Blog Archive: November 2015

The daily upgrade issues

Posted By Greg Lehey

I'm still far from comfortable with my new FreeBSD installation. Addressed a few of the issues today, some with success. The first was this horrible highlight colour that now seems to be the Emacs default: There are lots of customization menus that have appeared in the past few decades, and I found one that seemed to imply highlighting the region (with the appropriate default). After running through a maze of twisty little menus, all different, found one that offered to change colours of the highlighted region.

A History of Privacy

Posted By Bruce Schneier

This New Yorker article traces the history of privacy from the mid 1800s to today: As a matter of historical analysis, the relationship between secrecy and privacy can be stated in an axiom: the defense of privacy follows, and never precedes, the emergence of new technologies for the exposure of secrets. In other words, the case for privacy always comes...

Cryptanalysis of Algebraic Eraser

Posted By Bruce Schneier

Algebraic Eraser is a public-key key-agreement protocol that's patented and being pushed by a company for the Internet of Things, primarily because it is efficient on small low-power devices. There's a new cryptanalytic attack. This is yet another demonstration of why you should not choose proprietary encryption over public algorithms and protocols. The good stuff is not patented. News article....

SDHC Cards again

Posted By Greg Lehey

More investigation of SDHC cards for my camera. People really don't make it easy. The comparison page mentioned cards that I couldn't find, and the one that looked gooda SanDisk Extreme 90 MB/s card, doesn't appear on their card list. Google helped, though, and found this page on their site, apparently orphaned. Why do people make such a mess of their web sites? The card claims to do 40 MB/s writes, comfortably more than the 33 MB/s that the camera can manage, so I bought one of them. ACM only downloads articles once.

Migrating my database applications

Posted By Greg Lehey

One of the things that still didn't work were the database applications using MySQL Edit table. As I suspected, that was a matter of installing the php56-session and php56-mysql packages. I did that for Joomla! a couple of weeks ago, and complained at the time that the package didn't update /usr/local/etc/php/extensions.ini. So after installation, off to update that file. But this time the entries were there! The package hasn't been updated in the intervening time. What changed? After that, my applications workedsort of: Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/grog/public_html/php/MySQL_table_edit_0.3/mte/mte.php on line 174 I deprecate deprecation!

Game of Homes

Posted By Tim Bray

What happened was, I got on an airplane, unexpectedly finished my book, and discovered there wasnt much else downloaded on that device. So I started re-reading what was there, namely Game of Thrones. Its hard to stop doing that once you start, and whats worse, I cant help thinking about Vancouver Real Estate. You may not have thought that our local home-selling business featured royal incest, bloody slaughter, and the frequent display of bare breasts. And well, youd be right, it doesnt. But bear with me. Sidebar: The Ice and Fire Books If you havent read these  in particular if youve been watching GoT on HBO and havent  you really ought to.

Aw, Snap!

Posted By Greg Lehey

Another message from Bartosz Fabianowski about Chrome. It seems that these Aw, Snap! messages are Chrome's way of saying SIGSEGV in renderer. And I should be able to go to chrome://crashes and see what happened. But all I get is: Crash reporting is disabled. Crash reporting is not available in Chromium. Still, running the browser from a shell shows that it's quite verbose on stdout (or is that stderr?) :   Received signal 11 SEGV_MAPERR 000000000000   #0 0x0000008f798a <unknown>   #1 0x000809d6db57 <unknown>   #2 0x000809d6d24c <unknown>   [end of stack trace] With a few symbols it might even give some useful output.

Which SD card?

Posted By Greg Lehey

One of the consequences of this new functionality on the Olympus OM-D E-M1 is that I need a faster SDHC card for the camera. But how much faster? The current card is a Sandisk Ultra class 10, marked 30 MB/s. There are others out there rated as fast as 95 MB/s. When does the camera become the limiting factor? Even 30 MB/s is a lot faster than the camera writes to the card. Further investigation revealed that the cards have speeds up to the rated limit. One issue is the camera, of course. But it seems that the write speed (important to me) is usually slower than read speed, sometimes much slower.

Mutt changes

Posted By Greg Lehey

Mutt doesn't seem to have changed much. It still writes lines with many trailing spaces. But === grog@eureka (/dev/pts/21) ~ 37 -> mutt Error in /home/grog/.muttrc, line 6: alternates: unknown variable source: errors in /home/grog/.muttrc Did some investigation and found this page, which explains that I need to make this change: -set alternates="greg.lehey@|gr... +alternates "greg.lehey@|gr... That's straightforward enough, though it's not clear why it was necessary. But what got me was the date of the message: 1 February 2004, nearly 12 years ago!

More X configuration

Posted By Greg Lehey

More playing around with my X configuration today. One of the remaining issues was that Hugin would not display the fast panorama preview on screen 1 of server 1 (which spreads a single display across all four screens). Tried again today. It still doesn't. But this time I looked in the log file: [240548.886] (WW) NVIDIA(1): The GPU driving screen 1 is incompatible with the rest of the [240548.886] (WW) NVIDIA(1):     GPUs composing the desktop.  OpenGL rendering will be [240548.886] (WW) NVIDIA(1):     disabled on screen 1. OK, that's understandable.

Raspberry Pi Zero vs Elliott 405

Posted By Diomidis D. Spinellis

Twitter users @SadHappyAmazing and @HistoricalPics posted yesterday two photographs (copy) showing the Raspberry Pi Zero juxtaposed in front of the Norwich City Council Treasurer's Department building, where the delivery of the Elliott 405 computer was photographed in 1957. Here is how the two computers compare.

Preview 8 chapters from the next edition of TPOSANA

Posted By Tom Limoncelli

The 3rd edition of The Practice of System and Network Administration won't be out for another year. However, we've released a set of 8 chapters on SafariBooksOnline.com (SBO). We've taken the previous edition's chapter on "workstations" and expanded it to be an 8-chapter segment on managing a fleet of workstations (laptops and desktops). You'll find we've done something similar for many of the chapters that we're rewriting for the new edition. Part II: Workstation Fleet Management Chapter 4: Workstation Architecture Chapter 5: Workstation Hardware Strategies Chapter 6: Workstation Software Lifecycle Chapter 7: OS Installation Strategies Chapter 8: Workstation Service Definition Chapter 9: Workstation Fleet Logistics Chapter 10: Workstation Standardization Chapter 11: Onboarding New Employees Part III is about Servers.

