An aggregation of our Blog Roll, made up of acmqueue authors.   more

Postings for March 2015:  (72 posts)
Fri, 27 Mar 2015 17:37:58 UTC

Usenix LISA 2015 Call For Participation (3 weeks left!)

Posted By Tom Limoncelli

Only 3 weeks left to submit talk and paper proposals for LISA 2015. This year's conference is in Washington D.C. on November 8-13. This might be a good weekend to spend time writing your first draft! Don't be afraid to submit proposals early. Unsure of your topic? Contact the chairs and bounce ideas off of them.

Fri, 27 Mar 2015 12:01:04 UTC

Yet Another Computer Side Channel

Posted By Bruce Schneier

Researchers have managed to get two computers to communicate using heat and thermal sensors. It's not really viable communication -- the bit rate is eight per hour over fifteen inches -- but it's neat....

Thu, 26 Mar 2015 14:46:15 UTC

New Zealand's XKEYSCORE Use

Posted By Bruce Schneier

The Intercept and the New Zealand Herald have reported that New Zealand spied on communications about the World Trade Organization director-general candidates. I'm not sure why this is news; it seems like a perfectly reasonable national intelligence target. More interesting to me is that the Intercept published the XKEYSCORE rules. It's interesting to see how primitive the keyword targeting is,...

Wed, 25 Mar 2015 15:00:00 UTC

The State of DevOps Report

Posted By Tom Limoncelli

Where does it come from? Have you read the 2014 State of DevOps report? The analysis is done by some of the world's best IT researchers and statisticians. Be included in the 2015 edition! A lot of the data used to create the report comes from the annual survey done by Puppet Labs. I encourage everyone to take 15 minutes to complete this survey. It is important that your voice and experience is represented in next year's report. Take the survey But I'm not important enough! Yes you are. If you think "I'm not DevOps enough" or "I'm not important enough" then it is even more important that you fill out the survey.

Wed, 25 Mar 2015 11:55:48 UTC

Capabilities of Canada's Communications Security Establishment

Posted By Bruce Schneier

There's a new story about the hacking capabilities of Canada's Communications Security Establishment (CSE), based on the Snowden documents....

Wed, 25 Mar 2015 01:21:20 UTC

More GPS navigator fun

Posted By Greg Lehey

Today was the first time I used the new GPS navigator in the city. Of course it tried to take me through places that didn't exist, but the most surprising thing was what happened when I tried to find alternative ways from the city to Surrey Hills: it kept changing its mind, wanting to take me north of Victoria Street (probably correctly) and south of Victoria Street (very definitely wrong). And when we changed our minds to go to Springvale, Victoria instead, it tried to take me straight through the middle of town instead of the designated way to the freeway.

Wed, 25 Mar 2015 01:20:20 UTC

A new low in user interfaces

Posted By Greg Lehey

Parking at the Victoria market was made no easier by the parking meters. They're modern and electronic, of course, with a low-contrast, reflective LCD display: Today was overcast, so the display was marginally legible. On a sunny day I would have been facing into the sun, so things would have been much worse. Even so, to read the display you need either to be about 1.50 m tall or kneel down in front of it.

Tue, 24 Mar 2015 14:30:04 UTC

2015 DevOps Survey

Posted By Tom Limoncelli

Have you taken the 2015 DevOps survey? The data from this survey influences many industry executives and helps push them towards better IT processes (and removing the insanity we find in IT today). You definitely want your voice represented. It takes only 15 minutes. Take the 2015 DevOps Survey Now

Tue, 24 Mar 2015 14:04:42 UTC

Reforming the FISA Court

Posted By Bruce Schneier

The Brennan Center has a long report on what's wrong with the FISA Court and how to fix it. At the time of its creation, many lawmakers saw constitutional problems in a court that operated in total secrecy and outside the normal "adversarial" process.... But the majority of Congress was reassured by similarities between FISA Court proceedings and the hearings...

Mon, 23 Mar 2015 19:00:00 UTC

RFC 7493: The I-JSON Message Format

Posted By Tim Bray

The Olde ASCII is at rfc7493.txt. Ill put a nicely-formatted HTML version here as soon as I pull a few pieces together. This is really, really simple stuff and should be about as controversy-free as an RFC can be. Back story Basically, RFC 7159 is the JSON RFC; it describes the existing panoply of JSON specs, and also more-or-less unifies the (small) incompatibilities between them. The history is here, from which I quote: If youre interested, I recommend opening up the HTML version and searching forward for the string interop. There are 17 occurrences. If youre generating JSON  something a lot of us do all the time  and make sure you avoid the mistakes highlighted in those 17 places, youre very unlikely to cause pain or breakage in software thats receiving it.

