Blog Archive: April 2016

Specifying JSON

Posted By Tim Bray

I find myself tasked with polishing and publishing a little custom JSON-encoded language. Its harder than it ought to be. This didnt start with the language, it started with prototype software this guy wrote, that did something old and familiar in a new and dramatically better way. He replaced a bunch of gnarly old code with a few JSON templates to save time. Now, in the rearview, the JSON looks like an important part of an important product. And theres a lesson in that: All the good markup vocabularies are discovered by coders trying to get shit done, not cooked up in committee rooms in advance of software.

Disabling DiSEqC

Posted By Greg Lehey

More investigation of the DiSEqC on tiwi today. There's really nothing to explain why MythTV should want to apply a satellite protocol to a DVB-T tuner. Looking in the database brought some enlightenment: the capturecard table includes a field dvb_diseqc. And in my database, there were two entries for the single capture card. The difference? Only the dvb_diseqc field. In one record it was set to NULL, in the other to 0. OK, I can play around with that.

Friday Squid Blogging: Global Squid Shortage

Posted By Bruce Schneier

There's a squid shortage along the Pacific coast of the Americas. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

I'm Writing a Book on Security

Posted By Bruce Schneier

I'm writing a book on security in the highly connected Internet-of-Things World. Tentative title: Click Here to Kill Everything Peril and Promise in a Hyper-connected World There are two underlying metaphors in the book. The first is what I have called the World-Sized Web, which is that combination of mobile, cloud, persistence, personalization, agents, cyber-physical systems, and the Internet of...

Documenting the Chilling Effects of NSA Surveillance

Posted By Bruce Schneier

In Data and Golliath, I talk about the self-censorship that comes along with broad surveillance. This interesting research documents this phenomenon in Wikipedia: "Chilling Effects: Online Surveillance and Wikipedia Use," by Jon Penney, Berkeley Technology Law Journal, 2016. Abstract: This article discusses the results of the first empirical study providing evidence of regulatory "chilling effects" of Wikipedia users associated with...

MythTV pain, next installment

Posted By Greg Lehey

Yesterday Hans Petter suggested using w_scan to check the functionality of the tuner. I've tried it before, with no useful results. But it seems that it really is better now: the (now obligatory) -c option specifies the country. It went off and spent 10 minutes producing copious output: === root@tiwi (/dev/pts/4) ~ 8 -> w_scan -c au w_scan version 20120415 (compiled for DVB API 5.10) using settings for AUSTRALIA DVB aerial DVB-T AU ... 571500: (time: 02:28) (time: 02:30) signal ok:         QAM_AUTO f = 571500 kHz I999B7C999D999T999G999Y999         new transponder:            (QAM_64   f = 184500 kHz I999B7C23D0T8G8Y0) 0x405A 571625: (time: 02:44) (time: 02:45) signal ok:         QAM_AUTO f = 571625 kHz I999B7C999D999T999G999Y999 ...

GPS navigator breakage

Posted By Greg Lehey

Yesterday I complained about the inaccuracies of Google Maps when searching for the nursing homes. Today I used my GPS navigator. It found the address without difficulties, and it didn't do silly things like going via Buninyong. But the route details! It took us on a zig-zag path round East Ballarat, and a few hundred metres before arrival wanted us to turn left into private property. OK, we were only a few hundred metres from Victoria Street, so continued there. It decided to take us down the frontage roadthe wrong direction down a one-way street. Ignored that too and turned right onto Victoria Street, so that Kenny St was on the right.

Have you downloaded the March/April issue of acmqueue yet?

Posted By Tom Limoncelli

The March/April issue of acmqueue - the magazine written for and by software engineers that leaves no corner of the development world unturned - is now available for download. This issue contains a preview of a chapter from our next book, the 3rd edition of TPOSANA. This issue contains a preview of a chapter from our next book, the 3rd edition of TPOSANA. The chapter is called "The Small Batches Principle". We are very excited to be able to bring you this preview and hope you find the chapter fun and educational. The book won't be out until Oct 7, 2016, so don't miss this opportunity to read it early!

Amazon Unlimited Fraud

Posted By Bruce Schneier

Amazon Unlimited is a all-you-can-read service. You pay one price and can read anything that's in the program. Amazon pays authors out of a fixed pool, on the basis of how many people read their books. More interestingly, it pays by the page. An author make more money if someone reads his book through to page 200 than if they...

