Blog Archive: June 2015
Twitter Followers: Please Use the Correct Feed
The official Twitter feed for my blog is @schneierblog. The account @Bruce_Schneier also mirrors my blog, but it is not mine. I have nothing to do with it, and I don't know who owns it. Normally I wouldn't mind, but the unofficial blog fails intermittently. Also, @Bruce_Schneier follows people who then think I'm following them. I'm not; I never log...
Forge Diaries: Ep. 6: Forging Chest Hardware
Tracking the Psychological Effects of the 9/11 Attacks
Interesting research from 2012: "The Dynamics of Evolving Beliefs, Concerns, Emotions, and Behavioral Avoidance Following 9/11: A Longitudinal Analysis of Representative Archival Samples": Abstract: September 11 created a natural experiment that enables us to track the psychological effects of a large-scale terror event over time. The archival data came from 8,070 participants of 10 ABC and CBS News polls collected...
On Big Datas shrinking returns
In my new Guardian column, I point out that the big-data-driven surveillance business model is on the rocks. Once upon a time, you could sell soap with a slogan like “You will be clean,” but we become resistant to ads. While Big Data initially generated some promising sell-through results, these days, companies like Facebook are... more
Data Center Power & Water Consumption
Im Interested in data center resource consumption in general and power is a significant component of overall operating cost and also has impact on the environment so, naturally, it gets most of the focus when discussing data center resource consumption. As with all real issues, there is always a bit of hyperbole and some outright...
TEMPEST Attack
There's a new paper on a low-cost TEMPEST attack against PC cryptography: We demonstrate the extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The...
Migrating from SHA-1 to SHA-2
Here's a comprehensive document on migrating from SHA-1 to SHA-2 in Active Directory certificates....
More Bluetooth fun
Try as I might, I can't adjust the volume of either of my Bluetooth headsets when connected to my Telstra 12850 phone. There are volume controls both on the phone and on the headsets, but they seem to be disabled when connected. And apart from that, the cheaper headset (BH-20) powers down when charging. Isn't modern technology wonderful? ACM only downloads articles once.
Another dying disk
Into the office this morning to find some admin mails with less pleasant content: (ada2:ahcich2:0:0:0): READ_FPDMA_QUEUED. ACB: 60 00 e2 9e d8 40 e6 00 00 01 00 00 (ada2:ahcich2:0:0:0): CAM status: ATA Status Error (ada2:ahcich2:0:0:0): ATA status: 41 (DRDY ERR), error: 40 (UNC ) (ada2:ahcich2:0:0:0): RES: 41 40 f0 9e d8 00 e6 00 00 00 01 (ada2:ahcich2:0:0:0): Error 5, Retries exhausted g_vfs_done():ada2p1[READ(offset=1982953521152, length=131072)]error = 5 What's that? It's the disk with eureka's /home file system, about the worst thing that could go wrong. The only bright side is that it seems to be confined to a few sectors with information that isn't that important: it can easily be downloaded again.
Leaf Processing
In which I have excessive Lightroom fun with a simple photo of some leaves. This photo harvested on a visit to the VanDusen Botanical Garden, one of Vancouvers nicer things. The way it came out of the camera. Under a bright cloudy sky,the white balance (as expected from Fuji X-cams) is exact;they looked just like this. I thought the fun of the picture was mostly in the geometry, so why not try it in B&W? This is Lightrooms built-in B&W Contast High preset, the contrast softened a little with the Tone sliders, and a bit of grain for texture. But at heart Im a color kind of guy.
Impact Factor of Computer Science Journals 2014
The Thomson Reuters Web of Knowledge has published the 2014 Journal Citation Reports . Following similar studies I performed in the past eight years ( 2007 , '08 , '09 , '10 , '11 , '12 , '13 , '14 ) here is my analysis of the current status and trends for the impact factor of computer science journals.
