An aggregation of our Blog Roll, made up of acmqueue authors.   more

Postings for December 2014:  (40 posts)
Wed, 17 Dec 2014 12:44:57 UTC

How the FBI Unmasked Tor Users

Posted By Bruce Schneier

Kevin Poulson has a good article up on Wired about how the FBI used a Metasploit variant to identity Tor users....

Tue, 16 Dec 2014 17:34:04 UTC

Fake Cell Towers Found in Norway

Posted By Bruce Schneier

In yet another example of what happens when you build an insecure communications infrastructure, fake cell phone towers have been found in Oslo. No one knows who has been using them to eavesdrop. This is happening in the US, too. Remember the rule: we're all using the same infrastructure, so we can either keep it insecure so we -- and...

Mon, 15 Dec 2014 19:13:46 UTC

Understanding Zero-Knowledge Proofs

Posted By Bruce Schneier

Matthew Green has a good primer....

Mon, 15 Dec 2014 12:07:59 UTC

Over 700 Million People Taking Steps to Avoid NSA Surveillance

Posted By Bruce Schneier

There's a new international survey on Internet security and trust, of "23,376 Internet users in 24 countries," including "Australia, Brazil, Canada, China, Egypt, France, Germany, Great Britain, Hong Kong, India, Indonesia, Italy, Japan, Kenya, Mexico, Nigeria, Pakistan, Poland, South Africa, South Korea, Sweden, Tunisia, Turkey and the United States." Amongst the findings, 60% of Internet users have heard of Edward...

Sun, 14 Dec 2014 20:00:00 UTC

Twitter News

Posted By Tim Bray

Good news and bad news; but mostly bad. Its a playground for abusers and managements pointing the wrong way. Good news Kathy Sierra, one of the good smart people who make Life Online interesting, was chased off the Net by shitheads in 2007, then came back strong via Twitter, offering a refined mix of words and pictures. But then, earlier this year, it happened again. Because shes a woman with opinions. Which draws abuse. In her case, including from Weev (now theres an asswipes asswipe). To make it worse, the Twitter account she folded was insta-grabbed by an abuser and used as a club to beat her.

Sun, 14 Dec 2014 07:54:27 UTC

Interview with The Command Line podcast

Posted By Cory Doctorow

I just appeared on the Command Line podcast (MP3) to talk about Information Doesn't Want to Be Free -- Thomas and I really had a wide-ranging and excellent conversation: In this episode, I interview Cory Doctorow about his latest book, Information Doesnt Want to be Free: Laws for the Internet Age. If you are interested … [Read more]

Sat, 13 Dec 2014 01:34:33 UTC

A year of NBN

Posted By Greg Lehey

A year ago today my network problems were solved with the installation of National Broadband Network fixed wireless. What a relief it was. It still is, and that's why we had the second installation done in Stones Road last week. Why so early? I don't trust the current government not to kill off new installations on the NBN. With good reason, it seems, if this article is to be believed. That's from The Register, not exactly the most neutral of publications. What's behind it? Should a country nationalize Internet topology? Australia has a particular problem because, although it's a highly developed country, the population density is very low, which makes providing fair network access to people outside the towns.

Fri, 12 Dec 2014 22:32:17 UTC

Friday Squid Blogging: Recreational Squid Fishing in Washington State

Posted By Bruce Schneier

There is year-round recreational squid fishing from the Strait of Juan de Fuca to south Puget Sound. A nighttime sport that requires simple, inexpensive fishing tackle, squid fishing-or jigging-typically takes place on the many piers and docks throughout the Puget Sound region As usual, you can also use this squid post to talk about the security stories in the news...

Fri, 12 Dec 2014 20:05:56 UTC

Incident Response Webinar on Thursday

Posted By Bruce Schneier

On 12/18 I'll be part of a Co3 webinar where we examine incident-response trends of 2014 and look ahead to 2015. I tend not to do these, but this is an exception. Please sign up if you're interested....

