Blog Archive: April 2015

Measuring the Expertise of Burglars

Posted By Bruce Schneier

New research paper: "New methods for examining expertise in burglars in natural and simulated environments: preliminary findings": Expertise literature in mainstream cognitive psychology is rarely applied to criminal behaviour. Yet, if closely scrutinised, examples of the characteristics of expertise can be identified in many studies examining the cognitive processes of offenders, especially regarding residential burglary. We evaluated two new methodologies...

Protecting Against Google Phishing in Chrome

Posted By Bruce Schneier

Google has a new Chrome extension called "Password Alert": To help keep your account safe, today we're launching Password Alert, a free, open-source Chrome extension that protects your Google and Google Apps for Work Accounts. Once you've installed it, Password Alert will show you a warning if you type your Google password into a site that isn't a Google sign-in...

Car-share Economics

Posted By Tim Bray

I finally got around to trying car-sharing, which is to say sampling the future. The CBC has a good overview of Vancouver services; I cant imagine the pricing trade-offs being that different in other markets. We signed up for Evo; its a little more expensive than the competition, but you get a 5-seat Prius with a roof rack; were a family with kids. They mostly got us with good marketing, though, offering decent starter deals through my employer and the Auto Association, from whom we already buy travel insurance and so on. The experience Ive only used it once, driving from the office to where my bike was parked at the train station.

Remote Proctoring and Surveillance

Posted By Bruce Schneier

Interesting article. There are a lot of surveillance and privacy issues at play here....

Shaking Someone Down for His Password

Posted By Bruce Schneier

A drug dealer claims that the police leaned him over an 18th floor balcony and threatened to kill him if he didn't give up his password. One of the policemen involved corroborates this story. This is what's known as "rubber-hose cryptanalysis," well-described in this xkcd cartoon....

Nice Essay on Security Snake Oil

Posted By Bruce Schneier

This is good: Just as "data" is being sold as "intelligence", a lot of security technologies are being sold as "security solutions" rather than what they for the most part are, namely very narrow focused appliances that as a best case can be part of your broader security effort. Too many of these appliances do unfortunately not easily integrate with...

Story maps

Posted By Greg Lehey

The course Maps and the Geospatial Revolution includes an assignment: make a story map. What's that? The name suggests a number of possibilities, but in fact it's relatively constrainedArcGIS has a framework for creating them. It's an interesting idea, but digging deeper I find that I can't do quite what I want with them (sound familiar?) . After some consideration, I decided to document a journey by car that I started 48 years ago, nominally from Singapore to London. I had a number of problems: the annotations for the journey are multimedia (in other words, photos or videos). I have photos, but not very many good ones.

The History of Lockpicking

Posted By Bruce Schneier

Interesting....

The Further Democratization of Stingray

Posted By Bruce Schneier

Stingray is the code name for an IMSI-catcher, which is basically a fake cell phone tower sold by Harris Corporation to various law enforcement agencies. (It's actually just one of a series of devices with fish names -- Amberjack is another -- but it's the name used in the media.) What is basically does is trick nearby cell phones into...

The pattern-welded spear from Rovaniemi, Marikkovaara.

Posted By Niels Provos

Upgrading ports, again

Posted By Greg Lehey

I've been putting off my FreeBSD port upgrades for over a year now, but gradually my web browsers are getting so out of date that clever software refuses to run on them. So Yet Another attempt to get stable up to date. The OS upgrade ran without any problem, but once again pkg didn't do what I expected. After downloading a gigabyte of tarballs, I got: Fetching llvm35-3.5.2.txz... done Checking integrity... done (5 conflicting) pkg: Cannot solve problem using SAT solver: dependency rule: package akonadi(r) depends on: qt4-mysql-plugin(r)qt4-mysql-plugin(l) dependency rule: package akonadi(l) depends on: qt4-mysql-plugin(r)qt4-mysql-plugin(l) upgrade rule: upgrade local qt4-mysql-plugin-4.8.6 to remote qt4-mysql-plugin-4.8.6 cannot install package qt4-mysql-plugin, remove it from request?

Lightroom at the Whitecaps

Posted By Tim Bray

Yesterday I installed Lightroom 6 and attended a Major League Soccer match, which the Whitecaps lost to D.C. United. Heres a combo review, with some Lr6-enhanced footie pix. The Whitecaps play at B.C. Place, whose roof-retracting strutsare visible just behind the traffic lights. The big difference LR6 manifests on your computer simply as Adobe Lightroom; its predecessor was Adobe Photoshop Lightroom 5. Thats about the biggest difference; the editing and saving operations look and feel more or less just the same. Those struts cast interesting shadows on B.C. Places neighbors. Marketing The Whitecaps Football Club (WFC) markets itself aggressively as The best sports atmosphere in Vancouver.

451 Again

Posted By Tim Bray

Back in 2012, following on work by others, I submitted an Internet-draft proposing a new HTTP status code, 451, to signal legal blockage. As of today, the latest draft is a work item of the Hypertext Transfer Protocol Working Group of the IETF. Doesnt mean its future is clear, but Im still happy. Im posting here to focus on one particular turn of phrase, and to ask for a specific flavor of feedback. The blog post linked in the first sentence gives the history, and a prettified version of the latest draft is here. Process The HTTP WG having adopted it just means that theyll think about it.