Fixing chrome

Posted By Greg Lehey

Message from Bartosz Fabianowski, from whom I have already had input about the city centre of München. It seems that the Apps bookmark on the Chrome bookmarks bar can be disabled, but it's done via the context menu of the bar. Why did they do that? ACM only downloads articles once. It's possible that this article has changed since being downloaded, but the only way you can find out is by looking at the original article.

System upgrade, day 3

Posted By Greg Lehey

Gradually eureka is settling down, though there's still work to be done, interrupted by the Real World. So far I've been highlighting difficulties, but there are some definite advantages as well. So far I haven't seen any of the USB issues that plagued me with the old version of eureka, though it's possible they're just hiding. And the X hangs on server 1 haven't reoccurred. And the other issues? Peter Jeremy tells me that you can suppress the enormous xterm icons with the option xterm -ai, or by setting activeIcon to false in the .Xdefaults file. And sure enough, that workedsort of.

Understanding python

Posted By Greg Lehey

I've had some exposure to python, but it still confuses me. It proves that Monday's fix for Hugin only works for python release 2; with release 3 I get: === grog@eureka (/dev/pts/30) ~ 12 -> python2 -c "import string; from distutils.sysconfig import get_python_lib; print(s tring.replace (get_python_lib(1), \"/usr/local/\", \"\"))" lib/python2.7/site-packages === grog@eureka (/dev/pts/30) ~ 13 -> python3.2 -c "import string; from distutils.sysconfig import get_python_lib; print(string.replace (get_python_lib(1), \"/usr/local/\", \"\"))" Traceback (most recent call last):   File "", line 1, in AttributeError: 'module' object has no attribute 'replace' It seems that they have replaced the obvious function string.replace() with a different module with sexier syntax, and I now need to write === grog@eureka (/dev/pts/30) ~ 14 -> python3.2 -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1).replace(\"/usr/local/\", \"\"))" lib/python3.4/site-packages ...

Ternary PIDs

Posted By Greg Lehey

Seen by coincidence today: === grog@teevee (/dev/pts/2) /spool/Videos 1 -> ps au|grep mpla grog 3111  0.0  3.0 259648  62064  3  S+    5:41pm  0:32.06 /usr/local/bin/mplayer-old -a grog 3112  0.0  2.6 236432  52764  3  S+    5:41pm  0:03.97 /usr/local/bin/mplayer-old -a grog 3211  0.0  1.8 187872  36160  4  S+    6:41pm  0:16.13 mplayer -quiet http://stream. grog 3212  0.0  1.6 183776  32556  4  S+    6:41pm  0:00.49 mplayer -quiet http://stream. ACM only downloads articles once.

Friday Squid Blogging: Squid Necklace

Posted By Bruce Schneier

She's calling it an octopus, but it's a squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Data and Goliath in German

Posted By Bruce Schneier

The German edition of Data and Goliath has been published....

Defending against Actual IT Threats

Posted By Bruce Schneier

Roger Grimes has written an interesting paper: "Implementing a Data-Driven Computer Security Defense." His thesis is that most organizations don't match their defenses to the actual risks. His paper explains how it got to be this way, and how to fix it....

More Radiation Tower angst

Posted By Greg Lehey

Peter Jeremy pointed me at another victim of the radiation tower conspiracy today. It's interesting to see how they report this stuff: no mention of relative radiation exposure. I assume that, like Wendy McClelland, they use mobile phones. ACM only downloads articles once. It's possible that this article has changed since being downloaded, but the only way you can find out is by looking at the original article.

System upgrade, day 2

Posted By Greg Lehey

On with the upgrade of eureka today, partially overtaken by other activities. First to the Samba configuration, which proved to be relatively straightforward: just followed the instructions in the network server chapter The Complete FreeBSD. It's nearly 20 years old, but it contains exactly what I need. In this case, in particular, I think I wrote it that way. Apart from that, various minor issues. Writing my diary gave me an error message for inserting a paragraph markup: incorrect number of parameters. It seems that somebody had created a function with the same name as the one I used: insert-section is a compiled Lisp function in `mule-diag.el'.

Outstanding critical review of Information Doesnt Want to Be Free in the LA Review of Books

Posted By Cory Doctorow

McKenzie Wark, author of the classic Hacker Manifesto, has written a long, smart review of my book Information Doesn’t Want to Be Free (now in paperback) for the Los Angeles Review of Books. It’s a genuinely excellent piece of critical writing — I think it’s my favorite review of this book so far. A number... more

Upgrade: summary

Posted By Greg Lehey

So at the end of the day things were up and vaguely running. At least Yvonne saw no problems. But there's still a lot to be done: Complete the X configuration, including checking whether server 1 (single display over 4 screens) still works. Fix fvwm2 window moving. Reinstate Internet domain connections to X. Get rid of these enormous icons. Fix Emacs markup colours. Fix the BIND configuration. Get squid to work. Get urlview and mutt display of web pages on firefox to work.

Minor irritations

Posted By Greg Lehey

Apart from that, there are less important issues. I still need to get Keith Packard's card games to work, and I suppose it's time to rewrite the version of xearth that I wrote 20 years ago, and for which I have lost the source. In addition it seems that fortune has gone away. I recall some discussion on the mailing lists over the last few years. Some people felt that the fortunes were offensive to people of various religious convictions, so they were relegated to the ports. Or were they? I can't find fortune in the ports, though there are various data files for them, including: fortune-mod-bible-1.0_1        King James V Bible in fortune file format fortune-mod-epictetus-0.2      Quotes from Epictetus fortune-mod-psalms-1.0         Psalms from the Douai Bible in fortune file format ...

Samba

Posted By Greg Lehey

Gradually things had become bearable on eureka. And with a bit of NFS trickery I got the other FreeBSD machines happy with the new environment. despair, my main Microsoft machine, was another matter. Can't connect. Why not? Error 0xdeadbeef or some such. Looking at the samba configuration, I discovered that the new version has a new configuration file, /usr/local/etc/smb4.conf. How does it differ? I didn't bother to check, just hung the share definitions from /usr/local/etc/smb.conf at the bottom. And it seemed to work, but I still couldn't access the file systems. Password? What was the password? In the end chose a new one, but things still didn't work right.