The Internet of Things That Do What You Tell Them my talk at last weeks Solid Conference
From Solid Conference 2015: From ecosystem strategies to the war on terror, from the copyright wars to the subprime lending industry, it seems like everyone wants to build an Internet of Treacherous Things whose primary loyalty is to someone other than the people with whose lives they are intimately entwined. Your gesture-driven, voice-controlled future is... more
Bluetooth headsets: solved?
Yvonne back from town today with a surprisingly expensive Bluetooth headset from ALDI. I already have one headset, but I couldn't get it to pair with my new telephone. Tried it with the new one: power on, search. Nothing. RTFM time. Ah, obvious: ensure that the headset is powered off. Hold down the power button for 3 whole seconds. The unit powers on and says so in this grating American female voice that seems so popular with this kind of device. And the well-hidden LED flashes blue, once, and then red at about 1 second intervals. But wait, we're not done.
Replacing Yvonne's disk
The 1 TB disk that Chris Bahlo brought back last night was the cheapest I could find, but it's not what I would typically associate with cheap disks: 2½", in an external case with USB 3 connection. Can I use that as a system disk? In principle it should work, so I built a file system on it and tried it out. Mess with BIOS to find how it wanted me to set the boot order, and off it wentat a snail's pace. The twirling baton reminded me of CD-ROM boot; even DVD boots are faster. But it loaded the kernel, and then tried to mount the root file system.
Friday Squid Blogging: Classic Gary Larson Squid Cartoon
I have always liked this one. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Other GCHQ News from Snowden
There are two other Snowden stories this week about GCHQ: one about its hacking practices, and the other about its propaganda and psychology research. The second is particularly disturbing: While some of the unit's activities are focused on the claimed areas, JTRIG also appears to be intimately involved in traditional law enforcement areas and U.K.-specific activity, as previously unpublished documents...
Marriage Equality becomes the law of the land in the US
I literally never thought I'd see this day arrive. In 1991/1992 I was involved in passing the LGB anti-discrimination law in New Jersey. When it passed in January 1992, I remember a reporter quoting one of our leaders that marriage was next. At the time I thought Marriage Equality would be an impossible dream, something that wouldn't happen in my lifetime. Well, less than quarter-century later, it has finally happened. In the last few years more than 50% of the states approved marriage equality and soon it became a foregone conclusion. States are the "laboratory of democracy" and with 26 states (IIRC) having marriage equality, its about time to declare that the experiment is a success.
NSA and GCHQ Attacked Antivirus Companies
On Monday, the Intercept published a new story from the Snowden documents: The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the...
Disk crash, again
One thing that I didn't expect while installing Yvonne's office furniture was a disk crash on her system lagoon. The system came up again, but with lots of disk errors (which for some reason once again manifested themselves as Out of inodes). I've had this before, but managed to get it to go away by connecting the disk to a different controller, and thought so little about it that I didn't even bother to mention it. Today it wouldn't go away: the disk is toast. Why didn't I buy a new disk when it happened last time? Managed to resurrect an older incarnation of lagoon and restore her personal files, so she can work again.
Yet Another Leaker -- with the NSA's French Intercepts
Wikileaks has published some NSA SIGINT documents describing intercepted French government communications. This seems not be from the Snowden documents. It could be one of the other NSA leakers, or it could be someone else entirely. As leaks go, this isn't much. As I've said before, spying on foreign leaders is the kind of thing we want the NSA to...
Amazon announces the Alexa Skills Kit, Enabling Developers to Create New Voice Capabilities
Today, Amazon announced the Alexa Skills Kit (ASK), a collection of self-service APIs and tools that make it fast and easy for developers to create new voice-driven capabilities for Alexa. With a few lines of code, developers can easily integrate existing web services with Alexa or, in just a few hours, they can build entirely new experiences designed around voice. No experience with speech recognition or natural language understanding is requiredAmazon does all the work to hear, understand, and process the customers spoken request so you dont have to. All of the code runs in the cloud nothing is installed on any user device.
