Blogs

RSS

An aggregation of our Blog Roll, made up of acmqueue authors.   more

Postings for May 2015:  (73 posts)
Wed, 27 May 2015 20:30:00 UTC

The AWS Pop-up Loft opens in New York City

Posted By Werner Vogels

Over a year ago the AWS team opened a "pop-up loft" in San Francisco at 925 Market Street. The goal of opening the loft was to give developers an opportunity to get in-person support and education on AWS, to network, get some work done, or just hang out with peers. It became a great success; every time when I visit the loft there is a great buzz with people getting advice from our solution architects, getting training or attending talks and demos. It became such a hit among developers that we decided to reopen the loft last year August after its initial run of 4 weeks, making sure everyone would have continued access to this important resource.

Wed, 27 May 2015 12:50:47 UTC

Terrorist Risks by City, According to Actual Data

Posted By Bruce Schneier

I don't know enough about the methodology to judge it, but it's interesting: In total, 64 cities are categorised as 'extreme risk' in Verisk Maplecroft's new Global Alerts Dashboard (GAD), an online mapping and data portal that logs and analyses every reported terrorism incident down to levels of 100m² worldwide. Based on the intensity and frequency of attacks in the...

Tue, 26 May 2015 21:51:25 UTC

Race Condition Exploit in Starbucks Gift Cards

Posted By Bruce Schneier

A researcher was able to steal money from Starbucks by exploiting a race condition in their gift-card value-transfer protocol. Basically, by initiating two identical web transfers at once, he was able to trick the system into recording them both. Normally, you could take a $5 gift card and move that money to another $5 gift card, leaving you with an...

Tue, 26 May 2015 11:18:21 UTC

Stink Bombs for Riot Control

Posted By Bruce Schneier

They're coming to the US: It's called Skunk, a type of "malodorant," or in plainer language, a foul-smelling liquid. Technically nontoxic but incredibly disgusting, it has been described as a cross between "dead animal and human excrement." Untreated, the smell lingers for weeks. The Israeli Defense Forces developed Skunk in 2008 as a crowd-control weapon for use against Palestinians. Now...

Mon, 25 May 2015 23:30:01 UTC

Measuring light globe brightness

Posted By Greg Lehey

I've already tried some measurements of relative light output of various globes, but only using my camera exposre meter, which has a resolution of 0.1 EV, or about 7%. I have a better tool for this job: a light meter with 3.5 digit resolution. In the meantime I also have more globes, so today I tried a number of measurements. Here the raw data: Globe       Type       W       Lumen       Lux IKEA       ...

Mon, 25 May 2015 22:55:12 UTC

VoIP ring tones

Posted By Greg Lehey

We still haven't resolved the issues with VoIP ring tones. Today I got a call from Donu from MyNetFone, who went through the whole thing Yet Again, starting with confirming that the other two people didn't report the problem correctly. She had her problems too: for her, the American ring tone was correct. More to the point, though, where is it coming from? The fact that normal calls ring correctly suggests that it's MyNetFone's problem. But Donu came up with one issue: which codec? And sure enough, there was a difference. Connections to the outside world used G.729a, while the internal connections used G.711a.

Mon, 25 May 2015 22:32:47 UTC

Another power failure!

Posted By Greg Lehey

I had hoped to be completely free of power failures on moving to Stones Road, but it hasn't started well. Today we had a failure of a completely novel kind: CJ connected an extension cord to a power point in the shed, and for some inexplicable reason turned the main UPS output switch off and on again. Bang! Was I happy, especially when eureka didn't detect its monitors the first time round. Fortunately it did after I had power cycled it. ACM only downloads articles once.

Mon, 25 May 2015 14:20:58 UTC

Story of the ZooKeeper Poison-Packet Bug

Posted By Bruce Schneier

Interesting story of a complex and deeply hidden bug -- with AES as a part of it....

