An aggregation of our Blog Roll, made up of acmqueue authors.   more

Postings for May 2016:  (57 posts)
Thu, 26 May 2016 13:54:16 UTC

Revealed: the amazing cover for Walkaway, my first adult novel since 2009

Posted By Cory Doctorow

Next April, Tor Books will publish Walkaway, the first novel I’ve written specifically for adults since 2009; it’s scheduled to be their lead title for the season and they’ve hired the brilliant designer Will Staehle (Yiddish Policeman’s Union, Darker Shade of Magic) for the cover, which Tor has just revealed. Staehle’s cover features a die-cut... more

Wed, 25 May 2016 23:01:07 UTC

The next mass murderer?

Posted By Greg Lehey

We're used to the occasional flame that still goes through the FreeBSD mailing lists, but today I saw one that really worried me. Here a couple of excerpts: You could pay for me to visit you. If you are right, then there is no reason for you to worry. If you are wrong, then you will have no idea what I may or may not do to you. You are not bullet proof nor are you stab proof. I am excellent with crossbows and bows and arrows.

Tue, 24 May 2016 23:17:04 UTC

NBN satellite: doesn't pass muster

Posted By Greg Lehey

Phone call from Barbara Hammond in Fairhaven today. She had read my Why you don't want NBN satellite page, which was really intended for people in Dereel. It seems that she is currently connected to the net via ADSL, and she has now been informed by the National Broadband Network that the Sky Muster" satellite is available. Most of Fairhaven is earmarked for FTTN, but it seems that her location is just outside the limits. And now she's concerned that she will lose her ADSL. Should she be concerned? Yes, most definitely. She uses a lot of data. She doesn't know exactly, but it looks as if she is paying TPG $80 a month, which would match the 300 GB Off-Net package.

Tue, 24 May 2016 22:46:07 UTC


Posted By Greg Lehey

Seen on IRC this morning: <callum> Hmm, I'm getting no response from <chuzz> Isn't it ;) <pez> not working for me That can't be right. www is my external web server, and it's a model of stability. But it was. ping worked fine, but the ssh I had to the system didn't respond. Neither did a page load attempt. How do I access the console on the machine? I've almost never needed to, and it took me quite a while to find out how.

Mon, 23 May 2016 22:49:54 UTC

Revisiting OpenBSD and NetBSD

Posted By Greg Lehey

Glenn Mawby was asking some questions regarding proxies on IRC today. He's running OpenBSD, which could differ from FreeBSD in that respect. But I don't have an OpenBSD box any morein fact, it has been over 6 years. Now I have virtual machines, so it's trivial to create one and run OpenBSD on it. Downloaded the install CD and set it up. It asked all the right questions about the network, and then set up to partition the disk. 9 partitions! What a way to improve your chances of filling one up. Tried the (bare-bones) partition editor to create a single root file system, which appeared to work, but for some reason I ended up with an unbootable system.

Mon, 23 May 2016 00:38:40 UTC

More notwork pain

Posted By Greg Lehey

More hung network switches today, this time with the added fun of a hung NFS connection on cvr2, which meant that I couldn't access it from outside: the ssh hung, and in the end it seemed easier to reboot. So what's causing the problems? One thing I didn't consider yesterday was the switch in my office. Played around with that, mainly to verify the model, and sure enough, I lost some network connectivity. Loose connection? That might explain why the problems occurred when I was in the office, and why it affected multiple systems. It doesn't explain why the problem went away after power cycling the other switches.

Sun, 22 May 2016 19:00:00 UTC

Another JSON Schema Gripe

Posted By Tim Bray

Recently I wrote of my disgruntlement with JSON Schema. Since then Ive learned that its authors plan more work, and that there are several other efforts to build a schema facility for JSON. This note is just a complaint about a particular use-case, with the hope that it might inform these efforts. Heres the problem; the language Im building includes a big object whose fields are also objects, and each of these child objects has a Type field, whose value is, in effect, an enum; a constrained set of string values. The rest of the fields in each child object depend on the Type value.

