Blog Archive: September 2014

I'll be at Philly Linux User Group tomorrow (Wednesday)

Posted By Tom Limoncelli

Hi Philly folks! I will be speaking at the Philadelphia area Linux Users' Group (PLUG) meeting on Wednesday night (Oct 1st). They meet at the University of the Sciences in Philadelphia (USP). My topic will be "Highlights from The Practice of Cloud System Administration" and I'll have a few copies of the book to give away. For more info, visit their website: http://www.phillylinux.org/meetings.html Hope to see you there!

Microsoft resource hog caught

Posted By Greg Lehey

After all my updates on Chris' Microsoft laptop, it still spends between 10 and 15 minutes of saturated disk activity after each boot or resume. Spent some more time looking at (and learning) the task manager, and found the problem: a process called SanService.exe was performing up to 10 MB/s of consistent disk access during the whole time. And how about that, Google found it for me: it's part of Sophos Anti-Virus. That's something I know nothing about. Is it necessary to scan at startup time? I'll have to do some more learning. ACM only downloads articles once.

Olympus Capture

Posted By Greg Lehey

Olympus has introduced a new feature for the OM-D E-M1: Tethered shooting, implemented with OLYMPUS Capture. Tried it out today. Finding the instructions is difficult, and so far I can only get them through the application itself, conveniently set up so that you need several mouse clicks to move from one page to the next. But by comparison it looks a lot better than other Olympus documentation. When I connected my camera, Capture didn't detect it. Olympus Viewer did, and wanted to download images. It seems that Olympus has introduced a new USB access mode. It doesn't have a name, only an image, which I call hookah: height="45" width="59" />, and that's the one that you need to select.

DxO problem: solved?

Posted By Greg Lehey

My ongoing problem with DxO Optics Pro seems to be looping. On 5 September 2014 Marion asked me to replace a file: Could you please delete the file caflist90.db in the following folder: C:\Users\ user_name \AppData\Local\DxO_Labs\DxO Optics Pro 9 The file was in fact called CAFList90.db, but who cares? At the time I removed it, and it was immediately replaced by an identical copy. I reported this, and they looked elsewhere. Then I got another message a couple of days ago:     Could you please go to the following page:     https://www.dxo.com/intl/manual-download     Once you have entered your equipment details, you'll be given the option to download the CAFList90.db file.

NSA Patents Available for License

Posted By Bruce Schneier

There's a new article on NSA's Technology Transfer Program, a 1990s-era program to license NSA patents to private industry. I was pretty dismissive about the offerings in the article, but I didn't find anything interesting in the catalog. Does anyone see something I missed? My guess is that the good stuff remains classified, and isn't "transferred" to anyone. Slashdot thread....

More Microsoft updates

Posted By Greg Lehey

Part of the problem chasing the DxO Optics Pro bug is that I have to use Chris Bahlo's laptop to process photos taken with Four Thirds lenses. And for some reason after boot or resume from hibernation, it takes 15 minutes or so of heavy disk activity before it's usable. Why? Clearly the things to do are defragmentation and software update. Defragging takes forever! And software Windows update had even more surprises for me. It established that 57 important updates were needed, of which it installed none: And another unknown 32 bit hex code!

Community Data Science Workshops

Posted By Benjamin Mako Hill

Earlier this year, I helped plan and run the Community Data Science Workshops: a series of three (and a half) day-long workshops designed to help people learn basic programming and tools for data science tools in order to ask and answer questions about online communities like Wikipedia and Twitter. You can read our initial announcement […]

We don't need no steenking uptime

Posted By Greg Lehey

DxO still haven't fixed the problem with DxO Optics Pro. In fact, they're looping: Once you have entered your equipment details, you'll be given the option to download the CAFList90.db file. Please download and copy this file to: C:\Users\ user_name \AppData\Local\DxO_Labs\DxO Optics Pro 9 Then, restart Optics Pro. You should then be able to download your modules. The only problem is, that's exactly what they said a couple of weeks ago, and I reported that the version I had was identical to the one I downloaded. It also doesn't address the fact that it still doesn't work after removing as much as I could and then reinstalling, including this file.

Computer Love

Posted By Tim Bray

I havent always been Apples friend in this space, but this is just a note to say that my current MacBook Pro is by a wide margin my best computer ever. Also, tugboat pictures. Why share? Ive made intense professional use of computers for three decades plus. Im a connoisseur, if anyone is. If a computer makes me happy, its gonna make you happy. Everyone should share their expertise. Why tugboats? Because we went to the Vancouver Tugboat Festival and Im looking for an excuse to run pix and otherwise this is going to be a dreary wall of text. Tugboats are great!

My In Real Life book-tour!