Mon, 23 Mar 2015 12:07:54 UTC

BIOS Hacking

Posted By Bruce Schneier

We've learned a lot about the NSA's abilities to hack a computer's BIOS so that the hack survives reinstalling the OS. Now we have a research presentation about it. From Wired: The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually...

Mon, 23 Mar 2015 04:32:57 UTC

Cheap toner: the truth

Posted By Greg Lehey

As planned earlier this week, I bought some cheap toner for my laser printer. How do you install it? Easy, in principle. But there's a little problem. Here are the new cartridge on the top (still with protective cover) and the old one below: Half the cartridge is missing! Am I supposed to re-use the old one? If so, the least they could have done was to tell me how to do it. The other difference showed up when I read the printer instructions.

Mon, 23 Mar 2015 04:21:11 UTC

Y2K catches up

Posted By Greg Lehey

Last night's pepper steak required a little stock powder. We really don't use much, and the jars I have are long past their use-by date: It's interesting that they changed date format between the two jars. I had half expected them to have changed back, but it seems they haven't. The older jar has got so hard that I couldn't get anything out of it. I don't suppose it's too soon to throw it out. ACM only downloads articles once.

Sun, 22 Mar 2015 00:27:13 UTC

Understanding Google Plus

Posted By Greg Lehey

Some months ago, when I was complaining about Facebook, Peter Jeremy (a Google employee) suggested that I use Google Plus instead. I signed up, took a look, and found it confusing. It also didn't address the issue that I don't like the concept anyway. So I forgot about it again. Then today Peter was analysing the display of my web pages on mobile devices. I asked him for screen shots, and got the reply: <groggyhimself> Can you send me a screen shot? <peter> groggyhimself: I've shared them with you. <groggyhimself> ? <peter> groggyhimself: Look in Google+.

Sat, 21 Mar 2015 23:40:17 UTC

Still more network problems

Posted By Greg Lehey

I was out of the office most of the morning, but when I got back I found: Start time End time Duration Badness from to (seconds) 1426893625 1426895771 2146 0.005 # 21 March 2015 10:20:25 21 March 2015 10:56:11 1424453814 1424645964 192150 0.026 # 21 February 2015 04:36:54 23 February 2015 09:59:24 1425657732 1425657839 107 0.004 # 7 March 2015 03:02:12 7 March 2015 03:03:59 1426077275 1426077511 236 0.009 # 11 March 2015 23:34:35 11 March 2015 23:38:31 1426081952 1426083273 1321 0.811 # 12 March 2015 00:52:32 12 March 2015 01:14:33 1426083535 1426084719 1184 13.740 # 12 March 2015 01:18:55 12 March 2015 01:38:39 1426084979 1426085070 91 13.846 # 12 March 2015 01:42:59 12 March 2015 01:44:30 1426086004 1426086758 ...

Sat, 21 Mar 2015 20:33:00 UTC

Another variation on forging the Wolf's Tooth Pattern

Posted By Niels Provos

Fri, 20 Mar 2015 21:29:44 UTC

Friday Squid Blogging: Squid Pen

Posted By Bruce Schneier

Neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 20 Mar 2015 18:51:04 UTC

New Paper on Digital Intelligence

Posted By Bruce Schneier

David Omand -- GCHQ director from 1996-1997, and the UK's security and intelligence coordinator from 2000-2005 -- has just published a new paper: "Understanding Digital Intelligence and the Norms That Might Govern It." Executive Summary: This paper describes the nature of digital intelligence and provides context for the material published as a result of the actions of National Security Agency...

Fri, 20 Mar 2015 11:56:11 UTC

Cisco Shipping Equipment to Fake Addresses to Foil NSA Interception

Posted By Bruce Schneier

Last May, we learned that the NSA intercepts equipment being shipped around the world and installs eavesdropping implants. There were photos of NSA employees opening up a Cisco box. Cisco's CEO John Chambers personally complained to President Obama about this practice, which is not exactly a selling point for Cisco equipment abroad. Der Spiegel published the more complete document, along...

