014 19:00:00 UTC

Camera Combo Fun

Posted By Tim Bray

What happened was, I got an adapter and slapped a Pentax 100mm Telephoto-Macro on my Fujifilm X-T1, leading to a ridiculous amount of fun. Herewith pictures of irises, flamenco, and a muscle car; and of course the baroque camera/lens combo. But there are things to watch out for. For those with a short attention span: Fujifilm X-cam shooters might want to run out and buy this lens (but there are cheaper alternatives) and an PK-to-FX adapter (but not the one I bought). I have lots of Pentax lenses, but without hesitation I slapped on the D-FA 100mm f2.8 because whats not to like about a prime mid-telephoto with MACRO written in big letters on the side?

Fri, 30 May 2014 15:45:38 UTC

Clarion SF/F writeathon: write, sponsor writers, help a new generation

Posted By Cory Doctorow

Once again, it's time for the Clarion Writers Workshop writeathon - we need writers and sponsors to help fund the Clarion Workshop, the respected, long-running science fiction writers' bootcamp. A writeathon is just what is sounds like: a fundraiser where writers ask their friends to sponsor their writing. I'm writing 1,000 words a day, five … [Read more]

Fri, 30 May 2014 03:40:39 UTC

More NiZn insights

Posted By Greg Lehey

The NiZn batteries in my mouse were discharged and needed changing today. There are two, and they're in parallel. On removal the voltages were 0.387 V and 0.630 V. That's surprising for two reasons: firstly, being in parallel the voltages should have been very close. Secondly, they're far too low: a discharged NiZn battery has about 1.55 V. But until yesterday evening the mouse worked normally. What happened? One issue with batteries in parallel is that they need to discharge at the same rate. That implies very consistent characteristics. The fact that the two batteries had such markedly different voltages after discharge shows that that's not the case here.

Thu, 29 May 2014 19:12:25 UTC

Vulnerabilities Found in Law Enforcement Surveillance System

Posted By Bruce Schneier

SEC Consult has published an advisory warning people not to use a government eavesdropping product called Recording eXpress, sold by the Israeli company Nice Systems. Basically, attackers can completely compromise the system. There are good stories on this by Brian Krebs and Dan Goodin....

Thu, 29 May 2014 19:00:00 UTC

Where Is Your Data Safe?

Posted By Tim Bray

You can store it on a USB stick or your mobile or your personal computer or your company servers or out there in the cloud. Where is it safe? Thats not a simple question, but heres my answer: Your own personal computer, if you take a few basic precautions, can be a pretty safe place to store things that matter, including secrets that matter. Lets assume Concerning the Personal Computer Im talking about: You bought it yourself, from its maker. You havent let anybody, in particular your employers IT group, install anything on it. The chances of an employer installing spyware, whether through policy or incompetence, are high.

Thu, 29 May 2014 13:02:59 UTC

TrueCrypt WTF

Posted By Bruce Schneier

I have no idea what's going on with TrueCrypt. Good summary of story is a ArsTechnica, and SlashDot, Hacker News, and Reddit all have long comment threads. See also Brian Krebs and Cory Doctorow. Speculations include a massive hack of the TrueCrypt developers, some Lavabit-like forced shutdown, and an internal power struggle within TrueCrypt. I suppose we'll have to wait...

Thu, 29 May 2014 03:56:04 UTC

Facebook tracks me!

Posted By Greg Lehey

BSDCan is over, but not forgotten. David Maxwell posted a photo of a whole lot of us, including not only me, but also Jordan Hubbard, Kirk McKusick and Randi Harper. Problem: none of us were there. Jordan and Randi confirmed it,and I can't see Kirk there. In fact, I haven't been out of Australia for 8 years, coincidentally after returning from BSDCan 2006. Why did David claim we were there? Why, did David claim we were there? No. It seems that Facebook decided that it recognized us there. It's clearly not very clever: as far as I can see, all the people in the photo are male, but it seems that Tamara Colby (whom I don't know) is female, and so is Randi.

Wed, 28 May 2014 20:49:30 UTC

Eben Moglen on Snowden and Surveillance

Posted By Bruce Schneier

This is well worth reading. It's based on a series of talks he gave last fall....

Wed, 28 May 2014 15:00:00 UTC

Comments on NIST Draft SP 800-160

Posted By Tom Limoncelli

[I emailed these comments to NIST last week. I've never read NIST standards documents before, so my response may be entirely naive, but since it is my tax dollars at work, I thought I'd put in my two cents.] Subject: Draft SP 800-160 Comments I read with great interest the DRAFT Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems http://csrc.nist.gov/publications/PubsDrafts.html#800-160 I'd like to comment on two sections, "2.3.4 Security Risk Management" and "Chapter 3: Lifecycle". 2.3.4 Security Risk Management This discusses ways to deal with risk: Avoid, Accept, Mitigate, Transfer. This is a very traditional view of risk.

Wed, 28 May 2014 06:53:39 UTC

Talking with NPR Marketplace about the Disneyland prospectus

Posted By Cory Doctorow

I was on NPR’s Marketplace yesterday talking (MP3) about our posting of a rarer-than-rare Disney treasure, the never-before-seen original prospectus for Disneyland, scanned before it was sold to noted jerkface Glenn Beck, who has squirreled it away in his private Scrooge McDuck vault.

Tue, 27 May 2014 19:00:00 UTC

What Programmers Do

Posted By Tim Bray

I contributed a morsel of code, connective tissue linking two moderately-popular pieces of publicly-available software. The technology and culture that enable this? Theyre the water and computer programmers are the fish, we cant see it any more. By an accident of history I could this time; and want to write about it. Sidebar: For non-geeks Whenever youre sitting in front of a computer or fiddling with your mobile, youre interacting with software. How that software gets built, and the culture out of which it rises, are processes that affect your life; just like the tech and culture and people that manage airline schedules and commute-route closures and TV programming.

Tue, 27 May 2014 15:13:29 UTC

The Economics of Bulk Surveillance

Posted By Bruce Schneier

Ross Anderson has an important new paper on the economics that drive government-on-population bulk surveillance: My first big point is that all the three factors which lead to monopoly  network effects, low marginal costs and technical lock-in  are present and growing in the national-intelligence nexus itself. The Snowden papers show that neutrals like Sweden and India are heavily...