Sat, 23 May 2015 03:02:33 UTC

VoIP strangenesses

Posted By Greg Lehey

Call on the phone today. I answered it, and was immediately disconnected. That happened three times. But then I saw the calling number: CJ Ellis. So I called him back and discovered that he had been confused by the ringing tone. Tried calling from the other line. An American (single) ring tone, not the Australian (double) tone. Why did that happen? Called up MynEtfOne and spoke to Epi (that's how he spelt it), who took me through the typical rigmarole of telling me that it wasn't so, and that I shouldn't be calling the internal number (starting with 09), because that wouldn't work and I wouldn't get a connection.

Fri, 22 May 2015 21:39:17 UTC

Friday Squid Blogging: Giant Squid Washes Up in New Zealand

Posted By Bruce Schneier

The latest one. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 22 May 2015 17:33:36 UTC

USPS Tracking Queries to Its Package Tracking Website

Posted By Bruce Schneier

A man was arrested for drug dealing based on the IP address he used while querying the USPS package tracking website....

Fri, 22 May 2015 10:57:49 UTC

Grady Booch on the Future in Software Engineering

Posted By Diomidis D. Spinellis

I was priviledged to hear Grady Booch deliver a keynote on the Future in Software Engineering. Here are my notes of some important statements and interesting soundbytes.

Fri, 22 May 2015 10:45:35 UTC

Why the Current Section 215 Reform Debate Doesn't Matter Much

Posted By Bruce Schneier

The ACLU's Chris Soghoian explains (time 25:52-30:55) why the current debate over Section 215 of the Patriot Act is just a minor facet of a large and complex bulk collection program by the FBI and the NSA. There were 180 orders authorized last year by the FISA Court under Section 215 -- 180 orders issued by this court. Only five...

Thu, 21 May 2015 19:00:00 UTC

No Magic

Posted By Tim Bray

I spent a couple days this week in eastern Washington State with a lot of senior Amazon engineers, all trying to discern and inscribe coherent form on the roiling surface of global-scale cloud tech. This piece is here so I can publish one pretty picture and four wise words about what it means to be an engineer. Obviously& We were in a session about a piece of software, starting to roll out internally, that might help address pain points we expect to become unbearable, assuming that AWS and Amazon grow to many times their current size. Andrew was leading; someone spoke up, asking And what if I need to do that 500,000 times a second? Andrew nodded, face creasing, then began: Obviously, theres no magic& More nods all around the room.

Thu, 21 May 2015 18:05:05 UTC

New Pew Research Report on Americans' Attitudes on Privacy, Security, and Surveillance

Posted By Bruce Schneier

This is interesting: The surveys find that Americans feel privacy is important in their daily lives in a number of essential ways. Yet, they have a pervasive sense that they are under surveillance when in public and very few feel they have a great deal of control over the data that is collected about them and how it is used....

Thu, 21 May 2015 11:30:31 UTC

The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange

Posted By Bruce Schneier

Logjam is a new attack against the Diffie-Hellman key-exchange protocol used in TLS. Basically: The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the...

Thu, 21 May 2015 00:20:22 UTC

More NBN outages

Posted By Greg Lehey

No less than three short network outages today, all in very quick succession: Start time End time Duration Badness from to (seconds) 1432086570 1432086605 35 0.012 # 20 May 2015 11:49:30 20 May 2015 11:50:05 1432086867 1432086913 46 13.740 # 20 May 2015 11:54:27 20 May 2015 11:55:13 1432087675 1432087689 14 4.724 # 20 May 2015 12:07:55 20 May 2015 12:08:09 What caused that?

Wed, 20 May 2015 19:15:16 UTC

Research on Patch Deployment

Posted By Bruce Schneier

New research indicates that it's very hard to completely patch systems against vulnerabilities: It turns out that it may not be that easy to patch vulnerabilities completely. Using WINE, we analyzed the patch deployment process for 1,593 vulnerabilities from 10 Windows client applications, on 8.4 million hosts worldwide [Oakland 2015]. We found that a host may be affected by multiple...