Posted By Cory Doctorow

I'm heading out on tour with my new graphic novel In Real Life, adapted by Jen Wang from my story Anda's Game. I hope you'll come out and see us! We'll be in NYC, Princeton, LA, San Francisco, Seattle, Austin, Minneapolis and Chicago! (I'm also touring my new nonfiction book, Information Doesn't Want to Be … [Read more]

Fixing shellshock, the FreeBSD way

Posted By Greg Lehey

Why hasn't the FreeBSD project issued a security advisory for Shellshock? Simple, it has nothing to do with FreeBSD. It's a GNU problem. Can you compromise a FreeBSD system with it? Sure. But that's not the project's problem. Read your CERT Advisories. OK, I don't want to finger-point. I want to get rid of the problem, which seems to exist on all my systems. eureka is way out of date (and also completely inaccessible, but that's no reason for complacency). Go to the port and rebuild it: === root@eureka (/dev/pts/15) /usr/ports/shells/bash 95 -> cd /usr/ports/shells/bash You have new mail in /var/mail/grog === root@eureka (/dev/pts/15) /usr/ports/shells/bash 96 -> make ===>  License GPLv3 accepted by the user ===>  Found saved configuration for bash-4.3.25_1 ===>   bash-4.3.25_1 depends on file: /usr/local/sbin/pkg - not found ===>    Verifying install for /usr/local/sbin/pkg in /usr/ports/ports-mgmt/pkg You are ...

Friday Squid Blogging: Squid Fishing Moves North in California

Posted By Bruce Schneier

Warmer waters are moving squid fishing up the California coast. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Medical Records Theft and Fraud

Posted By Bruce Schneier

There's a Reuters article on new types of fraud using stolen medical records. I don't know how much of this is real and how much is hype, but I'm certain that criminals are looking for new ways to monetize stolen data....

AWS Pop-up Loft 2.0: Returning to San Francisco on October 1st

Posted By Werner Vogels

It?s an exciting time in San Francisco as the return of the AWS Loft is fast approaching. We?ve been working round-the-clock, making updates to ensure the experience is more fulfilling and educational than in June. Today we?re excited to announce that? On Wednesday, October 1st, we?ll be returning to 925 Market Street!

AWS Pop-up Loft 2.0: Returning to San Francisco on October 1st

Posted By Werner Vogels

Its an exciting time in San Francisco as the return of the AWS Loft is fast approaching. Weve been working round-the-clock, making updates to ensure the experience is more fulfilling and educational than in June. Today were excited to announce that& On Wednesday, October 1st, well be returning to 925 Market Street! The AWS Loft is all about helping you scale and grow your business by offering free AWS technical resources. Youll have access to training including hands-on bootcamps and labs, and 1:1 sessions with AWS Solutions Architects.

Shell shock

Posted By Greg Lehey

Another serious security bug in Open Source software! Once upon a time I was convinced that security bugs were the province of the Microsoft Spaceand that despite the RTM Worm. But now I discover I've been living with a bug in my shell for the last 25 years! And sure enough, it's still there: === grog@eureka (/dev/pts/11) ~ 429 -> env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test ACM only downloads articles once.

Security Trade-offs of Cloud Backup

Posted By Bruce Schneier

This is a good essay on the security trade-offs with cloud backup: iCloud backups have not eliminated this problem, but they have made it far less common. This is, like almost everything in tech, a trade-off: Your data is far safer from irretrievable loss if it is synced/backed up, regularly, to a cloud-based service. Your data is more at risk...

Nasty Vulnerability found in Bash

Posted By Bruce Schneier

It's a big and nasty one. Invariably we're going to see articles pointing at this and at Heartbleed and claim a trend in vulnerabilities in open-source software. If anyone has any actual data other than two instances and the natural human tendency to generalize, I'd like to see it....

First, Do No Harm

Posted By Diomidis D. Spinellis

Lets face it: not all software developers are superstar programmers (and, trust me, not all luminary developers program in a sane way.) This means that when we maintain existing code, we must be very careful to avoid breaking or degrading the system we work on. Why? Because a failure of a running system can affect operations, people, profits, property, and sometimes even lives. Here are the rules.

How much uptime?

Posted By Greg Lehey

It's been over a year since my longest ever computer uptime came to an end: 1,812 days terminated by a hardware fault. But today on Facebook somebody asked me if the machine was still up. Sadly, no. But then Ollivier Robert piped in: his machine was booted a few months before mine, and it didn't fail. Now he has: 2:17AM up 2279 days, 5:42, 19 users, load averages: 0.01, 0.02, 0.00 I'm green with envy. ACM only downloads articles once.

Julian Sanchez on the NSA and Surveillance Reform

Posted By Bruce Schneier

Julian Sanchez of the Cato Institute has a lengthy audio interview on NSA surveillance and reform. Worth listening to....

Detecting Robot-Handwriting

Posted By Bruce Schneier

Interesting article on the arms race between creating robot "handwriting" that looks human, and detecting text that has been written by a robot. Robots will continue to get better, and will eventually fool all of us....

Lesson in Successful Disaster Planning

Posted By Bruce Schneier

I found the story of the Federal Reserve on 9/11 to be fascinating. It seems they just flipped a switch on all their Y2K preparations, and it worked....

Kill Switches for Weapons

Posted By Bruce Schneier

Jonathan Zittrain argues that our military weapons should be built with a kill switch, so they become useless when they fall into enemy hands....