Mon, 26 May 2014 19:00:00 UTC

Privacy Levels

Posted By Tim Bray

You should be able to exchange messages privately using the Internet. My profession should be working on making this easy for everyone, including non-geek civilians who dont shouldnt need to understand cryptography. Ive been thinking about this a lot and even slinging little bits & pieces of code; before I write any more, I think itd be helpful to define terms. So lets start with a question: How private do you want to be? There are three obvious levels, which Ill call Basic, Common, and Strong. Basic Privacy We can all agree that we want privacy from random strangers sniffing WiFi signals, from crooks looking for bank account numbers, and from agents of the Chinese government looking for dirt on dissidents.

Sat, 24 May 2014 22:40:37 UTC

Product Idea: Real-time re-living the moon landing

Posted By Tom Limoncelli

I was only 7 months old when Neil Armstrong became the very first man to walk on the moon. I don't remember it very well. Today I was reminded that most of what we see of the moon landings are highlights. 10-second little clips. I would like to know what the entire 8 days were like. I'm sure there are audio and video recordings of the entire thing. All of NASAs recordings are public domain, so they must be available somewhere. Here's my thought for a product. A kit that includes audio and video recordings and other stuff to help you re-live the entire 8 day experience.

Sat, 24 May 2014 19:00:00 UTC

Chinese Garden, Right Side Up

Posted By Tim Bray

Earlier, in Chinese Garden Reflections I ran some pictures of greenery reflected in the ponds of Vancouvers Dr. Sun Yat-Sen Classical Chinese Garden. Here are are more photos, unreflected. The first three of the five are in the public (free) part of the garden. Did I mention that its a really nice place to visit?

Fri, 23 May 2014 21:00:58 UTC

Friday Squid Blogging: Squid Ink Cocktail

Posted By Bruce Schneier

Del Campo, a restaurant in Washington DC, has a Bloody Mary made with squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 23 May 2014 11:42:33 UTC

Alan Watts on the Harms of Surveillance

Posted By Bruce Schneier

Biologist Alan Watts makes some good points: Mammals dont respond well to surveillance. We consider it a threat. It makes us paranoid, and aggressive and vengeful. [...] "Natural selection favors the paranoid," Watts said. Those who run away. In the earliest days of man on the savannah, when we roamed among the predatory, wild animals, someone realized pretty quickly that...

Fri, 23 May 2014 03:03:17 UTC

Mail address harvesters

Posted By Greg Lehey

Spam's a fact of life, of course, but occasionally I see things that are a little unusual:  740 N   21-05-2014 PlatinumPfizer       To bloedmann    (  12) N   Mr. bloedmann, Ready For 71% OFF?  743 N F 21-05-2014 To freebeer          To freebeer     (  12) N F Mr. freebeer, Ready For 71% OFF?  745 N + 22-05-2014 PlatinumPfizer       To brewer       (  12)   + Mr. brewer, Ready For 71% OFF?  747 N   21-05-2014 PlatinumPfizer       To daemon       (  12) N   Mr.

Thu, 22 May 2014 19:00:00 UTC

Night Food

Posted By Tim Bray

I mean at the Richmond Night Market. Richmond is a suburb of Vancouver noted for flatness, Chinese-ness, and the airport. I gather night markets are a big deal in the great Asian cities, so why not Richmond? Its in big parking lot in an empty corner near the airport, traversed by the Canada-Line elevated tracks. There are lots of retail establishments, mostly selling cheap-n-cheerful junk; the main attraction was the food: Cheap and cheerful, yes, but not junk at all. The people who cook and sell it, they work hard. I had some chicken and beef barbecue sticks, Lauren had squid-in-a-cup with loads of garlic, the little girl had cinnamon mini-bagels and a mango smoothie.

Thu, 22 May 2014 18:00:00 UTC

"Ops All The Things" Podcast"

Posted By Tom Limoncelli

I'm the guest on this week's "Ops All The Things!" podcast. We talk about time management and all sorts of things. Check it out! http://www.opsallthethings.com/podcast/006-time-management

Thu, 22 May 2014 11:15:07 UTC

Disclosing vs Hoarding Vulnerabilities

Posted By Bruce Schneier

There's a debate going on about whether the U.S. government -- specifically, the NSA and United States Cyber Comman -- should stockpile Internet vulnerabilities or disclose and fix them. It's a complicated problem, and one that starkly illustrates the difficulty of separating attack and defense in cyberspace. A software vulnerability is a programming mistake that allows an adversary access into...

Thu, 22 May 2014 00:14:40 UTC

Monitor damage?

Posted By Greg Lehey

I've been quite happy with the Matrix NEO 270WQ 2560×1440 monitor monitor that I bought 18 months ago. The price was right, and it works wellmost of the time. About one time out of 10, when I turn it on, the display is scrambled, just a lot of vertical lines. I've found that switching to a different vty or X server gets rid of that. When I came into the office this morning, it happened again. But this time I was so engrossed in an IRC topic on monitor 3 that I didn't notice for several minutes. And when I did the switch, there were residual vertical lines on the display.

Wed, 21 May 2014 20:29:37 UTC

The NSA is Not Made of Magic

Posted By Bruce Schneier

I am regularly asked what is the most surprising thing about the Snowden NSA documents. It's this: the NSA is not made of magic. Its tools are no different from what we have in our world, it's just better-funded. X-KEYSCORE is Bro plus memory. FOXACID is Metasploit with a budget. QUANTUM is AirPwn with a seriously privileged position on the...

Wed, 21 May 2014 14:51:39 UTC

Government Policy on Cell Phone Interception Technology

Posted By Bruce Schneier

New paper: "Your Secret Stingray's No Secret Anymore: The Vanishing Government Monopoly Over Cell Phone Surveillance and its Impact on National Security and Consumer Privacy," by Christopher Soghoian and Stephanie K. Pell: Abstract: In the early 1990s, off-the-shelf radio scanners allowed any snoop or criminal to eavesdrop on the calls of nearby cell phone users. These radio scanners could intercept...

Wed, 21 May 2014 11:21:46 UTC

CppCon: My Proposed Talks (Part 2)

Posted By Herb Sutter

Yesterday I posted three of my proposed talks for CppCon. These are the ones I’ve given publicly before, but they’re not retreads ? all are fresh and up to date, with refreshed or new material. But I’ve also proposed two brand new talks ? titles and abstracts are below. Note: The CppCon program committee will […]

Wed, 21 May 2014 11:21:46 UTC

CppCon: My Proposed Talks (Part 2)

Posted By Herb Sutter

Yesterday I posted three of my proposed talks for CppCon. These are the ones I’ve given publicly before, but they’re not retreads  all are fresh and up to date, with refreshed or new material. But I’ve also proposed two brand new talks  titles and abstracts are below. Note: The CppCon program committee will […]

Tue, 20 May 2014 19:01:09 UTC

Preplay Attack on Chip and PIN

Posted By Bruce Schneier

Interesting research paper on a bank card chip-and-PIN vulnerability. From the blog post: Our new paper shows that it is possible to create clone chip cards which normal bank procedures will not be able to distinguish from the real card. When a Chip and PIN transaction is performed, the terminal requests that the card produces an authentication code for the...

