Facebook adopts bank-level security
Something prompted me to look at Facebook again today. When I did, I was presented with a surprising message: That's doubly interesting. First, I was accessing it from the same browser as usual, so any cookies should still have been there. And secondly, this STUPID idea that only I would know my date of birth. I suppose they can justify it, though, with “if it's secure enough for banks, it's secure enough for us”. The (belatedly) promised hot weather came, but also a lot of rain.
Ikea Canada: WTF?
A few months ago, we needed more desks for our office, so I figured I’d order them from the Ikea website. Easy to do, except that the Ikea.ca store doesn’t work with US credit cards, and our corporate card is a US card. So I bite my tongue about the craziness of e-commerce [...]
All Subversive Organizations Now Must Register in South Carolina
This appears not to be a joke: The state's "Subversive Activities Registration Act," passed last year and now officially on the books, states that "every member of a subversive organization, or an organization subject to foreign control, every foreign agent and every person who advocates, teaches, advises or practices the duty, necessity or propriety of controlling, conducting, seizing or overthrowing...
New column: Why is Ofcom ready to allow BBC DRM?
In my latest Guardian column, "Why did Ofcom back down over DRM at the BBC?" I look at how lamentably credulous both the BBC and its UK regulator, Ofcom, have been in accepting US media' giants threats to boycott the Beeb if it doesn't add digital rights management to its broadcasts. The BBC is publicly [...]
IT services market looks optimistic
What a day of positivity!I can honestly say that in all my years of coming to the annual NASSCOM conference for most of the past decade, I have never felt such optimism about the IT services marketplace.One year ago, India was an entirely different place. The terrorist attacks on Mumbai were fresh in the mind of many delegates, the recession was at a peak, and one of the leading IT firms ¿ Satyam ¿ was falling apart due to a financial scandal. One year on, everyone I met has reported good news.And not good news in a very simplistic `people are ordering IT again' way.
Corporate social responsibility recognised at NASSCOM
It's the first day of the NASSCOM conference in Mumbai, India and in true NASSCOM style they opened with some interesting and unusual sessions. This time the conference opened with the NASSCOM Social Innovation Honours ¿ awards to firms that had led the corporate social responsibility agenda.One of the winning firms was actually European ¿ Steria. They won the award for the best ICT-led innovation in CSR for their work supporting schools in India. The numbers are actually astounding and go far beyond most CSR programmes.
Outguessing the Terrorists
Isn't it a bit embarrassing for an "expert on counter-terrorism" to be quoted as saying this? Bill Tupman, an expert on counter-terrorism from Exeter University, told BBC News: "The problem is trying to predict the mind of the al-Qaeda planner; there are so many things they might do. "And it is also necessary to reassure the public that we are...
More old laptops
I've given up on using the old ThinkPad for the kitchen. Modern bloated web browsers just won't run in 96 MB of main memory. I don't want to buy a new disk for my Dell Inspiron 1100: it needs PATA disks, of course, and they're ridiculously expensive in comparison both to SATA and to cheap new laptops. But Chris had an old Dell Inspiron 8100 with some defect or another, but presumably a functional disk, so today Yvonne brought it over and I took a look. I remember working with this machine a couple of years ago, and that's what the installation of SuSE Linux claimed too—the battery was still functional!
Whiskers!
Assignment for Dailyshoot 85 on 2010/02/08: “Pet photos are such a cliche, but they're also cute. Make an interesting photo of a pet today. (via @rmanalan)” He wondered why I was hovering over him with this swollen black clicking thing. After I whistled five or six times to get him to look at me, he started tuning me out.
The Limits of Visual Inspection
Interesting research: Target prevalence powerfully influences visual search behavior. In most visual search experiments, targets appear on at least 50% of trials. However, when targets are rare (as in medical or airport screening), observers shift response criteria, leading to elevated miss error rates. Observers also speed target-absent responses and may make more motor errors. This could be a speed/accuracy tradeoff...
New Podcast, “Sensored,” a short-short story about ubicomp
"Sensored" is a short-short story commissioned by the UK Open University's computer science department for use in My digital life (TU100), its ubiquitous computing course. It's licensed Creative Commons Attribution-NonCommercial-ShareAlike. I'm pleased with how it worked out, and I'm honoured to be a Visiting Senior Lecturer in the OU's comp sci department. Mastering by John Taylor [...]