Mail

Posted By Greg Lehey

Next was mail. Tried a fetchmail, as a precaution with the -a -k flags (get all, don't remove from upstream server). Yes, they came along, were piped into procmail, and disappeared, never to be seen again. Not even an error message in procmaillog. OK, no worries, we haven't really lost anything. Discovered that the options for starting postfix have changed. For years (decades?) the entry in /etc/rc.conf was: sendmail_enable="YES" Yes, that makes no sense, but that's the way it is. Now it's: procmail_enable="YES" And of course I needed all my old kludges; but the configuration files seem to have worked unchanged.

Web services

Posted By Greg Lehey

And of course httpd didn't start: httpd: Syntax error on line 104 of /usr/local/etc/apache22/httpd.conf: Cannot load /usr/local/libexec/apache22/libphp5.so into server: Cannot open "/usr/local/libexec/apache22/libphp5.so" Sigh. When will people recognize the difference between syntax and semantics? But why did I have Apache 2.2 in the first place? Installed version 2.4, along with the latest and greatest PHP, with relatively little difficulty; last week's Joomla installation was good practice. But nothing worked! Of course, it had installed a new configuration file, and I had to manually modify things to get back to where I had been before.

Emacs changes

Posted By Greg Lehey

I've been using Emacs in various forms for 35 years, and it has become like an extension of my fingers. Every change feels wrong. But when I fired it up, I got an error message: Warning (initialization): An error occurred while loading `/home/grog/.emacs': Invalid read syntax: ] To ensure normal operation, you should investigate and remove the cause of the error in your initialization file.  Start Emacs with the `--debug-init' option to view a complete error backtrace. OK, let's try debug-init: Debugger entered--Lisp error: (invalid-read-syntax "&#93;")   eval-buffer(#<buffer  *load*> nil "/home/grog/.emacs" nil t)  ; Reading at buffer position 3128   load-with-code-conversion("/home/grog/.emacs" "/home/grog/.emacs" t t) Now isn't that handy to give a buffer position?

In a bind

Posted By Greg Lehey

I couldn't access the network! Well, I couldn't find anything on the local network, because named wasn't running: it's no longer part of the base system. On the other hand, dhcpd insisted on creating an /etc/resolv.conf, which I have to prevent by making it read-only. But in this case it was an advantage. I went looking: === root@eureka (/dev/pts/5) /usr/local/etc 78 -> pkg search named p5-Class-Accessor-Named-0.009_1 Better profiling output for Class::Accessor p5-Class-NamedParms-1.06_1     Lightweight named parameter handling system ... Nothing! Try again: === root@eureka (/dev/pts/5) /usr/local/etc 79 -> pkg search bind bind-tools-9.10.3_1            Command line tools from BIND: delv, dig, host, nslookup...

X configuration

Posted By Greg Lehey

X was my main concern. But we can always be optimistic. Booted the machine, logged in and entered === grog@eureka (/dev/vty0) ~ 4 -> startx It started! But only on one monitor, leaving 4 competing window managers to fight over it. In Xorg.0.log I found: VGA arbiter: cannot open kernel arbiter, no multi-card support What's that? Web searches were inconclusive. But then I was expecting problems. Run X -configure with more than the usual success, but it still only found two displays.

Upgrading eureka, finally

Posted By Greg Lehey

Much of the installation of eureka, my main computer, dates back to 7 years ago, though I upgraded the kernel when I changed the hardware barely 2 years ago. And since then I've been paving the way to hell with good intentions. Today I finally ran out of excuses. After all, everything had been tested, I had a new disk, so I could fall back to the old one if something went wrong. About the only issue was the X configuration, which has always been a problem. Things happened completely differently. I'll split this story up into individual subsystems, rather than make it chronological.

Why I don't care that Dell installs Rogue Certificates On Laptops

Posted By Tom Limoncelli

In recent weeks Dell has been found to have installed rogue certificates on laptops they sell. Not once, but twice. The security ramifications of this are grim. Such a laptop can have its SSL-encrypted connections sniffed quite easily. Dell has responded by providing uninstall instructions and an application that will remove the cert. They've apologized and that's fine... everyone makes mistakes, don't let it happen again.

We forget how big "big" is

Posted By Tom Limoncelli

Talk with any data-scientist and they'll rant about how they hate the phrase "big data". Odds are they'll mention a story like the following: My employer came to me and said we want to do some 'big data' work, so we're hiring a consultant to build a Hadoop cluster. So I asked, "How much data do you have?" and he replied, "Oh, we never really measured. But it's big. Really big! BIIIIG!! Of course I did some back of the envelope calculations and replied, "You don't need Hadoop. We can fit that in RAM if you buy a big enough Dell."

NSA Lectures on Communications Security from 1973

Posted By Bruce Schneier

Newly declassified: "A History of U.S. Communications Security (Volumes I and II)," the David G. Boak Lectures, National Security Agency (NSA), 1973. (The document was initially declassified in 2008. We just got a whole bunch of additional material declassified. Both versions are in the document, so you can compare and see what was kept secret seven years ago.)...

Google: Don't be evil!

Posted By Greg Lehey

Remember the browser wars? The late 1990s or so, when Netscape and Internet Exploder deliberately introduced incompatible features to lock their customers in? They're over, right? Not if you believe the Wikipedia page. In passing, it's interesting to note this web browser timeline: Today Peter Jeremy posted a URL. Why? Just some Star Wars Google search. But it seems I was using the wrong browser. With Chrome it showed an animation, though in no longer does. Google, your motto was don't be evil. So don't! It's bad enough that I can no longer use many features of Google Maps because my browser isn't leet enough.

Authors Alliance guide to Open Access

Posted By Cory Doctorow

The Authors Alliance, a nonprofit writers’ organization, conducted a wide-ranging piece of research on the experience of authors with open access publishing, including my own experiences with Creative Commons and commercial publishing. That said, most of the essay focuses on academic and scientific authors, who may be institutionally bound to publish under open access, or... more

I won the Comment Awards prize for Technology and Digital Commentator of the Year!