Tue, 20 May 2014 12:24:16 UTC

CppCon: My Proposed Talks (Part 1)

Posted By Herb Sutter

I’ve been watching the talk proposals rolling in for CppCon, now well over 100 of them, and I was already looking forward to this conference but I just keep getting more jazzed. For my part, I’ve proposed five talks, with between 5 and 10 hours of material. I thought I’d share some of them here. […]

Tue, 20 May 2014 12:24:16 UTC

CppCon: My Proposed Talks (Part 1)

Posted By Herb Sutter

I’ve been watching the talk proposals rolling in for CppCon, now well over 100 of them, and I was already looking forward to this conference but I just keep getting more jazzed. For my part, I’ve proposed five talks, with between 5 and 10 hours of material. I thought I’d share some of them here. […]

Tue, 20 May 2014 11:13:45 UTC

Advances in Solving the Discrete Log Problem

Posted By Bruce Schneier

At Eurocrypt this year, researchers presented a paper that completely breaks the discrete log problem in any field with a small characteristic. It's nice work, and builds on a bunch of advances in this direction over the last several years. Despite headlines to the contrary, this does not have any cryptanalytic application -- unless they can generalize the result, which...

Tue, 20 May 2014 05:09:22 UTC

Podcast (FIXED): Firefoxs adoption of closed-source DRM breaks my heart

Posted By Cory Doctorow

Note: This is a fixed version of this week's podcast; I accidentally uploaded an older podcast under this headline. Here's a reading (MP3) of a my latest Guardian column, Firefox's adoption of closed-source DRM breaks my heart, a close analysis of the terrible news that Mozilla has opted to add closed source DRM to its … [Read more]

Mon, 19 May 2014 18:44:07 UTC

Pervasive Monitoring as Network Attack

Posted By Bruce Schneier

New IETF RFC: "RFC 7258: Pervasive Monitoring Is an Attack" that designers must mitigate. Slashdot thread....

Mon, 19 May 2014 15:06:52 UTC

Podcast: Firefoxs adoption of closed-source DRM breaks my heart

Posted By Cory Doctorow

Here's a reading (MP3) of a my latest Guardian column, Firefox's adoption of closed-source DRM breaks my heart, a close analysis of the terrible news that Mozilla has opted to add closed source DRM to its flagship Firefox browser: The decision to produce systems that treat internet users as untrusted adversaries to be controlled by … [Read more]

Mon, 19 May 2014 12:07:28 UTC

Abusing Power to Shut Down a Twitter Parody Account

Posted By Bruce Schneier

This is a pretty horrible story of a small-town mayor abusing his authority -- warrants where there is no crime, police raids, incidental marijuana bust -- to identify and shut down a Twitter parody account. The ACLU is taking the case....

Mon, 19 May 2014 10:48:14 UTC

Coming to SLC

Posted By Cory Doctorow

I'm delighted to announced that I'll be the guest of honor at Salt Lake City's Westercon 67 this July -- Westercon being the annual convention for science fiction fandom west of the Mississippi. There's quite a fantastic roster of other guests as well! See you 44 days in SLC!

Sun, 18 May 2014 22:58:16 UTC

Installing GNU/Linux on an 2014 Lenovo Thinkpad X1 Carbon

Posted By Benjamin Mako Hill

I recently bought a new Lenovo X1 Carbon. It is the new second-generation, type “20A7″ laptop, based on Intel’s Haswell microarchiteture with the adaptive keyboard. It is the version released in 2014. I also ordered the Thinkpad OneLink Dock which I have returned for the OneLink Pro Dock which I have not yet received. The […]

Sun, 18 May 2014 19:00:00 UTC

Pistils and Stamens Oh My

Posted By Tim Bray

Being four photographs of the insides of rhododendron blossoms featuring the sex organs named in the title. Some of the color is extraordinary. Those flower parts are kind of hard to photograph because theyre long and sticking out at you, so you need some depth-of-field to keep them in focus, but when youre shooting flowers you usually want as little as possible DoF so as to make the subject stand out. The Fujifilm X-T1 has all sorts of focus aids and Im slowly starting to get a feel for them.

Sun, 18 May 2014 06:01:08 UTC

Makers: the Japanese fan-trans

Posted By Cory Doctorow

Haruka Tsubota has undertaken a Japanese fan-translation of my novel Makers. It's available as Epub and Mobi, and licensed CC-BY-NC-SA.

Sun, 18 May 2014 01:56:50 UTC

Sudden traffic increase

Posted By Greg Lehey

I don't monitor my external web site traffic very frequently, but RootBSD supply some useful tools. Today I took a look and discovered that I had used about 280 GB since the beginning of the month. That's a little more than average for the whole month. Looking at the graphs showed that most of it had occurred in the past two days. Time to look at the log files: dsl-hkibrasgw1-58c393-42.dhcp.inet.fi - - [13/May/2014:12:41:18 -0400] "GET /grog/diary-aug2010.php?dirdate=20100409&imagesizes=1111111111111111111121111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111 HTTP/1.0" 200 521410 "-" "Riddler (http://riddler.io/about.html)" ec2-54-87-63-67.compute-1.amazonaws.com - - [13/May/2014:12:43:08 -0400] "GET /grog/diary-nov2009.php?dirdate=20091111&imagesizes=111111111111111111111111111111111111111111111111112111111111111111111111111111111111111111111111111111111111111111111111111111 HTTP/1.0" 200 509842 "-" "Riddler (http://riddler.io/about.html)" ec2-54-211-80-117.compute-1.amazonaws.com - - [13/May/2014:12:43:52 -0400] "GET /grog/diary-nov2009.php?dirdate=20091113&imagesizes=111111111111111111111111111111111111111111111111111111111111 HTTP/1.0" 200 501004 "-" "Riddler (http://riddler.io/about.html)" ec2-54-87-63-67.compute-1.amazonaws.com - - [13/May/2014:12:44:03 -0400] "GET /grog/diary-aug2011.php?dirdate=20110822&imagesizes=111111111111111111111111111111111111111111111111111111111211111111111111111111111 HTTP/1.0" 200 502215 "-" "Riddler (http://riddler.io/about.html)" On the face of it, that's not a particularly high hit rate, but each ...