More Details on the Chinese Attack Against Google
Three weeks ago, Google announced a sophisticated attack against them from China. There have been some interesting technical details since then. And the NSA is helping Google analyze the attack. The rumor that China used a system Google put in place to enable lawful intercepts, which I used as a news hook for this essay, has not been confirmed. At...
Error reporting: for wimps
One of the more obvious misfeatures in my weather station software is the comparison between local readings and remote weather stations. My local readings are typically once a minute, while the best I can get from remote stations is every 30 minutes. In some cases (like pressure readings from Ballarat airport), the readings are three hours apart. From a programmatic point of view it's easy enough to interpolate, but what meaning does such an interpolation have? Combined with gnuplot's strange smoothing algorithm, the result looks like a roller coaster. So today worked on changing that, to take the local reading immediately following the remote reading.
Student Intersection
Every year about this time, I host some undergraduate engineering students for a two-day whirlwind tour with customers, partners and employees in New York City. It gives the students a chance to see where an engineering degree can take them, and to discover what's different between short-term college projects and complex real-world product engineering. It gives me an early glimpse of the current engineering social context and lets me what technologies are mainstream enough to be used as teaching tools. One of our running conversations was how to tackle a problem that hadn't been seen before. What choices do you make, or constraints do you put in place, if you have to think about scale, speed, or complexity that isn't in the literature?
Heading Out to the Game
Assignment for Dailyshoot 84 on 2010/02/07: “Challenge: Practice storytelling today. Look for 3 images that tell a story, and make a set of photos that go together.” Super Sunday: With friends in the burbs, and a sad ending.
In Spring
Young men's fancy turns to thoughts of, well, it depends. It's been well into the Celsius teens in recent days, with splashes of sun. Certain public-spirited young women leap at the chance to celebrate by way of a short skirt. I'm young enough to appreciate that, but old enough to be a gardener. After all, the short skirts and these vibrant colors are closely related in their intended function. For the younger men, specifically my own 10½-year-old, the season's thoughts are of videogames. I succumbed Sunday morning to intense lobbying and took him and his friend off to the mall to visit the local EB Games AKA GameStop for some swapping and shopping.
Scaling Second Life
As many of you know I collect high-scale scaling war stories. I've appended many of them below. Last week Ars Technica published a detailed article on Scaling Second Life: What Second Life can Teach your Datacenter About Scaling Web Apps. This article by Ian Wilkes who worked at Second Life from 2001 to 2009 where he was director of operations. My rough notes follow: · Understand scale required: o Billing system serving US and EU where each user interacts annually and the system has 10% penetration: 2 to 3 events/second o Chat system serving UE and EU where each user sends 10 message/day during workday: 20k messages/second · Does the system have to be available 24x7 and understand the impact of downtime (beware of over-investing in less important dimensions at the expense of those more important) · Understand ...
New Attack on Threefish
At FSE 2010 this week, Dmitry Khovratovich and Ivica Nikolic presented a paper where they cryptanalyze ARX algorithms (algorithms that use only addition, rotation, and exclusive-OR operations): "Rotational Cryptanalysis of ARX." In the paper, they demonstrate their attack against Threefish. Their attack breaks 39 (out of 72) rounds of Threefish-256 with a complexity of 2252.4, 42 (out of 72) rounds...
The Checklist Manifesto
I just finished reading "The Checklist Manifesto" by Atul Gawande, a very interesting book.Gawande, a surgeon, essentially makes the following point. Given the incredible amount of knowledge we have accumulated in some professions, the complexity of certain tasks could be incredibly overwhelming to professionals (e.g., surgeons, airline pilots). Since in many situations these professionals work under pressure, they often forget some very simple yet important steps that later create unforseen problems (e.g., making sure the antibiotics are applied at a particular time before the incision is made into the patient).Hence, he argues for simple checklists that teams should go through to ensure that important details are not glossed over.