Posted By Cory Doctorow

I woke this morning to the delightful news that I won Editorial Intelligence’s 2015 prize for Technology and Digital Commentator of the Year for my work on the Guardian. I’m honoured and delighted — thank you to the jury and the organisation, and to Martha Lane Fox for her presentation of the award!

NSA Collected Americans' E-mails Even After it Stopped Collecting Americans' E-mails

Posted By Bruce Schneier

In 2011, the Bush administration authorized -- almost certainly illegally -- the NSA to conduct bulk electronic surveillance on Americans: phone calls, e-mails, financial information, and so on. We learned a lot about the bulk phone metadata collection program from the documents provided by Edward Snowden, and it was the focus of debate surrounding the USA FREEDOM Act. E-mail metadata...

Policy Repercussions of the Paris Terrorist Attacks

Posted By Bruce Schneier

In 2013, in the early days of the Snowden leaks, Harvard Law School professor and former Assistant Attorney General Jack Goldsmith reflected on the increase in NSA surveillance post 9/11. He wrote: Two important lessons of the last dozen years are (1) the government will increase its powers to meet the national security threat fully (because the People demand it),...

Tackling cmake

Posted By Greg Lehey

So how do I fix the src/hugin_script_interface/CMakeLists.txt so that it doesn't create absolute path names for the Python files? Despite my aversion, went looking for the cmake documentation. What a disaster! It's just a list of man pages. From the invocation in the file, it's clear that it has some text editing capabilities:     EXECUTE_PROCESS( COMMAND ${PYTHON_EXECUTABLE} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))"                       OUTPUT_VARIABLE pyinstalldir                       OUTPUT_STRIP_TRAILING_WHITESPACE) Clearly OUTPUT_STRIP_TRAILING_WHITESPACE is an editing feature.

Voter Surveillance

Posted By Bruce Schneier

There hasn't been that much written about surveillance and big data being used to manipulate voters. In Data and Goliath, I wrote: Unique harms can arise from the use of surveillance data in politics. Election politics is very much a type of marketing, and politicians are starting to use personalized marketing's capability to discriminate as a way to track voting...

What JJ Abrams just revealed about Star Wars

Posted By Tom Limoncelli

Last night (Saturday, Nov 21) I attended a fundraiser for the Montclair Film Festival where (I kid you not) for 90 minutes we watched Stephen Colbert interview J.J. Abrams. What I learned: He finished mixing The Force Awakens earlier that day. 2:30am California time. He then spent all day traveling to Newark, New Jersey for the event. After working on it for so long, he's sooooo ready to get it in the theater. " The truth is working on this movie for nearly three years, it has been like living with the greatest roommate in history for too long. It's time for him to get his own place.

More stuff from Kleins Road

Posted By Greg Lehey

It's only a little over a week until we settle the Kleins Road house, and there's still a lot of junk there that we need to get. Over today to pick up the last three computers: the Control Data 910, a microVax II, and an old MIPS R2000. They'll be offered on eBay for a ridiculously low price. But they're heavy. I got the Control Data into the car with no trouble, and the microVax is on wheels, so that wasn't an issue, but we couldn't lift it into the car.

The daily hugin build breakage

Posted By Greg Lehey

Still more Hugin build breakage! I'm really surpassing myself lately. Hugin depends on Vigra, but somehow the dependency wasn't in the Makefile. That's a little puzzling, since it's been there since long before my recent work; in fact, for nearly 11 years: r124104 | edwin | 2004-12-15 23:36:25 +1100 (Wed, 15 Dec 2004) | 14 lines New port: graphics/vigra - another program to mount panoramic images - also a dependency of hugin So why wasn't the dependency there?

USB KVM

Posted By Greg Lehey

For decades (well, about 16 years), I've used the same old passive KVM. It still works for VGA, but the mouse and keyboard connectors are obsolete: So I use it for VGA, and on those occasions where I need direct keyboard or mouse contact, I plug one in to the appropriate computer. But why? Active KVMs don't cost anything any more. Went out looking on eBay and found a likely looking one for $12.07 including postage.

Shells and POLA

Posted By Greg Lehey

Strange problems with shell scripts today. I set a variable, changed directory, and the variable changed! It took a while to find out what was going on: === root@stable (/dev/pts/0) /etc-eureka/RCS 180 -> j=* === root@stable (/dev/pts/0) /etc-eureka/RCS 181 -> echo $j XF86Config,v aliases,v crontab,v devd.conf,v devfs.conf,v dumpdates,v ethers,v exports,v fstab,v group,v hosts,v inetd.conf,v ... === root@stable (/dev/pts/0) /etc-eureka/RCS 182 -> cd .. === root@stable (/dev/pts/0) /etc-eureka 183 -> echo $j #rc.conf# RCS XF86Config aliases aliases.db amd.map apmd.conf auth.conf bluetooth crontab csh.cshrc csh.login csh.logout defaults ... Clearly the value of j is *, not the expansion of *.

Porting hugin: disaster

Posted By Greg Lehey

As planned, I committed the latest version of Hugin yesterday evening. Of course I had done all my normal tests, and all worked well. This morning I had a bug report from Stari Karp and a couple of automated build failures. Looking more carefully, I discovered that I had messed up my patch files: there were three old patches that were no longer needed, and they referenced files that no longer existed. OK, svn remove them and commit again. Another message from Stari Karp: now he got an error message that I've seen before: /usr/ports/graphics/hugin/work/hugin-2015.0.0/src/tools/align_image_stack.cpp:196:38: error: reference to 'lock' is ambiguous             hugin_omp::ScopedLock sl(lock); But I fixed that last month!

Friday Squid Blogging: Squid Spawning in South Australian Waters

Posted By Bruce Schneier

Divers are counting them: Squid gather and mate with as many partners as possible, then die, in an annual ritual off Rapid Head on the Fleurieu Peninsula, south of Adelaide. Department of Environment divers will check the waters and gather data on how many eggs are left by the spawning squid. No word on how many are expected. Ten? Ten...

Reputation in the Information Age

Posted By Bruce Schneier

Reputation is a social mechanism by which we come to trust one another, in all aspects of our society. I see it as a security mechanism. The promise and threat of a change in reputation entices us all to be trustworthy, which in turn enables others to trust us. In a very real sense, reputation enables friendships, commerce, and everything...