Wed, 20 May 2015 19:00:00 UTC

Internet.org

Posted By Tim Bray

All sorts of people are denouncing Internet.org, but it looks OK to me. Maybe Im wrong. If someone convinces me that I am, then Ill update this post with an explanation of why its a bad thing, and of course link to the evidence. What it is Near as I can tell, its a service, funded by Facebook, where less-well-off people in less-developed parts of the world can get bits of the Internet for free, notably including Facebook and Wikipedia. (But I do have to say that its damn hard to find a listing of what beyond that is actually on Internet.org.)

Wed, 20 May 2015 18:52:51 UTC

Design Patterns for being creepy: Playing The Odds

Posted By Tom Limoncelli

Recently a friend told me this story. She had given a presentation at a conference and soon after started receiving messages from a guy that wanted to talk more about the topic. He was very insistent that she was the only person that would understand his situation. Not wanting to be rude, she offered they continue in email but he wanted to meet in person. His requests became more and more demanding over time. It became obvious that he wasn't looking for mentoring or advice. He wanted a date. She had no interest in that. Unsure what to do, she asked a few other female attendees for advice.

Wed, 20 May 2015 13:06:31 UTC

Spy Dust

Posted By Bruce Schneier

Used by the Soviet Union during the Cold War: A defecting agent revealed that powder containing both luminol and a substance called nitrophenyl pentadien (NPPD) had been applied to doorknobs, the floor mats of cars, and other surfaces that Americans living in Moscow had touched. They would then track or smear the substance over every surface they subsequently touched....

Wed, 20 May 2015 01:28:57 UTC

Faster networking

Posted By Greg Lehey

The National Broadband Network is planning a new speed rating for fixed wireless: 50 Mb/s down, 20 Mb/s up, best effort. We're getting a trial at no additional cost. Yesterday, before the transition, I tested my speed for the first time ever since moving to Aussie Broadband. It didn't look bad: nominal 25/5, actual 23.7/4.9. You can't complain about that. Today I tried again, and got 40 Mb/s down, but only 4.97 Mb/s up. OK, it's best effort, but I'd expect a small increase in the upstream bandwidth. Still, it's early days yet. ACM only downloads articles once.

Tue, 19 May 2015 13:00:03 UTC

More on Chris Roberts and Avionics Security

Posted By Bruce Schneier

Last month ago I blogged about security researcher Chris Roberts being detained by the FBI after tweeting about avionics security while on a United flight: But to me, the fascinating part of this story is that a computer was monitoring the Twitter feed and understood the obscure references, alerted a person who figured out who wrote them, researched what flight...

Mon, 18 May 2015 12:14:28 UTC

United Airlines Offers Frequent Flier Miles for Finding Security Vulnerabilities

Posted By Bruce Schneier

Vulnerabilities on the website only, not in airport security or in the avionics....

Mon, 18 May 2015 10:02:44 UTC

Bruce Sterlings introduction to the Italian edition of Little Brother

Posted By Cory Doctorow

Italy’s Multiplayer Edizioni just launched a beautiful new Italian edition of Little Brother with an introduction by Bruce Sterling. It’s the second essay that Bruce has written for one of my books, and it’s my favorite — I was so pleased with it that I asked his permission to reproduce it here, which he’s graciously... more

Sun, 17 May 2015 02:59:42 UTC

No toilet paper

Posted By Greg Lehey

We've gradually unpacked most things except for a large proportion of the books. Today we needed toilet paper. OK, we know where that is: it's marked on the carton. Opened it up. No toilet paper. Just the backup disks that I've been missing for the last 9 days! It makes sense: I had not written anything on the carton because it was to come out immediately at the other end. And it was an old carton, so it already had the description on it from 8 years ago. Thank God for that! The whole matter was seriously getting me down, and it took several hours for the relief to set in.

Sat, 16 May 2015 23:24:00 UTC

Spammers: adding insult to injury

Posted By Greg Lehey

While looking through spam headers today, found this: Received: from mx1.lemis.com (webxc17s05.ad.aruba.it [62.149.141.197]) Apart from being an abuse of my domain name, does this actually make things any easier for them? Clearly my Postfix configuration doesn't catch it, but it should do so, so there's no advantage to the spammer to do this. It looks as if they're just giving me the finger. ACM only downloads articles once.