Google Maps: from bad to worse

Posted By Greg Lehey

So I've agreed with Kath Philips to meet at the Geoffrey Cutter Centre tomorrow at 13:00. Where's that? The Web tells me Kenny Street, Windsor Gardens, East Ballarat. But when I put that into Google Maps, it takes me to the Eureka Village Hostel in Balmoral Drive. Why? By not quite complete coincidence, that was the last place I looked at before I searched for the Geoffrey Cutter Centre, and it looked for all the world like it hadn't accepted the new input. With the aid of people on IRC, investigated the issue. It seems that Google Maps doesn't know about Windsor Gardens.

MythTV: Next experiment

Posted By Greg Lehey

I really need to get MythTV working on tiwi, but it's like pulling teeth. It's a good thing I keep notes. First step was to connect the USB tuner to the antenna, which was about 2 m away from the computer. OK, I must have a USB extension cable somewhere. And I did, but the one I found was 5 m long, on the borderline of the acceptable. Found two more 4.5 m long, so tried one of them: Apr 27 12:22:30 tiwi kernel: usb_alloc_device: set address 2 failed (USB_ERR_IOERROR, ignored) Apr 27 12:22:31 tiwi kernel: usbd_setup_device_desc: getting device descriptor at addr 2 failed, USB_ERR_IOERROR I suppose ignoring fatal errors is modern, but was this ...

Two Good Readings on the Encryption "Going Dark" Debate

Posted By Bruce Schneier

Testimonies of Matt Blaze and Danny Weitzner, both on April 19th before the House Energy and Commerce Committee. And the hearing....

Watch us live today! LISA Conversations Episode 9: kc claffy on "Named Data Networking"

Posted By Tom Limoncelli

Today (Tuesday, April 26, 2016) we'll be recording episode #9 of LISA Conversations. Join the Google Hangout and submit questions live via this link. Our guest will be kc claffy. We'll be discussing her talk Named Data Networking from LISA '15. The video we'll be discussing: Named Data Networking kc claffy Recorded at LISA '15 Video and Slides Watch us record the episode live! Tuesday, April 26, 2016 at 3:30-4:30 p.m. PT LISA Conversations Episode #9 Co-hosts: Lee Damon and Thomas Limoncelli Guest: kc claffy Join us live! link The recorded episode will be available shortly afterwards on YouTube.

People Trust Robots, Even When They Don't Inspire Trust

Posted By Bruce Schneier

Interesting research: In the study, sponsored in part by the Air Force Office of Scientific Research (AFOSR), the researchers recruited a group of 42 volunteers, most of them college students, and asked them to follow a brightly colored robot that had the words "Emergency Guide Robot" on its side. The robot led the study subjects to a conference room, where...

Graffiti by Drone

Posted By Bruce Schneier

Drones can graffiti walls that no person can reach. (Note that wired.com blocks ad blockers. My trick is to copy the page and then paste it into my text editor.)...

BlackBerry's Global Encryption Key

Posted By Bruce Schneier

Last week there was a big news story about the Blackberry encryption. The news was that all BlackBerry devices share a global encryption key, and that the Canadian RCMP has a copy of it. Stupid design, certainly, but it's not news. As The Register points out, this has been repeatedly reported on since 2010. And note that this only holds...

Everybody loves Facebook

Posted By Greg Lehey

Vanda talked about communication during one of her presentations, noting particularly the Facebook page. But then she said that she didn't respond to PMs (whatever that may be), and that to communicate with her we should send email. No arguments from me, modulo the fact that she uses Microsoft Outlook, which confuses the hell out of users when it sees a digital signature. But Vanda has found out about that, and will no longer be confused. What surprised me, though, was that the other participants all said they didn't like Facebook either! More an unpleasant utility than something they enjoyed. Once again I'm left wondering how social media will evolve.

Goodbye MSY?

Posted By Greg Lehey

Vanda did her presentations using a laptop, with corresponding sound quality. She expressed an intention to buy external speakers. As it happened, we were just round the corner from MSY, a cheap computer components supplier I used to use until they completely blocked a valid return, though availability of advertised components was also an issue. Round to take a look during the tea break. Shut. OK, that's not that unusual on a Sunday. But they're shut all day Saturday too! They're only open from 10:30 to 17:30 on weekdays. I suppose other people have also decided that they're not worth the trouble.