Fri, 20 Mar 2015 01:13:31 UTC

Out of date, part 2

Posted By Greg Lehey

Mail from Google (really!) today: Date: Wed, 18 Mar 2015 18:29:15 -0700 (PDT) From: Google Webmaster Tools Team <> Subject: Fix mobile usability issues found on Google systems have tested 3,000 pages from your site and found that 100% of them have critical mobile usability errors. The errors on these 3,000 pages severely affect how mobile users are able to experience your website. These pages will not be seen as mobile-friendly by Google Search, and will therefore be displayed and ranked appropriately for smartphone users. What's that? There are lots of links, of course.

Fri, 20 Mar 2015 00:42:56 UTC

SpamAssassin: past use-by date?

Posted By Greg Lehey

I've been finding that SpamAssassin has flagged more and more legitimate mail as spam lately. The reason is always the same:  2.7 DNS_FROM_AHBL_RHSBL    RBL: Envelope sender listed in Lately, though, I've noticed that even well-known senders are getting flagged like this. That's serious because I have set my maximum score to 3, so just about anything else will cause it to be classified as spam. It really hit home when my system classified local mail as spam. Clearly time to weaken the score. Went looking and found, in /usr/local/share/spamassassin/ score DNS_FROM_AHBL_RHSBL 0 0.306 0 0.231 Huh?

Thu, 19 Mar 2015 19:35:02 UTC

More Data and Goliath News

Posted By Bruce Schneier

Right now, the book is #6 on the New York Times best-seller list in hardcover nonfiction, and #13 in combined print and e-book nonfiction. This is the March 22 list, and covers sales from the first week of March. The March 29 list -- covering sales from the second week of March -- is not yet on the Internet. On...

Thu, 19 Mar 2015 13:09:44 UTC

Understanding the Organizational Failures of Terrorist Organizations

Posted By Bruce Schneier

New research: Max Abrahms and Philip B.K. Potter, "Explaining Terrorism: Leadership Deficits and Militant Group Tactics," International Organizations. Abstract: Certain types of militant groups -- those suffering from leadership deficits -- are more likely to attack civilians. Their leadership deficits exacerbate the principal-agent problem between leaders and foot soldiers, who have stronger incentives to harm civilians. We establish the validity...

Wed, 18 Mar 2015 11:48:14 UTC

How We Become Habituated to Security Warnings on Computers

Posted By Bruce Schneier

New research: "How Polymorphic Warnings Reduce Habituation in the Brain ­- Insights from an fMRI Study." Abstract: Research on security warnings consistently points to habituation as a key reason why users ignore security warnings. However, because habituation as a mental state is difficult to observe, previous research has examined habituation indirectly by observing its influence on security behaviors. This study...

Tue, 17 Mar 2015 23:34:30 UTC

Toner prices

Posted By Greg Lehey

The black toner for our Brother HL-3170CDW laser printer is running low. aI've had it for 8 months, so it was to be expected. Took a look on eBay and found the toner cartridge (TN-251) for $25.30, including free postage. While in town, dropped in at Officeworks. Yes, they had it in stockfor $129! That's ridiculous. OK, the cartridges on eBay are almost certainly replacements, but they have the chips, and there can't be that much difference in quality. The printer cost $249, so this single cartridge costs more than half the purchase price. A complete set of 4 would cost more than double the purchase price.

Tue, 17 Mar 2015 17:23:20 UTC

See you tonight at LSPE (Sunnyvale, CA)

Posted By Tom Limoncelli

See you at 6pm! The meeting is at Yahoo! URL's Cafeteria, 701 1st Ave, Sunnyvale, CA. Please RSVP.

Tue, 17 Mar 2015 15:07:39 UTC

Details on Hacking Team Software Used by Ethiopian Government

Posted By Bruce Schneier

The Citizen Lab at the University of Toronto published a new report on the use of spyware from the Italian cyberweapons arms manufacturer Hacking Team by the Ethiopian intelligence service. We previously learned that the government used this software to target US-based Ethiopian journalists. News articles. Human Rights Watch press release....

Tue, 17 Mar 2015 04:30:26 UTC

Microsoft error reporting

Posted By Greg Lehey

Earthworks invoice from Warwick Pitcher today. Needs to be scanned and sent to CVI. All went wellbut where was the image? Tried again, and again it didn't appear. This is Epson software under Microsoft. Had it decided to store the image somewhere else? Spent some time looking for the configuration menu which specifies where the document should go. Where is it? It proved to be this meaningless icon: Selected that and got another confusing menu: Only three choices of location: My Documents, My Pictures, or anything else.