CJ's computer

Posted By Greg Lehey

CJ Ellis along in the afternoon to pick up his computer, which I had rather reluctantly rid of resource-hungry anti-virus software. Demonstrated to him how much faster it was now. The Demonstration effect hit home: it was almost as slow as before, with the disk maxed out. What's causing that? I wish I understood Microsoft. He left the computer with me while I scratched my head over the issue. The Task Manager shows nothing obvious. How I wish I had nothing to do with Microsoft! ACM only downloads articles once.

Friday Squid Blogging: The Unique Reproductive Habits of the Vampire Squid

Posted By Bruce Schneier

Interesting: While most female squid and octopuses have just one reproductive cycle before they die, vampire squid go through dozens of egg-making cycles in their lifetimes, scientists have found. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Signed Copies of Data and Goliath

Posted By Bruce Schneier

You can now order signed copies of Data and Goliath from my website....

Federal Trade Commissioner Julie Brill on Obscurity

Posted By Bruce Schneier

I think this is good: Obscurity means that personal information isn't readily available to just anyone. It doesn't mean that information is wiped out or even locked up; rather, it means that some combination of factors makes certain types of information relatively hard to find. Obscurity has always been an important component of privacy. It is a helpful concept because...

The Further Democratization of QUANTUM

Posted By Bruce Schneier

From Data and Goliath: ...when I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is called packet injection­ -- basically, a technology that allows the agency to hack into computers. Turns out, though, that the NSA was...

An Incredibly Insecure Voting Machine

Posted By Bruce Schneier

Wow: The weak passwords -- which are hard-coded and can't be changed -- were only one item on a long list of critical defects uncovered by the review. The Wi-Fi network the machines use is encrypted with wired equivalent privacy, an algorithm so weak that it takes as little as 10 minutes for attackers to break a network's encryption key....

Poor technology kills!

Posted By Greg Lehey

Interesting news item on the radio this morning: Privacy laws mean emails about patients [sic] medical history have to be encrypted, but only a few hospitals have the technology to do that Dr Levick said in one instance a patient died because their GP was not told about their blood thinning medication, which required daily monitoring. It's bad enough that the industry had dumbed down to Microsoft level, but surely they could find a way to encrypt their messages.

More Microsoft space experiences

Posted By Greg Lehey

CJ Ellis has a new monitor, one made in this century: an HP L1706 that he picked up for free on Freecycle. He brought it and his computer along this afternoon for me to perform any adjustments. There were few: change the text size, and that was about it. But his brother had installed lots of software on his machine for him, virus scanners, software updaters and who knows whatI don't. But it spent half an hour running some kind of scan (I think), and during that time the machine was almost completely non-responsive. I couldn't find any way to tell the thing to only run on request, so spent over an hour removing all this software.

Light globe equivalence

Posted By Greg Lehey

We've been using modern compact fluorescent lamps for about 10 years now, and gradually they're getting better. When we bought them today, we went with the conventional that an 11W flouro corresponds to 60 W conventional incandescent, and so on, though I recall seeing a chart which showed a non-linear relationship. And sure enough, there was a chart on the wall showing those relationships. But when I look at the packaging, what did I see? 11 W fluoro corresponds to 40 W incandescentfully S less output. And 18 W corresponds to 75 W. Why? I had already established that 11 W corresponds to 55 W, not 60, but now we're down to 40efficiency gain down from 80% to 72.5% or 76% respectively.

Polarization: generations meet

Posted By Greg Lehey

While in town, picked up my new prescription Polaroid sunglasses. Decades ago I wore (non-prescription) Polaroid sunglasses, but since then they seem to have become difficult to find. They work as well as ever, but I was in for a surprise: the LCD display on my GPS navigator is polarized at a 45° angle, making the display artificially dim. Time to investigate how other displays are polarized. ACM only downloads articles once.

A tweet about Git

Posted By Tom Limoncelli

Best Tweet I've seen in months: git people trying to use hg: "WHY WON'T IT LET ME DO THIS" hg people trying to use git: "WHY DID IT LET ME DO THAT"— @A eevee A@ (@eevee) April 14, 2015 That just about sums it up.

Google anti-trust action is dumb, but the EU should be worried about online giants

Posted By Cory Doctorow

My latest Guardian column, Can anything curb the dominance of the internet’s big guns? points out that everything governments do to tame the online giants has no effect on them — but makes it nearly impossible for new companies to compete with them. Theres no better example of this than the VATMOSS VAT mess. Amazon,... more

Google anti-trust action is dumb, but the EU should be worried about online giants

Posted By Cory Doctorow

My latest Guardian column, Can anything curb the dominance of the internet’s big guns? points out that everything governments do to tame the online giants has no effect on them — but makes it nearly impossible for new companies to compete with them. Theres no better example of this than the VATMOSS VAT mess. Amazon,... more

"Hinky" in Action

Posted By Bruce Schneier

In Beyond Fear I wrote about trained officials recognizing "hinky" and how it differs from profiling: Ressam had to clear customs before boarding the ferry. He had fake ID, in the name of Benni Antoine Noris, and the computer cleared him based on this ID. He was allowed to go through after a routine check of his car's trunk, even...