Sun, 22 May 2016 04:02:17 UTC

... with worn-out tools

Posted By Greg Lehey

Rudyard Kipling's If is a poem that has always impressed me. Now that I'm getting older, one of the line pairs that particularly impress me is: Or watch the things you gave your life to, broken, And stoop and build em up with worn-out tools: Somehow I'm reminded of that while trying to debug MythTV. Decades ago I wrote documentation about how to use gdb to debug normal programs and kernel problems. They came across very well. But they have atrophied.

Sun, 22 May 2016 03:52:28 UTC

Remembering svn chcekout

Posted By Greg Lehey

There are a number of open PRs on calendar(1) in the FreeBSD bug database, and also in my inbox. Time to finally do something about them before the first one turns 5 years old. Checked the how to repeat for PR 168785. I couldn't repeat it. Fixed? Check the log for /usr/src/usr.bin/calendar/calendar.c. This file is not under version control. Huh? Further investigation showed that once again the svn metadata were corrupt. This is happening far too often, though this time it could be due to the crash I had yesterday. How do I check out a working copy? It's in the Committer's Guide, which for some reason is difficult to find on the FreeBSD web site.

Sun, 22 May 2016 03:18:58 UTC

Local Network Problems

Posted By Greg Lehey

I was hardly out of bed and into the office this morning when Yvonne came and asked me if we had network problems. No, I didn't, but it seemed that she did: no communication from lagoon to eureka, on the other side of the house. What's the cause? No obvious problems on either lagoon or eureka. Switch? For some reason, switches seem to hang relatively frequently. Power cycled it, and it worked again. While wondering whether it was worth replacing the switch, discovered I couldn't communicate with teevee. But that's on another switch. My house wiring has a total of four switches: Main switch, in the pantry: 8 port 1000 Mb/s HP ProCurve 1800-8G, connecting to each of the rooms in ...

Fri, 20 May 2016 23:57:08 UTC

More MythTV debugging

Posted By Greg Lehey

So what's the cause of the problems I've been seeing with MythTV? I had assumed that it was related to the spurious DiSEqCDevTree warning, but after Tuesday's debug session that seems to be a red herring. So what would be an appropriate way to catch it? There are long delays before it comes back pretending there hasn't been a failure. Doesn't ktrace have an option to look at the times? No. It's in kdump, and there are two of them: elapsed time (-E) and relative time (-R). Chose the latter. After running the card detect function, I had a dump file about 180 MB in size!

Thu, 19 May 2016 23:03:14 UTC

Power fail recovery

Posted By Greg Lehey

I'm still running UFS with conventional soft updates. That seems to be a good choice for a system with reliable power: the system itself almost never crashes, and recovery, though slow, is infrequent. But since my RCD problems started, I have had to run fsck far more often than expected. I've adapted: even if the power fails in the middle of the night, reboot immediately so that the system will be up and running by the time I wake up. And my photo file system, nearly 4 TB in size, doesn't get mounted automatically. Thus it was today, but things still didn't work out.

Wed, 18 May 2016 23:04:04 UTC

The bikeshed that just growed

Posted By Greg Lehey

One of my morning activities is to check mail and spam. Gmail does quite a good job of detecting spambetter than I've been able to do myselfbut it's not perfect, and in particular messages to the FreeBSD mailing lists frequently get classified as spam. Today I had one, sent to the freebsd-current mailing list by Greg Quinlan. Why? Why is this message in Spam? It has a from address in but has failed's required tests for authentication. Learn more By gmail standards that's clear. So I replied to him and told him so.

Wed, 18 May 2016 01:42:47 UTC

NBN installation, for real

Posted By Greg Lehey

Over to Chris Rogers today to see how the National Broadband Network installation went. In fact, I didn't need to: they quickly established that he had adequate signal (-91 dB, comfortably above the -97 dB cutoff limit). But I wanted to talk to the installers about other similar cases. That proved to be useful. The installers were Mike and Jordan, who had been here last December to replace the hardware. Got a few new pointers: The term for the link, or maybe the antenna on the tower, is PCIno idea what that stands for.