Back to ports again

Posted By Greg Lehey

Finally got round to committing my updated ports (graphics/libpano13 and graphics/hugin. It seems to have been two years since I last did anything. To be on the safe side, only committed libpano13 today; if nothing blows up, I can commit hugin tomorrow. ACM only downloads articles once. It's possible that this article has changed since being downloaded, but the only way you can find out is by looking at the original article.

Long-form Reviewing

Posted By Tim Bray

This is a love letter to an automotive review, which turns out to be one of the best applications of blogging Ive ever seen. Specifically, the Long-Term Road Test format over at Edmunds.com. Whats happening is, the 2003 Audi A4  my write-up on it was one of this blogs launch features  is, well, as old as this blog. Its still a pretty nice car but has to visit the Audi doctor too often. So, were idly thinking of new wheels. Specifically, a run-about-town thingie: Smaller is better, and large fossil-fuel engines are inappropriate. Teslas are overpriced, which sort of leaves the Nissan Leaf and the BMW i3.

RFID-Shielded, Ultra-Strong Duffel Bags

Posted By Bruce Schneier

They're for carrying cash through dangerous territory: SDR Traveller caters to people who, for one reason or another, need to haul huge amounts of cash money through dangerous territory. The bags are made from a super strong, super light synthetic material designed for yacht sails, are RFID-shielded, and are rated by how much cash in US$100 bills each can carry.......

Paris Terrorists Use Double ROT-13 Encryption

Posted By Bruce Schneier

That is, no encryption at all. The Intercept has the story: "Yet news emerging from Paris -- as well as evidence from a Belgian ISIS raid in January -- suggests that the ISIS terror networks involved were communicating in the clear, and that the data on their smartphones was not encrypted. European media outlets are reporting that the location of...

Ads Surreptitiously Using Sound to Communicate Across Devices

Posted By Bruce Schneier

This is creepy and disturbing: Privacy advocates are warning federal authorities of a new threat that uses inaudible, high-frequency sounds to surreptitiously track a person's online behavior across a range of devices, including phones, TVs, tablets, and computers. The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser....

Understanding sensor dynamics

Posted By Greg Lehey

One of the biggest issues I have with digital photography is the limited dynamic range of the sensors. Current sensors have a pixel depth of 12 or 14 bits. The Olympus OM-D E-M1 only has 12 bits. Since they're linear, that corresponds roughly to 12 EV. The many photos I take bracketed 3 EV either way increase this to 18 EV, but it's not ideal. A lot of postprocesssing is required, and there's the danger of ghosting. So when I read this article about a new sensor with higher dynamic range, I was very interested. It has an increased dynamic range of 88 dB!

On CISA

Posted By Bruce Schneier

I have avoided writing about the Cybersecurity Information Sharing Act (CISA), largely because the details kept changing. (For those not following closely, similar bills were passed by both the House and the Senate. They're now being combined into a single bill which will be voted on again, and then almost certainly signed into law by President Obama.) Now that it's...

Turns out that unsubscribing from spam actually works

Posted By Cory Doctorow

After my spam hit a point where I couldn’t actually download my email faster than it was arrivingI spent a month clicking the unsubscribe links in all the spams in my inbox. Weirdly, it worked. What’s weirder is that I discovered that most of that spam was coming from organizations I knew, even ones I... more

Refuse to Be Terrorized

Posted By Bruce Schneier

Paul Krugman has written a really good update of my 2006 esssay. Krugman: So what can we say about how to respond to terrorism? Before the atrocities in Paris, the West's general response involved a mix of policing, precaution, and military action. All involved difficult tradeoffs: surveillance versus privacy, protection versus freedom of movement, denying terrorists safe havens versus the...

Repairing AVI files: the limits

Posted By Greg Lehey

My AVI file fix seemed to work. But the video ended early. It seems that it only works if the audio and video are OK. Otherwise I get things like: MEncoder SVN-r35933-snapshot-3.2 (C) 2000-2013 MPlayer Team success: format: 0  data: 0x0 - 0x6c08a536 libavformat version 54.63.104 (internal) AVI file format detected. [aviheader] Video stream found, -vid 0 [aviheader] Audio stream found, -aid 1 AVI: ODML: Building ODML index (2 superindexchunks). AVI: ODML: Broken (incomplete?) file detected. Will use traditional index. Generating Index:   1 % AVI: Generated index table for 5071 chunks! VIDEO:  [XVID]  720x542  24bpp  29.970 fps  2335.2 kbps (285.1 kbyte/s) [V] filefmt:3  fourcc:0x44495658  size:720x542  fps:29.970  ftime:=0.0334 videocodec: framecopy (720x542 24bpp fourcc=44495658) audiocodec: framecopy (format=55 chans=2 rate=48000 bits=0 B/s=40000 sample-1) Writing header...

Gmail rejection

Posted By Greg Lehey

Strange message today: <[email protected]> (expanded from <root>): host     gmail-smtp-in.l.google.com[74.125.28.26] said: 550-5.7.1 [208.86.226.86     12] Our system has detected that this message is 550-5.7.1 likely     unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1     this message has been blocked. Please visit 550 5.7.1     https://support.google.com/mail/answer/188131 for more information.     i9si47983327bpq.207 - gsmtp (in reply to end of DATA command) The link didn't give me any opportunity to do something about the matter: it just told me the errors of my ways.

Joomla!: Done

Posted By Greg Lehey

More discussion of Joomla! on IRC today. As expected, it was a PHP issue. Jamie Fraser suggested adding this line to /usr/local/etc/php/extensions.ini (in this case creating it): extension=session.so Sure enough, I no longer got that error message. Instead I got: Fatal error: Call to undefined function simplexml_load_file() in /usr/local/www/joomla3/installation/application/web.php on line 262 OK, simplexml is another of the modules mentioned in /usr/ports/www/joomla3/Makefile. But what's the module called? No information in /usr/ports/www/simplexml/Makefile.

Paris Attacks Blamed on Strong Cryptography and Edward Snowden

Posted By Bruce Schneier

Well, that didn't take long: As Paris reels from terrorist attacks that have claimed at least 128 lives, fierce blame for the carnage is being directed toward American whistleblower Edward Snowden and the spread of strong encryption catalyzed by his actions. Now the Paris attacks are being used an excuse to demand back doors. CIA Director John Brennan chimed in,...