Mon, 16 Mar 2015 12:38:15 UTC

How the CIA Might Target Apple's XCode

Posted By Bruce Schneier

The Intercept recently posted a story on the CIA's attempts to hack the iOS operating system. Most interesting was the speculation that they hacked XCode, which would mean that any apps developed using that tool would be compromised. The security researchers also claimed they had created a modified version of Apple's proprietary software development tool, Xcode, which could sneak surveillance...

Sat, 14 Mar 2015 23:09:39 UTC

More network investigations

Posted By Greg Lehey

More work on my network status page today, without making it really pretty. One thing of interest is the TCP speed plot, in blue: This shows the reciprocal of the time it takes to load a small document from the other end of the world. It's surprisingly constant. But for some reason the value increased round 10 March. Looking at the raw log data shows: 1425966865 0.70 # Tue 10 Mar 2015 16:54:26 EST 1425966926 0.71 # Tue 10 Mar 2015 16:55:27 EST 1425966987 0.72 # Tue 10 Mar 2015 16:56:28 EST 1425967049 0.71 # Tue 10 Mar 2015 16:57:29 EST 1425967110 0.55 # Tue 10 Mar 2015 16:58:30 EST 1425967171 0.57 # Tue 10 Mar 2015 16:59:32 EST 1425967232 0.55 # Tue 10 ...

Fri, 13 Mar 2015 23:16:32 UTC

Analysing yesterday's disaster

Posted By Greg Lehey

Network connectivity came back this morning at almost exactly midnight. I had traced the network since about 8:30 yesterday, but of course by the time I stopped it, we had about 200,000 packets and a 235 MB trace file. All that interested me was the time up to the restoration of service. How do I do that? With Edwin Groothuis' help discovered the wireshark export function. You can specify a packet range, in my case 1-8212. And sure enough, it saved a file with just those packets. Tried to read it back in again. The file "/home/grog/public_html/Day/20150313/offnet.trace" isn't a capture file in a format Wireshark understands.

Fri, 13 Mar 2015 22:29:08 UTC

Friday Squid Blogging: Squid Stir-Fry

Posted By Bruce Schneier

Spicy squid masala stir-fry. Easy and delicious. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 13 Mar 2015 19:36:19 UTC

Fall Seminar on Catastrophic Risk

Posted By Bruce Schneier

I am planning a study group at Harvard University (in Boston) for the Fall semester, on catastrophic risk. Berkman Study Group -- Catastrophic Risk: Technologies and Policy Technology empowers, for both good and bad. A broad history of "attack" technologies shows trends of empowerment, as individuals wield ever more destructive power. The natural endgame is a nuclear bomb in everybody's...

Fri, 13 Mar 2015 11:05:20 UTC

Threats to Information Integrity

Posted By Bruce Schneier

Every year, the Director of National Intelligence publishes an unclassified "Worldwide Threat Assessment." This year's report was published two weeks ago. "Cyber" is the first threat listed, and includes most of what you'd expect from a report like this. More interesting is this comment about information integrity: Most of the public discussion regarding cyber threats has focused on the confidentiality...

Fri, 13 Mar 2015 02:14:31 UTC

Internode: Why PPPoE?

Posted By Greg Lehey

Time to change my ISP, I'm afraid. Whom should I choose? Internode has the best reputation. They offer a similar product as Aussie Broadband: 300 GB per month for $75 compared to 250 GB per month for $60. The price difference is real: I never use 250 GB, so the additional 50 GB from Internode are of no interest. Called them up and got the usual message, that I had a wait of between 5 and 9 minutes before I could speak to anybody. Accepted the offer of a call back when somebody was available. And the call back came almost immediately, followed by a 6 minute wait before I was connected to Alex.

Thu, 12 Mar 2015 23:05:08 UTC

Just announced: I'll be speaking at the LSPE (Sunnyvale) meeting on Tuesday

Posted By Tom Limoncelli

I'll be talking about our new book, The Practice of Cloud System Administration, at the SF/Bay Area Large-Scale Production Engineering, which meets at Yahoo! URL's Cafe in Sunnyvale, CA on Tue. Mar 17 at 6:00PM. More info on their MeetUp page. Hope to see you there!

