Blog Archive: October 2015
New Hugin: first experiences
OK, Hugin has changed a lot in 3 years, not all for the better. I've already noted that the highlighting of individual images in the fast panorama preview went away, and that's one of the main reasons I'm still running an old version of Hugin. But today I had issues that I hadn't expected: I couldn't stitch at all. The interface has changed soeewhat, but the principle is the same. Use the Assistant tab, load the images, and let it align. But this time it didn't work: OK, go to the Control Points tab.
Finishing the Hugin port
More work on the Hugin port today, and finally got it finished. Well, almost. ===> Registering installation for hugin-2015.0.0_1 And it hung. Not network efficient, maybe? Came back some time later and it was still running: USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 58647 99.3 0.1 13448 5360 0 R+ 12:26pm 18:27.89 /usr/local/sbin/pkg-static register -i /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/stage -m /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/.metadir -f /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/.PLIST.mktmp It shouldn't take that long. Set a ktrace on it and found it looping: 58647 pkg-static RET read -1 errno 21 Is a directory 58647 pkg-static CALL read(0x4,0x7fffffff9b10,0x2000) 58647 pkg-static RET read -1 errno 21 Is a directory 58647 pkg-static CALL read(0x4,0x7fffffff9b10,0x2000) ...
Industrial Music
I just finished reading The Song Machine: Inside the Hit Factory by John Seabrook, which taught me that the big hits being pumped at us via the big divas with the great thighs are mostly the output of a reproducible mechanized process, and the mechanics are Swedes. No, really. I like most kinds of music; during the decades since I first fell under the spell of blues chords and backbeats, Ive managed to ride the pop-music waves with pleasure, finding something to like in most months radio. In the car, when the song ends and the ads start, I switch presets more or less at random and regularly find something fresh and tasty.
Darktable revisited
I suspect Andy Snow is planning some photographic activity. Today he asked me on IRC about darktable. Yes, I've tried it in the past, but never got very far with it. The concept of film rolls and other silliness put me off. Time to try it again? Why not? === root@stable (/dev/pts/0) ~ 7 -> pkg install darktable Installed packages to be REMOVED: hugin-2013.0.0_7 New packages to be INSTALLED: darktable: 1.6.8_1 flickcurl: 1.26 Huh? Why does it want to remove Hugin? Tried building it from source, and that worked.
Friday Squid Blogging: Baby Giant Squid Found
First ever examples of a baby giant squid have been found. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
The Onion on the State of IT Security
"China Unable To Recruit Hackers Fast Enough To Keep Up With Vulnerabilities In U.S. Security Systems." It's only funny because it's true....
Oursourcing makes sense if you think "software" is a fad
[This piece gets kind of dark. You've been warned.] At the recent DOES15 conference (which was a great conference) many of success stories included the admission that outsourcing had been a big mistake. In some cases outsourcing had nearly sunk the company. What saved them? DevOps, in-sourcing, and vertical integration. If you aren't familiar with the term "vertical integration" it is the MBA term for "if you want something done right, do it yourself." The reason outsourcing had been such a disaster was not the skill of the outsourcing companies or the people. It was the fact that if you don't own your process, you can't control the quality.
Weaknesses in the PLAID Protocol
In 2009, the Australian government released the Protocol for Lightweight Authentication of Identity (PLAID) protocol. It was recently analyzed (original paper is from 2014, but was just updated), and it's a security disaster. Matt Green wrote a good blog post back in 2014 that explains the problems. Slashdot thread. Reddit thread....
Subversion subverted
I maintain a couple of copies of the FreeBSD source tree (CURRENT and STABLE) on eureka. Every morning I run svn update to bring them up to date. Lately, however, I've been having build failures with STABLE. That can happen, of course, though it's not supposed to, but this had been continuing for several days, and nobody had complained on the mailing lists. Where's the problem? Tried building on another machine (lagoon instead of stable), but the problem remained. Finally I checked out a complete new STABLE tree and tried that. It built. So do I have a corrupt source tree? That's what svn up is supposed to avoid, isn't it?
my.gov pain
A message in the mail today: Date: Thu, 29 Oct 2015 12:09:33 +1100 From:<[email protected]> To: <[email protected]> Subject: New Centrelink letter available online Reply-To: [email protected] Please DO NOT REPLY by email as this mailbox is not monitored. OK, I have a my.gov account. But what a pain it is to use! I've been there before and came to the conclusion that the service wasn't worth the ether it was printed on. On that occasion I was unable to turn off email because of technical problems (broken DNS lookup). Today the DNS lookup worked, but other technical problems stopped me: there's no provision for removing yourself.
Understanding C++
So I have this problem with Hugin where I run into ambiguous templates: [ 45%] Building CXX object src/tools/CMakeFiles/autooptimiser.dir/autooptimiser.cpp.o /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/tools/align_image_stack.cpp:196:38: error: reference to 'lock' is ambiguous hugin_omp::ScopedLock sl(lock); ^ /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/tools/align_image_stack.cpp:124:24: note: candidate found by name lookup is 'lock' static hugin_omp::Lock lock; ^ /usr/include/c++/v1/mutex:424:1: note: candidate found by name lookup is 'std::__1::lock' lock(_L0& __l0, _L1& __l1, _L2& __l2, _L3& ...__l3) ^ /usr/include/c++/v1/mutex:350:1: note: candidate found by name lookup is 'std::__1::lock' lock(_L0& __l0, _L1& __l1) ^ I've already established that the candidates are templates, and v1/mutex is unconditionally included with fstream.