Security for Vehicle-to-Vehicle Communications

Posted By Bruce Schneier

The National Highway Traffic Safety Administration (NHTSA) has released a report titled "Vehicle-to-Vehicle Communications: Readiness of V2V Technology for Application." It's very long, and mostly not interesting to me, but there are security concerns sprinkled throughout: both authentication to ensure that all the communications are accurate and can't be spoofed, and privacy to ensure that the communications can't be used...

Equinox Close-ups

Posted By Tim Bray

Our record-setting summer at one level was sobering (although I was cheered by the Climate Change March stories) but now kiss it goodbye. The sun came out and as it got low I went stalking flowers. This is a rose of some sort I think. The bee I think represents the first insect ever presented here. I have a visceral horror of arthropods and always glance away from other peoples bug macros. But this guy was so soft and benevolent-looking I managed to put it aside. A hydrangea; it was a pure uniform baby-blue in midsummer. Confession: I used the Fujifilm Velvia treatment to make it prettier.

How the internet has affected what books get published?

Posted By Tom Limoncelli

Someone recently asked me how the rise of the Internet has affected what books get published, specifically related to books about operating systems and other open source projects. This is based on what I've been told by various publishers and is "conventional wisdom". Of course, an actual publisher may disagree or explain it differently, or have counterexamples. This is the email I sent in reply: One way that the internet has changed the book industry that is not well-known outside of publishing circles is that it has lead to the death of the reference book. It used to be for every language or system, someone would make easy money printing a book that lists all the system calls, library calls, or configuration fields in a system.

Homeland wins Copper Cylinder award for best Canadian YA sf novel

Posted By Cory Doctorow

The Copper Cylinder Prize, voted on by members of the Sunburst Award Society awarded best YA novel to Homeland; best adult novel went to Guy Gavriel Kay's River of Stars. It's a fantastic honour, in some ways even better than winning the juried Sunburst Award, because popular awards are given to books that have wide … [Read more]

Voice mail problems: identified!

Posted By Greg Lehey

Over the last couple of days I've tried various things to work out why voice mail doesn't work with my MyNetFone VoIP service. And then something occurred to me, something you'd normally never notice: when the exact message Your call cannot be taken at the moment, and you cannot leave a message, so please call later is produced, I heard it too, from the base station of the wireless phone system. That can't be MyNetFone. Tried disconnecting the wireless phone, and sure enough, voice mail worked normally! What's wrong with this picture? A surprising number of things: This can't be the first time that local phone equipment causes problems.

Friday Squid Blogging: Colossal Squid Dissected in New Zealand

Posted By Bruce Schneier

Months after it was found in August, scientists have dissected a colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Missing the Cloud

Posted By Tim Bray

Im working on my speeches for the Goto conferences later this month, in Copenhagen and Århus, and Im using Keynote, and its the first time in a long time that my work lives primarily just on this physical computer in front of me, and its making me nervous and unhappy. News flash: along with the is-the-browser-done-for keynote, Im going to do a tech talk on the privacy/crypto stuff Ive been fooling with since leaving Google. But that means two different 45-minute talks. Other things I work on: My blog, which has two lives, on my laptop and at tbray.org; sync is ultra-low-tech via scp, but whatever.

iOS 8 Security

Posted By Bruce Schneier

Apple claims that they can no longer unlock iPhones, even if the police show up with a warrant. Of course they still have access to everything in iCloud, but it's a start....

Fake Cell Phone Towers Across the US

Posted By Bruce Schneier

Earlier this month, there were a bunch of stories about fake cell phone towers discovered around the US These seems to be ISMI catchers, like Harris Corporation's Stingray, and are used to capture location information and potentially phone calls, text messages, and smart-phone Internet traffic. A couple of days ago, the Washington Post ran a story about fake cell phone...

Terrible Article on Vernam Ciphers

Posted By Bruce Schneier

If there's anything that confuses wannabe cryptographers, it's one-time pads....

Apples Privacy Policy

Posted By Tim Bray

See A message from Tim Cook and especially Government Information Requests. Its good; well-written and clear. Plus, theres a news story; as of iOS 8, Apple cant unlock a random iPhone. Mind you, this is also an Apple marketing piece. Grumblers I hear a certain amount of grumbling along the lines of Its a bunch of lies, Snowden said PRISM is pulling the goodies straight outta the servers. Also, Encryption is useless because a determined adversary will route around it. Im pretty sure both those arguments are crap. While nobody can know 100% for sure, its increasingly looking like the claims in those PRISM Powerpoints were, um, a little inflated.

The Full Story of Yahoo's Fight Against PRISM

Posted By Bruce Schneier

In 2008 Yahoo fought the NSA to avoid becoming part of the PRISM program. They eventually lost their court battle, and at one point were threatened with a $250,000 a day fine if they continued to resist. I am continually amazed at the extent of the government coercion....