Sat, 16 May 2015 00:14:40 UTC

A new phone

Posted By Greg Lehey

We have to leave the old Binatone answering machine in Kleins Road for the moment, so that it can give people the new number. The phones are pretty much worn out anywaythe displays are all missing segmentsso it's finally time for a set of new portable phones. I want one that is compatible with a Bluetooth headset. There are plenty of phones that offer Bluetooth functionality, but almost all of them seem to pair to mobile phones, something that seems of limited utilitywhy exchange one handset for another? After much searching, found that a number of Telstra portable phones have this feature.

Fri, 15 May 2015 23:59:18 UTC

Spam explosion

Posted By Greg Lehey

Is it just me, or has there been an explosion of spam lately? I suppose part of the issue is my old, worn-out tools, but although I reject a lot of spam before it gets near the server, and filter more out before it hits my inbox, I'm finding more serious spam, advertising dubious products. Things have changed: it seems that everybody who wanted a penis enlargement now has it, so that kind of spam has declined, but I'm bombarded with beautiful garage floors, medical miracles, walk-in bathtubs, lotto wins, even bulk mail delivery. One day I might get round to installing more up-to-date spam rejection software, but will it help?

Fri, 15 May 2015 21:08:31 UTC

Friday Squid Blogging: NASA's Squid Rover

Posted By Bruce Schneier

NASA is funding a study for a squid rover that could explore Europa's oceans. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 15 May 2015 11:20:06 UTC

Microbe Biometric

Posted By Bruce Schneier

Interesting: Franzosa and colleagues used publicly available microbiome data produced through the Human Microbiome Project (HMP), which surveyed microbes in the stool, saliva, skin, and other body sites from up to 242 individuals over a months-long period. The authors adapted a classical computer science algorithm to combine stable and distinguishing sequence features from individuals' initial microbiome samples into individual-specific "codes."...

Fri, 15 May 2015 04:26:29 UTC

Eighth Movie-Plot Threat Contest Semifinalists

Posted By Bruce Schneier

On April 1, I announced the Eighth Movie Plot Threat Contest: demonstrate the evils of encryption. Not a whole lot of good submissions this year. Possibly this contest has run its course, and there's not a whole lot of interest left. On the other hand, it's heartening to know that there aren't a lot of encryption movie-plot threats out there....

Thu, 14 May 2015 18:30:34 UTC

In Which I Collide with Admiral Rogers

Posted By Bruce Schneier

Universe does not explode. Photo here....

Thu, 14 May 2015 18:12:02 UTC

Admiral Rogers Speaking at the Joint Service Academy Cyber Security Summit

Posted By Bruce Schneier

Admiral Mike Rogers gave the keynote address at the Joint Service Academy Cyber Security Summit today at West Point. He started by explaining the four tenets of security that he thinks about. First: partnerships. This includes government, civilian, everyone. Capabilities, knowledge, and insight of various groups, and aligning them to generate better outcomes to everyone. Ability to generate and share...

Thu, 14 May 2015 11:18:23 UTC

License Plate Scanners Hidden in Fake Cactus

Posted By Bruce Schneier

The city of Paradise Valley, AZ, is hiding license plate scanners in fake cactus plants....

Thu, 14 May 2015 00:08:51 UTC

More unpacking

Posted By Greg Lehey

Another day spent mainly unpacking things. This loss of my backup disks really hurts. Yvonne went shopping as usual on a Wednesday, and came back with a 2 TB disk for my normal backups, complete with useless backup software. But it's software, so before blowing it away, I tried to back up the backup software from the backup disk. I wasn't completely successful: somehow all the Microsoft copy programs don't do what I want. In particular XCOPYnow, it seems, obsoletedidn't copy subdirectories when I asked it to. In the end I ended up with this: === root@eureka (/dev/pts/5) /home/grog 26 -> l -R /src/Seagate-backup-software/ total 281 -rwxr--r--  1 grog  wheel  131,685,492 11 Apr  2014 Seagate Dashboard Installer.dmg -rwxr--r--  1 grog  wheel  159,169,664  1 May  2014 Seagate Dashboard Installer.exe -rwxr--r--  1 grog  wheel          308  3 Sep  2014 SerialNumber.xml ...