Flash Drive Lock
This device is clever: it's a three-digit combination lock that prevents a USB drive from being read. It's not going to keep out anyone serious, but is a great solution for the sort of casual security that most people need....
When explaining to beginners, use simple examples.
I've always felt that most geeks give examples (to beginners) that are too complex. I believe this is an attempt to be complete. However, beginner examples should be so simple even if you feel like you are committing lies of omission. A recently Slashdot article, Revisiting Why Johnny Can't Code: Have We "Made the Print Too Small"? mentioned that often the examples we give are too complex for the beginners we intend them for. They compare the starting example from Mark Zuckerberg's what-is-coding video to a simple BASIC example. They make a comparison to the book How to Teach Your Baby to Read, the authors explain, "It is safe to say that in particular very young children can read, provided that, in the beginning, you make the print very big."
Tracking Connected Vehicles
Researchers have shown that it is both easy and cheap to surveil connected vehicles. The second link talks about various anonymization techniques, none of which I am optimistic about....
Watch LISA Conversations Episode 4: Sabrina Farmer!
The Google Hangout with Sabrina Farmer was so amazing we decided to go over-time. If you missed it, watch the video https://www.youtube.com/watch?v=RCgvBZszuwI. We discussed her talk from WiAC '12 titled: Overcoming My Biggest Roadblock, Myself, plus what's it like to work at Google, her recent promotion to Engineering Director, career management tips for women, and much much more! You don't want to miss this episode! (For more info and past episodes visit the Usenix LISA Conversations Homepage.)
Why Is the NSA Moving Away from Elliptic Curve Cryptography?
In August, I wrote about the NSA's plans to move to quantum-resistant algorithms for its own cryptographic needs. Cryptographers Neal Koblitz and Alfred Menezes just published a long paper speculating as to the government's real motives for doing this. They range from some new cryptanalysis of ECC to a political need after the DUAL_EC_PRNG disaster -- to the stated reason...
The Doxing Trend
If the director of the CIA can't keep his e-mail secure, what hope do the rest of us have -- for our e-mail or any of our digital information? None, and that's why the companies that we entrust with our digital lives need to be required to secure it for us, and held accountable when they fail. It's not just...
Another NBN outage!
Most of my network outages seem to happen in the middle of the night, to a point where I often wonder if they're just unannounced maintenance. But lately they've been happening in the daytime: 15 October 2015 10:36:43, 18 October 2015 13:14:34, and now today at 13:39:40. In each case, I was able to observe that the ODU LED on the NTD was red. Last week I suspected that my actions had no effect. Today I had the time to confirm that: we were off the net for over three hours, and of course power cycling had no effect on the ODU LED.
Come see me at Santa Monicas Diesel Books on Thursday
We’re launching the new paperback edition of “Information Doesn’t Want to Be Free, my book of practical advice and theory for artists trying to make sense of the net (it features intros by Neil Gaiman and Amanda Palmer, too!) at Santa Monica’s Diesel Books. I’ll be there (225 26th Street, Santa Monica, CA 90402), from... more
The Need for Transparency in Surveillance
In Data and Goliath, I talk about the need for transparency, oversight, and accountability as the mechanism to allow surveillance when it is necessary, while preserving our security against excessive surveillance and surveillance abuse. James Losey has a new paper that discusses the need for transparency in surveillance. His conclusion: Available transparency reports from ICT companies demonstrate the rise in...
Watch us live today: LISA Conversations Episode 4: Sabrina Farmer
Today (Oct 27, 2015) we'll be recording Episode 4 of LISA Conversations. Join the Google Hangout and submit questions live. Our guest will be Sabrina Farmer, who is a SRE manager at Google. We'll be discussing her amazing talk "Overcoming My Biggest Roadblock, Myself" from the 2012 USENIX Women in Advanced Computing Summit (WiAC '12). Watch her talk beforehand, and then join us at 3:30 pm PDT/6:30 pm EDT on Tuesday, October 27, 2015, at the Google Hangout On Air. The video from Sabrina's talk can be found at https://www.usenix.org/conference/wiac12/overcoming-my-biggest-roadblock-myselfÿ Join the hangout: https://plus.google.com/b/108588319090208187909/events/ctqdskbuhuh4fnt1o0f49m5o2ss The talk was brought to my attention when someone described it was being "the talk that brought down the house at WiAC '12".
New column in Queue Magazine: Everything Sysadmin
I've started a column in ACM Queue magazine called "Everything Sysadmin" (guess where I got the idea for the name?). It will appear 3 times a year. The first column is titled, "Automation Should Be Like Iron Man, Not Ultron". Queue is free to ACM members (use your ACM account username/password). You can purchase a 1-year subscription for $19.99 or buy a single issue for $6.99. To read the issue online or via the Queue App (iPhone and Android), go here: http://queue.acm.org/app/landing.cfm
The limits of wrapper scripts
Completed the transition to the new /home disk today with no problems beyond being off the air for an hour while I ran a last rsync. The next step is to bring the backup system stable up to date. Started a buildworld, which died almost immediately with an invalid .depend filewhich it had just created! It took quite a while to discover that the culprit was my compiler wrapper script, which echoed the invocation to stdout, in this case the .depend file. So while it's a useful trick to work around deficiencies in cmake, it's not completely transparent. ACM only downloads articles once.
Ravens Can Identify Cheaters
Ravens have been shown to identify and remember cheaters among their unkindness....