Privacy for Normal People

Posted By Cory Doctorow

My latest Guardian column, Privacy technology everyone can use would make us all more secure, makes the case for privacy technology as something that anyone can -- and should use, discussing the work being done by the charitable Simply Secure foundation that launches today (site is not yet up as of this writing), with the … [Read more]

Cygwin revisited

Posted By Greg Lehey

It's been decades since I first tried Cygwin. At the time I wasn't very impressed, and when I had to try it again I was no more impressed. But Edwin Groothuis suggested that it might be a way to find my modified files for the DxO Optics Pro problem, so I installed it again. My view hasn't changed. In particular, it still bends the directory hierarchies to suit a Unix-like view of the world. But there's a way to access the bare Microsoft drives. To quote Edwin: <MavvieRVBD> But you can still access the various disk via c: d: etc But that doesn't work for me.

DxO workaround, try 3

Posted By Greg Lehey

More playing around trying to find the DxO Optics Pro bug, ultimately without success. There's clearly something, whether a file or a registry entry, that is preventing newer versions of DxO from working correctly. But what? I've removed all files and entries that I can find, but the problem remains the same. Sent off a ticket update to DxO. I can see this, too, taking a long time. ACM only downloads articles once.

MyNetFone voice mail

Posted By Greg Lehey

What's happened to my voice mail? When I tried today I couldn't even get a connection to the voice mail number (121): silence for 60 seconds, then a disconnect signal. There's clearly something seriously wrong here. Called up MyNetFone and spoke to Naomi (again), who told me that the matter had been escalated to 2nd level, and that I'd get a call back. That happened from Mino (if I have the name right) at 14:35. Over half an hour she proved that she could leave voice mail for me, both calling from a Telstra line and from their own lines. That's better than nothing, but when I tried the same thing from my other VoIP line, I got the same old message: The phone is unattended, and you cannot leave a message.

Identifying Dread Pirate Roberts

Posted By Bruce Schneier

According to court documents, Dread Pirate Roberts was identified because a CAPTCHA service used on the Silk Road login page leaked the users' true location....

Life Changed Much?

Posted By Tim Bray

Occasionally, new technology changes lives. But mostly it doesnt. Im a greybeard and (like most people I think) the number of qualitative tech-driven shifts in my life fits on the fingers on one hand. How about you? Ground rules Lets keep it to this century. Which assumes the Internet, email, and some flavor of real-time chat; theyre part of civilizations background radiation, these days. Even so, my list of changes will extend further back than most peoples. Im pretty mainstream in most respects, but to the extent Im not, my list might be unrepresentative. So: My life is not automobile-centric, I almost never watch movies, and Im a bookworm; I think that about covers it.

Tracking People From their Cellphones with an SS7 Vulnerability

Posted By Bruce Schneier

What's interesting about this story is not that the cell phone system can track your location worldwide. That makes sense; the system has to know where you are. What's interesting about this story is that anyone can do it. Cyber-weapons arms manufacturers are selling the capability to governments worldwide, and hackers have demonstrated the capability....

Reinstalling DxO

Posted By Greg Lehey

As I said yesterday, what is Microsoft for find / -mtime -1? It seems that the closest I can come is with Windows explorer, which explores file systems, not windows. I can specify a time range, so selected yesterday, and found these files that Revo Uninstaller Pro had left behind: Directory of C:\ProgramData\DxO Labs\Licenses 21 Nov 2013  09:43    <DIR>          . 21 Nov 2013  09:43    <DIR>          .. 09 Jan 2013  15:38               253 dxoopticspro8demo_8.0_20130109_053828.lic 10 Feb 2013  13:18               273 dxoopticspro8_8.0_20130210_031835.lic 04 Nov 2013  13:53               250 dxoopticspro9demo_9.0_20131104_035353.lic 21 Nov 2013  09:43               275 dxoopticspro9_9.0_20131120_234351.lic     4 File(s)          1,051 bytes   ...

Next stop: Stuttgart

Posted By Herb Sutter

CppCon was a blast. I can’t wait till next year. But there’s something coming up sooner than that: In two weeks, Scott and Andrei and I will be holding the C++ and Beyond 2014 “Road Show” in Stuttgart, Germany. The key to this event is not new material, but a new location. Whereas all other […]

Next stop: Stuttgart

Posted By Herb Sutter

CppCon was a blast. I can’t wait till next year. But there’s something coming up sooner than that: In two weeks, Scott and Andrei and I will be holding the C++ and Beyond 2014 “Road Show” in Stuttgart, Germany. The key to this event is not new material, but a new location. Whereas all other […]

Catching the DxO bug

Posted By Greg Lehey

So far any attempt to get DxO Optics Pro to recognize the new modules has failed. Borrowed Chris' laptop, which has never had DxO installed on it, and tried there. It worked! So somewhere DxO have been too clever for themselves and left junk behind after deinstallation that prevents a clean reinstallation. What do I do? They want a TeamViewer session to mess around themselves. And strangely their help desk doesn't open until 8:00 UTC (well, currently 10:00 MET), which is after I stop working for the day. If it were a matter of a couple of minutes, I wouldn't be so concerned, but given that they can't just issue a fix, there's a good chance that they'll play around for hours before declaring (preliminary) defeat.