Fri, 16 May 2014 21:07:43 UTC

Friday Squid Blogging: Fossil Squid

Posted By Bruce Schneier

Rare fossilized cephalopods. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 16 May 2014 19:00:00 UTC

Nautical-maintenance Mac

Posted By Tim Bray

There are three silver Mac laptops in our household and sometimes its not obvious which is which. Also, while at Google I got used to the notion that laptops shouldnt be left naked. So I shopped around online and ordered a cover from DecalGirl. This is the picture I used. Its Doug McCallums workshop; he runs Blue Ocean Yacht Services here in Vancouver and fixes up our boat once a year. I thought there were a few things about the workshop that suggested what was under the cover inside the computer. Putting the decal on requires a steady hand and cool nerves; mine is just slightly not straight, which irritates the hell out of me but is entirely invisible to the casual observer.

Fri, 16 May 2014 17:34:12 UTC

How to Stop an Insider from Stealing All Your Secrets

Posted By Bruce Schneier

This article from Communications of the ACM outlines some of the security measures the NSA could, and should, have had in place to stop someone like Snowden. Mostly obvious stuff, although I'm not sure it would have been effective against such a skilled and tenacious leaker. What's missing is the one thing that would have worked: have fewer secrets....

Fri, 16 May 2014 11:43:38 UTC

Forged SSL Certificates Pervasive on the Internet

Posted By Bruce Schneier

About 0.2% of all SSL certificates are forged. This is the first time I've ever seen a number based on real data. News article: Of 3.45 million real-world connections made to Facebook servers using the transport layer security (TLS) or secure sockets layer protocols, 6,845, or about 0.2 percent of them, were established using forged certificates. Actual paper....

Thu, 15 May 2014 18:18:28 UTC

Is Antivirus Dead?

Posted By Bruce Schneier

Symantec declared anti-virus dead, and Brian Krebs writes a good response. He's right: antivirus won't protect you from the ever-increasing percentage of malware that's specifically designed to bypass antivirus software, but it will protect you from all the random unsophisticated attacks out there: the "background radiation" of the Internet....

Thu, 15 May 2014 17:00:00 UTC

Cloud computing in Europe should put power in the hands of the customer

Posted By Werner Vogels

This is an extended version of an article that appeared in the Guardian today We are rapidly entering into an era where massive computing power, digital storage and global network connections can be deployed by anyone as quickly and easily as turning on the lights. This is the promise ? and the reality ? of cloud computing which is driving tremendous change in the technology industry and transforming how we do business in Europe and around the world.

Thu, 15 May 2014 17:00:00 UTC

Cloud computing in Europe should put power in the hands of the customer

Posted By Werner Vogels

This is an extended version of an article that appeared in the Guardian today We are rapidly entering into an era where massive computing power, digital storage and global network connections can be deployed by anyone as quickly and easily as turning on the lights. This is the promise  and the reality  of cloud computing which is driving tremendous change in the technology industry and transforming how we do business in Europe and around the world. Cloud computing unlocks innovation within organisations of all types and sizes. No longer do they need to spend valuable human and capital resources on maintaining and procuring expensive technology infrastructure and datacenters, they can focus their most valuable resources on what they do best, building better products and services for their customers.

Thu, 15 May 2014 15:00:00 UTC

I'd like to buy an IP-KVM switch, please.

Posted By Tom Limoncelli

Hi! I'd like to buy an IP-KVM switch, please. " Sure! We got plenty." Now wait... I have some very specific requirements. " Shoot." First, I want it to connect via some kind of pod or something that I can only buy from you. If there is any interoperability between vendors, I'm going to be very upset. I want full vendor lock-in. " No worries, sir. We have a variety of pods, all highly proprietary. I assure you they won't work with any other vendor. Heck, some of them don't even work with our own products! In fact, if you are switching from another brand we send you a box of bandaids since we know you'll need them after changing all those cables."

Thu, 15 May 2014 11:08:05 UTC

Seventh Movie-Plot Threat Contest Semifinalists

Posted By Bruce Schneier

On April 1, I announced the Seventh Movie Plot Threat Contest: The NSA has won, but how did it do it? How did it use its ability to conduct ubiquitous surveillance, its massive data centers, and its advanced data analytics capabilities to come out on top? Did it take over the world overtly, or is it just pulling the strings...

Thu, 15 May 2014 01:02:39 UTC

Ports upgrade: proof of the pudding

Posted By Greg Lehey

So yesterday I finally got my FreeBSD ports up to date. Today I checked: ==== Wed 14 May 2014 09:33:17 EST on stable-amd64.lemis.com: pkg upgrade Updating repository catalogue Nothing to do Finally! === root@stable-amd64 (/dev/pts/3) /usr/ports 5 -> hugin Shared object "libexiv2.so.12" not found, required by "hugin" What caused that? Yes, like so many other ports, Hugin was installed from the Ports Collection, not from a package. But the information was stored in the same database. Clearly there's something wrong here.

Wed, 14 May 2014 19:00:00 UTC

Chinese Garden Reflections

Posted By Tim Bray

While my Mom was visiting, she and I went to the Dr. Sun Yat-Sen Classical Chinese Garden, and boy did we ever take a lot of pictures. These three are different; Upside-down actually, reflected in the gardens many ponds. Theres a free part and a (not particularly cheap) paid-admission part; the first two shots here are in the first. For anyone visiting Vancouver, I totally recommend the Garden; its small, easy to take in, and beautiful in a unique way. Also, there are lots of funky entertaining stores in that part of Old Chinatown.

Wed, 14 May 2014 17:28:00 UTC

Mozilla breaks our hearts, adds DRM to Firefox

Posted By Cory Doctorow

For months, I've been following the story that the Mozilla project was set to add closed source Digital Rights Management technology to its free/open browser Firefox, and today they've made the announcement, which I've covered in depth for The Guardian. Mozilla made the decision out of fear that the organization would haemorrhage users and become … [Read more]

Wed, 14 May 2014 17:08:05 UTC

Espionage vs. Surveillance

Posted By Bruce Schneier

According to NSA documents published in Glenn Greenwald's new book No Place to Hide, we now know that the NSA spies on embassies and missions all over the world, including those of Brazil, Bulgaria, Colombia, the European Union, France, Georgia, Greece, India, Italy, Japan, Mexico, Slovakia, South Africa, South Korea, Taiwan, Venezuela and Vietnam. This will certainly strain international relations,...