Amazon announces the Alexa Skills Kit, Enabling Developers to Create New Voice Capabilities
Today, Amazon announced the Alexa Skills Kit (ASK), a collection of self-service APIs and tools that make it fast and easy for developers to create new voice-driven capabilities for Alexa. With a few lines of code, developers can easily integrate existing web services with Alexa or, in just a few hours, they can build entirely new experiences designed around voice.
Baseball Hacking: Cardinals vs. Astros
I think this is the first case of one professional sports team hacking another. No idea if it was an official operation, or a couple of employees doing it on their own initiative....
Bluteooth pain
Some weeks ago I bought a new phone, specifically because of its Bluetooth connectivity. Problem: I had mislaid my Bluetooth headset. Today I found it, charged it, and tried to pair. Nothing. Tried with my Android tablet. No problem. I've heard of issues pairing with Bluetooth, but it's particularly difficult to debug when both devices are so primitive. Hopefully I'll find a different headset that works with the phone. ACM only downloads articles once.
The New 40
June 21st this year was its longest day, also Fathers Day and my birthday. I feel vaguely guilty because I havent the slightest insight into this growing-old thing, so dont expect golden-years reportage. As above so below. 1955 You could look it up; a good birth-year geek career choice. For example Allman, Bechtolsheim, Berners-Lee, Booch, Dubinsky, Gates, Gelernter, Gosling, Jobs, Murai, Ozzie, Schmidt, and Winer. (Feeling a little humbled right about now.) Summer in the city. 2015 Ill let you in on a little secret: Making computer software full-time is a lot harder than doing it a little and writing about it a lot.
If you change the file format, change the file name
Recently we were having the most difficult time planning what should have been a simple upgrade. There is a service we use to collect monitoring information (scollector, part of Bosun). We were making a big change to the code, and the configuration file format was also changing. The new configuration file format was incompatible with the old format. We were concerned with a potential Catch-22 situation. Which do we upgrade first, the binary or the configuration file? If we put the new RPM in our Yum repo, machines that upgrade to this package will not be able to read their configuration file and that's bad.
What is the DoD's Position on Backdoors in Security Systems?
In May, Admiral James A. Winnefeld, Jr., vice-chairman of the Joint Chiefs of Staff, gave an address at the Joint Service Academies Cyber Security Summit at West Point. After he spoke for twenty minutes on the importance of Internet security and a good national defense, I was able to ask him a question (32:42 mark) about security versus surveillance: Bruce...
Hayden Mocks NSA Reforms
Former NSA Director Michael recently mocked the NSA reforms in the recently passed USA Freedom Act: If somebody would come up to me and say, "Look, Hayden, here's the thing: This Snowden thing is going to be a nightmare for you guys for about two years. And when we get all done with it, what you're going to be required...
Why We Encrypt
Encryption protects our data. It protects our data when it's sitting on our computers and in data centers, and it protects it when it's being transmitted around the Internet. It protects our conversations, whether video, voice, or text. It protects our privacy. It protects our anonymity. And sometimes, it protects our lives. This protection is important for everyone. It's easy...
eBay fraud, helped by toy mail
On Wednesday I sold my camera again. But the new buyer still hasn't paid for it. Sent him a couple of invoices, and got a familiar looking message, here nicely formatted by Gmail: Account restored? I've seen that before. And somehow the headers are so minimal that I didn't look at them. On a real MUA they look more interesting (trimmed here, of course): From [email protected] Sun Jun 21 16:05:07 2015 ... Received: from mail-wi0-f171.google.com (mail-wi0-f171.google.com [209.85.212.171]) by www.lemis.com (Postfix) with ESMTP id 49AB91B72848 for <[email protected]>; Sun, 21 Jun 2015 06:00:34 +0000 (UTC) Received: by wicgi11 with SMTP id gi11so48713899wic.0 for <[email protected]>; Sat, 20 Jun 2015 23:00:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; ...