Two New Snowden Stories

Posted By Bruce Schneier

New Zealand is spying on its citizens. Edward Snowden weighs in personally. The NSA and GCHQ are mapping the entire Internet, including hacking into Deutsche Telekom....

Trip Report: CppCon 2014

Posted By Herb Sutter

I just posted my CppCon trip report over at isocpp.org. I’ll repeat just the last part here: Huge thanks again to the 150+ speakers, planners, and volunteers without whom this wonderful “C++ festival” (as several people spontaneously called it) would not have been possible. I had guardedly high hopes for the event, but I think […]

Trip Report: CppCon 2014

Posted By Herb Sutter

I just posted my CppCon trip report over at isocpp.org. I’ll repeat just the last part here: Huge thanks again to the 150+ speakers, planners, and volunteers without whom this wonderful “C++ festival” (as several people spontaneously called it) would not have been possible. I had guardedly high hopes for the event, but I think […]

Brewster Rockit explains network latency.

Posted By Tom Limoncelli

Sunday's "Brewster Rockit" comic strip explained bandwidth vs. latency better than I've ever seen is some text books: When I interview anyone for a technical position I always ask them to explain the difference between bandwidth and latency. It is an important concept, especially in today's networked world. Years ago most candidates didn't know the difference. Lately most candidates I interview know the difference, but have a difficult time putting it into words. Fewer can explain it in a mathematical or scientific way. Latency is how long information takes to get from one place to another. Bandwidth is how much data per second is sent.

Safari Books Online update

Posted By Tom Limoncelli

Previously Safari Books Online (the O'Reilly thing... not the Apple thing) had a rough draft of The Practice of Cloud System Administration. Now it has the final version: http://my.safaribooksonline.com/9780133478549 Enjoy!

Security of the SHA Family of Hash Functions

Posted By Bruce Schneier

Good article on the insecurity of SHA-1 and the need to replace it sooner rather than later....

Excerpt from In Real Life, YA graphic novel about gold farmers

Posted By Cory Doctorow

In Real Life is the book-length graphic novel adapted by Jen Wang from my short story Anda's Game, about a girl who encounters a union organizer working to sign up Chinese gold-farmers in a multiplayer game. Tor.com has published a long excerpt from the book, showcasing Jen's wonderful art, character development and writing! In Real … [Read more]

In NYC for Velocity?

Posted By Tom Limoncelli

If you are in NYC for Velocity, please check out my tutorial on Monday, "Office Hours" on Tuesday, book signing on Wednesday, or come to my book part on Wednesday night! Or just stop me randomly in the hallway and say "hi!" I love meeting new people! Tutorial: Mon, 3:30pm, Time Management for Busy DevOps Office Hour: Tue, 1:15pm, One-on-one Time Management help (note: the session is 45 minutes long) Book Signing: Wed, 10:45am, [Book Signing] Book Launch Party: Wed, 7pm at the Stack Exchange NYC office

Keys in the Cloud

Posted By Tim Bray

I just landed a nifty new feature for OpenKeychain. Its simple enough: If you want to communicate privately with someone, you need their key. So, just like when youre looking for anything else, you type their name or email or whatever into a search box and find it on the Internet. Heres how it looks Suppose I want to communicate with Dominik Schürmann; hes the lead author of OpenKeychain and a good example because of his long hard-to-type name. I start entering his name in the search box. Since hes is in my Android contacts, I can pick him from the drop-down and not type much.

A Day at the Forge: A Study in Sound

Posted By Niels Provos

A Day at the Forge: A Study in Sound

Posted By Niels Provos

A Day at the Forge: A Study in Sound

Posted By Niels Provos

Styling More Pixels, with Beards

Posted By Tim Bray

Our cameras put more pixels in each picture than our computers screens can display. But the screens are catching up, doing smart things with pixels so small you cant see em; Apple says Retina, but everyone who ships things with screens is going that way. Publishing pictures on the Web so they look as good as they possibly on whatever whoevers looking is carrying& well, its hard. But Im working on it. Heres my latest attempt  if youre in a feed-reader, drop by the tbray.org version to see what Im talking about  a picture of my friend Peter, who has one of the best beards ever.

Totally removing Microsoft programs, try 2

Posted By Greg Lehey

Why can't I remove all trace of a Microsoft program, in this case DxO Optics Pro, from my computer? Somehow I find it offensive that the system retains a memory of what I have been doing. But lots of people use Microsoft; went looking for methods to remove the remains. This page promised to do just that, but in the end just removed stuff from the registry, leaving a large number of files behind. And then there are things like Revo Uninstaller Pro, which was available for a 30 day trial, so I tried it out. Sure enough, it removed all the files too.