Hacking Airplanes

Posted By Bruce Schneier

Imagine this: A terrorist hacks into a commercial airplane from the ground, takes over the controls from the pilots and flies the plane into the ground. It sounds like the plot of some "Die Hard" reboot, but it's actually one of the possible scenarios outlined in a new Government Accountability Office report on security vulnerabilities in modern airplanes. It's certainly...

Hacker Detained by FBI After Tweeting About Airplane Software Vulnerabilities.

Posted By Bruce Schneier

This is troubling: Chris Roberts was detained by FBI agents on Wednesday as he was deplaning his United flight, which had just flown from Denver to Syracuse, New York. While on board the flight, he tweeted a joke about taking control of the plane's engine-indicating and crew-alerting system, which provides flight crews with information in real-time about an aircraft's functions,...

My Webstock 2015 talk: Light a candle, curse the darkness and win the war on general purpose computers to save the world

Posted By Cory Doctorow

https://vimeo.com/123473929 If were going to solve the serious, existential risks to the human race  things like environmental apocalypse  were going to need social and technical infrastructure that can support evidence-driven, public-spirited institutions that can help steer us to a better place. Alas, were in trouble there, too. Were living in a nearly airtight... more

My Webstock 2015 talk: Light a candle, curse the darkness and win the war on general purpose computers to save the world

Posted By Cory Doctorow

https://vimeo.com/123473929 If were going to solve the serious, existential risks to the human race  things like environmental apocalypse  were going to need social and technical infrastructure that can support evidence-driven, public-spirited institutions that can help steer us to a better place. Alas, were in trouble there, too. Were living in a nearly airtight... more

Counting the US Intelligence Community Leakers

Posted By Bruce Schneier

It's getting hard to keep track of the US intelligence community leakers without a scorecard. So here's my attempt: Leaker #1: Chelsea Manning. Leaker #2: Edward Snowden. Leaker #3: The person who leaked secret documents to Jake Appelbaum, Laura Poitras, and others in Germany: the Angela Merkel surveillance story, the TAO catalog, the X-KEYSCORE rules. My guess is that this...

New Top Secret Information on the US's Drone Program

Posted By Bruce Schneier

New operational information on the US's drone program, published by the Intercept and Der Speigel....

Word order video

Posted By Greg Lehey

One of the Coursera courses I'm currently doing is Miracles of Human Language: An Introduction to Linguistics. Rather to my surprise, I discovered there was an assignment due on Monday, and it involves creating a video for YouTube. Find a native speaker of a language other than English, Basque, Mandarin Chinese, Abruzzese, Turkish, Tarifit Berber or Gungbe and get them to speak 16 sample sentences from which others will deduce the word order of the language. OK, where's my native speaker? English is my native language, so I can't do it myself. But there's Yvonne, who is French, so of course her native language is German, and I got her to record them for me: But getting there wasn't easy.

Refining Wrought Iron

Posted By Niels Provos

EPUB on Android

Posted By Greg Lehey

A few days ago i was offered some cheap photograpic books in EPUB format. My research suggested that it was worthwhile, so yesterday I bought them online and downloaded them, 500 MB at a snail's pace. Today they were finally there, and I unpacked the ZIP archive to find: === grog@eureka (/dev/pts/31) ~/Documentation/Photography/Franzis 183 -> unzip -l ~/Downloads/20077-6-das-grosse_fotocommunity-e-book-paket.zip Archive:  /home/grog/Downloads/20077-6-das-grosse_fotocommunity-e-book-paket.zip   Length      Date    Time    Name ---------  ---------- -----   ----  12492350  05-13-2013 16:07   4460-2_Digitale_Fotoschule_Panoramafotografie.pdf  68098180  12-21-2012 11:46   20022-6-Fotoschule_Reisefotografie.pdf  70629967  05-08-2013 13:01   20038-2_Beautyretusche_mit_Photoshop.pdf ... It's all in PDF!

Trees With Names

Posted By Tim Bray

This is the end of stories and pictures from New Zealand. Its green there; grasses and shrubs of course, but especially trees and trees and trees. Some have names; individual trees I mean, not species. Homo sapiens is an organism unique in its use of language, and language begins with naming things. Names matter, and things that have them may deserve more attention than those without. Four Sisters They are kauri trees in the Waipoua Forest. Kauris are remarkable, moderately tall and immensely massive; Laurens brother Martin has lots around his place in Auckland, and theyre pleasant company. I couldnt figure out how to get a picture of the Sisters at ground level that told the story of their bulk, but looking up somewhat suggests it.

