Blogs

RSS

An aggregation of our Blog Roll, made up of acmqueue authors.   more

Postings for February 2012:  (21 posts)
Thu, 09 Feb 2012 12:10:35 UTC

Security Implications of "Lower-Risk Aircraft"

Posted By Bruce Schneier

Interesting paper: Paul J. Freitas (2012), "Passenger aviation security, risk management, and simple physics," Journal of Transportation Security. Abstract: Since the September 11, 2001 suicide hijacking attacks on the United States, preventing similar attacks from recurring has been perhaps the most important goal of aviation security. In addition to other measures, the US government has increased passenger screening requirements to...

Thu, 09 Feb 2012 00:54:31 UTC

Going Native Sessions Online

Posted By Herb Sutter

Thanks to everyone who came to Redmond and/or watched online to participate in Going Native 2012, last weeks global C++-fest. It was a lot of fun, and generated a lot of useful and important talks that we hope will help continue disseminate understanding of C++11 throughout the global C++ community. All the videos are now [...]

Wed, 08 Feb 2012 12:46:04 UTC

Solving the Underlying Economic Problem of Internet Piracy

Posted By Bruce Schneier

This essay is definitely thinking along the correct directions....

Wed, 08 Feb 2012 00:18:04 UTC

Still looking for a keyboard

Posted By Greg Lehey

My current keyboard is a Northgate OmniKey keyboard manufactured in August 1989, 22½ years ago. It's no longer in the best of condition, but in all that time I haven't found anything that I would like to replace it with. Things are getting desperate, though. The r key, in particular, is bouncing badly. But it's not the only keyboard of that kind that I have, and in the past I've found that if I rotate between them, the bounce tends to recover. So today I went to see what I could find: two Avant Stellar keyboards, both with defective keys, and three other OmniKeys (I thought I had five, but I can't find the fifth), all with their own problems.

Tue, 07 Feb 2012 16:34:01 UTC

How to Decrupt "Secrets for Android" Files

Posted By Diomidis D. Spinellis

Secrets for Android is a nifty Android application that allows you to securely store passwords and other sensitive data on your Android phone. Your data are encoded with your supplied password using strong cryptography and are therefore protected if your phone gets stolen. Although the application offers a backup and an export facility, I found both wanting in terms of the availability and confidentiality associated with their use.

Tue, 07 Feb 2012 11:53:41 UTC

Error Rates of Hand-Counted Voting Systems

Posted By Bruce Schneier

The error rate for hand-counted ballots is about two percent. All voting systems have nonzero error rates. This doesn't surprise technologists, but does surprise the general public. There's a myth out there that elections are perfectly accurate, down to the single vote. They're not. If the vote is within a few percentage points, they're likely a statistical tie. (The problem,...

Tue, 07 Feb 2012 05:00:00 UTC

Driving Storage Costs Down for AWS Customers

Posted By Werner Vogels

One of the things that differentiates Amazon Web Services from other technology providers is its commitment to let customers benefits from continuous cost-cutting innovations and from the economies of scale AWS is able to achieve. As we showed last week one of the services that is growing rapidly is the Amazon Simple Storage Service (S3). AWS today announced a substantial price drop per February 1, 2012 for Amazon S3 standard storage to help customers drive their storage cost down. A customer storing 50TB will see on average a 12% drop in cost when they get their Amazon S3 bill for February.

Mon, 06 Feb 2012 19:23:27 UTC

The Failure of Two-Factor Authentication

Posted By Bruce Schneier

In 2005, I wrote an essay called "The Failure of Two-Factor Authentication," where I predicted that attackers would get around multi-factor authentication systems with tools that attack the transactions in real time: man-in-the-middle attacks and Trojan attacks against the client endpoint. This BBC article describes exactly that: After logging in to the bank's real site, account holders are being tricked...

Mon, 06 Feb 2012 18:31:50 UTC

Digital Lysenkoism

Posted By Cory Doctorow

Here's a podcast of my last Publishers Weekly column, Digital Lysenkoism : Talking with the lower echelon employees of publishing reminds me of a description I once read about the mutual embarrassment of Western and Soviet biologists when they talked about genetics. Soviet-era scientists were required, on pain of imprisonment, to endorse Lysenkoism, a discredited … [Read more]

Sun, 05 Feb 2012 20:00:00 UTC

Fog and Public Service

Posted By Tim Bray

It was super-foggy last night, so I went out to look at streetlights through tree branches. You could spend a lot of time fooling around with silly depth-of-field tricks. In both cases, the tree is my much-photographed magnolia which, as Ive written before, can never not be beautiful. This morning I was first up and discovered a couple of essential breakfast ingredients missing. As I walked five blocks to the store, I realized it had been a freezing fog, so the street generally, and the cars specifically, were pretty thoroughly iced. Someone, in the depth of night, had gone along the street and lifted each cars wipers off its windshield so they were pointing up saluting the morning.