Thu, 12 Mar 2015 22:29:49 UTC

NBN reliability: worse than satellite?

Posted By Greg Lehey

Yvonne dragged me out of bed this morning to tell me that we were off the net. It took me a while to understand, but in to the office, and sure enough, we had been off the net for hours. The usual thing: DHCPDISCOVER going out, no reply. Called up Aussie Broadband support, spoke to Kylie, who relatively quickly connected me to Jerom, who is (ahem!) 3rd level support. He confirmed that they were receiving the DHCPDISCOVER and replying correctly with a DHCPOFFER. But that reply never made it back here. Shades of last month? In any case, it's not acceptable. Got him to transfer me to Kevin, the manager, who told me that it was part of a more general outage, that the problem was within the National Broadband Network, with whom a ticket had been raised, and that hopefully things would soon come back to normal.

Thu, 12 Mar 2015 19:05:37 UTC

Data and Goliath Makes New York Times Best-Seller List

Posted By Bruce Schneier

The March 22 best-seller list from the New York Times will list me as #6 in the hardcover nonfiction category, and #13 in the combined paper/e-book category. This is amazing, really. The book just barely crossed #400 on Amazon this week, but it seems that other booksellers did more. There are new reviews from the LA Times, >i>Lawfare, EFF, and...

Thu, 12 Mar 2015 11:22:35 UTC

The Changing Economics of Surveillance

Posted By Bruce Schneier

Cory Doctorow examines the changing economics of surveillance and what it means: The Stasi employed one snitch for every 50 or 60 people it watched. We can't be sure of the size of the entire Five Eyes global surveillance workforce, but there are only about 1.4 million Americans with Top Secret clearance, and many of them don't work at or...

Thu, 12 Mar 2015 11:01:08 UTC

A conversation about privacy and trust in open education

Posted By Cory Doctorow

For Open Education Week, Jonathan Worth convened a conversation about privacy and trust in open education called Speaking Openly in which educators and scholars recorded a series of videos responding to one another’s thoughts on the subject. The takes are extremely varied, and come from Audrey Waters, Nishant Shah, Ulrich Boser, Dan Gillmor, and me,... more

Wed, 11 Mar 2015 19:14:04 UTC

Equation Group Update

Posted By Bruce Schneier

More information about the Equation Group, aka the NSA. Kaspersky Labs has published more information about the Equation Group -- that's the NSA -- and its sophisticated malware platform. Ars Technica article....

Wed, 11 Mar 2015 17:00:00 UTC

Observations on the Importance of Cloud-based Analytics

Posted By Werner Vogels

Cloud computing is enabling amazing new innovations both in consumer and enterprise products, as it became the new normal for organizations of all sizes. So many exciting new areas are being empowered by cloud that it is fascinating to watch. AWS is enabling innovations in areas such as healthcare, automotive, life sciences, retail, media, energy, robotics that it is mind boggling and humbling. Despite all of the amazing innovations we have already seen, we are still on Day One in the Cloud; at AWS we will continue to use our inventive powers to build new tools and services to enable even more exciting innovations by our customers that will touch every area of our lives.

Wed, 11 Mar 2015 15:04:00 UTC

Forging and Cutting Teeth for Wolf's Tooth Pattern

Posted By Niels Provos

Wed, 11 Mar 2015 11:16:10 UTC

Hardware Bit-Flipping Attack

Posted By Bruce Schneier

The Project Zero team at Google has posted details of a new attack that targets a computer's' DRAM. It's called Rowhammer. Here's a good description: Here's how Rowhammer gets its name: In the Dynamic Random Access Memory (DRAM) used in some laptops, a hacker can run a program designed to repeatedly access a certain row of transistors in the computer's...

Tue, 10 Mar 2015 23:30:00 UTC

Join me at SXSW 2015

Posted By Werner Vogels

Every year I enjoy travelling to the South-by-South-West (SXSW) festival as it is ons of the biggest event with many Amazon customers present. Thousand of AWS customers and partners will be in Austin for SXSW Interactive and given the free flowing networking it is a very important feedback opportunity for us. But also many Amazon customers will be there for the Film and the Music festival, and I always enjoy getting feedback from those Amazon consumers and producers that are attending these festivals. The program is always a bit in flux, but here are the events in the beginning of the week that I am taking part in: Sunday 3/15 1-2pm - I will give a talk at Techstars on "The History of Microcroservices at Amazon".