Turning Wagon Wheels into a Crucible Steel Knife

Posted By Niels Provos

Friday Squid Blogging: My Little Cephalopod

Posted By Bruce Schneier

I assume this is more amusing to people who know about My Little Pony. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Encryption Backdoor Cartoons

Posted By Bruce Schneier

Dilbert has a series: 1, 2, 3, 4, and 5. SMBC. And three more that make it clear this is a security vs. surveillance debate. Also this....

Reminder: Do your homework for next week's LISA Conversations: kc claffy on "Named Data Networking"

Posted By Tom Limoncelli

This weekend is a good time to watch the video we'll be discussing on the next episode of LISA conversations: kc claffy's talk from LISA '15 titled Named Data Networking. Homework: Watch her talk ahead of time. Named Data Networking Recorded at LISA '15 Video and Slides Then you'll be prepared when we record the episode on Tuesday, April 26, 2016 at 3:30-4:30 p.m. Pacific Time. Register (optional) and watch via this link. Watching live makes it possible to participate in the Q&A. The recorded episode will be available shortly afterwards on YouTube.

Server Hardware Support Rant

Posted By Tom Limoncelli

[This is a rant. Take it with a grain of salt.] You know what's great about "the cloud"? I don't have you deal with [insert server vendor's name] support process that is so complex and broken that it makes me want to die. If a machine in AWS/GCP/Azure dies I don't have to load a f***ing flash-based web page that breaks on .... oh my god... every browser except one that is 10 years old and runs on an OS that I don't use... and .... god damn it what do you mean my account isn't cleared for that product and...

Cheating in Bicycle Races with Tiny Hidden Motors

Posted By Bruce Schneier

If doping weren't enough, cyclists are cheating in races by hiding tiny motors in their bicycles. There are many detection techniques: For its report, Stade 2 positioned a thermal imaging camera along the route of the Strade Bianche, an Italian professional men's race in March held mostly on unpaved roads and featuring many steep climbs. The rear hub of one...

Big Pond bug: Worked around

Posted By Greg Lehey

While lying awake in bed last night, I thought over some of the links to the BigPond mail issue. This one contains the information: A client suddenly can no longer send emails to any Bigpond addresses (anyone else is fine - have checked that they are not blacklisted anywhere). After investigation, we found that if we removed their web site url from their signature, it will send to Bigpond just fine. So BigPond is deliberately blocking texts if suspect (for them) URLs are present in the mail.

How Hacking Team Got Hacked

Posted By Bruce Schneier

The hacker who hacked Hacking Team posted a lengthy description of how he broke into the company and stole everything. Two articles. ETA: This post originally had a pastebin.com link to the original post, but it seems to have been taken down....

CU-Boulder remembers Evi Nemeth, April 26, 2016

Posted By Tom Limoncelli

CU-Boulder will be hosting an event on April 26, 2016, to celebrate the life of Evi Nemeth who passed away three years ago. You may remember Evi from her many books on system administration, her tutorials at Usenix LISA, or many of her other projects that influenced system administration as it exists today. ... we will celebrate the life of retired professor Evi Nemeth, an accomplished sailor who was lost at sea in June 2013. Evi joined the department in 1980 and was one its foundational figures for 20 years. She is best remembered for her rigorous data structures class and for providing a safe haven and confidence-building experiences for a generation of students who didn't fit the typical academic mold.

Helen Nissenbaum on Regulating Data Collection and Use

Posted By Bruce Schneier

NYU Helen Nissenbaum gave an excellent lecture at Brown University last month, where she rebutted those who think that we should not regulate data collection, only data use: something she calls "big data exceptionalism." Basically, this is the idea that collecting the "haystack" isn't the problem; it what is done with it that is. (I discuss this same topic in...

BigPond: what I have learnt

Posted By Greg Lehey

The encounter with BigPond technical support has something Daliesque about it. But during the over four hours I tried to resolve the problem, I have come up with some hypotheses about what their terminology really means: Corporate email: one that doesn't have a well-known commercial domain name such as @yahoo.com or @gmail.com. Thus @lemis.com and @freebsd.org would be corporate emails. ISP: The entity that runs the originating MTA.

BigPond breakage: enough is enough!

Posted By Greg Lehey

More rejected mail from BigPond today: This is the mail system at host www.lemis.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. <[email protected]>: host extmail.bigpond.com[61.9.168.122] said: 552     5.2.0 jeSz1s00h1sUVRc01eT0gw Suspected spam message rejected. IB704 (in     reply to end of DATA command) I've seen this before, and I've tried repeatedly to find a human on their so-called technical support line, all in vain. The last time was 9 months ago. Time to try again?