Wed, 14 May 2014 15:00:00 UTC

My 5-year prediction

Posted By Tom Limoncelli

I don't make many predictions. However I think two technologies are going to be huge within the next five years. DACs: I'm not saying Bitcoin will be big (though it could be), I'm saying that the underlying technology is revolutionary and may become one the basic data management systems we use in places where today we need a neutral third party. That would be things like: DNS registrations, the stock market, and so on. More info here. CRDTs/CALM: I've been talking about these since 2009, but Chas Emerick's new article makes me confident they're ripe to become very popular very soon.

Wed, 14 May 2014 14:00:00 UTC

The AWS Activate CTO to CTO series on Medium

Posted By Werner Vogels

I’m excited to announce a new blog dedicated to AWS startups. We’re launching it on Medium, itself a startup on AWS. I kicked off the blog with a Q&A with the Medium CTO Don Neufeld. I really enjoyed Don’s answers to my questions and there are some real gems in here for startup CTOs.

Wed, 14 May 2014 14:00:00 UTC

The AWS Activate CTO to CTO series on Medium

Posted By Werner Vogels

I'm excited to announce a new blog dedicated to AWS startups. We're launching it on Medium, itself a startup on AWS. I kicked off the blog with a Q&A with the Medium CTO Don Neufeld. I really enjoyed Don's answers to my questions and there are some real gems in here for startup CTOs. Check it out. We'll be keeping this blog fresh with other startup spotlights and good technical content so follow the collection and keep up.

Wed, 14 May 2014 11:30:22 UTC

New Al Qaeda Encryption Software

Posted By Bruce Schneier

The Web intelligence company Recorded Future is reporting -- picked up by the Wall Street Journal -- that al Qaeda is using new encryption software in the wake of the Snowden stories. I've been fielding press queries, asking me how this will adversely affect US intelligence efforts. I think the reverse is true. I think this will help US intelligence...

Wed, 14 May 2014 01:05:57 UTC

Air Traffic Control System Failure & Complex System Testing

Posted By James Hamilton

Its difficult to adequately test complex systems. But whats really difficult is keeping a system adequately tested. Creating systems that do what they are designed to do is hard but, even with the complexity of these systems, many life critical systems have the engineering and production testing investment behind them to be reasonably safe when deployed. Its keeping them adequately tested over time as conditions and the software system changes where we sometimes fail.   There are exceptions to the general observation that we can build systems that operate safely when inside reasonable expectations of expected operating conditions.

Wed, 14 May 2014 01:05:57 UTC

Air Traffic Control System Failure & Complex System Testing

Posted By James Hamilton

Its difficult to adequately test complex systems. But whats really difficult is keeping a system adequately tested. Creating systems that do what they are designed to do is hard but, even with the complexity of these systems, many life critical systems have the engineering and production testing investment behind them to be reasonably safe when...

Wed, 14 May 2014 00:55:32 UTC

FreeBSD ports: finally up to date

Posted By Greg Lehey

Continued with the port upgrade on my build machine today. 551 fatal warnings to remove. In fact, it wasn't quite that bad: === grog@eureka (/dev/pts/12) /src/Music/audiostream 15 -> grep WARN /usr/ports/Log.log.0 |sed 's:conflict.*::'|sort -u Checking integrity...pkg: WARNING: locally installed cups-image-1.5.4_1 Checking integrity...pkg: WARNING: locally installed py27-setuptools-2.0.1 Proceed with installing packages [y/N]: Checking integrity...pkg: WARNING: locally installed cups-image-1.5.4_1 pkg: WARNING: locally installed docbook-4.2 pkg: WARNING: locally installed docbook-4.3 pkg: WARNING: locally installed docbook-sk-4.1.2_4 pkg: WARNING: locally installed docbook-xml-4.3 pkg: WARNING: locally installed docbook-xml44-4.4_1 pkg: WARNING: locally installed docbook-xml45-4.5 pkg: WARNING: locally installed docbook440-4.4_2 pkg: WARNING: locally installed docbook450-4.5_2 pkg: WARNING: locally installed docbook500-5.0_1 pkg: WARNING: locally installed hdf5-1.8.10 pkg: WARNING: locally installed py27-setuptools-2.0.1 So basically it was only 4 ports, though DocBook accounted for many of them, includingit seemsmultiple versions.

Tue, 13 May 2014 19:00:00 UTC

Pervasive Monitoring Is an Attack

Posted By Tim Bray

Thats the title of RFC 7258, also known as BCP 188 (where BCP stands for Best Common Practice); it represents Internet Engineering Task Force consensus on the fact that many powerful well-funded entities feel it is appropriate to monitor peoples use of the Net, without telling those people. The consensus is: This monitoring is an attack and designers of Internet protocols must work to mitigate it. Concretely, quoting from the RFC (PM stands for Pervasive Monitoring): Those developing IETF specifications need to be able to describe how they have considered PM, and, if the attack is relevant to the work to be published, be able to justify related design decisions. The back story Since the pervasive-surveillance story broke in June 2013, its reasonable to wonder why the IETF is putting this stake in the ground in May of 2014.

Tue, 13 May 2014 19:00:00 UTC

Teaching Glass

Posted By Tim Bray

Teaching, as in I have a Visiting-Professor gig this summer at the Centre for Digital Media. Glass as in Google Glass; Im advising a group trying to drive an interactive documentary (someone said walkumentary) with wearable tech. There are six grad students with expertise in programming, animation, photography, film, and audio, and theyve got fourteen weeks to see what they can make. Should be fun. The team Wenguang, Jessie, Cindy, Dan, Rob, and Valerie. Theyre not dummies. They have a blog already, Aperture; check out their not-rosy-at-all first impressions of walking around wearing Glass. The picture apparently illustrates the Hand shading technique.

Tue, 13 May 2014 17:45:56 UTC

Computer Forensics in Fiction

Posted By Bruce Schneier

New television show -- CSI: Cyber. I hope they have some good technical advisers, but I doubt they do....

Tue, 13 May 2014 11:38:56 UTC

New NSA Snowden Documents

Posted By Bruce Schneier

Glenn Greenwald's book, No Place to Hide, has been published today. There are about 100 pages of NSA documents on the book's website. I haven't gone through them yet. At a quick glance, only a few of them have been published before. Here are two book reviews....