A Trip to Australia
I recently returned from a trip to Australia, where I gave a keynote at the Australasian Computer Science Week, the annual gathering of computer scientists from Australia and New Zealand. You can see a journalist's account of what I talked about here.There is a small but very strong database community in Australia, and I encourage anyone who has a chance to go down under and visit. The strength of the community was apparent when two of the three major annual awards were given for database work. Heng Tao Shen from the University of Queensland received the Chris Wallace Award. This is the top prize given for technical achievements across all fields of computer science (full professors are not eligible for this prize).
Riviera
Assignment for Dailyshoot 83 on 2010/02/06: “Curves carry the eye along with them. Make a photo that creates a sense of movement with curves today.” Taken from just northwest of this particular Seventies-vintage Buick, looking southeast.
Weather and spiders
More investigation of the weather station today to find out why no rain had been reported. Reinstated my memory dump program, which still has problems with reading particular locations—high time I tested this on another system. It showed that the station had really recorded no rainfall at all over the last 36 hours. So it's not a bug in my software. Decided to investigate the device. I have a spare, thanks to Powercor, so took a look at it. It has a cover (held in place by press tabs at each end), and a bucket that tips alternately in each direction: Went out to take a look at the one at the top of the pole.
They're Hiring!
Something about my Current Status post the other day touched a nerve, and a substantial number of people wanted me to pass on the fact that they're hiring and might well be interested in Sun alumni. (Hmm... now this piece is provoking “us too” notices. I'll update, for a while anyhow.) Of course, I should mention that at the recent Oracle/Sun media event, all the executives we're wearing “We're Hiring!” buttons; probably not Sun alumni right now, but lots of people aren't and we get to be at the top of the list. Here are the rest: The Googlers were well-represented; I heard from Denton Gentry (“There are many Sun alumni at Google, and many reqs open.
My Neighbor
Assignment for Dailyshoot 82 on 2010/02/05: “More fun on a Friday: Make a photo that goes with the title of a movie you've seen, interpreted any way you like!” On one of my many trips to Japan, someone gave me this charming Totoro music-box. I can't remember who; if it was you, please accept my apologies and let me know.
Shaping young minds
I'm off to CMU at the weekend, in order to do a couple of talks on Monday (the 8th). I'll be giving an introduction to ACPI to the operating systems class in the morning, and an open presentation on Fedora, some of the challenges we face and how to get involved in Linux in the afternoon. This is as a result of our cooperation with CMU, which has led to things like the request on the right. How could we refuse?
Scaring the Senate Intelligence Committee
This is unconscionable: At Tuesday's hearing, Senator Dianne Feinstein, Democrat of California and chairwoman of the Senate Intelligence Committee, asked Mr. Blair [the Director of National Intelligence] to assess the possibility of an attempted attack in the United States in the next three to six months. He replied, "The priority is certain, I would say" -- a response that was...
World's Largest Data Collector Teams Up With Word's Largest Data Collector
Does anyone think this is a good idea? Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google -- and its users...
Weather station software: structural issues
My weather software is still in a mess. One process regularly crashes after midnight because there is no data available for the day. That's harmless (it gets restarted, and sooner or later the data arrives), but also trivial to fix. I thought. The problem is that I keep restructuring things, particularly configuration, and it seemed to make sense to have a standardized set of parameters for each process (in fact, it makes more sense for the main process to fork the others), so spent some time restructuring the code for startup and reading configuration. That took longer than I expected. And today was the first day in nearly 3 weeks that we've had rain, 14 mm of it in the rain gauge.
Current Status
I'm getting a lot of questions, and I think it's important that readers know who pays the author of the words they're reading. So: I have received an offer of employment from Oracle, with compensation that's acceptable, and am waiting for information about the role that is contemplated and where I'd fit into the organization. I have until next week to accept or decline. I'm pleased that I got an offer, and assume that the picture will fill in soon; merging an 80K-headcount company with a 30K-headcount acquisition is complex, but Oracle has been around this track lots of times. I'm sad about the Sun people who are on their way out (except for the ones who wanted out) and expect that this wave of pretty-senior and pretty-clueful people will have a noticeable impact on the industry.
This is not like that
Assignment for Dailyshoot 81 on 2010/02/04: “Contrasting ideas engage the mind. Make a photo today that tells a story with contrasting elements. (via @dibytes)” This architecture is not like that architecture. In Vancouver's mostly-boring downtown.