GCHQ Gets Involved in Mundane Surveillance Matters

Posted By Bruce Schneier

GCHQ detected a potential pre-publication leak of a Harry Potter book, and alerted the publisher. Is this what British national intelligence is supposed to be doing?...

Details about Juniper's Firewall Backdoor

Posted By Bruce Schneier

Last year, we learned about a backdoor in Juniper firewalls, one that seems to have been added into the code base. There's now some good research: "A Systematic Analysis of the Juniper Dual EC Incident," by Stephen Checkoway, Shaanan Cohney, Christina Garman, Matthew Green, Nadia Heninger, Jacob Maskiewicz, Eric Rescorla, Hovav Shacham, and Ralf-Philipp Weinmann: Abstract: In December 2015, Juniper...

Kuwaiti Government will DNA Test Everyone

Posted By Bruce Schneier

There's a new law that will enforce DNA testing for everyone: citizens, expatriates, and visitors. They promise that the program "does not include genealogical implications or affects personal freedoms and privacy." I assume that "visitors" includes tourists, so presumably the entry procedure at passport control will now include a cheek swab. And there is nothing preventing the Kuwaiti government from...

Easily read UTF16-encoded files from Go

Posted By Tom Limoncelli

A program I wrote that worked for quite some time started failing. It turns out someone tried to use it to process a file with text encoded as UTF16. The file came from a Windows system and, considering things like UoW, this situation is just going to start happening more frequently. Golang has a great package for dealing with various UTF encodings. That said, it still took me a few hours to figure out how to make an equivalent of ioutil.ReadFile(). I wrapped up what I learned and made it into a module. Everything should just work like magic. Instead of using os.Open(), use utfutil.OpenFile().

Next on LISA Conversations: kc claffy on "Named Data Networking"

Posted By Tom Limoncelli

Our next guest will be kc claffy. We'll be discussing her talk from LISA '15 titled Named Data Networking. Watch live! We'll be recording the episode on Tuesday, April 26, 2016 at 3:30-4:30 p.m. Pacific Time. Particpate in the live Q&A by submitting your questions during the broadcast. Pre-registration is recommended but not required. Register and/or watch via this link. Homework: Watch her talk ahead of time. Named Data Networking Recorded at LISA '15 Video and Slides Watch us record the podcast live! LISA Conversations Episode #9 Co-hosts: Lee Damon and Thomas Limoncelli Guest: kc claffy Will be recorded: Tuesday, April 26, 2016 at 3:30-4:30 p.m.

Security Risks of Shortened URLs

Posted By Bruce Schneier

Shortened URLs, produced by services like bit.ly and goo.gl, can be brute-forced. And searching random shortened URLs yields all sorts of secret documents. Plus, many of them can be edited, and can be infected with malware. Academic paper. Blog post with lots of detail....

A reconstruction of the Wolf's Tooth Spear

Posted By Niels Provos

Still more Hugin port pain

Posted By Greg Lehey

More investigation of the Hugin port again today. Checked everything, and all seemed well, but pkg still doesn't want to install all the dependencies. About the only thing that showed up was the message: pkg: hugin has a missing dependency: autopano-sift-C New packages to be INSTALLED:         hugin: 2016.0.0_2         p5-Image-ExifTool: 10.10         vigra: 1.11.0         hdf5: 1.8.15_1         fftw3-float: 3.3.3_2 Why is that? The Makefile already contains the definition: AUTOPANOSIFTC_RUN_DEPENDS= autopano:graphics/autopano-sift-c Ah, but that's with a small C.

Friday Squid Blogging: Replicating Reflecting Squid Tissue

Posted By Bruce Schneier

New research. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

LISA Conversations Episode 8: Caskey Dickson on "Why Your Manager LOVES Technical Debt and What to Do About It"

Posted By Tom Limoncelli

Episode 8 of LISA Conversations is Caskey Dickson, who presented Why Your Manager LOVES Technical Debt and What to Do About It at LISA '15. Watch the Episode here: LISA Conversations Episode #8 with Caskey Dickson Co-hosts: Lee Damon and Thomas Limoncelli Guest: Caskey Dickson Recorded Tuesday, March 29, 2016 In this episode we discuss his talk: Why Your Manager LOVES Technical Debt and What to Do About It Recorded at LISA '15 Video and Slides You won't want to miss this!