Tue, 13 May 2014 01:15:11 UTC

RawTherapee: first impressions

Posted By Greg Lehey

RawTherapee seems to have a lot of features. What it doesn't have is a manual. Still, photo software is photo software, right, and it should be easy enough to understand. So I fired it up and got a barely legible screen: How can you read that? Spent 10 minutes looking for the settings tab (it's at bottom left) and came up with a better looking screen (GTK default): But that's as far as I got.

Tue, 13 May 2014 00:48:24 UTC

Fatal pkg warnings

Posted By Greg Lehey

I still haven't got round to upgrading to FreeBSD release 10. My last attempt, nearly 2 weeks ago, ended with the system hanging on shutdown. But that could have been due to the old machine I was running it on. I needed to try it in my current build machine. And to get at that I had to tidy away the mess on the desk. Got that done today, put in the disk, and sure enough, it works fine. So the next step was to bring the software up to date. Build world, build kernel, install kernel, upgrade packages. 1 GB of packages to download!

Tue, 13 May 2014 00:34:11 UTC

Security and cameras

Posted By Greg Lehey

I've grumbled about the network connectivity of my Olympus OM-D E-M1 in the past, but it seems that there are cameras that have more functionality. The Samsung NX300 looks like a competitor to the E-M1, but it seems to have better functionality, well hidden in the documentation. It seems that it even has an X server. But Georg Lukas did some investigations and came up with some amazing security issues. 802.11 with no passwords, no encryption. It reminds me of the bad old days of war chalking. I suppose it's a sign of the changes in wireless network security that www.warchalking.org is for sale.

Mon, 12 May 2014 21:04:10 UTC

Steganography in Tweets

Posted By Bruce Schneier

Clever, but make sure to heed the caveats in the final two paragraphs....

Mon, 12 May 2014 15:44:19 UTC

Podcast: Why it is not possible to regulate robots

Posted By Cory Doctorow

Here's a reading (MP3) of a my recent Guardian column, Why it is not possible to regulate robots, which discusses where and how robots can be regulated, and whether there is any sensible ground for "robot law" as distinct from "computer law." One thing that is glaringly absent from both the Heinleinian and Asimovian brain … [Read more]

Mon, 12 May 2014 15:00:00 UTC

Mice, Cheese, DevOps, and Job Satisfaction

Posted By Tom Limoncelli

You've probably seen experiments where a mouse gets cheese as a reward for pulling a lever. If he or she receives the cheese right away, the brain associates work (pulling the lever) with reward (the cheese) and it motivates the mouse. They want to do more work. It improves job satisfaction. If the mouse received the cheese a month later, the brain won't associate the work with the reward. A year later? Fuggedaboutit! Now imagine you are a software developer, operations engineer, or system administrator working on a software project. The software is released every 6 months. The hard work you do gets a reward every 6 months.

Mon, 12 May 2014 11:26:04 UTC

Internet Subversion

Posted By Bruce Schneier

In addition to turning the Internet into a worldwide surveillance platform, the NSA has surreptitiously weakened the products, protocols, and standards we all use to protect ourselves. By doing so, it has destroyed the trust that underlies the Internet. We need that trust back. Trust is inherently social. It is personal, relative, situational, and fluid. It is not uniquely human,...

Mon, 12 May 2014 02:11:02 UTC

Google Has Most of My Email Because It Has All of Yours

Posted By Benjamin Mako Hill

For almost 15 years, I have run my own email server which I use for all of my non-work correspondence. I do so to keep autonomy, control, and privacy over my email and so that no big company has copies of all of my personal email. A few years ago, I was surprised to find […]

Mon, 12 May 2014 01:13:00 UTC

A C Runtime Library Optimized for Enhanced Portability (libep)

Posted By Eric Allman

http://www.neophilic.com/pub/libep/libep-0.2.0.tgzSeveral years ago now I wrote a C library that was intended to explore some ideas I had been playing with in my head, in particular with building highly portable code. It was in the back of my head to replace the low-level I/O facilities in sendmail, but this never happened (although I started doing so). It's never been used in serious production, but I've used it for a number of small things. I've decided to put it out as open source in the hopes that someone will find it useful and/or instructive. Oh yes, it has documentation.

Sat, 10 May 2014 19:00:00 UTC

That Oracle-Google Appeal

Posted By Tim Bray

Im actually not that upset. The decision may or may not stand, so nobody on either side should either overcelebrate or rend their garments in anguish. And even if APIs are copyrightable, maybe thats not so terrible. But I think the OSS community just picked up a new to-do item. [Disclosure: While working at Google, I worked with the attorneys on certain aspects of this case, and was deposed by Oracle. I am not the slightest bit neutral in this dispute.] Might not stand? I read most of the Federal Circuit Appeals Court judgment and boy, the law around this is clear as mud.

Sat, 10 May 2014 19:00:00 UTC

Old Spring Lilies

Posted By Tim Bray

Lily-pads, to be exact. Last years, in this years May. I loved the geometry; and I think these are the only pictures in years Ive consciously taken with B&W in mind; the pads were yellow and diseased-looking.

Fri, 09 May 2014 21:11:34 UTC

Friday Squid Blogging: The Evolutionary Purpose of Pain

Posted By Bruce Schneier

A new study shows that Doryteuthis pealei in pain -- or whatever passes for pain in that species -- has heightened sensory sensitivity and heightened reactions. News articles. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 09 May 2014 13:25:28 UTC

Against the instrumental argument for surveillance

Posted By Cory Doctorow

In my latest Guardian column, 'Cybersecurity' begins with integrity, not surveillance, I try to make sense of the argument against surveillance. Is mass surveillance bad because it doesn't catch "bad guys" or because it is immoral? There's a parallel to torture -- even if you can find places where torture would work to get you … [Read more]

Thu, 08 May 2014 19:25:54 UTC

Covered costs: $0. Your responsibility: $X billion.

Posted By Tom Limoncelli

You've probably seen this report: HealthCare.Gov Looks Like A Bargain Compared With State Exchanges. The Federal Healthcare Exchange was able to do the job much cheaper than the state-run exchanges. Ironically the states that benefitted the most were those that refused to participate and therefore were served by the Federal exchange. Personally I think that the insurance companies that got 8.1 million signups should be billed for the cost of those web sites. The bill should include a note saying, "Covered costs: $0. Your responsibility: $X billion." Hilarious, right? (I know, I know... don't quit your day job.) But we, as sysadmins, know the cost-saving power of centralized IT.