Fri, 12 Dec 2014 15:26:41 UTC

Who Might Control Your Telephone Metadata

Posted By Bruce Schneier

Remember last winter when President Obama called for an end to the NSA's telephone metadata collection program? He didn't actually call for an end to it; he just wanted it moved from an NSA database to some commercial database. (I still think this is a bad idea, and that having the companies store it is worse than having the...

Thu, 11 Dec 2014 20:37:49 UTC

Comments on the Sony Hack

Posted By Bruce Schneier

I don't have a lot to say about the Sony hack, which seems to still be ongoing. I want to highlight a few points, though. At this point, the attacks seem to be a few hackers and not the North Korean government. (My guess is that it's not an insider, either.) That we live in the world where we aren't...

Thu, 11 Dec 2014 12:31:23 UTC

Not Enough CISOs to Go Around

Posted By Bruce Schneier

This article is reporting that the demand for Chief Information Security Officers far exceeds supply: Sony and every other company that realizes the need for a strong, senior-level security officer are scrambling to find talent, said Kris Lovejoy, general manager of IBM's security service and former IBM chief security officer. CISOs are "almost impossible to find these days," she said....

Wed, 10 Dec 2014 17:40:52 UTC

Effects of Terrorism Fears

Posted By Bruce Schneier

Interesting article: "How terrorism fears are transforming America's public space." I am reminded of my essay from four years ago: "Close the Washington Monument."...

Wed, 10 Dec 2014 16:15:39 UTC

Information Doesnt Want to Be Free: the audiobook, read by Wil Wheaton (if you were to share this, Id consider it a personal favor!)

Posted By Cory Doctorow

I've independently produced an audiobook edition of my nonfiction book Information Doesn't Want to Be Free: Laws for the Internet Age, paying Wil Wheaton to narrate it (he did such a great job on the Homeland audiobook, with a mixdown by the wonderful John Taylor Williams, and bed-music from Amanda Palmer and Dresden Dolls. Both … [Read more]

Wed, 10 Dec 2014 15:00:00 UTC

Interview by Win Treese in InformIT

Posted By Tom Limoncelli

Win Treese interviewed me and my co-authors about the book. An Interview with the authors of "The Practice of Cloud System Administration" on DevOps and Data Security We discussed DevOps in the enterprise, trends in system administration, and at the end I got riled up and ranted about how terrible computer security has become.

Wed, 10 Dec 2014 14:14:33 UTC

Information Doesnt Want to Be Free Audiobook

Posted By Cory Doctorow

Information Doesn't Want to Be Free, read by Wil Wheaton With introductions by Neil Gaiman and Amanda Palmer

Tue, 09 Dec 2014 12:33:00 UTC

NSA Hacking of Cell Phone Networks

Posted By Bruce Schneier

The Intercept has published an article -- based on the Snowden documents -- about AURORAGOLD, an NSA surveillance operation against cell phone network operators and standards bodies worldwide. This is not a typical NSA surveillance operation where agents identify the bad guys and spy on them. This is an operation where the NSA spies on people designing and building a...

Mon, 08 Dec 2014 20:00:00 UTC

More Cheap Lens Fun

Posted By Tim Bray

On the weekend, I took candid photos of friends in soft indoor evening light. The best lens for this sort of thing, speaking as a member of the Fujifilm cult, would be the awesome portrait-optimized 56mm F1.2, which has reduced many reviewers to quivering jelly. I didnt have one of those but the pix are still OK. My friends Michelle and Philip That 56mm is the kind of lens Id totally buy, except for I was at Leos Cameras and accidentally bought a used smc PENTAX-M 1:1.4 50mm instead, for (I think) $75. Manufactured between 1977 and 1984, its easy to screw onto my A.D.

Mon, 08 Dec 2014 17:09:12 UTC

Rapiscan Full-Body Scanner for Sale

Posted By Bruce Schneier

Government surplus. Only $8,000 on eBay. Note that this device has been analyzed before....