Wed, 13 May 2015 02:47:24 UTC

LED and fluoro lights compared

Posted By Greg Lehey

I've already puzzled about the difference in brightness between my 700 lumen fluorescent globes and the 800 lumen LED globes: the latter seem nearly double as bright than the former. Today I finally got out a light meter and measured them. The existing fluoro globes gave a reading of EV 5.5, and the LED globes gave a reading of 6.0 under the same conditions. Both readings were consistent. Half an EV is 2, close enough to 1.4 for this level of accuracy. So if the LEDs are 800 lumens, the fluoros can't be more than 570 lumens. Another return in the offing.

Wed, 13 May 2015 02:32:23 UTC

SBS reception quality

Posted By Greg Lehey

In general our TV reception quality is much better than it used to be, but I've still had issues with SBS. Another look today. The dtv_multiplex table looked interesting: mysql> select mplexid, transportid, frequency from dtv_multiplex order by frequency; +---------+-------------+-----------+ | mplexid | transportid | frequency | +---------+-------------+-----------+ |       4 |         880 | 571625000 | |       3 |         563 | 578500000 | |       5 |        2461 | 585500000 | |       1 |       12922 | 592500000 | |       2 |        2050 | 599500000 | +---------+-------------+-----------+ That's exactly as it was last October.

Tue, 12 May 2015 21:13:50 UTC

German Cryptanalysis of the M-209

Posted By Bruce Schneier

This 1947 document describes a German machine to cryptanalyze the American M-209 mechanical encryption machine. I can't figure out anything about how it works....

Tue, 12 May 2015 20:09:13 UTC

Greenpeace, Renewable Energy, and Data Centers

Posted By James Hamilton

Greenpeace has focused on many issues of great import over the years. I like whales, dont like shark finning, and its hard to be a huge fan of testing nuclear weapons on South Pacific islands. Much good work has been done and continues to be done. Over the past three to five years, Greenpeace has...

Tue, 12 May 2015 10:41:48 UTC

Amateurs Produce Amateur Cryptography

Posted By Bruce Schneier

Anyone can design a cipher that he himself cannot break. This is why you should uniformly distrust amateur cryptography, and why you should only use published algorithms that have withstood broad cryptanalysis. All cryptographers know this, but non-cryptographers do not. And this is why we repeatedly see bad amateur cryptography in fielded systems. The latest is the cryptography in the...

Mon, 11 May 2015 11:26:25 UTC

More on the NSA's Capabilities

Posted By Bruce Schneier

Ross Anderson summarizes a meeting in Princeton where Edward Snowden was "present." Third, the leaks give us a clear view of an intelligence analyst's workflow. She will mainly look in Xkeyscore which is the Google of 5eyes comint; it's a federated system hoovering up masses of stuff not just from 5eyes own assets but from other countries where the NSA...

Sun, 10 May 2015 23:57:27 UTC

Reporting accuracy, Facebook style

Posted By Greg Lehey

We had 18.2 mm rain overnight, quite a bit for round here. Our water tanks are full. In the afternoon I found a post on Facebook: Does anybody have a rain gauge reading for past 24 hours? Several useful replies, none with sub-millimetre resolution, but suggesting that further south in the middle of Dereel the rainfall was between 21 and 25 mm. But which one got a like? We have had a lot of rain, during the night it was quite heavy and this morning Now doesn't that say a lot to people who live here?

Sun, 10 May 2015 23:55:25 UTC

Acclimatization

Posted By Greg Lehey

Another night in the new house, a little more restful than the previous. The cats are still unhappy, and I've established what the motor noise is: a freezer in the laundry, also just a couple of metres from my head. We may need to move that. Spent the day installing more of the electronics infrastructure. My main Ethernet switch, a D-Link DGS-1008D, is flaky: it kept going into what looked like a self-test sequence with alternately all Link LEDs and then the speed LED for port 8 lighting, something that is, of course, not mentioned in the manual.