History of the First Crypto War
As we're all gearing up to fight the Second Crypto War over governments' demands to be able to back-door any cryptographic system, it pays for us to remember the history of the First Crypto War. The Open Technology Instutute has written the story of those years in the mid-1990s. The act that truly launched the Crypto Wars was the White...
The Secrecy of the Snowden Documents
Last weekend, the Sunday Times published a front-page story (full text here), citing anonymous British sources claiming that both China and Russia have copies of the Snowden documents. It's a terrible article, filled with factual inaccuracies and unsubstantiated claims about both Snowden's actions and the damage caused by his disclosure, and others have thoroughly refuted the story. I want to...
LED brightness revisited
It's been nearly a month since I compared the brightness of a number of different lighting sources. Now all we have is (mainly) LED and fluoro globes. But it's clear that LED is taking over. This weekend ALDI had LEDs on special again, so I got a few more. They're all rated at 880 Lumen/10 W. Yesterday I had put one in an old reading lamp in replacement for the fluoro lamp that was in there. Big difference; the old one is probably one of the old IKEA lamps that I had already found so dim. Today I wanted to replace the lamps in the pantry, which also seemed dim.
Understanding the DxO problem
My response from DxO support today wasn't very helpful: he had closed the ticket, and no longer understood what the problem was. Still, weekend, so time to describe things. But first an experiment: try the conversion with the standard conversion settings. And how about that, it worked! Back to my custom settings, and once again it didn't work. But the dimensions were also not the same as they had been before: the images with the different sizes (now clearly 2 pixels higher than the others) were different. OK, we can send in the custom settings. I wonder if they'll fix it.
Cybersecurity podcast
I’m a guest on this week’s New America Foundation cybersecurity podcast, hosted by Amanda Gaines and Peter Warren Singer (whose new book, Ghost Fleet, a novel about cybersecurity, is about to hit the stands) and edited by the great John Taylor Williams. MP3 link
DxO problem resolution
Got a reply to my three tickets for DxO Optics Pro today. Two of them were closed! The only one left open was the can't install update one. Suggested resolution: remove the old version completely from my system, then download a specific file and try to install it. And if it doesn't work? I have no photo processing software any more. Tried the download and installed without first removing the old version; fortunately it worked. But the other two problems are still there. And of course the ticket with the sample files has been closed. I hope they can still access them.
Friday Squid Blogging: Squid Salad Servers
Nice. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
DxO pain
I've taken a macro focus stack of a eucalyptus flower. First step in merging the images is align_image_stack. But the result wasn't quite what I expected: === grog@eureka (/dev/pts/14) ~/Photos/20150616 71 -> align_image_stack -m -a FOO C/Eucalyptus-flower-* Assertion failed: (nextImgInfo.size() == firstImgInfo.size()), function main2, file /src/FreeBSD/svn/ports/graphics/hugin/work/hugin-2012.0.0/src/tools/align_image_stack.cpp, line 569. Abort trap: 6 (core dumped) Further investigation showed that the images really differed in size: === grog@eureka (/dev/pts/14) ~/Photos/20150616 72 -> identify orig/*jpg orig/P6161378.jpg JPEG 4608x3456 4608x3456+0+0 8-bit DirectClass 3.397MB 0.000u 0:00.000 orig/P6161379.jpg[1] JPEG 4608x3458 4608x3458+0+0 8-bit DirectClass 3.452MB 0.000u 0:00.000 (etc) Another bug in DxO Optics Pro!