Microsoft's Brad Smith on the Collapse of Safe Harbor
Microsoft's President Brad Smith has a blog post discussing what to do now that the US-EU safe-harbor agreement has collapsed. He outlines four steps: First, we need to ensure across the Atlantic that people's legal rights move with their data. This is a straightforward proposition that would require, for example, that the U.S. government agree that it will only demand...
Time for a disk replacement
I bought the current hardware for eureka nearly 2 years ago, but I still haven't upgrade the operating system. Most recently, compilation problems with Hugin have deferred the issue. But there are other pressures. Lately I've been getting: Oct 25 13:00:49 eureka kernel: (ada2:ahcich2:0:0:0): READ_FPDMA_QUEUED. ACB: 60 00 e2 9e d8 40 e6 00 00 01 00 00 Oct 25 13:00:49 eureka kernel: (ada2:ahcich2:0:0:0): CAM status: ATA Status Error Oct 25 13:00:49 eureka kernel: (ada2:ahcich2:0:0:0): ATA status: 41 (DRDY ERR), error: 40 (UNC ) Oct 25 13:00:49 eureka kernel: (ada2:ahcich2:0:0:0): RES: 41 40 f0 9e d8 00 e6 00 00 00 01 Oct 25 13:00:49 eureka kernel: (ada2:ahcich2:0:0:0): Error 5, Retries exhausted Oct 25 13:00:49 eureka kernel: g_vfs_done():ada2p1[READ(offset=1982953521152, length=131072)]error = 5 It seems to be only local, and so far it means lack of access ...
Trip report: Fall 2015 ISO C++ standards meeting
Yesterday we just wrapped up our fall ISO C++ committee meeting in Kona, HI, USA. We normally meet in windowless rooms all week, but because of the committee’s current size we had to use the hotel’s largest space which was open-air (though technically still windowless). It was a busy week. During the days from 8:00am-5:00pm, […]
Trip report: Fall 2015 ISO C++ standards meeting
Yesterday we just wrapped up our fall ISO C++ committee meeting in Kona, HI, USA. We normally meet in windowless rooms all week, but because of the committee’s current size we had to use the hotel’s largest space which was open-air (though technically still windowless). It was a busy week. During the days from 8:00am-5:00pm, […]
We don't need no complete texts
For some reason my message to the Hugin forum didn't arrive. More attachment stupidity? But it's run by the Google behemoth, so it should be able to accept mail from Gmail. What a pain Gmail is! It's good for filtering spam, but the user interface! After I enlarged the tiny window, I got: WHY do people have to truncate things like that? It's reaching epidemic proportions. ACM only downloads articles once.
NEW: USENIX Journal of Education in System Administration
If you teach system administration I highly recommend you take a look at USENIX's newest journal: Journal of Education in System Administration (JESA) The journal can be read (for free) online: https://www.usenix.org/jesa/0101. I was honored to be asked to write a piece for the inaugural issue. You can read it online here.
Paywalls Dont Scale
Heres the problem: Every day I get emails about great offers expiring real soon, better act now. Theyre subscription deals from publications I mostly like, but Im not signing up. Id like to pay them though; heres how. At the moment, I subscribe (in the sense of paying regularly) to the New York Times and The Economist. Yes, Im aware thats boringly, crushingly, mainstream and sometimes I hate myself for it, but I keep on paying. Want more mainstream? The pubs I like but dont pay for include Haaretz, Beiruts Daily Star, the Financial Times, the Paris Review, the Boston Globe (if only for The Big Picture), the Mop & Pail, and the New Yorker (if only for Roger Angell).
Forensic Analysis of Smart Card Fraud
This paper describes what is almost certainly the most sophisticated chip-and-pin credit card fraud to date. News article. BoingBoing post....
Tandem/16 control panel
For my first home-made computer I built a console or control panel with which I could single-step the machine and monitor its activity. Older computers had these as a matter of course, but I don't know of any other for a Z80: During my time with Tandem Computers we had some reason to examine the Tandem/16 processor in more detail. By that time, production had stopped, and I was given one of the three control panels that manufacturing had built for the three factories (Cupertino CA, Reston VA, and Neufahrn BY).
C++ namespace hell
Spent a bit more time trying to understand the Hugin compilation problems. Finally got my wrapper scripts to output useful invocation lines, which, as I expected, were long: c++ -DHUGIN_HSI -O2 -pipe -fstack-protector -fno-strict-aliasing --std=c++11 -O2 -pipe -fstack-protector -fno-strict-aliasing -I/eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src -I/eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin_base -I/eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/celeste -I/usr/local/include -I/usr/local/include/OpenEXR -I/eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/foreign -I/usr/local/include/python2.7 -c /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/tools/align_image_stack.cpp Add a C -dD -E to that and I got the preprocessor outputall 10 MB of it: === root@stable (/dev/pts/1) /usr/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/tools 233 -> l cppout.cpp -rw-r--r-- 1 root wheel 10,727,532 22 Oct 13:29 cppout.cpp === root@stable (/dev/pts/1) /usr/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/tools 234 -> wc -l cppout.cpp 282590 cppout.cpp How do you fight your way through that?
Hacking Fitbit
This is impressive: "An attacker sends an infected packet to a fitness tracker nearby at bluetooth distance then the rest of the attack occurs by itself, without any special need for the attacker being near," Apvrille says. "[When] the victim wishes to synchronise his or her fitness data with FitBit servers to update their profile ... the fitness tracker responds...