Wed, 18 May 2016 01:00:51 UTC

Firefox: can't display plain text

Posted By Greg Lehey

Playing around with some old web pages today, I discovered: What? Since when do you need a helper application for plain text? firefox is a behemoth process over 2 GB in size, and it wants help displaying text, and that from another program at least as big as itself? It didn't even give me the option to display it directly.   PID USERNAME      THR PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAND 47180 grog           61  20    0  2111M  1564M uwait   3  86:18   4.79% firefox Further investigation, with the help of a number of people on IRC, showed a number of strangenesses.

Wed, 18 May 2016 00:17:19 UTC

Debugging MythTV

Posted By Greg Lehey

Finally got round to looking at the problems with MythTV today. It's really painful. Started by looking for the origin of the message that had been produced: 2016-05-17 14:23:36.228780 W  DiSEqCDevTree: No device tree for cardid 4 That proved to be in mythtv-ad97d24/mythtv/libs/libmythtv/diseqc.cpp. Set a breakpoint on it and got a 35 level stack backtrace: #0  DiSEqCDevTree::Load (this=0x7fffffffb388, cardid=32767) at diseqc.cpp:328 #1  0x00000008027c7294 in DVBConfigurationGroup::Load (this=0x818ef4f00) at videosource.cpp:3859 #2  0x00000008027c7485 in non-virtual thunk to DVBConfigurationGroup::Load() (this=0x818ef4f50) at videosource.cpp:3866 #3  0x00000008046fbee3 in ConfigurationGroup::Load (this=0x81c3c0400) at mythconfiggroups.cpp:91 ...

Mon, 16 May 2016 23:47:00 UTC

NBN installation again

Posted By Greg Lehey

Phone call from Chris Rogers, who had got my number from Carolyn Everett. He's planning to have National Broadband Network fixed wireless installed tomorrow, and he's on the edge of the coverage maps between Dereel and Corindhap. He was concerned that he might be told he had no coverage, and asked me to come along in case there were any issues. ACM only downloads articles once.

Sun, 15 May 2016 00:34:00 UTC

Finally! Debug MythTV

Posted By Greg Lehey

I've spent most of the week fighting the Ports Collection trying to build a debug version of MythTV. I had the idea of installing the dependencies by first the package and then removing it again, but it didn't work. There were still large ports missing (can you spell Qt?) , and I ended up having to install the packages individually. And at least one port wouldn't build. This is all too fragile. But finally I got it built, and was able to run mythtv-setup with a debugger. All I needed was time to go through the sources, and today wasn't the day for that.

Thu, 12 May 2016 23:46:49 UTC

More MythTV fun

Posted By Greg Lehey

On somewhat half-heartedly with my MythTV build today. There must be a way to install all the dependencies as packages, rather than building them. But I didn't find an easy way. One Perl module included no less than 96 other dependencies, and that was the easy part. In the end I simply installed the MythTV package and then removed it again. And forgot to continue. ACM only downloads articles once.

Thu, 12 May 2016 18:00:00 UTC

Augeas: Updating of config files without ruining comments and formatting.

Posted By Tom Limoncelli

Wouldn't it be nice if you could write a program that could reach into an Apache config file (or an AptConf file, or an /etc/aliases file, Postfix, sshd/ssh config, sudoers, Xen conf, yum or other) make a change, and not ruin the comments and other formatting that exists? That's what Augeas permits you to do. If a config file's format as been defined in the Augeas "lens" language, you can then use Augeas to parse the file, pull out the data you want, plus you can add, change or delete elements too. When Augeas saves the file it retains all comments and formatting.

Thu, 12 May 2016 10:31:34 UTC

Hacking Gesture-Based Security

Posted By Bruce Schneier

Interesting research: Abdul Serwadda, Vir V. Phoha, Zibo Wang, Rajesh Kumar, and Diksha Shukla, "Robotic Robbery on the Touch Screen," ACM Transactions on Information and System Security, May 2016. Abstract: Despite the tremendous amount of research fronting the use of touch gestures as a mechanism of continuous authentication on smart phones, very little research has been conducted to evaluate how...