Security and Function Creep
Security is rarely static. Technology changes both security systems and attackers. But there's something else that changes security's cost/benefit trade-off: how the underlying systems being secured are used. Far too often we build security for one purpose, only to find it being used for another purpose -- one it wasn't suited for in the first place. And then the security...
I'm a Forbes Web Celeb!
Hey, this is cool! I made Forbes's 25 Web Celebs list again -- I'm in the top 10!
Censors back down
Yesterday I wrote about network censorship in South Australia. I was wrong, of course: on reconsidering, this isn't really censorship, thought that's the word most people are using. It's really a restriction of privacy. In a country where free speech isn't guaranteed (yes, that applies to Australia, though the general viewpoint is that it should be tolerated), the requirement to put your name to what you write suggests potential prosecution. That's doubly stupid: first, it makes the government look bad to exactly those people whom it needs to reelect them, and secondly it's as good as impossible to confirm whether the name and postcode given are correct or not, as Russell Coker observes.
Vacant Lot (detail)
Assignment for Dailyshoot 80 on 2010/02/03: “Make a "sharp" photo today any way you interpret it, either tack-sharp focus or a subject that is sharp itself.” This wall facing a vacant lot has been left unfinished for a long time, as we wait for construction. The pigeons have noticed.
Anonymity and the Internet
Universal identification is portrayed by some as the holy grail of Internet security. Anonymity is bad, the argument goes; and if we abolish it, we can ensure only the proper people have access to their own information. We'll know who is sending us spam and who is trying to hack into corporate networks. And when there are massive denial-of-service attacks,...
It's time for the NASSCOM conference in India
It's that time of the year again. The NASSCOM conference in Mumbai, India, is the largest annual gathering of tech people in India. And now, with over 20 countries represented, it's a more of a global gathering looking at the year ahead in outsourcing and technology services.I'll be there all next week reporting back to you on what's happening at the event - I'm even an official NASSCOM blogger.
Outsourcing recession draws to an end
New research from outsourcing advisory firm TPI has given a boost to the consensus that the recession is over in outsourcing.Though the contract value of deals signed in EMEA for the full year 2009 are down, if you look at the final quarter value then it's almost the same as Q2 2008 ¿ the final period before the downturn affected the outsourcing market.That's only to be expected ¿ confidence has been rising as 2009 went on. I know myself just from talking to people in the market, but it's good to see the hard data from TPI reflecting what people are saying out on the street.
Engaged
Censorship and clueless politicians
You'd think that by now that even Australian politicians would have understood that they have little control over the Internet. Maybe they have, but they've found a strange way to demonstrate it. According to a report in the Adelaide News, both sides of the South Australian Government have agreed that critical comments on the web, notably the Adelaide News, about the coming state election, must be signed with name and post code (which assumes that the commenter lives in a country with post codes, and presumably that, unlike the UK, they're generic enough not to identify a single house): Mr Atkinson described AdelaideNow as "not just a sewer of criminal defamation' but also "a sewer of identity theft and fraud'.
Wet, Blue, and Early
Assignment for Dailyshoot 79 on 2010/02/02: “It's Groundhog Day in the U.S. Make a photo that illustrates whether it's more like winter or spring where you live.” These (very early) crocuses would be open were they sunlit, but here they're coated with raindrops.
On the Main
Assignment for Dailyshoot 78 on 2010/02/01: “Time for another color theme: Orange! Keep your eyes peeled for anything orange today and make an interesting photo.” On Vancouver's Main Street, which is trying to gentrify its legacy of elderly and, um, sincere retail architecture.
More Movie Plot Terrorist Threats
The Foreign Policy website has its own list of movie-plot threats: machine-gun wielding terrorists on paragliders, disease-laden insect swarms, a dirty bomb made from smoke detector parts, planning via online games, and botulinum in the food supply. The site fleshes these threats out a bit, but it's nothing regular readers of this blog can't imagine for themselves. Maybe they should...
Online Credit/Debit Card Security Failure
Ross Anderson reports: Online transactions with credit cards or debit cards are increasingly verified using the 3D Secure system, which is branded as "Verified by VISA" and "MasterCard SecureCode". This is now the most widely-used single sign-on scheme ever, with over 200 million cardholders registered. It's getting hard to shop online without being forced to use it. In a paper...