IRS Security

Posted By Bruce Schneier

Monday is Tax Day. Many of us are thinking about our taxes. Are they too high or too low? What's our money being spent on? Do we have a government worth paying for? I'm not here to answer any of those questions -- I'm here to give you something else to think about. In addition to sending the IRS your...

Photographer?

Posted By Tim Bray

Everyone takes pictures everywhere now, 24/7/365. So does photographer, in the amateur sense, still mean anything? I have pictures and questions that say it does. This is provoked by Om Maliks In the Future, We Will Photograph Everything and Look at Nothing in the New Yorker. It quotes Sontag (de rigeur for that subject in those pages I suppose), flirts with that seductive ol Internet Contrarianism, says smart things about photo software in general and and Googles Nik Collection in particular, and has plenty of arm-wavey futurology about Evolution and Conversation. I found the piece flat, partly because (oddly) it contains none of the authors photos; thus just words about pictures.

Cheating in Marathon Running

Posted By Bruce Schneier

Story of Julie Miller, who cheated in multiple triathlon races: The difference between cheating in 1980 and cheating today is that it's much harder to get away with now. What trips up contemporary cheaters, Empfield said, is their false assumption that the only thing they have to worry about is their timing chip, the device they wear that records their...

More HTML5 pain

Posted By Greg Lehey

I've complained in the past about problems using HTML5 to display videos, and I've found ways to revert to flash. But I forgot to document them! My latest install on eureka uses HTML5 because it has the power to do so. But there are still downsides in using HTML5, notably the lack of nagivability. How do I get back to flash again? Once, it seems, it was enough to go to about:config and set media.webm.enabled to false, as this (unnecessary) video shows. The instructions are in the comments. Unfortunately, that no longer works. The real solution appears to be this firefox addon.

Smartphone Forensics to Detect Distraction

Posted By Bruce Schneier

The company Cellebrite is developing a portable forensics device that would determine if a smartphone user was using the phone at a particular time. The idea is to test phones of drivers after accidents: Under the first-of-its-kind legislation proposed in New York, drivers involved in accidents would have to submit their phone to roadside testing from a textalyzer to determine...

Preventing Windows hibernation

Posted By Greg Lehey

Mail from Daniel Nebdal today: As a short workaround to windows 7 hibernating when you least want it to: If you press Win/Meta + X , the "mobility center" should pop up. From memory, the rightmost item on the lower row is "presentation mode". Turn that on, and it won't even suspend the monitor until you disable it again. I think it's meant for really long presentations, but as long as it works etc. In fact I had simply turned off hibernation in the Control Panel, but it's good to remember tricks like this one.

Hacking Lottery Machines

Posted By Bruce Schneier

Interesting article about how a former security director of the US Multi-State Lottery Association hacked the random-number generator in lottery software so he could predict the winning numbers. For several years, Eddie Tipton, the former security director of the US Multi-State Lottery Association, installed software code that allowed him to predict winning numbers on specific days of the year, investigators...

Hugin dependencies: still not working

Posted By Greg Lehey

So now the FreeBSD ports system has had time to build a new Hugin package, so tried reinstalling it. Sure enough, the package at http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/ is now portrevision 2. And it still doesn't install the dependencies. It looks like this still could be my problem, but clear error checking from pkg would help immensely. ACM only downloads articles once. It's possible that this article has changed since being downloaded, but the only way you can find out is by looking at the original article.

Microsoft pain: over

Posted By Greg Lehey

Came into the office this morning to find that the Men's Shed computer hadn't finished installing updates: How did that happen? All that was running was the Task Manager and the Windows Update. Stopped that and wasn't able to install the updates: an update was in progress. How do I get past that? Not only did rebooting not help, it wasn't possible: shutdown hung trying to install those updates that had been downloaded. And I couldn't power down either, because the power button was set to Sleep.

2016 Protocols Workshop

Posted By Bruce Schneier

Ross Anderson has liveblogged the 24th International Workshop on Security Protocols in Brno, Czech Republic....

Speaker Dust Cap Dent Repair

Posted By Tim Bray

As previously noted in this space, Im a deranged audiophile, and for some years my speakers of choice have been from Totem, out of Montréal. In a recent renovation a woofer got a dent in a dust cap, where by dent I mean it was pushed in. Im posting the solution here in the hopes that future searchers will find it. I was sitting up late listening to Coltrane and something about the sound just wasnt gelling. Eventually it bothered me enough to turn on the lights and even then it took a while to spot the problem, illustrated below. The round thing in the center of the lower driver is supposed to be smooth and convex, not uneven and concave.