Tue, 10 Mar 2015 19:34:21 UTC

Can the NSA Break Microsoft's BitLocker?

Posted By Bruce Schneier

The Intercept has a new story on the CIA's -- yes, the CIA, not the NSA -- efforts to break encryption. These are from the Snowden documents, and talk about a conference called the Trusted Computing Base Jamboree. There are some interesting documents associated with the article, but not a lot of hard information. There's a paragraph about Microsoft's BitLocker,...

Tue, 10 Mar 2015 11:50:24 UTC

Geotagging Twitter Users by Mining Their Social Graphs

Posted By Bruce Schneier

New research: Geotagging One Hundred Million Twitter Accounts with Total Variation Minimization," by Ryan Compton, David Jurgens, and David Allen. Abstract: Geographically annotated social media is extremely valuable for modern information retrieval. However, when researchers can only access publicly-visible data, one quickly finds that social media users rarely publish location information. In this work, we provide a method which can...

Tue, 10 Mar 2015 00:29:19 UTC

Touch screens and other obscenities

Posted By Greg Lehey

Yvonne's photos of the ride didn't come out quite as she had intended. Here's one of them: This should be Broken-image-8.jpeg. Is it missing?

Mon, 09 Mar 2015 18:03:35 UTC

Identifying When Someone is Operating a Computer Remotely

Posted By Bruce Schneier

Here's an interesting technique to detect Remote Access Trojans, or RATS: differences in how local and remote users use the keyboard and mouse: By using biometric analysis tools, we are able to analyze cognitive traits such as hand-eye coordination, usage preferences, as well as device interaction patterns to identify a delay or latency often associated with remote access attacks. Simply...

Mon, 09 Mar 2015 12:09:53 UTC

Attack Attribution and Cyber Conflict

Posted By Bruce Schneier

The vigorous debate after the Sony Pictures breach pitted the Obama administration against many of us in the cybersecurity community who didn't buy Washington's claim that North Korea was the culprit. What's both amazing -- and perhaps a bit frightening -- about that dispute over who hacked Sony is that it happened in the first place. But what it highlights...

Mon, 09 Mar 2015 02:12:01 UTC

Tektronix 555: Final photos?

Posted By Greg Lehey

Taking the photos of the Tektronix 555 oscilloscope has been surprisingly painful. But enough is enough. Tried again today with flash and the long telephoto lens, this time concentrating on the mainframe. Moving the lens further away also allowed me to put the flash units closer together, with good results. Here my five tries of the CA plug-in: The first was just with studio flash.

Sun, 08 Mar 2015 14:31:00 UTC

Questing for the Wolf's Tooth Pattern

Posted By Niels Provos

Sun, 08 Mar 2015 02:45:37 UTC

Telstra and bandwidth cost

Posted By Greg Lehey

On IRC today, Jürgen Lock pointed us at this comparison of network costs around the world. He's in Germany, but the take-home message, at least for me, was: Telstra .... charges some of the highest transit pricing in the world  20x the benchmark ($200/Mbps). So why hasn't the National Broadband Network changed that? I had thought that the geography was part of the problem, but the same article also says: Given that Australia is one large land mass with relatively concentrated population centers, it's difficult to justify the pricing based on anything other than Telstra's market power.

Sun, 08 Mar 2015 01:32:00 UTC

Forge Diaries: Episode 5: Refining and Carburizing Wrought Iron

Posted By Niels Provos

Sat, 07 Mar 2015 20:00:00 UTC

The Only Sane Transit Vote

Posted By Tim Bray

Vancouver is having a Transportation & Transit Referendum this spring: Yes or No on a 0.5% local sales-tax hike to pay for transit infrastructure, mostly public-transit train lines. The only sane vote is Yes; heres why. Strong bones Vancouvers a child among cities. As Doug Coupland (I think it was him) said: In 100 years, Paris will still be Paris and Tokyo will still be Tokyo. What will Vancouver be? Nobody knows. Growing children need strong bones, and thats what the votes about. Voting Yes: Its buying milk for your kids, and making them drink it before they go out to play.