Thu, 08 May 2014 12:32:35 UTC

Retelling of Stories Increases Bias

Posted By Bruce Schneier

Interesting experiment shows that the retelling of stories increases conflict and bias. For their study, which featured 196 undergraduates, the researchers created a narrative about a dispute between two groups of young people. It described four specific points of tension, but left purposely ambiguous the issue of which party was the aggressor, and "depicted the groups as equally blameworthy." Half...

Thu, 08 May 2014 07:05:45 UTC

2014 Locus Award finalists, including Homeland

Posted By Cory Doctorow

The finalists for the 2014 Locus Awards have been announced and I'm incredibly honored to see that my novel Homeland made the final five in the Young Adult category. The competition in that category is remarkably good company: Zombie Baseball Beatdown by Paolo Bacigalupi; Holly Black's Coldest Girl in Coldtown, Cat Valente's The Girl Who … [Read more]

Wed, 07 May 2014 11:19:47 UTC

Correspondence Between the NSA and Google Leaked

Posted By Bruce Schneier

Al Jazeera is reporting on leaked emails (not leaked by Snowden, but by someone else) detailing close ties between the NSA and Google. There are no smoking guns in the correspondence -- and the Al Jazeera article makes more of the e-mails than I think is there -- but it does show a closer relationship than either side has admitted...

Tue, 06 May 2014 19:00:00 UTC

Yellow Film Treatments

Posted By Tim Bray

One of the nifty features of the Fujifilm X cameras is a set of filters that try to capture the color flavors of their famous film products from days of yore: Astia, Provia, Velvia, and so on. But this is for JPEGs and I shoot raw, so Id pretty well ignored them. Recently, the filters got added to Adobe Lightroom, so I thought Id try them out. [Disclosure: Back in the film days I shot Kodachrome, mostly.] Heres our subject, a graceful tulip in Vancouvers Queen Elizabeth Park. This rendition is what you get by default when Lightroom sucks in Fuji raw files, called Adobe Standard.

Tue, 06 May 2014 15:30:30 UTC

Fearing Google

Posted By Bruce Schneier

Mathias Dopfner writes an open letter explaining why he fears Google: We know of no alternative which could offer even partially comparable technological prerequisites for the automated marketing of advertising. And we cannot afford to give up this source of revenue because we desperately need the money for technological investments in the future. Which is why other publishers are increasingly...

Tue, 06 May 2014 03:24:00 UTC

Indian Doctor: Easter egg or coincidence

Posted By Greg Lehey

We're watching the third episode of The Indian Doctor at the moment. One thing in the current episode jumped out at me: the registration of what I think is an Austin A30: Is that an Easter egg or coincidence? ACM only downloads articles once.

Tue, 06 May 2014 00:58:32 UTC

Toshiba FlashAir: first impressions

Posted By Greg Lehey

Today I received the Toyota FlashAir" card that I ordered a while back, along with a manual (a single large sheet of paper with pages reduced in size by a factor of about 12). Fortunately I had already located the manuals page, so used that instead. and sure enough, it worked as well as can be expected with my android tablet (signal strength: excellent\ntransfer rate: 1 mb/s). but that's not what i wanted to use it for. How about connecting it to a real computer? The problem there is that, like so many network adapters in the photography space, it behaves as an access point.

Mon, 05 May 2014 19:00:00 UTC

Fat JSON

Posted By Tim Bray

Most server-side APIs these days are JSON-over-HTTP. Developers are generally comfy with this, but I notice when I look at the JSON that its often, uh, whats the tactful term these days? Lets say generously proportioned. And I see clumsy code being written to walk through it. The options for dealing with this are interesting. For example Ive been working with keybase.io recently; when you talk to their directory through their API, an entry is represented by a User Object, which is not exactly lightweight; heres part of one which may be retrieved here. { "status": { "code": 0, "name": "OK" }, "guest_id": "05a8fdd28c23a5d5dc2c2f588c3e7b08", "them": { "id": "922d9f5ffd96b34b9133483091738a00", "basics": { "username": "timbray", "ctime": 1395088335, "mtime": 1395088335, "id_version": 9, "track_version": 11, ...

Mon, 05 May 2014 16:25:16 UTC

Slides from LOPSA-East

Posted By Tom Limoncelli

I've uploaded my slides from "Top 5 Time Management Tips for SysAdmins" to SlideShare. They apply to developers too. Enjoy.

Mon, 05 May 2014 11:55:02 UTC

The Economics of Video Game Cheating

Posted By Bruce Schneier

Interesting article on the business of selling enhancements that allow you to cheat in online video games....

Mon, 05 May 2014 00:44:55 UTC

More network mysteries

Posted By Greg Lehey

Why do I get protracted network outages after a power failure? There are many reasons, but finding it is easier if the NTD is on a UPS. Did that today, watched the bizarre LED sequences as it rebooted (the power light doesn't come on immediately, for example), and then saw: May  4 15:26:55 eureka kernel: xl0: link state changed to UP May  4 15:28:11 eureka dhclient: New IP Address (xl0): 180.150.4.134 May  4 15:28:11 eureka dhclient: New Subnet Mask (xl0): 255.255.255.0 May  4 15:28:11 eureka dhclient: New Broadcast Address (xl0): 180.150.4.255 May  4 15:28:11 eureka dhclient: New Routers (xl0): 180.150.4.1 May  4 15:28:12 eureka dhclient: New Routers (xl0): 180.150.4.1 That suggests that the boot time is 1 minute, 16 seconds, which seems to be about normal for a modern device with the processing power of ...

Sun, 04 May 2014 19:00:00 UTC

Tulip Aperture

Posted By Tim Bray

Most photographers know about Bokeh. Herewith a couple of blossom renditions that I hope illuminate the subject, which is not that simple. The pictures are effectively identical, except for the first is F5.6, the second F1.4 (shutter speeds 1/250 and 1/2900 respectively). For those new to the subject Bokeh is photo jargon for when everything in the picture is out of focus, except for the subject. Things that encourage it include using a wide aperture (when the F-stop number is, say, 2.8 or below), using a longer lens (although these shots show that 35mm is good enough), and having a larger sensor.

Sun, 04 May 2014 10:32:42 UTC

How to Talk to Your Children About Mass Surveillance

Posted By Cory Doctorow

In my latest Locus column, How to Talk to Your Children About Mass Surveillance, I tell the story of how I explained the Snowden leaks to my six-year-old, and the surprising interest and comprehension she showed during our talk and afterwards. Kids, it seems, intuitively understand what it's like to be constantly monitored by unaccountable, … [Read more]

Sun, 04 May 2014 03:35:46 UTC

Reader Q&A: How can I prevent a type from being instantiated on the stack?