vigra problems, Yet Again
I maintain the FreeBSD port of enblend, not the easiest port to maintain. Recently, after an update to the dependent port vigra, the configuration failed: checking for Vigra import/export-library... no configure: error: libvigraimpex is required to compile Enblend. ===> Script "configure" failed unexpectedly. Huh? The vigra had been installed. The real information was in the log file: configure:5539: checking for Vigra import/export-library configure:5553: c++ -o conftest -O2 -pipe -fstack-protector -fno-strict-aliasing -Wno-c++11-extensions -I/usr/local/include -fstack-protector conftest.cpp -lvigraimpex -llcms2 -ltiff -lpng -ljpeg -lz -lgsl -lgslcblas -lm -L/usr/local/lib -lboost_system >&5 /usr/local/lib/libvigraimpex.so: undefined reference to `std::__1::basic_ios<char, std::__1::char_traits<char> >::widen(char) const' c++: error: linker command failed with exit code 1 (use -v to see invocation) So it was just a simple test program intended to detect whether vigra was installed, and the config ...
Counterfeit Social Media Accounts
Interesting article on the inner workings of a Facebook account farm, with commentary on fake social media accounts in general....
My PDF 2015 talk: An Internet of Things That Do As Theyre Told
Hardware problems in the Good Old Days
There's a fair amount of activity on the Unix Heritage Society mailing lists at the moment. I've been able to get rid of my old 4.4BSD and X manuals several times over. And somebody posted this link to an article by Brian Kernighan about the woes that he, Joe Condon and Ken Thompson had with a digital phototypesetter 35 years ago. The original paper makes good reading, especially since it shows how things in the Good Old Days weren't always as good as we recall. In passing, it's also interesting to see that they referred to Ken as KLT in those days.
eBay debugging
My support request to eBay, sent on Sunday, has timed out. Fought my way through their help system, which doesn't give me the opportunity to say what my problem is (if we can't anticipate your problem, it doesn't exist), so said that I needed help with first-time listing. And for that they were prepared to call me back (which they don't do for just any problem). Got a call back fairly soon, and spoke to Mark, who told me what I already suspected: that it was related to the fact that my account was registered in the USA. It seems that Australian accounts have only been in existence for about 4 years, and nobody thought to notify existing customers that they should change their registration.
Selling on eBay, day 4
eBay selling never ceases to amaze me. Now I've sold my camera again with Buy it now, this time to somebody across the river from Mildura. But I also received three identical messages (modulo formatting) from Howard Johnson, the first buyer, saying that eBay had messed up, but things were alright now, and I should have received a message from them. Looking in my eBay messages, there was nothing. But then I saw: 2324 15-06-2015 eBay Restored (2166) Re: Restoration Of The eBay Auction Listing Purchase The text went something like this: eBay International AG sent this message to you.Your registered name is included to show this message originated from eBay.
Hacking Drug Pumps
When you connect hospital drug pumps to the Internet, they're hackable -- only surprising people who aren't paying attention. Rios says when he first told Hospira a year ago that hackers could update the firmware on its pumps, the company "didn't believe it could be done." Hospira insisted there was "separation" between the communications module and the circuit board that...
Research on The Trade-off Between Free Services and Personal Data
New report: "The Tradeoff Fallacy: How marketers are misrepresenting American consumers and opening them up to exploitation." New Annenberg survey results indicate that marketers are misrepresenting a large majority of Americans by claiming that Americas give out information about themselves as a tradeoff for benefits they receive. To the contrary, the survey reveals most Americans do not believe that 'data...
Selling on eBay, day 3
Into the office this morning expecting to hear from the buyer of my camera. Instead I had a message from eBay: We had to cancel bids and purchases on the following item(s) for the buyer, , because they were made without the account owner's permission: 271901200336 - Olympus E-30 12 MP digital SLR body Please note that we're working with the account owner to prevent any additional unauthorized activity. Curiouser and curiouser. My investigation yesterday suggested that it was kosher.
My proposals have been accepted at Usenix LISA '15!