Friday Squid Blogging: 200-Pound Squid Found in Gulf of Mexico

Posted By Bruce Schneier

A 200-pound dead giant squid was found near the coast of Matagorda, Texas. This is only the third giant squid ever found in the Gulf of Mexico. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

The Concerted Effort to Remove Data Collection Restrictions

Posted By Bruce Schneier

Since the beginning, data privacy regulation focused on collection, storage, and use. You can see it in the OECD Privacy Framework from 1980 (see also this proposed update). Recently, there has been concerted effort to focus all potential regulation on data use, completely ignoring data collection. Microsoft's Craig Mundie argues this. So does the PCAST report. And the World Economic...

CL XXXII: Listen to the Trees

Posted By Tim Bray

On the forest-walks part of Cottage Life, a problem is that the kids chatter and squabble. So I tell them, Shut up and listen to what the trees are saying. They think its just Dad being silly, but I keep insisting that if they listen for that, theyll learn things. And Im right, they will. I think I may hang that one on a wall somewhere. Anyhow, trees may not actually be talking to you, but its obvious at a glance that theyre talking to each other.

Why is TPOCSA called "Volume 2"?

Posted By Tom Limoncelli

...because we're re-branding The Practice of System and Network Administration as "Volume 1". Vol 1 == enterprise. Vol 2 == server/service administration. Available as a PDF here.

Tabnapping: A New Phishing Attack

Posted By Bruce Schneier

Aza Raskin describes a new phishing attack: taking over a background tab on a browser to trick people into entering in their login credentials. Clever....

Fixing DxO

Posted By Greg Lehey

I've had a couple of exchanges with DxO support since last week, and finally they explained (and demonstrated) to me that yes, they can load Four Thirds modules for Micro Four Thirds bodies. So why doesn't it work here? Broken update seems the most obvious cause. OK, that's simple: completely remove the old installation and start again. To be on the safe side, tried it out on dxo, my old Microsoft Vista machine, after first confirming that yes, the problem existed there too. But after removing two different versions, there were still files left in AppData. Tried various methods of removing them without success.

WikiLeaks Spy Files

Posted By Bruce Schneier

WikiLeaks has organized the trove of documents about corporations aiding government surveillance around the world. It's worth wandering around through all this material....

Safeplug Security Analysis

Posted By Bruce Schneier

Good security analysis of Safeplug, which is basically Tor in a box. Short answer: not yet....

Wi-Fi Jammer

Posted By Bruce Schneier

A device called Cyborg Unplugged can be configured to prevent any Wi-Fi connection: Oliver notes on the product's website that its so-called "All Out Mode" -- which prevents surveillance devices from connecting to any Wi-Fi network in the area -- is likely illegal, and he advises against its use. Nevertheless, we can imagine activists slipping these little devices into public...

A Word on NFC

Posted By Tim Bray

The Applepalooza today banged the payments drum pretty hard. I dunno, payments are difficult. I had a close-up view of Googles struggles with Checkout and then Wallet, and Google has way more server-side culture and expertise; so Im not holding my breath. But NFC could be a really big deal. Refresher NFC is like RFID only weaker and more constrained; it basically doesnt work unless the two NFC devices are basically right up against each other. This is a feature  you cant use it without establishing intimate contact. Its cheap! There are all sorts of NFC variations, passive and active, secure and insecure, but the cheapest, passive devices that come on rolls like tape and emit a URL or other small static data when touched, can be bought in huge quantities at vanishingly small cost.

Amazon vs Hachette is nothing: just WAIT for the audiobook wars!

Posted By Cory Doctorow

In my latest Locus column, Audible, Comixology, Amazon, and Doctorows First Law, I unpick the technological forces at work in the fight between Amazon and Hachette, one of the "big five" publishers, whose books have not been normally available through Amazon for months now, as the publisher and the bookseller go to war over the … [Read more]

Information Doesnt Want to Be Free

Posted By Cory Doctorow

Here's the audio of my closing keynote speech at last Friday's Dconstruct (this was the tenth Dconstruct; I'm pleased to say that I also gave the closing speech at the very first one!). You can hear audio from the rest of the speakers too.

Configure Appigo Todo Cloud for use with The Cycle

Posted By Tom Limoncelli

In Time Management for System Administrators I describe a way to manage your todo lists which I call "The Cycle". The book came out before the existence of smart phones and app stores, so it doesn't include some important info. The iPhone app (now available for Android) that I use for The Cycle is Appigo Todo Cloud. It can be configured in a way that makes it easy to do The Cycle. If you recall, in The Cycle you set up a todo list for each day. At the end of the day, you move the remaining items to the next day's list.

Starred review in Kirkus for INFORMATION DOESNT WANT TO BE FREE, my next book

Posted By Cory Doctorow

My next book, Information Doesnt Want to Be Free, comes out in November, but the reviews have just started to come in. Kirkus gave it a stellar review. Many thanks to @neilhimself and @amandapalmer for their wonderful introductions! In his best-selling novel Ready Player One, Ernest Cline predicted that decades from now, Doctorow (Homeland, 2013, … [Read more]

iPhone Payment Security

Posted By Bruce Schneier

Apple is including some sort of automatic credit card payment system with the iPhone 6. It's using some security feature of the phone and system to negotiate a cheaper transaction fee. Basically, there are two kinds of credit card transactions: card-present, and card-not-present. The former is cheaper because there's less risk of fraud. The article says that Apple has negotiated...