Mon, 08 Dec 2014 17:00:00 UTC

Book Excerpt: Capacity Planning

Posted By Tom Limoncelli has published an excerpt from our book "The Practice of Cloud System Administration: Designing and Operating Large Distributed Systems Vol 2". The article has a title that implies it is about capacity planning for data centers but it's really about capacity planning for any system or service. Room to grow: Tips for data center capacity planning If you like that it, there's 547 more pages of good stuff like that in the book.

Mon, 08 Dec 2014 13:19:50 UTC

Corporate Abuse of our Data

Posted By Bruce Schneier

Last week, we learned about a striking piece of malware called Regin that has been infecting computer networks worldwide since 2008. It's more sophisticated than any known criminal malware, and everyone believes a government is behind it. No country has taken credit for Regin, but there's substantial evidence that it was built and operated by the United States. This isn't...

Sun, 07 Dec 2014 23:23:32 UTC

Luigi Rizzo visits

Posted By Greg Lehey

Another dreary, moist day, and somehow got nothing done. About the only thing of interest was when Luigi Rizzo and his friend Valeria came for dinner. Spent some time showing them some kangaroos which had obligingly appeared in the north paddock, then Yvonne and Margaret Swann returned from Warrnambool, where the weather had been better. Had dinner, and Luigi and Valeria were off again. ACM only downloads articles once.

Sat, 06 Dec 2014 21:31:41 UTC

How to forge a sword: From start to finish!

Posted By Niels Provos

Fri, 05 Dec 2014 22:10:35 UTC

Friday Squid Blogging: Squid Poaching off the Coast of Japan

Posted By Bruce Schneier

There has been an increase in squid poaching by North Korea out of Japanese territorial waters. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 05 Dec 2014 22:09:17 UTC

Surveillance Cartoon

Posted By Bruce Schneier


Fri, 05 Dec 2014 12:45:27 UTC

Corporations Misusing Our Data

Posted By Bruce Schneier

In the Internet age, we have no choice but to entrust our data with private companies: e-mail providers, service providers, retailers, and so on. We realize that this data is at risk from hackers. But there's another risk as well: the employees of the companies who are holding our data for us. In the early years of Facebook, employees had...

Thu, 04 Dec 2014 23:47:04 UTC

An ATA for Stones Road

Posted By Greg Lehey

Now that we have a network connection, the obvious thing to do is to set up VoIP to make up for the appalling mobile coverage in the area (thanks, Wendy). All I need is an ATA. After last month's damage, I only have one, with the other on order. But what's wrong with the defective one? No power indication. Is it possible that there's a fuse in there somewhere? Took it apart and examined the board: Sure enough, there's a surface mount fuse just next to the power connector at top left.

Thu, 04 Dec 2014 23:05:06 UTC


Posted By Greg Lehey

Over to the building site this morning to meet with Duncan and discuss the bleak situation finding builders prepared to work over Christmas and the summer holidays. He was happy enough about the relocation of the gas supply, so that's one less problem. Jim Lannen was there too with his apprentice, and they got as far as putting in the Cat 6 cable. But still no power! Discussed with Jim and Duncan, who both agreed that a call to John Willowhite of Powercor was in order. But as I was leaving, I discovered an extension cable in front of the house, and sure enough: We have power!

Thu, 04 Dec 2014 21:40:56 UTC

Olfactory Surveillance

Posted By Bruce Schneier

The Denver police are using olfactometers to measure the concentration of cannabis in the air. I haven't found any technical information about these devices, their sensitivity, range, etc....

Thu, 04 Dec 2014 15:33:13 UTC

Quantum Attack on Public-Key Algorithm

Posted By Bruce Schneier

This talk (and paper) describe a lattice-based public-key algorithm called Soliloquy developed by GCHQ, and a quantum-computer attack on it. News article....

Thu, 04 Dec 2014 01:12:29 UTC

NBN installation?

Posted By Greg Lehey

Call from Walter Bonilla of the National Broadband Network today, reminding me of the network installation for Stones Road tomorrow. I had to remind him that we had already spoken, that there was no wall to attach the NTD, and that he was supposed to get the techies to call me. He volunteered the information that the installer was called Adam, and yes, he would call me before they came out. Somehow this organization sounds just as bureaucratic as all the others I have to deal with. ACM only downloads articles once.