Police Want Genetic Data from Corporate Repositories
Both the FBI and local law enforcement are trying to get the genetic data stored at companies like 23andMe. No surprise, really. As NYU law professor Erin Murphy told the New Orleans Advocate regarding the Usry case, gathering DNA information is "a series of totally reasonable steps by law enforcement." If you're a cop trying to solve a crime, and...
Programming language complexity
At university I discovered this wonderful new language, Algol. It was so much better than FORTRAN, and it was so easy to program. And then I discovered that the version we were using was Algol 60, codified (in the pre-Y2K days) in 1960. There was also an Algol 68, and although this was in 1970, no compiler was available for it for our university computer (an ICL System 4/50, a Spectra 70 copy). Why? Over the years I investigated the language, and looked for compilers for the computers with which I worked. None came. The language was too complicated. How times have changed!
Programming language complexity
25 years ago I wrote a B-tree storage system called Monkey in C++. At the time I saw it as being the logical development of C, as long as you ignored some of the more bizarre features. Since then I have returned to programming in C, mainly because that's what the environment required. 11 years ago I was required to backport Monkey to C. In the process I discovered that C++ had become even more bizarre, and the backporting brought insights that were hidden when I wrote in C++. The C version was slightly more verbose, but much clearer in intention.
Understanding convoluted error messages
While trying to port Hugin this morning, was presented with this error message: /usr/bin/sed -i.bak 's/-pthread;-D_THREAD_SAFE/-pthread -D_THREAD_SAFE/g' /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/base_wx/CMakeFiles/huginbasewx.dir/flags.make /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/hugin/CMakeFiles/hugin.dir/flags.make /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/hugin/CMakeFiles/hugin.dir/link.txt /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/nona_gui/CMakeFiles/nona_gui.dir/flags.make /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/nona_gui/CMakeFiles/nona_gui.dir/link.txt /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/ptbatcher/CMakeFiles/PTBatcher.dir/flags.make /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/ptbatcher/CMakeFiles/PTBatcher.dir/link.txt /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/ptbatcher/CMakeFiles/PTBatcherGUI.dir/flags.make /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/ptbatcher/CMakeFiles/PTBatcherGUI.dir/link.txt /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/stitch_project/CMakeFiles/hugin_stitch_project.dir/flags.make /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/stitch_project/CMakeFiles/hugin_stitch_project.dir/link.txt sed: /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/nona_gui/CMakeFiles/nona_gui.dir/flags.make: No such file or directory The original looks even worse, of course, with no line breaks whatsoever. What does that mean? Isn't it so much easier to replace the spaces with newline characters? /usr/bin/sed -i.bak 's/-pthread;-D_THREAD_SAFE/-pthread -D_THREAD_SAFE/g' /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/base_wx/CMakeFiles/huginbasewx.dir/flags.make /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/hugin/CMakeFiles/hugin.dir/flags.make /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/hugin/CMakeFiles/hugin.dir/link.txt /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/nona_gui/CMakeFiles/nona_gui.dir/flags.make /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/nona_gui/CMakeFiles/nona_gui.dir/link.txt /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/ptbatcher/CMakeFiles/PTBatcher.dir/flags.make /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/ptbatcher/CMakeFiles/PTBatcher.dir/link.txt /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/ptbatcher/CMakeFiles/PTBatcherGUI.dir/flags.make /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/ptbatcher/CMakeFiles/PTBatcherGUI.dir/link.txt /eureka/home/src/FreeBSD/svn/ports/graphics/hugin-2015.0.0/work/hugin-2015.0.0/src/hugin1/stitch_project/CMakeFi
Sourceforge: blast from the past
Went to the Hugin web site today. The response I got wasn't quite what I thought: Error 503 Service Unavailable Guru Meditation: XID: 223985111 Varnish cache server Where did that come from? As the code (Service Unavailable) suggests, it was transient. But the text takes me back decades. ACM only downloads articles once.
Sourceforge: blast from the past
Went to the Hugin web site today. The response I got wasn't quite what I thought: Error 503 Service Unavailable Guru Meditation: XID: 223985111 Varnish cache server Where did that come from? As the code (Service Unavailable) suggests, it was transient. But the text takes me back decades. ACM only downloads articles once.
How a mathematician teaches Little Brother to a first-year seminar
Derek Bruff teaches a first-year college writing seminar in mathematics, an unusual kind of course that covers a lot of ground, and uses a novel as some of its instructional material — specifically, my novel Little Brother. Bruff’s written up an excellent and fascinating description of the unit that uses the novel, which he’s just... more
Get ready for LISA Conversations Episode 4: Sabrina Farmer
The next episode of the LISA Conversations video podcast will be a discussion with Sabrina Farmer. We'll be discussing her amazing talk "Overcoming My Biggest Roadblock, Myself" from the 2012 USENIX Women in Advanced Computing Summit (WiAC '12). Watch her talk beforehand, and then join us at 3:30 pm PDT/6:30 pm EDT on Tuesday, October 27, 2015, at the Google Hangout On Air. The video from Sabrina's talk can be found at https://www.usenix.org/conference/wiac12/overcoming-my-biggest-roadblock-myselfÿ The talk was brought to my attention when someone described it was being "the talk that brought down the house at WiAC '12". I watched it and was blown away by her powerful story of self-discovery.