Fri, 06 Mar 2015 23:30:00 UTC

Back-to-Basics Weekend Reading - Experience with Grapevine: The Growth of a Distributed System

Posted By Werner Vogels

Grapevine was one of the first systems designed to be fully distributed. It was built at the famous Xerox PARC (Palo Alto Research Center) Computer Science Laboratory as an exercise in discovering what is needed as the fundamental building blocks of a distributed system; messaging, naming, discovery, location, routing, authentication, encryption, replication, etc. The origins of the system are described in Grapevine: An Exercise in Distributed Computing by researchers who all went on to become grandmasters in distributed computing: Andrew Birrell, Roy Levin, Roger Needham, and Mike Schroeder. For this weekend's reading we will use a followup paper that focusses on the learnings with running Grapevine for several years under substantial load.

Fri, 06 Mar 2015 22:21:07 UTC

Friday Squid Blogging: Biodegradable Thermoplastic Inspired by Squid Teeth

Posted By Bruce Schneier

There's a new 3D-printable biodegradable thermoplastic: Pennsylvania State University researchers have synthesized a biodegradable thermoplastic that can be used for molding, extrusion, 3D printing, as an adhesive, or a coating using structural proteins from the ring teeth on squid tentacles. Another article: The researchers took genes from a squid and put it into E. coli bacteria. "You can insert genes...

Fri, 06 Mar 2015 20:10:52 UTC

Data and Goliath's Big Idea

Posted By Bruce Schneier

Data and Goliath is a book about surveillance, both government and corporate. It's an exploration in three parts: what's happening, why it matters, and what to do about it. This is a big and important issue, and one that I've been working on for decades now. We've been on a headlong path of more and more surveillance, fueled by fear­--of...

Fri, 06 Mar 2015 16:46:11 UTC

FREAK: Security Rollback Attack Against SSL

Posted By Bruce Schneier

This week we learned about an attack called "FREAK" -- "Factoring Attack on RSA-EXPORT Keys" -- that can break the encryption of many websites. Basically, some sites' implementations of secure sockets layer technology, or SSL, contain both strong encryption algorithms and weak encryption algorithms. Connections are supposed to use the strong algorithms, but in many cases an attacker can force...

Fri, 06 Mar 2015 12:28:38 UTC

The TSA's FAST Personality Screening Program Violates the Fourth Amendment

Posted By Bruce Schneier

New law journal article: "A Slow March Towards Thought Crime: How the Department of Homeland Security's FAST Program Violates the Fourth Amendment," by Christopher A. Rogers. From the abstract: FAST is currently designed for deployment at airports, where heightened security threats justify warrantless searches under the administrative search exception to the Fourth Amendment. FAST scans, however, exceed the scope of...

Thu, 05 Mar 2015 12:33:45 UTC

Now Corporate Drones are Spying on Cell Phones

Posted By Bruce Schneier

The marketing firm Adnear is using drones to track cell phone users: The capture does not involve conversations or personally identifiable information, according to director of marketing and research Smriti Kataria. It uses signal strength, cell tower triangulation, and other indicators to determine where the device is, and that information is then used to map the user's travel patterns. "Let's...

Wed, 04 Mar 2015 20:00:00 UTC

At Work

Posted By Tim Bray

More reportage from inside the AWS factory. Looking for leaks or marketing? Nope. Seems Ive been here three months. It still feels weird to dig in and work on software without breaking frequently to explain it to the world. The main current project is stretching some envelopes so my explain-it energy is finding plenty of internal outlets. News flash! One of the things you get at any big tech company is an onboarding task; a little product feature or bugfix, the kind of thing that would take a person who knows the software and toolset about fifteen minutes. It took me a week and small change, learning how to check code out and build it and stage it and so on.

Wed, 04 Mar 2015 12:40:12 UTC

Tom Ridge Can Find Terrorists Anywhere

Posted By Bruce Schneier

One of the problems with our current discourse about terrorism and terrorist policies is that the people entrusted with counterterrorism -- those whose job it is to surveil, study, or defend against terrorism -- become so consumed with their role that they literally start seeing terrorists everywhere. So it comes as no surprise that if you ask Tom Ridge, the...