Microsoft software update

Posted By Greg Lehey

One thing I have to admit about Microsoft is that the software updates go more smoothly than FreeBSD updates do. Another round today, and one of the optional updates was Skype. It's unlikely, but not impossible, that I'll use it, but it's also not much of an issue to install itI thought. The install hung: It took me some time to discover the tiny icon at the bottom of the screen: That was Skype, too shy to ask a question until I prodded it: ...

Friday Squid Blogging: Squid Hoodie

Posted By Bruce Schneier

This is neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

NZ Garden Waters

Posted By Tim Bray

Three more pretty pictures which, as I keep saying, are easy to find in New Zealand. Thanks are due to Hamilton Gardens and, surprisingly, to the Ingress community  yes, that augmented-reality game that Im still playing, two years later. It hadnt been raining much, so they were spraying down this pine tree in the Japanese Garden of Contemplation. What happened was, we wanted to do some touristing south of Auckland and Lauren noticed that Hamilton was a reasonably-short drive from all the places we wanted to see, so we put up at a decent motel there. Little fountain in the English Flower Garden.

The No-Fly List and Due Process

Posted By Bruce Schneier

The Congressional Research Service has released a report on the no-fly list and current litigation that it violates due process....

50 Years of Moores Law: IEEE Spectrum Report

Posted By James Hamilton

IEEE Spectrum recently published a special report titled 50 Years of Moores Law. Spectrum, unlike many purely academic publications, covers a broad set of topics in a way accessible to someone working outside the domain but not so watered down as to become uninteresting. As I read through this set of articles on Moores law...

Working around the dead phone problem

Posted By Greg Lehey

Yesterday one of our cordless phones failed. It was clearly the base station, since the problem occurred with multiple handsets. But then it occurred to me: we needed four handsets, but the only way to do that was to buy two sets with two handsets each. So we had a spare base station which we hadn't been using. And sure enough, once I found the instructions, that worked. A little more time to investigate what to replace them with. ACM only downloads articles once.

Blocking unwanted ssh connections

Posted By Greg Lehey

The network traffic I observed a couple of days ago doesn't represent any security threat, but it's a lot of traffic. As I mentioned at the time, it's non-trivial to block it. Today I got a message from Harald Arnesen pointing me at sshguard. It does the work for you, firewalling repeat offenders. That sounds like an excellent idea when I look at the mail log on my external server: Apr 14 04:39:43 www postfix/smtpd[97364]: NOQUEUE: reject: RCPT from unknown[46.29.73.42]: 450 4.7.1 Client host rejected: cannot find your hostname, [46.29.73.42]; from=<> to=<[email protected]> proto=ESMTP helo=<exchange.invstab.ru> Apr 14 04:39:43 www postfix/smtpd[97364]: NOQUEUE: reject: RCPT from unknown[46.29.73.42]: 450 4.7.1 Client host rejected: cannot find your hostname, [46.29.73.42]; from=<> to=<[email protected]> proto=ESMTP helo=<exchange.invstab.ru> Apr 14 04:39:44 www postfix/smtpd[97434]: NOQUEUE: reject: RCPT from unknown[213.171.53.91]: 450 4.7.1 Client host rejected: cannot find your hostname, [213.171.53.91]; from=<> to=<[email protected]> proto=ESMTP ...

Fake Ethernets

Posted By Greg Lehey

Not surprisingly, my network connection at the new property is on the same /24 as the one in the old property. Here the configuration on each system (look carefully at the system names, which are a little too close): === grog@eureka (/dev/pts/38) ~ 4 -> ifconfig xl0 xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500         ether 00:50:da:cf:07:35         inet 180.150.4.128 netmask 0xffffff00 broadcast 180.150.4.255         media: Ethernet autoselect (100baseTX <full-duplex>)         status: active === root@eucla (/dev/pts/1) ~ 10 -> ifconfig bfe0 bfe0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500         ether 00:0b:db:98:eb:28         inet 192.109.197.145 netmask 0xffffff00 broadcast 192.109.197.255         media: Ethernet autoselect (100baseTX <full-duplex>)         status: active The connection to the National Broadband Network is via Ethernet.

Reader Q&A: Why was implicit int removed?

Posted By Herb Sutter

Today, Vikram Ojha asked via email: I was just thinking why we removed “int” as default return type from C++ which was there in our traditional C type. Why we made such changes, is it to make language more safer? Short answer: Because it’s ‘inherently dangerous’ in the words of the C committee. For C++, see […]

Reader Q&A: Why was implicit int removed?

Posted By Herb Sutter

Today, Vikram Ojha asked via email: I was just thinking why we removed “int” as default return type from C++ which was there in our traditional C type. Why we made such changes, is it to make language more safer? Short answer: Because it’s ‘inherently dangerous’ in the words of the C committee. For C++, see […]

One + Four Months

Posted By Tim Bray

Which is to say, Ive been carrying the OnePlus One since early January; a third of a year, way outside the event horizon of most mobile-device reviewers. I stand by the conclusion in my January write-up: Its a lot, really a lot, of device for the money. Herewith the history, which surprisingly stretches back to 2011; also how the O+1 has changed my mobile habits. Beet salad at Belgard Kitchen 2011 The scene: Building 44 at Google, where Android was made (at that time, dunno if it still is). A gaggle of Developer Relations (DevRel we said) geeks on sofas, passing around the outlandish Samsung Galaxy Note.