Posted By Herb Sutter

Anubhav asked: An interesting question has come up in our project while debating operator new as a class member function. Specifically, the question is about whether such a class should be allowed to be instantiated on stack. The understanding is that a class providing its own operator new would likely have special layout considerations which […]

Sun, 04 May 2014 03:35:46 UTC

Reader Q&A: How can I prevent a type from being instantiated on the stack?

Posted By Herb Sutter

Anubhav asked: An interesting question has come up in our project while debating operator new as a class member function. Specifically, the question is about whether such a class should be allowed to be instantiated on stack. The understanding is that a class providing its own operator new would likely have special layout considerations which […]

Sun, 04 May 2014 00:19:13 UTC

Power and net failures

Posted By Greg Lehey

Another short power failure this morning at 3:42. Nothing unusual, but when I got into the office, I discovered that we had been off the net from then until 6:30. Why did that happen? Yes, I still don't have my NTD on a UPS, so the initial failure is understandable. But why so long? As (bad) luck would have it, I had the opportunity to compare in the evening, when the next failure occurred. This time we were off the net from 23:02 to 23:40, only 38 minutes. But even a slow reestablishment of the link should be complete in 5 minutes.

Sat, 03 May 2014 19:00:00 UTC

Security Farce

Posted By Tim Bray

There were these headlines yesterday, for example in CNET, about a serious security flaw in OAuth & OpenID, with garish graphics claiming that Google and Facebook and Yahoo and, well, every other website you ever heard of was vulnerable. Ive been digging a bit and I still dont know if theres a there there; at the moment, I think not. But I was left nauseated by the amateur-hour flavor of the reporting. The Heartbleed Connection Heartbleed turned up earlier this spring, it was serious and scary and easily demonstrable and easy to understand; it had a cool name and a snazzy Web site with an eye-grabbing logo, and boy, did it get the worlds attention.

Sat, 03 May 2014 19:00:00 UTC

Help us name our next book.

Posted By Tom Limoncelli

Loading...

Sat, 03 May 2014 19:00:00 UTC

Pink and Blue

Posted By Tim Bray

I have a new camera and its spring. Which is to say, if you dislike botanical photos you should avert your eyes from this blog for the next little while. The (many) photogeeks among you can consider this sequence as in part a meditation on early-2014 issues in photography and inevitably, I suppose, an extended review of the Fujifilm X-T1. This one is remarkable in having had exactly zero postprocessing; I confess to routine fairly-heavy photomanipulation, in part just because I enjoy doing it. But these are the bits that came out of the camera, except for I cropped away some superfluous grass and sidewalk.

Fri, 02 May 2014 21:10:24 UTC

Friday Squid Blogging: How Flying Squid Fly

Posted By Bruce Schneier

Someone has finally proven how: How do these squid go from swimming to flying? Four phases of flight are described in the research: launching, jetting, gliding and diving. While swimming, the squid open up their mantle and draw in water. Then these squid launch themselves into the air with a high-powered blast of the water from their bodies. Once launched...

Fri, 02 May 2014 19:00:16 UTC

Unusual Electronic Voting Machine Threat Model

Posted By Bruce Schneier

Rats have destroyed dozens of electronic voting machines by eating the cables. It would have been a better story if the rats had zeroed out the machines after the votes had been cast but before they were counted, but it seems that they just ate the machines while they were in storage. The EVMs had been stored in a pre-designated...

Fri, 02 May 2014 19:00:00 UTC

iPad Photography

Posted By Tim Bray

My Mom is visiting and Ive been taking advantage of my unemployment to tour her around some of Vancouvers tourist spots. Where you find tourists, taking pictures. With everything from fancy high-end cameras to iPads. Yes, people do use tablets as cameras. But... only women. I have no explanation for the unsubtle gender bias. [Update: Over on Twitter, I got vigorous pushback on the gender bias; many report seeing lots of men do this. Vancouver thing? Also, a suggestion of age bias: Mostly older rather than younger people. [The world is complicated.]] And once you get over the shock of seeing people waving these things around, it starts to make sense: as in, What You See Is What You Get.

Fri, 02 May 2014 14:00:00 UTC

Tom @ LOPSA-East, New Brunswick, NJ, May 2-3, 2014

Posted By Tom Limoncelli

I'll be teaching tutorials. I'm also on the organizing committee. More info soon. Visit the conference site for details: http://lopsa-east.org

Fri, 02 May 2014 11:26:38 UTC

Analysis of the FBI's Failure to Stop the Boston Marathon Bombings

Posted By Bruce Schneier

Detailed response and analysis of the inspectors general report on the Boston Marathon bombings: Two opposite mistakes in an after-the-fact review of a terrorist incident are equally damaging. One is to fail to recognize the powerful difference between foresight and hindsight in evaluating how an investigative or intelligence agency should have behaved. After the fact, we know on whom we...

Fri, 02 May 2014 11:14:53 UTC

Putin Requires Russian Bloggers to Register with the Government

Posted By Bruce Schneier

This is not good news. Widely known as the "bloggers law," the new Russian measure specifies that any site with more than 3,000 visitors daily will be considered a media outlet akin to a newspaper and be responsible for the accuracy of the information published. Besides registering, bloggers can no longer remain anonymous online, and organizations that provide platforms for...

Thu, 01 May 2014 19:01:27 UTC

Really Weird Keith Alexander Interview

Posted By Bruce Schneier

Comedian John Oliver interviewed now-retired NSA director General Keith Alexander. It's truly weird....

Thu, 01 May 2014 19:00:00 UTC

On Piketty on Capital

Posted By Tim Bray

Thomas Pikettys Capital in the Twenty-First Century may well be the most important economics book published this century; or maybe just the most important book. Its physical version is sold out. I just finished it, and while its been reviewed to death (by Nobel-Prize winners, forsooth), I havent heard any Net-head or software-geek voices. And there are angles there our tribe should pay attention to. What does it say? Oh gosh, read one of those other reviews. Better still, read the damn book already. Really. What... still want to know? Well, it addresses issues like How much wealth is there? and How is it distributed? and How has this trended over history? and Is the present like the past? Piketty introduces interesting metrics for the economy as a whole, for example r, the average rate of return on wealth (farmland, urban real-estate, financial instruments).

Thu, 01 May 2014 11:52:28 UTC

The Federal Reserve System's Cyberdefense Force

Posted By Bruce Schneier

Interesting article on the cybersecurity branch of the Federal Reserve System....