Security Risks of Unpatched Android Software
A lot has been written about the security vulnerability resulting from outdated and unpatched Android software. The basic problem is that while Google regularly updates the Android software, phone manufacturers don't regularly push updates out to Android users. New research tries to quantify the risk: We are presenting a paper at SPSM next week that shows that, on average over...
Strange error message
In the afternoon Yvonne told me that her system had hung. In to find the X server displaying only a small white square on a black background. What's that? On the console these messages: What an incomprehensible mess. Instead of ###!!! and lots of square brackets, how about something that a script can parse easily, and information that tells you what produced it? Stopped and restarted the X server and things worked again. Looking through the web, it seems to be related to Adobe flash.
More porting
Why am I trying to resurrect Keith Packard's games? There are alternatives, such as xpat2. A much more important issue is to ensure that Hugin will still work when I update the system. OK, I have the latest port installed on stable. Tried it out. It ran, but the result of the alignment stage showed almost complete lack of alignment. What went wrong there? Further investigation showed that the problem only occurs with my fisheye lens, the Olympus Zuiko Digital ED 8 mm f/3.5. With the Zuiko Digital ED 9-18mm F4.0-5.6 things worked normally.
Big discount, 24 hours only!
The Practice of Cloud System Administration is the InformIT "eBook Deal of the Day". You can get it with more than a 40% discount: $24.99. http://informit.com/deals Offer expires October 19th at 11:59 PST.
kgames revisited
After my porting attempts on Thursday, Callum Gibson reminded me that there are multiple ways to invoke imake. I've been there before, but it was 20 years ago: You don't normally run imake directly, since it needs a couple of pathname parameters: instead you have two possibilities: Run xmkmf, which is a one-line script that supplies the parameters to imake. Run make Makefile. This assumes that some kind of functional Makefile is already present in the package.
How to Commandeer a Store PA System
If you call the proper phone extension, you have complete control over the public address system at a Target store....
Off net again
My network reliability with the National Broadband Network is still not what you'd expect of a modern network. Another short dropout today while I was in the office, so I was able to confirm that the ODU LED was red. That's supposed to mean something wrong with the Outdoor Unit (NBNese for antenna), but in the cases I've seen it had nothing to do with the antenna. Power cycled the NTD, taking the opportunity to connect it to the office UPS, and watched it gradually come up again. When all status lights were OK, tried a ping to the world. Nothing.
Things that go beep in the night
My UPS issues continue. There's increasing evidence that the UPS in my office is reacting to something on its input; on one occasion the lights in the hallway dimmed slightly when it beeped. Hopefully it's not the upstream UPS. Time to install some monitoring software, something that I haven't needed in over 20 years of using UPSs. ACM only downloads articles once.
Phone or camera?
Juha (or is that Matti?) Kupiainen went for a motorbike ride today with his mate Glenn. What does that have to do with me? He took some photos and published themas a directory with the original images. To look at them, you need to select each image separately. OK, this isn't Juha's fault: he can do it like that, which simply requires linking the directory into the web server, or he can put them on Flickr, like he did 8 years ago. But that requires lots of mouse-pushing, and you still don't have much control over the display format. So for the fun of it I created a quick and dirty web page that would display all the images.
UPS irritation
I have two UPSs in series. The big one (3 kVA) is in the shed. It runs all the low-power stuff in the house, mainly electronics and lighting. It also feeds the small one (1 kVA), which is there only for eureka, my main machine. I have never got round to installing any monitoring software: if the power fails for any length of time, there's currently not much we can do about it. Today, however, the second UPS was not feeling happy. On several occasions it beeped once and then stopped again. Why? Nothing else had any issues. The display went on, but it's on the floor, and by the time I looked down there was nothing to be seen.
Unexpected spam
Only a couple of days ago I commented on the number of languages in which I get spam. But today there was a new one: Indeed, I can't recall having received a message in Azerbaijani before. But this one wasn't one either: it an invoice from Citylink, the operator of Melbourne's tollways (which they call freeways, presumably because the term road toll has a completely different meaning here.
PMs Gone Bad
PM stands for Product Manager or sometimes Program Manager; these are the people in software development who dont write code and dont manage coders and make all the difference. A good one is beyond price, and a bad one has a unique power to inflict bleeding neck wounds on what youre building. Lets illustrate this with examples from Adobe, Google, and Apple. This piece is provoked by Lightrooms abject surrender to angry users after they tried to re-work their import dialogue. From inside But lets set Lightroom aside for the nonce and start back at Google, where I saw this happen from inside.
Friday Squid Blogging: Squid Photos
"Terrifying" squid photos. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Mapping FinFisher Users
Citizen Lab continues to do excellent work exposing the world's cyber-weapons arms manufacturers. Its latest report attempts to track users of Gamma International's FinFisher: This post describes the results of Internet scanning we recently conducted to identify the users of FinFisher, a sophisticated and user-friendly spyware suite sold exclusively to governments. We devise a method for querying FinFisher's "anonymizing proxies"...
Breaking Diffie-Hellman with Massive Precomputation (Again)
The Internet is abuzz with this blog post and paper, speculating that the NSA is breaking the Diffie-Hellman key-exchange protocol in the wild through massive precomputation. I wrote about this at length in May when this paper was first made public. (The reason it's news again is that the paper was just presented at the ACM Computer and Communications Security...