Velocity Santa Clara early price ends May 12

Posted By Tom Limoncelli

Velocity Santa Clara is June 20-23, 2016. Sadly I can't attend this year due to a pre-existing commitment. However you can still register. Do it before the early discount evaporates!

Scams from the 1800s

Posted By Bruce Schneier

They feel quaint today: But in the spring of 1859, folks were concerned about another kind of hustle: A man who went by the name of A.V. Lamartine drifted from town to town in the Midwest ­ pretending to attempt suicide. He would walk into a hotel ­ according to newspaper accounts from Salem, Ore., to Richmond, Va., and other...

More fun with Microsoft

Posted By Greg Lehey

Spent some time looking at Doug Braddy's computer today. To my surprise, found an original Microsoft disk for Windows 7 Home Premium (is that a prize or a price?) , so installed that. Why is Microsoft so slow, and why is there so much disk activity at startup? In this case, it seems that 2 GB memory is pretty minimal for Windows 7, and it was swapping its little heart out. But the most interesting thing was Internet Explorer's reaction to my attempt to download firefox: That's amazing.

Computer for the Men's shed

Posted By Greg Lehey

While I was at the photo meeting, Doug Braddy from the Dereel Men's Shed came over and asked me to come and visit him afterwards. It's the first time I've been in the new shed, but for some reason I didn't take any photos. What he wanted was: the shed had received a donation of a ThinkCentre with a 2.13 GHz Core 2 6400 (Passmark 1299), 2 GB memory and Microsoft Windows XP. No keyboard, no mouse. And he wanted a more modern Windows on it. OK, modulo license key I can do that, though when I took it with me, it wasn't clear what the configuration was, nor whether it could handle Windows 7 in a timely manner.

Fixing Hugin package

Posted By Greg Lehey

My mail to the ports mailing list about the Hugin port bore some fruit. Don Lewis discovered, with the help of Yet Another Makefile target (check-plist) that the pkg-plist file contained errors. How could that be? I used some other recommended method to build it. But he had also verified that, at least for him, that after rectifying this problem and building a new package, it installed all the dependencies. So at least pkg was not behaving correctly. First let's see if the package does now work. ACM only downloads articles once.

Friday Squid Blogging: Cooking with Squid Ink

Posted By Bruce Schneier

Risotto nero and more. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Security Lessons from the Game of Werewolf

Posted By Bruce Schneier

I can't believe I haven't posted this before....

Breaking Semantic Image CAPTCHAs

Posted By Bruce Schneier

Interesting research: Suphannee Sivakorn, Iasonas Polakis and Angelos D. Keromytis, "I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs": Abstract: Since their inception, captchas have been widely used for preventing fraudsters from performing illicit actions. Nevertheless, economic incentives have resulted in an armsrace, where fraudsters develop automated solvers and, in turn, captcha services tweak their design to break the...

SRE is what DevOps wants to be when it grows up

Posted By Tom Limoncelli

There are two things you can do if you want to understand the future of system administration. First, if you want to see what DevOps will be like 5-10 years out, you can read the amazing new book, "Site Reliability Engineering: How Google Runs Production Systems". I read a preview copy and it was excellent. Many different Google SRE teams got together to produce a very well-rounded book that covers all aspects of Google's SRE program, which is easily 5-10 years ahead of the industry. (Pre-order from O'Reilly or Amazon) Congrats to the editors Niall Richard Murphy, Chris Jones, Jennifer Petoff, and Betsy Beyer on a great addition to the IT cannon.