Fri, 03 Feb 2012 23:00:12 UTC

The spammer's apprentice

Posted By Greg Lehey

Received another unlikely looking spam today: From webmaster@vamrad.by  Thu Feb  2 06:00:06 2012 Delivered-To: groggyhimself@freebsd.org Received: from mac.mir.by (ns.mir.by [93.125.59.1])         by mx1.freebsd.org (Postfix) with ESMTP id 7AFAB8FC18         for <groggyhimself@freebsd.org>; Wed,  1 Feb 2012 18:47:11 +0000 (UTC) Received: by mac.mir.by (Postfix, from userid 2077)         id 4429CAD823B; Wed,  1 Feb 2012 21:37:34 +0300 (FET) To: groggyhimself@freebsd.org Subject: <? print $subject; ?> X-PHP-Originating-Script: 2077:helpus.php From: Frank Lincoln <flincoln777@gmail.com> Does nothing get tested nowadays?

Fri, 03 Feb 2012 22:18:41 UTC

Friday Squid Blogging: Clothing that Keeps an Exercise Journal

Posted By Bruce Schneier

It's called Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 03 Feb 2012 20:49:54 UTC

The Problems of Too Much Information Sharing

Posted By Bruce Schneier

Funny. Fake, but funny....

Fri, 03 Feb 2012 20:00:00 UTC

An Office

Posted By Tim Bray

For a while it seemed like I was going to lose my dingy but exquisitely-located office on The Main. So I was going around town, looking at offices for rent. This one was actually pretty nice, if too far downtown. I normally try to make pictures look like what I saw, but this is a product of egregious ex post facto manipulation.

Fri, 03 Feb 2012 16:49:08 UTC

VeriSign Hacked, Successfully and Repeatedly, in 2010

Posted By Bruce Schneier

Reuters discovered the information: The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published. The company, unsurprisingly,...

Fri, 03 Feb 2012 01:15:00 UTC

GoingNative 2012: Day 2 Tomorrow (Friday)

Posted By Herb Sutter

GoingNative 2012 Day 1 is just concluding, and were getting ready for Day 2 tomorrow with more C++11 information and panels. Day 2 kicks off tomorrow at 9:30am U.S. Pacific time, with the theme C++11 Today and Tomorrow. Day 1s focus was entirely about C++11 as it exists today; Day 2 is partly about C++11 [...]

Thu, 02 Feb 2012 17:39:00 UTC

Reusable Domain Controls in MS MVC

Posted By Terry Coatta

Most of the example code for MVC that I have seen out there isn't well-suited to creating re-usable UI components -- in particular components that are application specific, but may want to be used in multiple contexts within the applications. For example, a component that displays a list of customers might be used on a number of different pages within the application. But it is possible to build re-usable components of this sort, you just have to follow a few rules which help ensure that the component is not coupled to the page that it resides on. So, the rules are: View models should always include a field for the ID of the target element Always use RenderPartial() - Links need to be rendered with Ajax.ActionLink() Forms need to be rendered with Ajax.BeginForm() Forms/Links need ...

Thu, 02 Feb 2012 15:04:12 UTC

Prisons in the U.S.

Posted By Bruce Schneier

Really good article on the huge incarceration rate in the U.S., its causes, its effects, and its value: Over all, there are now more people under "correctional supervision" in America -- more than six million -- than were in the Gulag Archipelago under Stalin at its height. That city of the confined and the controlled, Lockuptown, is now the second...

Wed, 01 Feb 2012 23:00:15 UTC

Nickel-Zinc battery reliability

Posted By Greg Lehey

I've been quite happy with the Nickel-Zinc batteries I bought a few months back, and so I bought some more. They arrived yesterday: 8 AA size and 4 AAA size. It took me a couple of days to charge them: that's 4 loads (for some reason the charger handles only 2 AAA batteries at a time), and each takes 5 hours. And one AAA battery didn't charge properly. After the charge cycle was complete, one battery had 1.836 V, which is about normal, and the other only 1.699 V, which is definitely too low. In the course of time that dropped to 1.368 V.

Wed, 01 Feb 2012 18:47:34 UTC

GoingNative 2012: Minus 1 Day

Posted By Herb Sutter

GoingNative 2012 is a global live C++11-fest with unlimited free worldwide attendance  both live and on demand. The goal is to make it interactive, and weve asked the speakers to reserve time at the ends of their talks for questions. Tweet questions to #ch9live or #GoingNative and we’ll try and get them asked. To [...]

Wed, 01 Feb 2012 12:05:59 UTC

The Idaho Loophole

Posted By Bruce Schneier

Brian C. Kalt (2012), "The Idaho Loophole," Georgetown Law Journal, Vol. 93, No. 2. Abstract: This article argues that there is a 50-square-mile swath of Idaho in which one can commit felonies with impunity. This is because of the intersection of a poorly drafted statute with a clear but neglected constitutional provision: the Sixth Amendment's Vicinage Clause. Although lesser criminal...