Sun, 10 May 2015 02:03:47 UTC

The Return to the Cloud

Posted By James Hamilton

Zynga is often in the news because gaming is hot and Zynga has been, and continues to be, a successful gaming company. What’s different here is the story isn’t about gaming nor is it really about Zynga itself. The San Francisco gaming house with a public valuation of $2.5B was an earlier adopter of cloud...

Sun, 10 May 2015 01:47:05 UTC

Comparing LED and fluoro globes

Posted By Greg Lehey

I've already puzzled about the difference in light output between fluorescent and LED light globes. Now I have started replacing the fluoros with LED, I'm even more puzzled. Yes, the LEDs are brighter (rated at 800 instead of 700 lumens), but they seem to be nearly double the brightness. Time to do some light measurements. ACM only downloads articles once.

Sun, 10 May 2015 01:35:32 UTC

Bringing up the network

Posted By Greg Lehey

For the first time we have a gigabit network to almost every room in the house, including the shed. Only the laundry is missing. We haven't provided for a connection in the pantry, but that's where the central switch is, so effectively we have a network there too: Put lagoon, Yvonne's computer in with relatively little difficulty, though it's clear that the name is no longer appropriate. Also reinstalled dischord, the Microsoft box I use for photo processing. Somehow this looks wrong: === grog@eureka (/dev/pts/6) ~/Photos/20150507 3 -> ruptime dischord                   up   4+07:53,     0 users,  load 0.99, 0.19, 0.06 eureka                     up   ...

Sun, 10 May 2015 00:13:36 UTC

Reviving eureka

Posted By Greg Lehey

I over to the new house to bring up eureka. I hadn't expected a smooth ride, and I was right. Even cabling things up is non-trivial with a four monitor system. but when I finally did it with as little mess as possible, I had firewall hell again. The biggest issue was the change of the gateway address, but after everything I did, I still can't ping any local interface apart from lo0. And for obviously completely unrelated reasons, the mouse became much more sensitive. All this is in unchanged configuration files. Why does that happen? On a more positive note, when connecting monitor 4 (the one connected by HDMI), it was recognized immediately.

Sat, 09 May 2015 19:00:00 UTC

From the Hill

Posted By Tim Bray

Joseph Heath argued in 2001s The Efficient Society that Canadian society is about as optimal as it gets. This idea is not completely crazy, even when one loathes the gang currently in charge. This week I made a rare visit to Ottawa, took pictures, and thought about Canadian-ness. The West Wing of Parliament, currently under construction.It looked so cool at night; many pictures and only one came out. Parliament Hill is a welcoming place.Theres lots of grass out front to play catch or stretch out on. Weve had a heavy news week: a couple of provincial elections, a Guantanamo victim released, and a draconian new national-security law passed.

Sat, 09 May 2015 08:29:24 UTC

Moving house, day 2

Posted By Greg Lehey

The day started with improvised breakfast: The red saucer dates from early 1968, when Kaufhof opened its first store in Hamburg, in the Mönckebergstraße. Apart from a second saucer, all has broken, and the saucers are chipped, and they're just there because I hate to throw anything out. The mug is some amazingly poor quality gift from some hotel in Kuala Lumpur, only about 20 years ago. The movers had promised to be here earlier today, and to a certain extent they were.

Sat, 09 May 2015 08:26:53 UTC

Understanding computers

Posted By Greg Lehey

What's an appropriate caption to this one? I'd go for Don't give up, Joe, newcomers always have difficulties learning to use computers. You'll make it. ACM only downloads articles once. It's possible that this article has changed since being downloaded, but the only way you can find out is by looking at the original article.

Fri, 08 May 2015 21:04:33 UTC

Friday Squid Blogging: Squid Chair

Posted By Bruce Schneier

Squid chair. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 08 May 2015 19:22:22 UTC

Cybersecurity Summer Camps

Posted By Bruce Schneier

For high-school kids....

Fri, 08 May 2015 11:13:11 UTC

Stealing a Billion

Posted By Bruce Schneier

It helps if you own the banks: The report said Shor and his associates worked together in 2012 to buy a controlling stake in three Moldovan banks and then gradually increased the banks' liquidity through a series of complex transactions involving loans being passed between the three banks and foreign entities. The three banks then issued multimillion-dollar loans to companies...