Porting again
Gradually I'm running out of excuses not to upgrade eureka to the latest and greatest FreeBSD. But there's still one: kgames, some card games that Keith Packard wrote decades ago. The code seems to have rotted, and I can't find any version that will build in a modern environment. OK, that's a question of porting, and when it comes to porting, I wrote the book. But the kind of porting described there is almost as old as the code. Still, got off to a start. First I need a Makefile. That's easy: run imake: === grog@eureka (/dev/pts/6) /home/ports/x11/kgames/kgames-1.0 264 -> imake Imakefile.c:16: error: Imake.tmpl: No such file or directory imake: Exit code 1.
I blame it on Microsoft
Today I had to do something with despair, my Microsoft Windows 7 box. A popup: software updates installed, rebooting in 3 minutes. Why that? I had explicitly told it not to install anything by itself. But now I had a problem. Yes, remind me later buys me time, but it seems not much. And currently I didn't have a display on despair, nor even a cable to connect it to the KVM. Out into the shed to look for a cable. I really needed a second one for swamp, one of my test boxes. For some reason, I have hundreds of Ethernet cables, even AUI, but after much searching and reshuffling moving cartons, I only found one VGA cable.
Korean edition of Little Brother
It hits shelves today, featuring an essay I wrote specifically for this edition, tying together Korean politics — especially surveillance and censorship — with global mass-surveillance and the themes in the book.
20 years of The Complete FreeBSD
20 years ago today I had a visit from Jack Velte and friends of Walnut Creek CDROM. After dinner we did a bit of quick hacking and came up with what was to become The Complete FreeBSD. The book went through 5 editions, but it's completely out of date now. How times have changed! And how many things haven't! ACM only downloads articles once.
Obama Administration Not Pursuing a Backdoor to Commercial Encryption
The Obama Administration is not pursuing a law that would force computer and communications manufacturers to add backdoors to their products for law enforcement. Sensibly, they concluded that criminals, terrorists, and foreign spies would use that backdoor as well. Score one for the pro-security side in the Second Crypto War. It's certainly not over. The FBI hasn't given up on...
More phone problems
CJ Ellis has trouble with his phone again! Once again he can make calls out, but calls in get automatically diverted to voice mail. He asked me for help. I confirmed the behaviour, and suggested that he got MyNetFone to contact me for problem resolution, since he has difficulty understanding the people. Sometimes I do too: they asked him what kind of modem he had. Modem? What's that in a National Broadband Network system? All he has is an ATA. Sure enough, within minutes I got a call from Akbar of MyNetFone support, asking what the problem was with my phone (to which he referred as landline).
Soviet Spying on US Selectric Typewriters
In the 19980s, the Soviet Union bugged the IBM Selectric typewriters in the U.S. Embassy in Moscow. This NSA document discusses how the US discovered the bugs and what we did about it. Codename is GUNMAN. Is this the world's first keylogger? Maybe....
ARM Server Market
Microservers and the motivations for microservers have been around for years. I first blogged about them back in 2008 (Cooperative, Expendable, Microslice, Servers: Low-Cost, Low-Power Servers for Internet-Scale Services) and even Intel has entered the market with Atom but its the ARM instruction set architecture that has had the majority of server world attention. There...
re:Invent in Vegas
That was intense. AWSs customers are great. But I wish I could like Vegas more. Size matters There were 19,000 people, more or less, at the Venetian, up from 13K the year before. Im glad I dont own the problem of figuring out what to do next year. The way things are going you have to assume more people will want to come but Im pretty sure that hotel cant hold em. Split venue? Go for intensity over quantity and retreat to Moscone West (max capacity 5.5K) as Google and Apple have? Use one of the mega-venues? Beats me. Normally this is where Id put a picture of eager conference geeks, but this blog has seen enough of those over the years, so heres Vegas bignew Ferris Wheel instead; its impressive.
Flaky software: don't do that, then
Yvonne spent most of another day processing her photos from last week. In the process she managed to trip over many misfeatures of my processing system that I had never seen before. Some of it has to do with the change of user, but mainly with the change of approach. It brings home how important it is to get other people to test the software that you write. I blame it all on her German-layout keyboard, which I can barely use. ACM only downloads articles once.
Friday Squid Blogging: Japanese Squid Recipe
Delicious recipe of squid with cabbage, bean sprouts, and noodles. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. EDITED TO ADD (10/9): Posted a day early by mistake.......
I'm a Guest on "Adam Ruins Everything"
The show is about security theater. I am a disembodied head on a scooter. Here's a teaser. Here's the full episode (for pay, but cheap). The scooter idea was a hack when I couldn't find the time to fly to LA for live filming. The whole thing was a lot of fun....
SHA-1 Freestart Collision
There's a new cryptanalysis result against the hash function SHA-1: Abstract: We present in this article a freestart collision example for SHA-1, i.e., a collision for its internal compression function. This is the first practical break of the full SHA-1, reaching all 80 out of 80 steps, while only 10 days of computation on a 64 GPU cluster were necessary...
Information in Your Boarding Pass's Bar Code
There's a lot of information, including the ability to get even more information....
Usenix LISA: Early Bird Pricing ends Oct 15!
This year LISA is in Washington D.C., from Nov 8-13. If you are on the east-coast, this is a good opportunity to attend the premiere system administration conference. Register now. This year's schedule is packed with amazing talks. I'd like to point out... " Go for Sysadmins" from Chris "Mac" McEniry, Sony Network Entertainment "Neighborly Nagios" from David Josephsen, Librato "systemd, the Next-Generation Linux System Manager" from Alison Chaiken, Mentor Graphics "Software Defined Networking: Principles and Practice" from Nick Feamster, Princeton University "How to Not Get Paged: Managing On-call to Reduce Outages" from Thomas A. Limoncelli, Stack Overflow Register now.