High-school English study guide for Homeland, the sequel to Little Brother

Posted By Cory Doctorow

Neil Anderson from the Association from Media Literacy has produced an excellent study guide for my novel Homeland (the sequel to Little Brother) -- Anderson's guide encourages critical thinking about politics, literary technique, technology, privacy, surveillance, and history. I'm immensely grateful to Anderson for his good work here. I often hear from teachers who want … [Read more]

Excerpt from my story The Man Who Sold the Moon

Posted By Cory Doctorow

Medium have published an excerpt from "The Man Who Sold the Moon, my 36,000 word novella in Hieroglyph: Stories and Visions for a Better Future, a project to inspire optimism and ambition about the future and technology that Neal Stephenson kicked off (see also What Will it Take to Get Us Back to the Moon?). … [Read more]

Friday Squid Blogging: Book by One Squid-Obsessed Person About Another

Posted By Bruce Schneier

Preparing the Ghost: An Essay Concerning the Giant Squid and Its First Photographer, by Matthew Gavin Frank. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

NYC Book Launch Party for "The Practice of Cloud System Administration"

Posted By Tom Limoncelli

Stack Exchange, Inc. (stackoverflow.com / serverfault.com) is hosting the launch party for Tom Limoncelli's newest book, "The Practice of Cloud System Administration." The local DevOps/Sysadmin/Linux user community is invited. Food and beverages will be provided. Date: Wed, Sept. 17, 2014 Time: 7 p.m. until 9 p.m. Location: Stack Exchange NYC HQ, 110 William Street, 28th Floor, NY, NY 10038 RSVP: click here Information about the book: http://the-cloud-book.com If you are in town for Velocity NYC, please stop by!

The ebook is shipping!

Posted By Tom Limoncelli

The Practice of Cloud System Administration is shipping on Kindle and PDF/Mobi versions are shipping on InformIT. Physical book should start shipping today or Monday. If you get the PDF, I'd love to know the md5 hash of the file. Post in the comments.

Security of Password Managers

Posted By Bruce Schneier

At USENIX Security this year, there were two papers studying the security of password managers: David Silver, Suman Jana, and Dan Boneh, "Password Managers: Attacks and Defenses." Zhiwei Li, Warren He, Devdatta Akhawe, and Dawn Song, "The Emperor's New Password Manager: Security Analysis of Web-based Password Managers." It's interesting work, especially because it looks at security problems in something that...

Phantom calls resolved

Posted By Greg Lehey

Did some research on VoIP phantom calls today. This discussion throws some light on the matter: it's a form of spam, where phone spammers scan the net for open sip ports. Why don't they say anything when you answer? Because they're oversubscribed. So if you run your SIP connection on a non-standard port, they (probably) won't get you. Met CJ today, and he confirmed that his phantom calls have stopped. So why doesn't this happen to me? Because I don't have a SIP port open to the net; it's behind my NAT setup. But this sounds like a traditional application for a firewall: allow connections only from trusted IP addresses.

Support Hell: DxO

Posted By Greg Lehey

So yesterday I sent a support request to DxO. I've had grief from them in the past, but this time the problem was obvious: they advertise that they support certain combinations of camera and lens, but the program doesn't know that. The easiest way to check is to get the program to show what modules it thinks are available: That's only partial, and of course the window can't be resized, but any Zuiko FT lenses should have been there, and scrolling shows that they're not available at all.

Free cybersecurity MOOC

Posted By Cory Doctorow

The Open University's "Introduction to Cyber Security" is a free online course -- with optional certificate -- that teaches the fundamentals of crypto, information security, and privacy; I host the series, which starts on Oct 13." The course is designed to teach you to use privacy technologies and good practices to make it harder for … [Read more]

DxO supports more Olympus?

Posted By Greg Lehey

I have a love-hate relationship with DxO Optics Pro. It's buggy, glacially slow, and has a number of really irritating issues, like insisting on resetting crop to preserve aspect ratio. But it produces good results. About my biggest issue now is that they don't support Four Thirds lenses on Micro Four Thirds bodies. But they do! Or at least, that's what their supported equipment page says: So I tried it out.

Support Hell: MyNetFone

Posted By Greg Lehey

CJ is still having no luck with phantom calls on his VoIP installation with MyNetFone, and the support people don't seem to be able to help him. He can't even set up voice mail. He asked me to call them up, so we set up another TeamViewer session, I confirmed that it worked, and then I called up support and asked them to connect and fix the problem. Spoke to Zack, who is clearly not German. He didn't understand the issuelast week Harriet had planned to change a port number, but he didn't understand that. In fact, he didn't even know how to set up a Team Viewer connection, which is really surprisingly simple.

Stack Exchange is hiring sysadmins (come work with me!)