Thu, 07 May 2015 17:30:24 UTC

Online Dating Scams

Posted By Bruce Schneier

Interesting research: We identified three types of scams happening on Jiayuan. The first one involves advertising of escort services or illicit goods, and is very similar to traditional spam. The other two are far more interesting and specific to the online dating landscape. One type of scammers are what we call swindlers. For this scheme, the scammer starts a long-distance...

Thu, 07 May 2015 04:11:19 UTC

Books Room

Posted By Benjamin Mako Hill

Is the locked “books room” at McMahon Hall at UW a metaphor for DRM in the academy? Could it be, like so many things in Seattle, sponsored by Amazon? Mika noticed the room several weeks ago but felt that today’s International Day Against DRM was a opportune time to raise the questions in front of … Continue reading Books Room

Thu, 07 May 2015 03:43:11 UTC

DRM on Streaming Services

Posted By Benjamin Mako Hill

For the 2015 International Day Against DRM, I wrote a short essay on DRM for streaming services posted on the Defective by Design website. I’m republishing it here. Between 2003 and 2009, most music purchased through Apple’s iTunes store was locked using Apple’s FairPlay digital restrictions management (DRM) software, which is designed to prevent users … Continue reading DRM on Streaming Services

Wed, 06 May 2015 22:12:12 UTC

Another Example of Cell Phone Metadata Forensic Surveillance

Posted By Bruce Schneier

Matthew Cole explains how the Italian police figured out how the CIA kidnapped Abu Omar in Milan. Interesting use of cell phone metadata, showing how valuable it is for intelligence purposes....

Wed, 06 May 2015 12:09:59 UTC

An Example of Cell Phone Metadata Forensic Surveillance

Posted By Bruce Schneier

In this long article on the 2005 assassination of Rafik Hariri in Beirut, there's a detailed section on what the investigators were able to learn from the cell phone metadata: At Eid's request, a judge ordered Lebanon's two cellphone companies, Alfa and MTC Touch, to produce records of calls and text messages in Lebanon in the four months before the...

Tue, 05 May 2015 17:51:16 UTC

The NSA's Voice-to-Text Capabilities

Posted By Bruce Schneier

New article from the Intercept based on the Snowden documents....

Tue, 05 May 2015 11:59:36 UTC

Easily Cracking a Master Combination Lock

Posted By Bruce Schneier

Impressive. Kamkar told Ars his Master Lock exploit started with a well-known vulnerability that allows Master Lock combinations to be cracked in 100 or fewer tries. He then physically broke open a combination lock and noticed the resistance he observed was caused by two lock parts that touched in a way that revealed important clues about the combination. (He likened...

Tue, 05 May 2015 03:49:25 UTC

Announcing a financial assistance policy for ISO C++ meetings

Posted By Herb Sutter

Today it was my pleasure to announce a financial assistance policy for ISO C++ meetings. You can read about it at the announcement here.Filed under: Uncategorized

Mon, 04 May 2015 15:00:00 UTC

Note to Boeing 787 Dreamliner owners: Reboot every 248 days

Posted By Tom Limoncelli

If you own a Boeing 787 Dreamliner, and I'm sure many of our readers do, you should reboot it every 248 days. In fact, more frequently than that because at about the 248-day mark, the power system will fail due to a software bug. Considering that 248 days is about 2^31 * 100, it is pretty reasonable to assume there is a timer with 100 microsecond resolution timer held in a 32-bit unsigned int. It would overflow every 248 days. " Hell yeah, I did it! I saved 4 bytes every time we store a timestamp. Screw you. It's awesome.

Mon, 04 May 2015 11:17:04 UTC

Detecting QUANTUMINSERT

Posted By Bruce Schneier

Fox-IT has a blog post (and has published Snort rules) on how to detect man-on-the-side Internet attacks like the NSA's QUANTUMINSERT. From a Wired article: But hidden within another document leaked by Snowden was a slide that provided a few hints about detecting Quantum Insert attacks, which prompted the Fox-IT researchers to test a method that ultimately proved to be...