More ports pain

Posted By Greg Lehey

A couple of days ago I received mail from Carlos Cartola Carvalho telling me that the Hugin package was missing dependencies. Of course I had checked that long ago (partially after tripping over my own missing dependencies). But I had built from source, and Cartola had installed the binary package. So I tried it, and how about that, he's right: it didn't install the dependencies. I had discussed the matter with Edwin Groothuis, who told me of a make target I hadn't heard of: === root@stable (/dev/pts/1) /usr/ports/graphics/hugin 6 -> make run-depends-list /eureka/home/src/FreeBSD/svn/ports/accessibility/atk /eureka/home/src/FreeBSD/svn/ports/databases/sqlite3 /eureka/home/src/FreeBSD/svn/ports/devel/boost-libs /eureka/home/src/FreeBSD/svn/ports/devel/desktop-file-utils /eureka/home/src/FreeBSD/svn/ports/devel/gettext-runtime /eureka/home/src/FreeBSD/svn/ports/devel/glib20 /eureka/home/src/FreeBSD/svn/ports/devel/gmake /eureka/home/src/FreeBSD/svn/ports/graphics/OpenEXR /eureka/home/src/FreeBSD/svn/ports/graphics/autopano-sift-c /eureka/home/src/FreeBSD/svn/ports/graphics/enblend /eureka/home/src/FreeBSD/svn/ports/graphics/exiv2 /eureka/home/src/FreeBSD/svn/ports/graphics/freeglut /eureka/home/src/FreeBSD/svn/ports/graphics/gdk-pixbuf2 /eureka/home/src/FreeBSD/svn/ports/graphics/glew /eureka/home/src/FreeBSD/svn/ports/graphics/gtk-update-icon-cache /eureka/home/src/FreeBSD/svn/ports/graphics/ilmbase /eureka/home/src/FreeBSD/svn/ports/graphics/jpeg-turbo /eureka/home/src/FreeBSD/svn/ports/graphics/lcms2 /eureka/home/src/FreeBSD/svn/ports/graphics/libpano13 /eureka/home/src/FreeBSD/svn/ports/graphics/p5-Image-ExifTool /eureka/home/src/FreeBSD/svn/ports/graphics/panomatic /eureka/home/src/FreeBSD/svn/ports/graphics/png /eureka/home/src/FreeBSD/svn/ports/graphics/tiff /eureka/home/src/FreeBSD/svn/ports/graphics/vigra /eureka/home/src/FreeBSD/svn/ports/lang/python27 /eureka/home/src/FreeBSD/svn/ports/math/fftw3 /eureka/home/src/FreeBSD/svn/ports/misc/shared-mime-info /eureka/home/src/FreeBSD/svn/ports/x11-toolkits/pango /eureka/home/src/FreeBSD/svn/ports/x11-toolkits/wxgtk28 And those include the ones that are missing.

Still more subversion problems

Posted By Greg Lehey

Rainer Hurling has trouble with Vigra since I tried to update it to the latest version (1.11.0). Time to try for myself. But now I have VMs, it's time to migrate stable to a VM. That's simple enough: follow the HOWTO. And then build a new world, now that FreeBSD 10.3 has been released. The buildworld failed with missing definitions. I've seen that before: corrupted working copy of the Subversion repository. Another checkout? Simple. And yes, exactly the same kind of corruption that I had seen before, including files that had been updated before the branch point for stable/10: -__FBSDID("$FreeBSD: stable/10/sys/fs/cd9660/cd9660_iconv.c 120492 2003-09-26 20:26:25Z fjoe $"); +__FBSDID("$FreeBSD: stable/10/sys/fs/cd9660/cd9660_iconv.c 166639 2007-02-11 13:54:25Z rodrigc $"); How can that happen?

Getting the Picture

Posted By Tim Bray

Its like this: Averages are your enemy because they hide change. Making graphs is cheap and easy and more of us should do it more. What happened was, I was working on some software that takes an incoming flow of messages and stuffs them into an Amazon Kinesis stream. Kinesis is a thing that can soak up a whole lot of data really fast; the way it works is that you configure it with a number of shards, and each shard can soak up a thousand messages per second, or a megabyte per second, whichever comes first. Theres nice software for reading them out and doing useful stuff with them.

Bypassing Phone Security through Social Engineering

Posted By Bruce Schneier

This works: Khan was arrested in mid-July 2015. Undercover police officers posing as company managers arrived at his workplace and asked to check his driver and work records, according to the source. When they disputed where he was on a particular day, he got out his iPhone and showed them the record of his work. The undercover officers asked to...

IBM Officially Owns Resilient Systems

Posted By Bruce Schneier

It's officially final; IBM has "completed the acquisition" of Resilient Systems, Inc. We are now "Resilient: an IBM Company." As I expected when I announced this acquisition, I am staying on as the CTO of Resilient and something like Senior Advisor to IBM Security -- we're still working on the exact title. Everything I've seen so far indicates that this...

CONIKS

Posted By Bruce Schneier

CONIKS is an new easy-to-use transparent key-management system: CONIKS is a key management system for end users capable of integration in end-to-end secure communication services. The main idea is that users should not have to worry about managing encryption keys when they want to communicate securely, but they also should not have to trust their secure communication service providers to...