Did Carnegie Mellon Attack Tor for the FBI?

Posted By Bruce Schneier

There's pretty strong evidence that the team of researchers from Carnegie Mellon University who canceled their scheduled 2015 Black Hat talk deanonymized Tor users for the FBI. Details are in this Vice story and this Wired story (and these https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users">two follow-on Vice stories). And here's the reaction from the Tor Project. Nicholas Weaver guessed this back in January. The behavior...

The Internet will always suck

Posted By Cory Doctorow

Have you ever wondered why the Internet is always just a little bit too slow to support the kind of activity you’re trying to undertake? My latest Locus column, The Internet Will Always Suck, hypothesizes that whenever the Internet gets a little faster or cheaper, that unlocks a bunch of applications that couldn’t gain purchase... more

Joomla!: the pain

Posted By Greg Lehey

Today I had the task of getting MySQL and Joomla! to work on our web site. The first step was to gain access to the MySQL subsystem. I can't recall configuring itmaybe Chris did. One way or another, we don't have the root password. How do you get that back? Even Paul DuBois' books didn't help (contact your administrator). After a search found this page in the official documentationapparently only for Microsoft! But the instructions are fairly easy to translate: === root@www (/dev/pts/0) ~ 98 -> cat > /tmp/temppassword set password for 'root'@'localhost' = password ('Not the real password'); ^D === root@www (/dev/pts/0) ~ 99 -> mysqld --init-file=/tmp/tmppassword In the process came across this page, entitled Installing MySQL on FreeBSD.

Joomla!: How?

Posted By Greg Lehey

Chris Bahlo has had the idea of installing Joomla! on our external web server. Talking about it tonight: I had said use the package, that's what the Ports Collection is for. Some discussion. The package installs an amazing number of files, mainly in the /usr/local hierarchy: === grog@www (/dev/pts/2) /usr/ports/www/joomla3 4 -> wc -l pkg-plist     7650 pkg-plist And according to the official instructions, which are anything but clear (Move the downloaded Joomla! installation package to the server. Use a FTP Client to transfer the Joomla!

Migrating subversion

Posted By Greg Lehey

I have a cron job that updates my local FreeBSD repositories every night. Well, almost every night: ====== Fri 13 Nov 2015 03:52:12 EST: Getting svn updates: /src/FreeBSD/svn/head ^[]1;Updating /src/FreeBSD/svn/head^G^[]2;Updating /src/FreeBSD/svn/head^GUpdating '.' : svn: E210002: Unable to connect to a repository at URL 'svn+ssh://svn.freebsd.org/base/head' svn: E210002: To better debug SSH connection problems, remove the -q option from 'ssh' in the [tunnels] section of your Subversion configuration file. svn: E210002: Network connection closed unexpectedly That's not the first time. Asked on IRC if other people were having problems, and got a completely different answer: change the repository.

Friday Squid Blogging: Squid Fishing Championship

Posted By Bruce Schneier

It's an annual event in Hvar, Croatia....

Amazon Chooses Data and Goliath as a Best Book of 2015

Posted By Bruce Schneier

Amazon chose Data and Goliath as one of its Best Books of 2015, in both the nonfiction and business categories....

Personal Data Sharing by Mobile Apps

Posted By Bruce Schneier

Interesting research: "Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps," by Jinyan Zang, Krysta Dummit, James Graves, Paul Lisker, and Latanya Sweeney. We tested 110 popular, free Android and iOS apps to look for apps that shared personal, behavioral, and location data with third parties. 73% of Android...

Scholarly article on activism and technology in my YA novels

Posted By Cory Doctorow

Anika Ullmann, a graduate student in Cultural Studies Leuphana University in Luneberg, Germany, has published a paper on the relationship of my young adult novels to political radicalism, the hacker ethic and the “First Days of a Better Nation.” I found it a great and insightful read, and Annika kindly made a copy available for... more

Testing the Usability of PGP Encryption Tools

Posted By Bruce Schneier

"Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client," by Scott Ruoti, Jeff Andersen, Daniel Zappala, and Kent Seamons. Abstract: This paper presents the results of a laboratory study involving Mailvelope, a modern PGP client that integrates tightly with existing webmail providers. In our study, we brought in pairs of participants and had them attempt...

Betting Ticket Forged Based on Selfie

Posted By Bruce Schneier

This is an interesting story. Someone posts a photograph of herself holding a winning horse-race betting ticket, and someone else uses the data from the photograph to forge the ticket and claim the winnings. I have been thinking a lot about how technology is messing with our intuitions about risk and security. This is a good example of that....

Olympus firmware upgrade

Posted By Greg Lehey

Olympus has announced a firmware upgrade for the E-M1 long in advance of release. In the past I've had lots of difficulties with the updates. I suspect that their silly updater has some sensitivity to computer configuration, and it's not helped by just plain incorrect error messages. There's also a firmware update waiting for Yvonne's E-PM2 and the new M.Zuiko Digital ED 14-42mm f3.5-5.6 EZ lens, so I did a trial run with that. Experienced an issue that doesn't apply to many components: the firmware update extends and retracts the lens. I had the camera lens down, so this was particularly obvious.

Language evolution

Posted By Greg Lehey

Spent some time trawling web sites today for new amplifiers. It seems that the traditional HiFi setup no longer exists: amplifier at the centre, with tuners and media players as inputs, recording devices as inputs and outputs, and loudspeakers as outputs. JB HiFi is a typical Australian retailer, with a typically horrible web site. There I looked for loudspeaker: Hey, based on 'loudspeaker' we couldnt find exactly what you were searching for. Check out some suggested results below, or type in another search. It did find 7 hits: 4 Speakers (in the current political climate one would wonder whether they're selling Bronwyn Bishop cheaply), two PA Speakers, and a Wireless Audio, whatever that may be.

Bypassing the iPhone Activation Lock

Posted By Bruce Schneier

Clever man-in-the-middle attack....

Ransomware Is Getting Sophisticated

Posted By Bruce Schneier

Some of the tricks that ransomware is using to get victims to pay up....

rsync problems again

Posted By Greg Lehey

A year ago I had issues with rsync to my external web site. For reasons that I still don't understand, the initial handshake (via ssh) would fail. I suspected a network issue, and was still trying to understand it when the system crashed due to hardware issues. And then the problem was gone. Until today. It's back! It must be something to do with sshd itself. Should I just restart it or try to debug the issue? ACM only downloads articles once.