How Many Vulnerabilities Are there in Software?

Posted By Bruce Schneier

Dan Geer proposes some techniques for answering this question....

Another dead telephone

Posted By Greg Lehey

Call from somebody in the afternoon. Yvonne answered it, and the line went dead. Whoever it was (probably CJ) tried again. Same thing. A bit more trying showed that the (cordless) phone was doing it. Changed the phone with an old-fashioned POTS phone, and it works. OK, the phone was slated for replacement anyway, but I still had research to do about Bluetooth compatibility. This has forced my hand. ACM only downloads articles once.

Grog from the past

Posted By Greg Lehey

Mail from Sanjeev Gupta today, wanting to link on LinkedIn. I get an amazing number of link requests from people I don't know, but my memory isn't always accurate, so I ask people who want to link with me to remind me who they are. Almost nobody does. So far the only one has been Ahmad bin Mahmuddin in Kuala Lumpur, and now Sanjeev in Singapore, though I have no difficulty recalling him. He even sent a photo I haven't seen before, which I think must have been taken about 14 years ago: How times change.

Stones Road off the net

Posted By Greg Lehey

It's rather fun to be able to access the Stones Road house via the Internet. But when I tried today, there was no connection. Over to take a look, and discovered that the RCD for normal mains power had tripped. The UPS was stillbarelyholding out, but I had connected the laptop to an unprotected power point. Re-enabling the RCD worked, and for the rest of the day it continued that way. But why did we trip? The only load on the mains circuit is the UPS. Does it lose that much current? ACM only downloads articles once.

How I got 5 Million Views on my Youtube!

Posted By Niels Provos

How I got 5 Million Views on Youtube!

Posted By Niels Provos

Metal Detectors at Sports Stadiums

Posted By Bruce Schneier

Fans attending Major League Baseball games are being greeted in a new way this year: with metal detectors at the ballparks. Touted as a counterterrorism measure, they're nothing of the sort. They're pure security theater: They look good without doing anything to make us safer. We're stuck with them because of a combination of buck passing, CYA thinking, and fear....

Networking in Stones Road

Posted By Greg Lehey

We've had a network connection in Stones Road for months. Now that we also have electricity, I can actually use it, at least to monitor the DHCP traffic. So I put that in place yesterday, and took a look today. The first thing that hit me was the traffic: Date            Upload    Download 14-04-2015      47.98 MB  30.91 MB Nearly 80 MB of traffic before 11 am! What's that? Another tcpdump showed: 10:41:58.819145 IP 216.253.237.222.46828 > 180-150-4-222.NBN.ballarat.aussiebb.net.ssh: Flags [P.]

NZ Eye Candy

Posted By Tim Bray

I have a few more pictures I want to run and most have stories wrapped round them. These dont; except I guess the larger narrative about New Zealand being exeptionally pretty, and a nice place to visit. I suppose we could pick up and move there; the subjects come up at the dinner table. Somewhere in the west-coast-of-the-North-Island woods. The trees have leaves but arent deciduous. And the forest fills with a quality of light entirely unlike we see at 49°N. And another tree. In the far Northland I think. Which, if we did decide to change hemispheres, would be where Id want to go.

John Oliver Interviews Edward Snowden

Posted By Bruce Schneier

Wow, what an amazing segment and interview....

Two Thoughtful Essays on the Future of Privacy

Posted By Bruce Schneier

Paul Krugman argues that we'll give up our privacy because we want to emulate the rich, who are surrounded by servants who know everything about them: Consider the Varian rule, which says that you can forecast the future by looking at what the rich have today -- that is, that what affluent people will want in the future is, in...

Android space WYSIWYG

Posted By Greg Lehey

Yesterday's rant about Android included screen shots. I use AirDroid to download the files, since there seems to be no way to use NFS in Android. It presents a web server with lots of icons, tree-climbing, and truncated file names: in short, a real Android app: The only thing it does right is to sort the files in chronological order (probably because the date is encoded in the file name), but of course the distinction of the individual file names goes beyond the attention span of the display.

NZ Phonescapes

Posted By Tim Bray

Turns out all the shots-worth-keeping from my phone were landscapes. So here are three. Also a pronunciation lesson for Americans. By the way, that NZ abbreviation; its perfectly OK to use it in NZ. But, dear Americans: The pronunciation is enn-zed. If you say enn-zee the Kiwis, a politer-than-average nation, probably wont call you yokel, but their thoughts will be unkind. The One+ One camera doesnt seem as good to me as my Nexus 5s was, but when you get out in the wide-open spaces with lots of sunlight and the beaches of Muriwai to shoot at, youre going to get a decent result.

China's Great Cannon

Posted By Bruce Schneier

Citizen Lab has issued a report on China's "Great Cannon" attack tool, used in the recent DDoS attack against GitHub. We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the "Great Cannon." The Great Cannon is not simply...