My talk and 2 tutorial proposals have been accepted at Usenix LISA LISA Conference! Talk: Transactional system administration is killing us and must be stopped Tutorials: How To Not Get Paged: Managing Oncall to Reduce Outages Introduction to Time Management for busy Devs and Ops The schedule isn't up yet at http://www.usenix.org/lisa15 but Usenix is encouraging speakers to post to social media early this year. See you in Washington DC Nov 8-13, 2015! P.S. You can follow LISA on various social networks: Facebook: https://www.usenix.org/facebook/lisa YouTube: http://www.usenix.org/youtube Google+: https://www.usenix.org/gplus/lisa LinkedIn: http://www.usenix.org/linkedin Instagram: http://www.usenix.org/instagram Twitter: https://www.usenix.org/twitter/lisa
Peter Swire on the USA FREEDOM Act
Peter Swire, law professor and one of the members of the President's review group on the NSA, writes about intelligence reform and the USA FREEDOM Act....
Australia Post helps again
So contrary to expectations, I sold my camera internationally. How do I calculate postage to the USA? Australia Post has a handy calculator which gives you an estimated price for postage. The easiest way to find it is from Google. If you go to http://auspost.com.au/ and run the cursor over the menu item Parcels & mail, you'll see a large choice: Unfortunately, none of the items in the section Sending overseas tell you what it costs. For that you have to go to the bottom of the next column, Postage calculator.
Encrypting Windows Hard Drives
Encrypting your Windows hard drives is trivially easy; choosing which program to use is annoyingly difficult. I still use Windows -- yes, I know, don't even start -- and have intimate experience with this issue. Historically, I used PGP Disk. I used it because I knew and trusted the designers. I even used it after Symantec bought the company. But...
The Internet may not be the question, but its the answer
My latest Guardian column looks at the fiction and reality of “Internet Utopianism,” and the effect that a belief in the transformative power of the Internet has had on movements, companies, and norms. I have been among the Internet Utopians for most of my life. I read Barlow, dropped out of university, and became a... more
Selling on eBay: the pain
It's been over a year since I tried to sell my Olympus E-30. Despite contacting eBay's help centre, I failed: You can't sell internationally at this time. That can't be typical. Thousands people with less computer skills than I sell on eBay every day. What is it? My aura? My computer environment? The latter (old FreeBSD with out-of-date browsers) seems to be a possibility. But now that I have an up-to-date system, it's high time that I tried again. And sure enough, I didn't run into most of the problems that I had last year. But the big one remained: You can't sell internationally at this time. It's not a browser or system issue: I tried four different browsers on three different systems, including Microsoft.
Thanks, QCon New York!
I had a great time at QCon New York last week. It was my first time there and my first time speaking too. The audience was engaged and had great questions. I did a book-signing at the Pearson booth and it was fun meeting readers (and future readers) of our books. Videos of all talks will be available soon. For now you can view the slides.
Man Who Sold the Moon wins the Sturgeon Award!
This weekend, my short story “The Man Who Sold the Moon” won the The Theodore Sturgeon Memorial Award, a juried prize for the best science fiction story of the year. The story originally appeared in the anthology Hieroglyph: Stories and Visions for a Better Future, edited by Kathryn Cramer and Ed Finn, based on a... more
Forging a Stand for Ear Rings
Eighth Movie-Plot Threat Contest Winner
On April 1, I announced the Eighth Movie-Plot Threat Contest: I want a movie-plot threat that shows the evils of encryption. (For those who don't know, a movie-plot threat is a scary-threat story that would make a great movie, but is much too specific to build security policies around. Contest history here.) We've long heard about the evils of the...
Friday Squid Blogging: Dancing Zombie Squid
How dead squid is made to dance when soy sauce is poured on it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Uh Oh -- Robots Are Getting Good with Samurai Swords
It's Iaido, not sword fighting, but still. Of course, the two didn't battle each other, but competed in Iaido tests like cutting mats and flowers in various cross-sectional directions. A highlight was when the robot horizontally sliced string beans measuring just 1cm in thickness! At the end, the ultimate test unfolds: the famous 1,000 iaido sword cut challenge. Ultimately, both...