Take the 2016 State of DevOps Survey

Posted By Tom Limoncelli

Whether or not you are in a DevOps environment, please take this survey. The data is useful for helping improve the situation for system administrators of all kinds. http://itrevolution.com/2016devopssurvey/

WhatsApp is Now End-to-End Encrypted

Posted By Bruce Schneier

WhatsApp is now end-to-end encrypted....

Data and Goliath Sale

Posted By Bruce Schneier

I have a bunch of extra copies of my book Data and Goliath, and I am selling them at a discount. Details here....

Smart Essay on the Limitations of Anti-Terrorism Security

Posted By Bruce Schneier

This is good: Threats constantly change, yet our political discourse suggests that our vulnerabilities are simply for lack of resources, commitment or competence. Sometimes, that is true. But mostly we are vulnerable because we choose to be; because we've accepted, at least implicitly, that some risk is tolerable. A state that could stop every suicide bomber wouldn't be a free...

Another Jim Lannen event

Posted By Greg Lehey

Woke up at blank this morning. No power. Another bloody power failure? No, another bloody Jim Lannen event: RCD tripped, UPS drained. And that in the middle of my monthly complete backup, which takes 10 hours! I also lost the last half of a TV recording. What a pain it is to keep power up in this household! That gave me a chance to repeat the backup, of course. Just backing up my own home directory showed me how much CPU goes into compression: That wasn't the end of the backup.

Still more Microsoft pain

Posted By Greg Lehey

On with my attempts to mount remote CIFS file systems on damnation, my Microsoft Windows 10 VM, today. I hardly made any headway. What I did learn: It's not a file system, it's a share. Yes, I knew that, I just think it another silly term. You can start a shell by hitting Window key-R and entering CMD, the new name of COMMAND.COM COMMAND.EXE. Well, Window key-R is the new, simpler way to call up the run windowif you don't have any other programs with names starting with R.

Friday Squid Blogging: Composite Materials Based on Squid Beaks

Posted By Bruce Schneier

Squid-based research is yielding composites that are both strong and flexible. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Reddit's Warrant Canary Just Died

Posted By Bruce Schneier

Reddit has received a National Security Letter. I have long discounted warrant canaries. A gag order is serious, and this sort of high-school trick won't fool judges for a minute. But so far they seem to be working. Now we have another question: now what? We have one piece of information, but not a very useful one. We know that...

Cool Aussie Phoners

Posted By Tim Bray

What the title says: Three photos of Aussies holding phones looking cool. Some people think street photography is supposed to be B&W and sad, but Ive never understood that. The first two of these are in Melbourne.

Hacking Elections in Latin America

Posted By Bruce Schneier

Long and interesting article about a fixer who hacked multiple elections in Latin America. This isn't election hacking as in manipulate the voting machines or the vote counting, but hacking and social-media dirty tricks leading up to the election....

Daily ports pain

Posted By Greg Lehey

I've now managed to build Vigra on current, my FreeBSD-CURRENT box. Time to commit? What can it break? Decided to build Hugin first. More dependencies, more build failures: configure: error: in `/eureka/home/src/FreeBSD/svn/ports/science/hdf5/work/hdf5-1.8.15-patch1': configure: error: C++ preprocessor "/lib/cpp" fails sanity check Somehow things are all far too difficult. ACM only downloads articles once.

More Microsoft pain

Posted By Greg Lehey

So yesterday my attempt to activate Microsoft Windows 10 failed with an activation service that was down. I tried again today. Same result. And while fighting my way through the maze of twisty little menus, all different, I found: How did that happen? And how can I track what license key I used? I'm not exactly a big Microsoft user, but I have a number of different activation keys which I can (apparently) use again to activate Microsoft on new machines. What happens if I choose the wrong one?

Phantom logins

Posted By Greg Lehey

Strange messages in the daily security mail from lagoon.lemis.com this morning: lagoon.lemis.com login failures: Mar 30 00:00:33 stable-amd64 sshd[61196]: Invalid user backup from 61.142.106.34 Mar 30 00:00:33 stable-amd64 sshd[61196]: input_userauth_request: invalid user backup [preauth] ... Mar 30 02:47:16 stable-amd64 login: 1 LOGIN FAILURE FROM 113.89.143.218 In all there were over 2,800 messages! But how could this happen? stable-amd64 was a test box whose name I retired on 7 January 2015: revision 1.129 date: 2015/01/06 23:11:45;  author: grog;  state: Exp;  lines: +3 -3 Rename stable-amd64 to stable.