The legendary beard

Posted By Greg Lehey

Eleven years ago I sold my beard on eBay: The buyer was Christopher Yeoh, now sadly deceased. On the OzLabs mailing list, people were collecting memontos of Chris' life, and came up with a series of photos of him cutting Tridge's hair for him (which I can't currently show until I have permission). Also a recent photo of what happened to my beard: It seems that a legend has developed about the sanitary condition of the beard, probably from the disclaimer in the eBay auction: While the item is in clean condition and free of ...

Construction technique for a Pattern-Welded Wolf's Tooth Knife

Posted By Niels Provos

More Android pain

Posted By Greg Lehey

I've been offered some cheap books in EPUB format, not something I've used before. How do I read them? Presumably the modern way is with a tablet or (shudder) a mobile phone. Is that even going to work for me? At the very least I should try things out before investing in even a small amount of money. Spent some time investigating what readers were available. Google have their own reader, so tried installing that. Choice of installation medium: Browser (inbuilt) or Chrome. I've had difficulties with Chromemissing functionality, which surprised me. So I chose Browser and was greeted with the message: What?

NZ Birds

Posted By Tim Bray

I dont do much wildlife, and I dont shoot animals in captivity, and I dont publish blurry pictures. Lets break all those rules. Oh, and Terry Pratchett too. Our first full day in New Zealand, Laurens brother took us to Muriwai, famous for cliffs and beaches and gannets. Gannets arent terribly beautiful or inspiring, and their colony stinks powerfully. But still, a close look at their hangout is something youre unlikely to forget. Heres a group shot; note the fluffy youngster in the middle and the grouchy seagull up at the edge. Heres a close look at a parent and child.

So, & What?

Posted By Tim Bray

Geeks like to prefix sentences, questions and answers both, with So, & The comma stands, in speech, either for a pause, or for a drawing-out of the o. This is so common that its exceptional, in my profession, not to do it. I hear it from grey-haired pony-tailed hippie geeks, tenured authorities on graphics algorithms, and recent-immigrant colleagues where its the only confident English in the sentence. Both genders, all ages. What do you think it means? Well, I did research and harvested hypotheses. Discourse Marker In Implementing incipient actions: The discourse marker so in English conversation (PDF, 2007) Galina B.

Alternatives to the FBI's Manufacturing of Terrorists

Posted By Bruce Schneier

John Mueller suggests an alternative to the FBI's practice of encouraging terrorists and then arresting them for something they would have never have planned on their own: The experience with another case can be taken to suggest that there could be an alternative, and far less costly, approach to dealing with would-be terrorists, one that might generally (but not always)...

Map software with photos

Posted By Greg Lehey

One of the Coursera courses I'm doing is Maps and the Geospatial Revolution. I'm just getting in to it now; it's not quite the format of the normal Coursera course, and I'm still not convinced I like it. But it has shown some interesting stuff, including ArcGIS, which offers free interactive mapping services. Yes, Google Maps does that too, but this one looks like it could be much more flexible. In particular, it offers easy ways of adding images to maps. One of the exercises for the week including creating a sample map, starting with somewhere in the USA. I suspect I have created the only map connecting Bastrop, TX with Jerusalem (look for the green pin).

Pepper-Spray Drones

Posted By Bruce Schneier

India has purchased pepper-spray drones....

I'll be at NYLUG next week, talking about the new book!

Posted By Tom Limoncelli

I'll be giving my talk "Radical ideas from The Practice of Cloud System Administration" talk at the NYLUG meeting next week, Wednesday, April 15, 2015 at 6:30 PM. If you haven't seen this talk at DevOpsNYC or other meetups, I hope to see you there!

Expanding the Cloud: Amazon Machine Learning Service, the Amazon Elastic Filesystem and more

Posted By Werner Vogels

Today was a big day for the Amazon Web Services teams as a whole range of new services and functionality was delivered to our customers. Here is a brief recap of it: The Amazon Machine Learning service As I wrote last week machine learning is becoming an increasingly important tool to build advanced data driven applications.

Expanding the Cloud: Amazon Machine Learning Service, the Amazon Elastic Filesystem and more

Posted By Werner Vogels

Today was a big day for the Amazon Web Services teams as a whole range of new services and functionality was delivered to our customers. Here is a brief recap of it: The Amazon Machine Learning service As I wrote last week machine learning is becoming an increasingly important tool to build advanced data driven applications. At Amazon we have hundreds of teams using machine learning and by making use of the Machine Learning Service we can significantly speed up the time they use to bring their technologies into production. And you no longer need to be a machine learning expert to be able to use it.

State Management and Scheduling with the Amazon EC2 Container Service

Posted By Werner Vogels

Last November, I had the pleasure of announcing the preview of Amazon EC2 Container Service (ECS) at re:Invent. At the time, I wrote about how containerization makes it easier for customers to decompose their applications into smaller building blocks resulting in increased agility and speed of feature releases. I also talked about some of the challenges our customers were facing as they tried to scale container-based applications including challenges around cluster management.