More ANZ stupidity

Posted By Greg Lehey

Yvonne wanted to pay a bill this morning using ANZ's web (Internet) banking, and made the mistake of trying to add a payee who was already on the list. So it asked a security question, in this case What was the first street you lived on?. The correct answer was It's all in my diary, but she didn't know that, and made the mistake of trying to guess (and whose? Hers or mine?) . So the account was locked. Rang up and had to identify myself by a simple password.

IT Security Is Still a Great Career Path

Posted By Bruce Schneier

Jobs are plentiful and salaries are booming. I know from personal experience that demand far exceeds supply....

Christine's keynote at OpsCon Milano 2015

Posted By Tom Limoncelli

Christine Hogan gave the keynote presentation at OpsCon Milano 2015 today. Her talk was titled "Learn to Fail Better" and highlighted cultural and technical points from our new book, The Practice of Cloud System Administration. OpsCon had an artist live drawing a summary of the talk, which you can see here: Congrats to Christine on her first conference keynote!

Linus Torvalds on Linux Security

Posted By Bruce Schneier

Interesting interview. Slashdot thread....

Humanity's victories

Posted By Greg Lehey

The German Olympus forum has got rid of its old, functioning web site and replaced it with something running Drupal, offering lots of opportunities for overlapping text and bleeding boxes: I was reminded of an xkcd cartoon, and spent a whole lot of time looking for it before I finally found this, not on xkcd at all: ACM only downloads articles once.

Good Article on the Blockchain

Posted By Bruce Schneier

The Economist published a really good article on the blockchain....

technology, multimedia

Posted By Greg Lehey

More fun with multimedia today. After recording programmes from TV, I first recode them to convert them to and MPEG Program Stream, in the process discovering the quality of the recording. But today things ground to a halt round 47% of a specific recording: 2015-11-08 12:41:36.533 46.0% complete 2015-11-08 12:41:41.825 46.6% complete 2015-11-08 12:41:46.827 47.0% complete 2015-11-08 13:03:13.206 47.4% complete ^C^C What caused that? It was repeatable, and I've been having strange issues with recordings slowing down. I had thought it might be a problem with the disk on teevee, but smartctl had not revealed anything.

Fixing broken avi files

Posted By Greg Lehey

Recently I received a video in AVI format. I could play it with no problems, but I couldn't position. Broken index? Did some searching and found this page, a wonderful example of how to obfuscate computer code. Why do people enclose computer code in too-small (particularly too-narrow) boxes? It boils down to: pass it through mencoder with the -idx option and it will rebuild the index for you. Here's the function I use: # Rebuild avi index. # Usage: rebuild-index filename # filename will be replaced on success rebuild-index () {   if mencoder -idx $1 -ovc copy -oac copy -o foo$$; then     mv foo$$ $1   fi } ACM only downloads articles once.

teevee: grinding to a halt?

Posted By Greg Lehey

Somehow I still have performance problems with teevee, my TV display machine. Yes, it's not the fastest, but lately when I'm copying data across the net, it seems hardly to react at all. It only has a 100 Mb/s interfacethe last of our real machines not to have a gigabit interfaceso big file copies are limited to about 11 MB/s. But today I saw the speed dropping as low as 3 MB/s. cvr2, the source machine, showed that the copy stalled several times. What's the problem? pings showed that there were big differences in the response time, between about 140 ¼s and 6 ms.

Hugin under Linux

Posted By Greg Lehey

So finally I had a chance to run Hugin on a well-supported platform. It didn't crash. But the other issues were the same as on FreeBSD: the alignment of my test panorama was still wavy. But this time I tried the Straighten button of the Move tab. And it worked. The other is a now you see me, now you don't issue. After alignment, the fast preview window comes up with a text bleeding into the top right of the image: It's really ugly, but others seem to like it.

A new Linux machine

Posted By Greg Lehey

I still don't know how many of the anomalies I have found with the latest version of Hugin are due to my FreeBSD port. The attempts with Microsoft show that it's in much worse shape than my port, at least for me (mutual revulsion?) . So where does it run well? I've continually heard that the Apple port has its issues too. Linux is the way. But which distro? Asked on IRC, expecting to hear Debian or Red Hat or Ubuntu. But no, all four replies I got said Lubuntu. What's that? I've never heard of it? Seems it's a Lightweight Ubuntu.

Friday Squid Blogging: The Symbiotic Relationship Between Squid and Bacteria

Posted By Bruce Schneier

Margaret McFall-Ngai studies the symbiotic relationship between squid and the bacteria that live inside them. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

From Wrought Iron to Crucible Steel Knife

Posted By Niels Provos

London Calling! An AWS Region is coming to the UK!

Posted By Werner Vogels

Yesterday, AWS evangelist Jeff Barr wrote that AWS will be opening a region in South Korea in early 2016 that will be our 5th region in Asia Pacific. Customers can choose between 11 regions around the world today and, in addition to Korea, we are adding regions in India, a second region in China, and Ohio in 2016. Today, I am excited to add the United Kingdom to that list! The AWS UK region will be our third in the European Union (EU), and we're shooting to have it ready by the end of 2016 (or early 2017). This region will provide even lower latency and strong data sovereignty to local users.

London Calling! An AWS Region is coming to the UK!

Posted By Werner Vogels

Yesterday, AWS evangelist Jeff Barr wrote that AWS will be opening a region in South Korea in early 2016 that will be our 5th region in Asia Pacific. Customers can choose between 11 regions around the world today and, in addition to Korea, we are adding regions in India, a second region in China, and Ohio in 2016.

Passwords by Mail

Posted By Bruce Schneier

Julia Angwin's daughter is selling diceware passwords by mail....

The Effects of Surveillance on the Victims

Posted By Bruce Schneier

Last month, the Cato Institute held its Second Annual Cato Surveillance Conference. It was an excellent event, with many interesting talks and panels. But their was one standout: a panel by victims of surveillance. Titled "The Feeling of Being Watched," it consisted of Assia Boundaoui, Faisal Gill, and Jumana Musa. It was very powerful and moving to hear them talk...