Wed, 04 Mar 2015 07:29:34 UTC

Audiobook of Someone Comes to Town, Someone Leaves Town

Posted By Cory Doctorow

Blackstone has adapted my 2005 urban fantasy novel Someone Comes to Town, Someone Leaves Town for audiobook, narrated by Bronson Pinchot, who does a stunning job. It’s available as a DRM-free audiobook at all the usual places, including the DRM-free audiobook store Downpour. However, Itunes and Audible refuse to carry this — or any of... more

Wed, 04 Mar 2015 00:12:27 UTC

BigPond email: We don't need no steenking security

Posted By Greg Lehey

Sent a mail message to Gary Murray today. It didn't go through: <>: host[] said: 552 5.2.0 yrRW1p01Q1sUVRc01rRYpC Suspected spam message rejected. IB704 (in reply to end of DATA command) I've seen this before. BigPond is too stupid to distinguish digital signatures from spam. So they reject messages on the mere suspicion of spam. Is this in their users' interests? A good reason for any BigPond user to choose a competent mail service provider. I'm still amazed how incompetent everything to do with Telstra is.

Tue, 03 Mar 2015 19:03:14 UTC

Data and Goliath: Reviews and Excerpts

Posted By Bruce Schneier

On the net right now, there are excerpts from the Introduction on Scientific American, Chapter 5 on the Atlantic, Chapter 6 on the Blaze, Chapter 8 on Ars Technica, Chapter 15 on Slate, and Chapter 16 on Motherboard. That might seem like a lot, but it's only 9,000 of the book's 80,000 words: barely 10%. There are also a few...

Tue, 03 Mar 2015 15:52:54 UTC

Hiring a network engineer for SRE team (NYC only)

Posted By Tom Limoncelli

Stack Exchange, Inc. is looking to hire a sysadmin/network admin/SRE/DevOps engineer that will focus on network-related projects. The position will work out of the NYC office, so you must be in NYC or be willing to relocate. If 3 or more of these project sound like fun to you, contact us! Automate Cisco LAN port configuration via Puppet Make our site-to-site VPN more reliable Tune NIC parameters for maximum performance / lowest latency Lead the network design of our global datacenter network deployment strategy Wrangle our BGP configurations for ease of updating and security Establish operational procedures for when ISPs report they can't reach us Sounds interesting?

Tue, 03 Mar 2015 11:46:43 UTC

Google Backs Away from Default Lollipop Encryption

Posted By Bruce Schneier

Lillipop encryption by default is still in the future. No consipricy here; it seems like they don't have the appropriate drivers yet. But while relaxing the requirement might make sense technically, it's not a good public relations move. Android compatibility document. Slashdot story...

Mon, 02 Mar 2015 22:40:04 UTC

Understanding NBN

Posted By Greg Lehey

Call today from Kevin, the support manager of Aussie Broadband, addressing last weekend's outage. He wasn't able to help; despite the claims on the web site, they really don't have any real support at weekends, at least not for residential customers. Apparently they do for business customers. Does that makes sense? A two day outage will annoy any VoIP user, whether business or residential. But Kevin promised to get somebody from the business team to contact me to talk about pricing. That's good, because they don't have anything about National Broadband Network for business customers on their web site. He also promised to bring it up at the next management meeting.

Mon, 02 Mar 2015 12:49:13 UTC

The Democratization of Cyberattack

Posted By Bruce Schneier

The thing about infrastructure is that everyone uses it. If it's secure, it's secure for everyone. And if it's insecure, it's insecure for everyone. This forces some hard policy choices. When I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's...

Sun, 01 Mar 2015 23:20:32 UTC

Understanding programming language syntax

Posted By Greg Lehey

Somebody posted this today: Amusing, yes. But it does beg the question about the use of the punctuation at the right. It's not until you run into weird bugs that you realize that they're on your side. One of the issues that (not only) I still have with Python ACM only downloads articles once.

Sun, 01 Mar 2015 23:04:14 UTC

Chasing the photo data corruption

Posted By Greg Lehey

A couple of days ago I discovered that there was a discrepancy between a photo file on my photo disk and on a backup disk. What was wrong? Today was time to make backups to the other disk, so clearly it was time to investigate before overwriting the good version. A good thing I did, too: most of the contents of the file on my primary disk was replaced by binary zeroes, exactly the scenario that I suggested a couple of days ago. === grog@eureka (/dev/pts/10) ~/Photos/20100717/orig 193 -> md5 P7178579*F MD5 (P7178579-archived.ORF) = 56fef8f95e9fdc9caad4c4fc8049feed MD5 (P7178579.ORF) = eae72bccd667956bedcfb5273de6dd69 === grog@eureka (/dev/pts/10) ~/Photos/20100717/orig 194 -> cmp P7178579*F P7178579-archived.ORF P7178579.ORF differ: char 6617089, line 31915 6617089 is not a number that immediately jumps out and grabs you.