Back-to-Basics Weekend Reading - The Working Set Model for Program Behavior
This weekend we go back in time all the way to the beginning of operating systems research. In the first SOSP conference in 1967 there were several papers that laid the foundation for the development of structured operating systems. There was the of course the lauded paper on the THE operating system by Dijkstra but for this weekend I picked the paper on memory locality by Peter Denning as this work laid the groundwork for the development of virtual memory systems. The Working Set Model for Program Behavior, Peter J.
Back-to-Basics Weekend Reading - The Working Set Model for Program Behavior
This weekend we go back in time all the way to the beginning of operating systems research. In the first SOSP conference in 1967 there were several papers that laid the foundation for the development of structured operating systems. There was the of course the lauded paper on the THE operating system by Dijkstra but for this weekend I picked the paper on memory locality by Peter Denning as this work laid the groundwork for the development of virtual memory systems.
The History of Internet Insecurity
The Washington Post has a good two part story on the history of insecurity of the Internet....
Duqu 2.0
Kaspersky Labs has discovered and publicized details of a new nation-state surveillance malware system, called Duqu 2.0. It's being attributed to Israel. There's a lot of details, and I recommend reading them. There was probably a Kerberos zero-day vulnerability involved, allowing the attackers to send updates to Kaspersky's clients. There's code specifically targeting anti-virus software, both Kaspersky and others. The...
OED returns
Call from Andrew at the State Library of Victoria this morning to tell me that the Oxford English Dictionary was back online. I had already discovered that, but he also told me that the outage had apparently affected all the world's libraries. It's amazing that I was the first to report it to two important Australian libraries (and possibly the first at all, since most libraries in the world were closed at the time). ACM only downloads articles once.
Security and Human Behavior (SHB 2015)
Earlier this week, I was at the eighth Workshop on Security and Human Behavior. This is a small invitational gathering of people studying various aspects of the human side of security. The fifty people in the room include psychologists, computer security researchers, sociologists, behavioral economists, philosophers, political scientists, lawyers, biologists, anthropologists, business school professors, neuroscientists, and a smattering of others....
Reassessing Airport Security
News that the Transportation Security Administration missed a whopping 95% of guns and bombs in recent airport security "red team" tests was justifiably shocking. It's clear that we're not getting value for the $7 billion we're paying the TSA annually. But there's another conclusion, inescapable and disturbing to many, but good news all around: we don't need $7 billion worth...
ACMA endorses Microsoft
Andy Snow pointed me at this page from the ACMA. It contained this markup: More information will be available at <a href="file:///C:/Users/shirca/AppData/Local/Microsoft/Windows/Temporary%20Internet%20Files/Content.Outlook/6CSKETL4/www.ag.gov.au/dataretention">www.ag.gov.au/dataretention</a> soon. Doesn't that make you feel that people know what they're doing? I put in a comment, which they chose not to publish, but they did fix the link. ACM only downloads articles once.
OED offline!
I put a typo in my diary yesterday: instead of too leet I wrote to leet, and of course somebody (Peter Jeremy) caught it. But what's the chance that to leet is a known English word? Off to look at the Oxford English Dictionary, not for the first time today. I have access as part of my membership of the State Library of Victoria, but it wouldn't accept the login. Called up SLV, where nothing was known of the problem, but they looked into it and discovered that yes, they had the same problem. We confirmed that I was still in the SLV domain (specifically http://www.oed.com.ezproxy.slv.vic.gov.au/), but it didn't show the SLV logo at the bottom.
Should Companies Do Most of Their Computing in the Cloud? (Part 3)
Cloud computing is the future of computing. Specialization and outsourcing make society more efficient and scalable, and computing isn't any different. But why aren't we there yet? Why don't we, in Simon Crosby's words, "get on with it"? I have discussed some reasons: loss of control, new and unquantifiable security risks, and -- above all -- a lack of trust....