Mon, 04 May 2015 00:28:31 UTC

Recovering monitor 4

Posted By Greg Lehey

So was the failure of monitor 4 due to the fact that it wasn't powered on when I booted eureka? The only way to find out was toshudderreboot. Did that, and for some reason the system decided that one of the disks needed an hour-long fsck. Why? It was a demonstrably clean shutdown. In any case, after it came back up, sure enough, monitor 4 functioned normally. I wonder if there's a way to re-probe the connection without having to reboot. ACM only downloads articles once.

Sun, 03 May 2015 21:10:02 UTC

Two NYC-area Puppet-related events

Posted By Tom Limoncelli

There are still tickets available for Puppet Camp New York 2015, Friday, May 15, 2015. It is a day of presentations useful for folks from beginner to advanced. I'll be one of the speakers. In my talk I'll be demoing some of the things we do at StackOverflow that make using Puppet safer: Git, CI, Vagrant, and using Puppet Environments. A lot of people at these events aren't using Puppet yet, so the material is usually very introductory. I'll be doing a rehearsal of my talk this Thursday (May 7th) at the NJ LOPSA chapter meeting. They meet in Lawrenceville, NJ (near Princeton).

Sun, 03 May 2015 18:50:35 UTC

Backupify: a case study in incompetent marketing

Posted By Tom Limoncelli

A year or so ago I tried Backupify and then disabled it shortly after. Ever since I've received many emails from them, mostly warning that my disabled account was... umm.. disabled. Thanks for the reminder. On April 17th I complained to them via their Zendesk system and their support agent Adam Deligianis explained the issue and cancelled the account. " I have now processed the cancellation of your account so you will not receive any more emails from us." (link) This week I got more spam from them. This was was pseudo-personal message from Rob May, a SVP of Business Development, that states, "You are receiving this email regardless of your unsubscribe settings because it includes important information that impacts availability of your Backupify account."

Sun, 03 May 2015 04:45:06 UTC

Powercor: going-away present

Posted By Greg Lehey

Power failure at 17:50 this evening. Thank God that will soon be a thing of the past. Saturday is also our good food evening, so the failure was at the worst possible time. Still, we have a generator, so why not keep things running? Dragged it out, fired it up, pulled a cable the length of the house to my computer UPS, and by the time I had done it the generator had stopped again. That's the first time ever. Further investigation showed that they last person (one of the builders) who used the generator hadn't turned off the petrol tap, so I had instead.

Sun, 03 May 2015 04:38:25 UTC

Lighting in the 21st century

Posted By Greg Lehey

Once upon a time electric lighting was simple: you bought a globe, either bayonet or Edison screw, and you chose the wattage to match the amount of light you wanted. But that's so 20th century. In the last couple of weeks we have bought lamps with three different technologies, none of them traditional incandescent, and it seems that even the equivalences we have come to take for granted are incorrect. And what do the manufacturers do? They relate them all to obsolete incandescent wattages. And two weeks ago I established that 11 W fluorescent globes (equivalent to 60 W) produce 700 lumen, whereas a traditional 60 W incandescent globe produces about 960 lumens.

Sat, 02 May 2015 00:55:01 UTC

Not a blog post.

Posted By Joel Spolsky

This is a test. Dont get too excited :) Need to hire a really great programmer? Want a job that doesn't drive you crazy? Visit the Joel on Software Job Board: Great software jobs, great people.

Fri, 01 May 2015 21:16:26 UTC

Friday Squid Blogging: Ceramic Squid Planters

Posted By Bruce Schneier

Nice....

Fri, 01 May 2015 19:43:22 UTC

Digital Privacy Public Service Announcement

Posted By Bruce Schneier

I thought this was very well done....

Fri, 01 May 2015 17:46:24 UTC

Ears as a Biometric

Posted By Bruce Schneier

It's an obvious biometric for cell phones: Bodyprint recognizes users by their ears with 99.8% precision with a false rejection rate of only 1 out of 13. Grip, too. News story....