Tue, 02 Dec 2014 21:15:21 UTC

The Future of Auditory Surveillance

Posted By Bruce Schneier

Interesting essay on the future of speech recognition, microphone miniaturization, and the future ubiquity of auditory surveillance....

Tue, 02 Dec 2014 20:00:00 UTC

Closed Eyes, $45

Posted By Tim Bray

I took my daughter for a walk down the Main, and we happened by a funky consignment shop. I cant decide whether that second one is sad or not.

Tue, 02 Dec 2014 13:16:36 UTC

When Ed Snowden met Marcus Yallow

Posted By Cory Doctorow

Here's a scene from Citizenfour, Laura Poitras's acclaimed documentary on Edward Snowden, showing Snowden packing his bags to leave Hong Kong, showing the book on his nightstand: my novel Homeland. I literally could not be more proud than I am right now. Thanks to Poitras and her helper, Maria, for this clip.

Mon, 01 Dec 2014 20:46:43 UTC

A quick poll about order of evaluation&

Posted By Herb Sutter

Consider this program fragment: std::vector<int> v = { 0, 0 }; int i = 0; v[i++] = i++; std::cout << v[0] << v[1] << endl; My question is not what it might print under today’s C++ rules. The third line runs afoul of two different categories of undefined and unspecified behavior. Rather, my question is […]

Mon, 01 Dec 2014 20:00:00 UTC


Posted By Tim Bray

As of December Im working for Amazon. This will be different from my last few gigs; in particular, dont expect to read about it here. The preaching and coding around privacy and security Ive been doing these last few months has been a blast, but it doesnt seem to be a paying job nor even a coherent organized project, the kind with co-workers. And Amazon is offering me one of those, so here I am with a smile on my face. What I will and wont be doing Ill be working on AWS. And thats all Im saying, because this isnt an outward-facing job; for the first time in oh-so-long, Im back in the full-time engineering trenches.

Mon, 01 Dec 2014 19:21:40 UTC

LOPSA-NJ Meeting: Intro to Chocolatey (THURSDAY)

Posted By Tom Limoncelli

This is LOPSA NJ's birthday meeting. There will be cake! The topic for this month's LOPSA NJ Chapter meeting is Chocolatey. It is a package manager that brings a lot of the benefits that Linux package systems have to the Windows world. Whether you use Windows or Unix, this presentation will be very educational. Topic: Intro to Chocolatey: A Windows Package Manager Speaker: Derek Murawsky Date: Thursday, December 4, 2014 Time: 7:00pm (social), 7:30pm (discussion) Location: Lawrenceville, NJ (near Princeton) For full info about the meeting click here.

Mon, 01 Dec 2014 19:21:40 UTC

LOPSA-NJ Meeting: Intro to Chocolatey (THURSDAY)

Posted By Tom Limoncelli

This is LOPSA NJ's birthday meeting. There will be cake! The topic for this month's LOPSA NJ Chapter meeting is Chocolatey. It is a package manager that brings a lot of the benefits that Linux package systems have to the Windows world. Whether you use Windows or Unix, this presentation will be very educational. Topic: Intro to Chocolatey: A Windows Package Manager Speaker: Derek Murawsky Date: Thursday, December 4, 2014 Time: 7:00pm (social), 7:30pm (discussion) Location: Lawrenceville, NJ (near Princeton) For full info about the meeting click here.

Mon, 01 Dec 2014 12:41:25 UTC

Putting NSA/GCHQ Spying Together

Posted By Bruce Schneier

This is a really good analysis of how the NSA/GCHQ spying programs actually work. It's nice that we finally have enough documents public that we can start putting together the complete pictures....

Mon, 01 Dec 2014 10:21:35 UTC

Why should we care about characters?

Posted By Cory Doctorow

I appear in the latest edition of the Writing Excuses podcast (MP3), recorded live at Westercon in Salt Lake City last summer, with Mary Robinette Kowal, Brandon Sanderson, Dan Wells and Howard Tayler, talking about why we care about characters.