State Management and Scheduling with the Amazon EC2 Container Service

Posted By Werner Vogels

Last November, I had the pleasure of announcing the preview of Amazon EC2 Container Service (ECS) at re:Invent. At the time, I wrote about how containerization makes it easier for customers to decompose their applications into smaller building blocks resulting in increased agility and speed of feature releases. I also talked about some of the challenges our customers were facing as they tried to scale container-based applications including challenges around cluster management. Today, I want to dive deeper into some key design decisions we made while building Amazon ECS to address the core problems our customers are facing. Running modern distributed applications on a cluster requires two key components - reliable state management and flexible scheduling.

Attacking Researchers Who Expose Voting Vulnerabilities

Posted By Bruce Schneier

Researchers found voting-system flaws in New South Wales, and were attacked by voting officials and the company that made the machines....

Usenix LISA has changed a lot in the last 5-10 years

Posted By Tom Limoncelli

I received an interesting email recently: Did the submissions process for LISA change in recent years? I recall going to submit a talk a couple years ago and being really put off by the requirements for talks to be accompanied by a long paper, and be completely original and not previously presented elsewhere. Now it seems more in line with other industry conferences. Yes, LISA is very different than it was years ago. If you haven't attended LISA in a while, you may not realize how different it is! The conference used to be focused on papers with a few select "invited talks".

Lone-Wolf Terrorism

Posted By Bruce Schneier

The Southern Poverty Law Center warns of the rise of lone-wolf terrorism. From a security perspective, lone wolves are much harder to prevent because there is no conspiracy to detect. The long-term trend away from violence planned and committed by groups and toward lone wolf terrorism is a worrying one. Authorities have had far more success penetrating plots concocted by...

Batteries for cordless drills

Posted By Greg Lehey

One of the things that I could give to the Men's shed is any number of old cordless drills. They probably all work, but the batteries have died. Doug tells me that he can't find a replacement battery pack for under $90. That seemed excessive, so took apart one of the packs: The batteries are Nickel-Cadmium, 1.2 V, in this case 12 of them. The form factor is something I haven't seen before, Sub-C, and they're rated at only 1 Ah.

Cell Phone Opsec

Posted By Bruce Schneier

Here's an article on making secret phone calls with cell phones. His step-by-step instructions for making a clandestine phone call are as follows: Analyze your daily movements, paying special attention to anchor points (basis of operation like home or work) and dormant periods in schedules (8-12 p.m. or when cell phones aren't changing locations); Leave your daily cell phone behind...

More network problems

Posted By Greg Lehey

I've been keeping records of DHCP traffic for weeks now. They all show the same thing: there's about a 10% chance that a DHCPREQUEST will get a reply. But with the exception of a 25 minute outage a couple of weeks ago, things still worked. All I'm doing is collecting lots of similar data. So today I pulled the plug. And in the evening, we were suddenly off the net. Why? Who knows? I was browsing the web at the time, so it became immediately apparent. Restarting dhclient got us back on the net. I should investigate the exact protocol, and whether I shouldn't modify dhclient to simply issue a DHCPDISCOVER after, say, 2 failed DHCPREQUESTs.

Bluetooth Doorlock

Posted By Bruce Schneier

Neat, but I'll bet it can be hacked....

Sinking the Annapolis

Posted By Tim Bray

On April 4th, the Artificial Reef Society sank a navy ship; we were in the (floating) audience. Ive never seen anything like it. Heres the Annapolis, a former Canadian navy destroyer built in 1961, just prior to sinking. As the photo suggests, this is a nice little corner of the world. Its called Halkett Bay, and the view is nice whichever way you look. And as that photo suggests, boy were there ever a lot of miscellaneous boats on hand. We were rafted to a boat moored to a big barge being used by the TV cameras, and there were three more boats rafted onto us.

Towards Constructing a Spear with Wolf's Tooth Pattern

Posted By Niels Provos

Moible phones for geriatrics

Posted By Greg Lehey

A quarter of a century ago I made two choices unusual at the time: I installed a computer with a 20" high-resolution display (1024×768), running Unix and X of course, while my colleagues used text-based Microsoft machines with 14" 640×480 displays. And I bought a mobile phone. I was one of the first people I know to use a mobile phone, and others considered me a little strange for it. How times have changed! Microsoft users have discovered (and destroyed) graphics, and everybody and his dog has a (smart) mobile phone. And I hardly use mobile phones any more. Still, I can't get by completely without one.

Nickel Zinc batteries: summary

Posted By Greg Lehey

I've been using Nickel-Zinc batteries for 3½ years, and I've been keeping records of charge voltages for over two years. Time to sum things up? Firstly, keeping these records is a pain. Clearly I didn't know what I was looking for when I started, but at any rate I now have a better understanding. What I have found is that a set of batteries seldom discharges evenly. Today, for example, the ring flash ran out of power. 3 batteries almost completely charged, the fourth had only round 1 V. On the face of it, that's a reason enough to throw away that battery.