A day's work wasted
Yvonne has been working on her photo processing all week. Today she finished the work on the photos for 28 September, all 618 of them. Then she threw them away. Why? Not deliberately, of course. It's a misfeature in one of my scripts. I use two scripts to make life more bearable with DxO Optics Pro and Microsoft. The first, fordxo, links the images I want to process into a static directory, /Photos/00-grog or /Photos/00-yvonne. When processing is done, I use another script to move those images back that haven't already been processed. Why 00-<name>? It gets displayed at the top of the directory tree, so it's easier to find.
Expanding the Cloud: Introducing Amazon QuickSight
We live in a world where massive volumes of data are generated from websites, connected devices and mobile apps. In such a data intensive environment, making key business decisions such as running marketing and sales campaigns, logistic planning, financial analysis and ad targeting require deriving insights from these data. However, the data infrastructure to collect, store and process data is geared toward developers (e.g., Amazon Redshift, DynamoDB, Amazon EMR) whereas insights need to be derived by not just developers but also non-technical business users. In AWS quest to enable the best data storage options for engineers, we have built several innovative database solutions like Amazon RDS, Amazon RDS for Aurora, Amazon DynamoDB, and Amazon Redshift.
Expanding the Cloud: Introducing Amazon QuickSight
We live in a world where massive volumes of data are being generated from websites, connected devices and mobile apps. In such a data intensive environment, making key business decisions such as running marketing and sales campaigns, logistic planning, financial analysis, and ad targeting require deriving insights from these data. However, the data infrastructure to collect, store, and process data is geared primarily towards developers and IT professionals (e.
European Court of Justice Rules Against Safe Harbor
The European Court of Justice ruled that sending personal data to the US violates their right to privacy: The ruling, by the European Court of Justice, said the so-called safe harbor agreement was flawed because it allowed American government authorities to gain routine access to Europeans' online information. The court said leaks from Edward J. Snowden, the former contractor for...
Revisiting X configurations
One of the results of Yvonne photo orgy is an incredible amount of processing. I store the photos on disk on eureka, and Yvonne accesses them by NFS. That's not ideal: some things, like making contact prints of video clips, require a lot of I/O, and over the net it's particularly slow. So why not log in oneureka? The simple answer is because my X configuration doesn't do it right. The fvwm2 menus look like this: + "eureka" Exec ssh -A eureka /usr/local/bin/xterm -name "xterm" -bg BlanchedAlmond -s -sl 2048 -sb -ls -j -rw -display lagoon:0.0 -geometry 100x65+53+0 -fn 9x15 -e /usr/local/bin/bash & That's an ssh started from the window manager, so it needs an ssh key to be loaded.
Beyond Blame: Learning From Failure and Success
You're gonna want this book. Pre-order it now. http://bit.ly/beyondblame (Pre-orders are paper right now; it should be available on Kindle soon. Official release date is Oct 25) This is the best book I've ever read about Postmortems and creating a Blameless operations culture. Tom
See me in Utah, Boston, Toronto and Waterloo!
This/next week, I’m speaking in events in Park City, Utah (Future in Review); Boston (The Freedom to Innovate Summit, the Berman Center and Suffolk University); Toronto (Seneca College); Markham (In Conversation and Storytellers); and the University of Waterloo! Come say hi! (Image: Terri Oda, CC-BY)
Autonomous Vehicles as Bombs
Good discussion of the issues. Now we need to think about solutions....
Raw conversion revisited
It's been over 4 years since I last compared raw image converters. I've learnt a lot since then, and on the whole I'm happy with DxO Optics Pro. But 3 days ago I had reason to examine things, and it took a while. I have now read the documentation for Raw Therapee. The first discovery was that it doesn't use lensfun, but instead profiles from Adobe Camera Raw, and you have to install them manually. In addition, the Adobe page states that only preliminary support is available for the Olympus OM-D E-M1, and newer models aren't mentioned at all. In general, the list looks about 2 years out of date.
Facebook: how can we best annoy you?
On one of my rare excursions into Facebook-land I was asked to participate in a survey. Opinionated as I am, I accepted. But all I got was a collection of postings, most as unrelated as these two: One's in Malay, though I can't understand enough to be sure of the topic: the Malays use a jargon that I can't decipher; neither can Google Translate. The other is in German about the cost of data retention. Do you prefer a fish or a bicycle?
Microsoft logoff
We've established that putting a Microsoft login session on ice isn't enough to free up the memory, so I'm currently logging off. Microsoft doesn't make it easy: It hangs there for something like 30 seconds. You'd think Microsoft's own products would behave. ACM only downloads articles once.
Automatic Face Recognition and Surveillance
ID checks were a common response to the terrorist attacks of 9/11, but they'll soon be obsolete. You won't have to show your ID, because you'll be identified automatically. A security camera will capture your face, and it'll be matched with your name and a whole lot of other information besides. Welcome to the world of automatic facial recognition. Those...
Olympus in-camera HDR revisited
We've had a bit of a discussion on the German Olympus forum about the likely benefits of focus stacking on the Olympus OM-D E-M1. This was before I wrote yesterday's article on the subject. My concerns about the usability of the out-of-camera focus stacking were based on my experience with the out-of-camera HDR functionality of the camera, which was really not very useful. But then Martin Wieprecht came up with an example, apparently from his book Die Große Reise ans andere Ende der Welt, that really did look good: So I tried again, looking through and out of my office.