Phoenix Is Doomed
I remember my first visit, playing mini-golf in the desert in the Eighties, fountains and waterfalls everywhere, thinking these people are crazy and this place cant last. The next day we had to run like hell for the airport. Oh wait, this is a review of The Water Knife by Paolo Bacigalupi, which is terrific. What happened was, wed flown from Vancouver to pick up a suitcase full of magtapes (the old reel-to-reel kind you used to see on movie computers) full of source code for some behemoth mainframe thing, you couldnt possibly transfer that much data over the network.
Should Companies Do Most of Their Computing in the Cloud? (Part 2)
Let me start by describing two approaches to the cloud. Most of the students I meet at Harvard University live their lives in the cloud. Their e-mail, documents, contacts, calendars, photos and everything else are stored on servers belonging to large internet companies in America and elsewhere. They use cloud services for everything. They converse and share on Facebook and...
Should Companies Do Most of Their Computing in the Cloud? (Part 1)
Yes. No. Yes. Maybe. Yes. Okay, it's complicated. The economics of cloud computing are compelling. For companies, the lower operating costs, the lack of capital expenditure, the ability to quickly scale and the ability to outsource maintenance are just some of the benefits. Computing is infrastructure, like cleaning, payroll, tax preparation and legal services. All of these are outsourced. And...
ATA configuration for Australia, continued
My ATA is still not generating correct ring tones (cadences, apparently). MyNetFone support is trying to be helpful with all sorts of unlikely suggestions, such as changing the dial plan. But there's a section in the Regional tab: Distinctive Ring/CWT Pattern Names. What does that mean? Potentially it could be related, and names like Bellcore-r1 suggest that they're currently American. So off to do some more searching. This page seems to relate to Australia, and potentially it has other useful settings, but it doesn't mention this section. This page at least explains the syntax of the entries. But this (PDF) document contains specifications.
The Effects of Near Misses on Risk Decision-Making
This is interesting research: "How Near-Miss Events Amplify or Attenuate Risky Decision Making," Catherine H. Tinsley, Robin L. Dillon, and Matthew A. Cronin. In the aftermath of many natural and man-made disasters, people often wonder why those affected were underprepared, especially when the disaster was the result of known or regularly occurring hazards (e.g., hurricanes). We study one contributing factor:...
Surveillance Law and Surveillance Studies
Interesting paper by Julie Cohen: Abstract: The dialogue between law and Surveillance Studies has been complicated by a mutual misrecognition that is both theoretical and temperamental. Legal scholars are inclined to consider surveillance simply as the (potential) subject of regulation, while scholarship in Surveillance Studies often seems not to grapple with the ways in which legal processes and doctrines are...
Tracking People By Smart Phone Accelerometers
Interesting research: "We Can Track You If You Take the Metro: Tracking Metro Riders Using Accelerometers on Smartphones": Abstract: Motion sensors (e.g., accelerometers) on smartphones have been demonstrated to be a powerful side channel for attackers to spy on users' inputs on touchscreen. In this paper, we reveal another motion accelerometer-based attack which is particularly serious: when a person takes...
Flash Storage Failure Rates From A Large Population
I love real data. Real data is so much better than speculation and, what Ive learned from years of staring at production systems, is the real data from the field is often surprisingly different from popular opinion. Disk failure rates are higher than manufacturer specifications, ECC memory faults happen all the time, and events that...
Friday Squid Blogging: Giant Squid Lore
Legends of giant squid go back centuries: In his book "The Search for the Giant Squid" marine biologist Richard Ellis notes that "There is probably no apparition more terrifying than a gigantic, saucer-eyed creature of the depths... Even the man-eating shark pales by comparison to such a horror... An animal that can reach a length of 60 feet is already...
US Identifies and Destroys ISIS Headquarters Because of "Selfie"
The news media is buzzing about how the US military identified the location of an ISIS HQ because someone there took a photo and posted it. Quoting Air Force General Hawk Carlisle, head of Air Combat Command: "The guys that were working down out of Hurlburt, they're combing through social media and they see some moron standing at this command....