Friday Squid Blogging: Giant Squid Video

Posted By Bruce Schneier

Giant squid caught on video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Friday Squid Blogging: The Longfin Inshore Squid Regularly Rewrites Its Own DNA

Posted By Bruce Schneier

Wow. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

TrueCrypt Security Audit Completed

Posted By Bruce Schneier

The security audit of the TrueCrypt code has been completed (see here for the first phase of the audit), and the results are good. Some issues were found, but nothing major. From Matthew Green, who is leading the project: The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC...

Back-to-Basics Weekend Reading - Machine Learning

Posted By Werner Vogels

Machine learning is a scientific discipline that explores the construction and study of algorithms that can learn from data. Such algorithms operate by building a model from example inputs and using that to make predictions or decisions, rather than following strictly static program instructions. Machine Learning is playing an increasing important role in many areas of our businesses and our lives.

Back-to-Basics Weekend Reading - Machine Learning

Posted By Werner Vogels

Machine learning is a scientific discipline that explores the construction and study of algorithms that can learn from data. Such algorithms operate by building a model from example inputs and using that to make predictions or decisions, rather than following strictly static program instructions. Machine Learning is playing an increasing important role in many areas of our businesses and our lives. ML is used for predictive analytics and predictive modeling, e.g. making predictions about the likelihood that a certain event is going to happen (will this customer be interested in this item, is this message spam). At Amazon machine learning has been key to many of our business processes, from recommendations to fraud detection, from inventory levels to book classification to abusive review detection.

We want our /24 back

Posted By Greg Lehey

Decades ago I was allocated a Class C network by unido, the University of Dortmund (this was before the opening up of the Internet and the advent of ISPs): inetnum:        192.109.197.0 - 192.109.197.255 descr:          LEMIS Lehey Microcomputer Systems descr:          D-W-6324 Feldatal descr:          Germany changed:        [email protected]-Dortmund.DE 19920521 changed:        [email protected] 19950723 changed:        [email protected] 19951010 changed:        ripe-[email protected] 19990706 changed:        ripe-[email protected] 20000225 changed:        [email protected] 20030625 changed:        [email protected] 20120524 changed:        [email protected] 20140616 Today I got a message from Tranquil Hosting, who run the RootBSD server that is www.lemis.com.

Real-Life Remailers in the Warsaw Pact Nations

Posted By Bruce Schneier

Interesting story....

Ugly Mail: Gmail Extension to Expose E-mail Tracking

Posted By Bruce Schneier

Nice idea, but I would like it to work for other browsers and other e-mail programs....

RomancR: The Future of the Sharing-Your-Bed Economy

Posted By Benjamin Mako Hill

Today, Aaron Shaw and I are pleased to announce a new startup. The startup is based around an app we are building called RomancR that will bring the sharing economy directly into your bedrooms and romantic lives. When launched, RomancR will bring the kind of market-driven convenience and efficiency that Uber has brought to ride … Continue reading RomancR: The Future of the Sharing-Your-Bed Economy

RomancR: The Future of the Sharing-Your-Bed Economy

Posted By Benjamin Mako Hill

Today, Aaron Shaw and I are pleased to announce a new startup. The startup is based around an app we are building called RomancR that will bring the sharing economy directly into your bedrooms and romantic lives. When launched, RomancR will bring the kind of market-driven convenience and efficiency that Uber has brought to ride … Continue reading RomancR: The Future of the Sharing-Your-Bed Economy

The Eighth Movie-Plot Threat Contest

Posted By Bruce Schneier

It's April 1, and time for another Movie-Plot Threat Contest. This year, the theme is Crypto Wars II. Strong encryption is evil, because it prevents the police from solving crimes. (No, really -- that's the argument.) FBI Director James Comey is going to be hard to beat with his heartfelt litany of movie-plot threats: "We're drifting toward a place where...

More Community Data Science Workshops

Posted By Benjamin Mako Hill

After two successful rounds in 2014, I’m helping put on another round of the Community Data Science Workshops. Last year, our 40+ volunteer mentorss taught more than 150 absolute beginners the basics of programming in Python, data collection from web APIs, and tools for data analysis and visualization and we’re still in the process of … Continue reading More Community Data Science Workshops

The Python Time Travel Debugger

Posted By Tom Limoncelli

Last year I open sourced my enhancement to Python PDB which lets you rewind time. Sadly I announced it on April Fools Day. Oddly enough, even though I open sourced it, people thought the screencast was a hoax. It isn't at all. It really works. Check out last year's post: http://everythingsysadmin.com/2014/04/time-travel-pdb.html

Toner cartridges revisited

Posted By Greg Lehey

Last week I bought an after-market toner cartridge for my Brother HL-3170CDW laser printer, and established that it was only part of what I had expected: only half the unit, and 20% of the capacity. Complained about the former to the supplier, who sent a description of what to do: press the green button on the left, and the cartridge detaches from the drum. Press drum onto new cartridge, and you're away. And sure enough, it works fine. But what about the differences original and aftermarket cartridges? Checking again, I found that the instructions I had read were for my old HL-2700CN printerand they disagreed with themselves, claiming 10,000 pages in one place and 12,000 elsewhere.