Another FreeBSD VPS
While searching something completely unrelated, the following advertisement cropped up on my screen: As it says, it's from ARP Networks. The offer doesn't look bad, though nothing to entice me away from RootBSD, but it's nice to see other companies offering FreeBSD VPS. ACM only downloads articles once.
Photo processing and Microsoft memory management
More playing around with my PHP processing scripts today, and I think I have fixed all the bugs. Yvonne is still backed up to 26 September, and it looks like it will take her the rest of the week to process her thousands of photos and videos. And of course she's complaining about DxO Optics Pro Pushing the limits of your patience camera. In the past I have noticed big differences in processing speed, and sure enough, it was slow today too. It looked as if there were lots of hard page faults (which I presume means causing disk I/O). That's not so surprising given the relatively small memory of the machine.
Ingress in 2015
Yes, were coming up for the third anniversary of Ingress, the game; Im one of the few from the first late-2012 wave who are still on-board. Why? Well, Ive walked 1,017km playing this game. I am at real risk of dying from boredom; in that I find most forms of exercise crushingly tedious and just wont. Ingress is excellent as a defense against sinking into an entirely sedentary lifestyle. Also, Ive met a ton of interesting people, done a chase scene and park sprint in San Fran, hoisted a few beers, braved howling waterfront windstorms, and found interesting places in Tokyo and Hawaii.
Quadcopter
A few weeks back ALDI had a quadcopter (a camera drone) on special offer. I bought one and had intended to test it, but either I'm incapable or it is. According to the packaging (an important part of the documentation; it's the only place where they mention the resolution of the camera) it comes with propeller guards: But they're not there (the replacement propellers are). It contains a tiny camera on the underside: The remote control is one of the most amazing toys I've seen: ...
Still more S-100 boards
While unpacking cartons, found a couple more S-100 memory boards. One is the fourth Econoram board, similar to the ones I had already photographed, but I'm surprised that I hadn't missed the other one last time round, in particular because of the modifications on it: What's that for? Do I still have the circuit diagrams somewhere?
Fixing the contact print processing
One of the side effects of Yvonne's photo spree of the last few days is that my contact print scripts can't handle the sheer number of images. They're written as PHP web pages, and we were getting: Request-URI Too Large The requested URL's length exceeds the capacity limit for this server. Took a look at the code, and discovered: function docontacts ($desc, $dirdate, $imagelist) { $method = "get"; /* transfer method.
Returning the lens cap
Clearly the new lens cap is useless. Time to initiate a return. To make it easier, it makes sense to send a couple of photos, roughly like the ones above. Fought my way through this emetic eBay form, climbed down the directory trees, and tried to upload the first image. No go: OK, try again, as they suggest. Well, a change of language helps, doesn't it? Additional retries alternated between English and German, and there was no way to break out of the loop.
Friday Squid Blogging: Bobtail Squid Keeps Bacteria to Protect Its Eggs
The Hawaiian Bobtail Squid deposits bacteria on its eggs to keep them safe. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Resilient Systems News
Former Raytheon chief scientist Bill Swanson has joined our board of directors. For those who don't know, Resilient Systems is my company. I'm the CTO, and we sell an incident-response management platform that...well...helps IR teams to manage incidents. It's a single hub that allows a team to collect data about an incident, assign and manage tasks, automate actions, integrate intelligence...
Data breaches are winning the privacy wars, so what should privacy advocates do?
Data breaches are winning the privacy wars, so what should privacy advocates do? My latest Guardian column, “Why is it so hard to convince people to care about privacy,” argues that the hard part of the privacy wars (getting people to care about privacy) is behind us, because bad privacy regulation and practices are producing... more
Stealing Fingerprints
The news from the Office of Personnel Management hack keeps getting worse. In addition to the personal records of over 20 million US government employees, we've now learned that the hackers stole fingerprint files for 5.6 million of them. This is fundamentally different from the data thefts we regularly read about in the news, and should give us pause before...
Yet Another New Disk
The new disk for lagoon arrived today. I suppose it's a sign of the times that a 1 TB disk is now pretty much the lower size limit, and this one was only half the thickness of the one it replaced. What partitions? I've been recommending a two file system approach since the first edition of Installing and Running FreeBSD in nearly 20 years ago. In 2003, I changed from / and /usr to / and /home, implicitly leaving /usr in the root file system. That makes a lot of sense: despite the name, /usr now contains mainly system files, while user files are in /home.
Existential Risk and Technological Advancement
AI theorist Eliezer Yudkowsky: "Every eighteen months, the minimum IQ necessary to destroy the world drops by one point." Oh, how I wish I said that....
Identifying CIA Officers in the Field
During the Cold War, the KGB was very adept at identifying undercover CIA officers in foreign countries through what was basically big data analysis. (Yes, this is a needlessly dense and very hard-to-read article. I think it's worth slogging through, though.)...
TPOCSA
For the past two months almost I've been trying to review The Practice of Cloud System Administration, by Thomas A. Limoncelli, Strata R. Chalup and Christina J. Hogan, for the The FreeBSD Journal. It hasn't been easy. Today was the deadline, and I'm glad I finally got something useful together. What's a cloud, anyway? A nebulous term. But the authors have addressed that in advance: you get a choice of two titles, and Designing and operating large distributed systems suits me far better. The difficulties don't reflect on the quality of the book, but because it comes from a perspective so different from my own.