Hugin on Microsoft: give up

Posted By Greg Lehey

Spent some more time trying to understand my problems running Hugin on Microsoft, without much success. It seems that the problems selecting files related to a setting in the Folders tab of the Control Panel: I have it set to select items with a single click. Hugin is the first program I know that has a problem with that. Most of the other problems remain, though. Hugin has always had two different interfaces, the Assistant and the individual steps. Since 2013.0.0 the Assistant has been part of the fast panorama preview window, which I suspect has had some kind of race condition for a long time.

BYOBook Signing at LISA '15

Posted By Tom Limoncelli

I hadn't planned on doing a book signing at LISA this year but a number of people have asked, so I've set one up. You'll have to bring your own copy as I won't have copies to sell or give away. What: Book signing with Tom Limoncelli Where: The Atrium When: Friday, Nov 13 at 1:30-2pm What about e-books? I have stickers that I will autograph. Where you stick it is up to you. Will you be selling or giving away books? Sadly not this year. That said, feel free to bring books by other authors. I'll sign anything. Your books are too heavy to bring in my luggage.

Analyzing Reshipping Mule Scams

Posted By Bruce Schneier

Interesting paper: "Drops for Stuff: An Analysis of Reshipping Mule Scams. From a blog post: A cybercriminal (called operator) recruits unsuspecting citizens with the promise of a rewarding work-from-home job. This job involves receiving packages at home and having to re-ship them to a different address, provided by the operator. By accepting the job, people unknowingly become part of a...

Hugin fisheye problems: understood?

Posted By Greg Lehey

What's the difference between how Hugin handles fisheye images now (version 2015.0.0) and how it handled them in the past (version 2012.0.0)? It seems that there are two changes: Hugin now stores lens information in a database. In particular, this means that it stores the kind of lens and its own idea of the focal length of the lens. In the case of my Olympus Zuiko Digital ED 8 mm f/3.5 fisheye lens, this is roughly 7.7 mm.

Loss of Integrity

Posted By Greg Lehey

In 1989 Tandem Computers announced its first real Unix machine, named Integrity S2, a name that had such a resonance that Hewlett Packard still use it for their mission-critical servers. I was involved in the leadup to the announcement, and as a result received a tombstone, something of which our Micro Products Division in NonStop Drive, Austin TX was particularly fond: We (European Unix Technical Support, of which I was the manager) received one of the very first machines in late 1989. There's some mention in my ersatz diary for November 1989.

$1M Bounty for iPhone Hack

Posted By Bruce Schneier

I don't know whether to believe this story. Supposedly the startup Zerodium paid someone $1M for an iOS 9.1 and 9.2b hack. Bekrar and Zerodium, as well as its predecessor VUPEN, have a different business model. They offer higher rewards than what tech companies usually pay out, and keep the vulnerabilities secret, revealing them only to certain government customers, such...

CL XXXV: Fading

Posted By Tim Bray

This years Cottage Life chapter is over. Not the best, either; what with my new gig and all we visited less, and the kids would as soon be in the city. Still, its a rare privilege. I could show you more mountains or birds or trees and trees and trees. Instead, lets settle for three fading hydrangea blossoms. All on the same plant on the same afternoon. This guy puts on a pretty nice show from spring through to fall and its pretty parts age then die with grace. I admire that.

Australia Is Testing Virtual Passports

Posted By Bruce Schneier

Australia is going to be the first country to have virtual passports. Presumably, the passport data will be in the cloud somewhere, and you'll access it with an app or a URL or maybe just the passport number. On the one hand, all a passport needs to be is a pointer into a government database with all the relevant information...

X clipboard

Posted By Greg Lehey

What's this clipboard nonsense? Some Microsoft invention? No, it seems that X has had it forever, but you need a special program (xclipboard) to access it. Looking at the appearance of the program (Athena widgets), it must be over 25 years old. And it Just Works. ACM only downloads articles once. It's possible that this article has changed since being downloaded, but the only way you can find out is by looking at the original article.

Hugin: the next hurdle

Posted By Greg Lehey

More playing around with Hugin today. First question: how do I get it to reenable the fast panorama preview under Microsoft? Thomas Modes said hold down the control key and start Hugin. But how? There are at least four different ways: Click on the image on the root window (is that what Microsoft calls desktop?) . With Crtl pressed, nothing at all happened. Start from a COMMAND.EXE window. This doesn't work either: when Ctrl is pressed, Return doesn't work.

Automation Should Be Like Iron Man, Not Ultron

Posted By Tom Limoncelli

Q: Dear Tom: A few years ago we automated a major process in our system administration team. Now the system is impossible to debug. Nobody remembers the old manual process and the automation is beyond what any of us can understand. We feel like we've painted ourselves into a corner. Is all operations automation doomed to be this way? Read my answer in ACM Queue magazine. [Queue Magazine is for computer science practitioners. They asked me to write a column on operations/system administration that would suit that audience. This is the first one. You can read it free online occasionally. Subscribers never miss an issue.

The Rise of Political Doxing

Posted By Bruce Schneier

Last week, CIA director John O. Brennan became the latest victim of what's become a popular way to embarrass and harass people on the Internet. A hacker allegedly broke into his AOL account and published e-mails and documents found inside, many of them personal and sensitive. It's called doxing­ -- sometimes doxxing­ -- from the word "documents." It emerged in...

More Hugin pain

Posted By Greg Lehey

More playing around with Hugin today. I had a number of issues: It seems that Hugin has a log facility: in the General tab in preferences, you can select Copy log messages to clipboard. What's a clipboard? I thought it was something Microsoft, but Hugin is predominantly Unix (Linux) oriented. That means X, and all X has is a cut buffer. And nothing arrived there. I later discovered that X does, indeed, have a clipboard facility.

Hosting an NBN fixed wireless tower

Posted By Greg Lehey

Call from somebody today who was in negotiation with the National Broadband Network to have a fixed wireless tower put on her property. It looks like a good idea for her: they pay $10,000 per year, and the area where it would go isn't much use for anything else. She has already given the contract to her solicitor to look at, but she's concerned about liability insurance. Surely the NBN would handle that? I'm puzzled. I think her biggest issue might be community backlash: she says that all the community is against the tower. But that doesn't make sense: why would the NBN want to erect a tower where nobody's interested?