Posted By Tom Limoncelli

The team I'm on at SE is hiring! In particular, we need a system administrator (either a Linux or Windows) that has Cisco network gear experience. Site Reliability Engineer, Networking We'll have another listing for a generalist (someone that knows Linux and Windows) in a few days. We do have opportunities for people that work remotely. For more info about working at Stack Exchange, check out our page: http://stackexchange.com/work-here Oh yeah and... Stack Exchange, Inc. does not discriminate in employment matters on the basis of race, color, religion, gender, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, or any other protected class.

Gear VR Video Software

Posted By Tim Bray

Heres a little look behind the scenes on the Samsung Gear VR launch; you might want to start with the nice Engadget write-up. A lot of their demos are videos you can look around in, which (it turns out) involves software from Immersive Media, a company Ive been talking to; theyre headquartered in Western Canada near me. It turns out they have an API and you can have 3-D video in your apps, with or without the Samsung headset. Immersive has been doing 3-D cameras for a decade. They were involved in Google Street View, and have participated in lots of ads and other high-glamor apps.

JackPair Encrypted Phone Add-On

Posted By Bruce Schneier

JackPair is a clever device encrypts your voice between your headset and the audio jack. The crypto looks competent, and the design looks well-thought-out. I'd use it....

Good Reads, Aug 2014

Posted By Tom Limoncelli

(The book tour for The Practice of Cloud System Administration has begun! Book signings planned for NY, NJ, Philly, Austin, Denver, Seattle and The Netherlands. Parties planned for NYC on Sept 17 and at my house in NJ on Sept 20. If you are local, please attend. More info on http://the-cloud-book.com) A summary of the interesting articles I've found this month. Mark Burgess on why APIs are bad They aren't idempotent. If you use an API to create an object and crash mid-way through, when you recover from the crash you don't know if the object is in a good state or not.

Electromagnetic Weapons

Posted By Bruce Schneier

Long article in IEEE Spectrum....

August 21, 2014 Computer History Museum Presentation

Posted By James Hamilton

Dileep Bhandarkar put together a great presentation for the Computer History Museum a couple of weeks back. I have no idea how he got through the full presentation in under an hour  it covers a lot of material  but its an interesting walk through history. Over the years, Dileep has worked for Texas Instruments, Intel, Microsoft, and Qualcomm and, as a consequence, hes been near the early days of semiconductors, the rise and fall of the mini-computer, 17 years at Intel, a ½ decade at Microsoft and hes now working at Qualcomm.

August 21, 2014 Computer History Museum Presentation

Posted By James Hamilton

Dileep Bhandarkar put together a great presentation for the Computer History Museum a couple of weeks back. I have no idea how he got through the full presentation in under an hour  it covers a lot of material  but its an interesting walk through history. Over the years, Dileep has worked for Texas...

TPOCSA Book Tour announcement!

Posted By Tom Limoncelli

I'm excited to announce my "book tour" to promote The Practice of Cloud System Administration, which starts shipping on Friday, September 5! I'll be speaking and/or doing book signings at the following events. More dates to be announced soon. 2014-08-18 New Jersey: DevOps and Automation NJ Group 2014-09-04 New Jersey: LOPSA-NJ Chapter Meeting 2014-09-15 NYC: Velocity Conference NYC (book signing Wed) 2014-10-01 Philadelphia area Linux Users' Group (PLUG) 2014-09-23 Austin, TX: SpiceWorld Conference 2014-09-24 Austin, TX: CloudAustin Meetup 2014-11-09 Seattle, WA: Usenix LISA (attending all week) Soon to be announced: Denver CO (October), Netherlands (November) Still looking for opportunties: SF/Bay Area This book is the culmination of 2 years of research on the best practices for modern IT / DevOps / cloud / distributed computing.

Women Speaking

Posted By Tim Bray

I just finished reading Unspeakable Things: Sex, Lies and Revolution by Laurie Penny. And while it makes me nervous as hell to write about gender issues, silence seems less acceptable every day. Meta meta meta I hadnt read much by Ms Penny but can also recommend Why I Write, a terrific piece of writing on writing with a little sidetrip into writing about writing on writing, even. If it looks a little long, theres a crystalline excerpt at laurie-penny.com; but do read the whole thing if you think of yourself as a writer. Nervous, you say? Well, yeah. When it comes to gender and feminism and power relationships and so on, there is no shortage of opinions from hyper-entitled white men (want an example?)

Podcast: Petard from Tech Reviews Twelve Tomorrows

Posted By Cory Doctorow

Here's a reading (MP3) of the first part of my story "Petard: A Tale of Just Desserts" from the new MIT Tech Review anthology Twelve Tomorrows, edited by Bruce Sterling. The anthology also features fiction by William Gibson, Lauren Beukes, Chris Brown, Pat Cadigan, Warren Ellis, Joel Garreau, and Paul Graham Raven. The 2013 summer … [Read more]

Pencil-and-Paper Codes Used by Central American Criminal Gangs

Posted By Bruce Schneier

No mention of how good the codes are. My guess is not very....