Wed, 11 May 2016 23:36:49 UTC

Evil Google revisited

Posted By Greg Lehey

Peter Jeremy took me to task for my comments on Google: I have no problems cutting/copying from with normal mouse operations. I suspect whatever browser you accessed the documentation from is busted. But no, it happens on multiple browsers, at least firefox, Chromium and Opera. With Chromium, when I press Ctrl-C, I get: Sorry, that's unpardonable. X provides the functionality out of the box.

Wed, 11 May 2016 23:09:03 UTC

More MythTV pain

Posted By Greg Lehey

On with my mythbuntu experiments today. Back to remembering how to install NFS and ssh on Linux. Surprise, surprise! They were already there. All I needed was to mount /eureka/home and copy my ssh stuff. Then I was able to move the machine to the lounge room, connect the tuner and run mythtv-setup. Somehow things didn't work right. Following the instructions, I should have selected Scan for channels in the Input connect... menu.

Wed, 11 May 2016 19:37:37 UTC

FTC Investigating Android Patching Practices

Posted By Bruce Schneier

It's a known truth that most Android vulnerabilities don't get patched. It's not Google's fault. They release the patches, but the phone carriers don't push them down to their smartphone users. Now the Federal Communications Commission and the Federal Trade Commission are investigating, sending letters to major carriers and device makers. I think this is a good thing. This is...

Wed, 11 May 2016 17:36:14 UTC

OReilly Hardware Podcast on the risks to the open Web and the future of the Internet of Things

Posted By Cory Doctorow

I appeared on the O’Reilly Hardware Podcast this week (MP3, talking about the way that DRM has crept into all our smart devices, which compromises privacy, security and competition. In this episode of the Hardware podcast, we talk with writer and digital rights activist Cory Doctorow. Hes recently rejoined the Electronic Frontier Foundation to fight... more

Wed, 11 May 2016 11:34:50 UTC

New Credit Card Scam

Posted By Bruce Schneier

A criminal ring was arrested in Malaysia for credit card fraud: They would visit the online shopping websites and purchase all their items using phony credit card details while the debugging app was activated. The app would fetch the transaction data from the bank to the online shopping website, and trick the website into believing that the transaction was approved,...

Wed, 11 May 2016 00:26:37 UTC

Google: don't be evil!

Posted By Greg Lehey

The mythbuntu documentation isn't their own; it's on It's conveniently set up to break X conventions. I can't copy text! I can mark it, but it doesn't get copied. When I right-click on the selection, I get: What braindeath is that? Microsoft, of course. And it doesn't work! Presumably Google is relying on their assumptions about the underlying window manager functionality. And for some reason it captures Ctrl-W too, so I can't close the window with the mouse. One more annoyance with Google.

Tue, 10 May 2016 23:35:49 UTC

Mythbuntu revisited

Posted By Greg Lehey

Why is MythTV pretending that my DVB-T tuner is a satellite tuner? One way to find out is to risk all kinds of physical and mental pain. Another would be to try a standard, out-of-the-box installation such as Mythbuntu (now mythbuntu, it seems) or KnoppMyth. My previous experiences with them were painful, too, but who knows what they're like now? Oh. No KnoppMyth any more. Now it's LinHES, an abbreviation that is intuitively recognizable. Which do I try? Last time round I settled on Mythbuntu, so that's what I tried first. First impressions: it looks a lot smoother. And the installation instructions point to this page about installing from a USB stick.

Tue, 10 May 2016 11:15:43 UTC

Children of Spies

Posted By Bruce Schneier

Fascinating story of Tim and Alex Foley, the children of Russian spies Donald Heathfield and Tracey Foley....

Tue, 10 May 2016 01:12:48 UTC

More free bandwidth!

Posted By Greg Lehey

Mail from Aussie Broadband today. Because I'm a loyal customer (how do you define that?) , they're giving me more traffic for the same price, 500 GB instead of 300 GB. That won't cost them anything: I'm not using my current allowance. I'm paying $60 a month, so this represents a price of $0.12 per GB. How things have changed since I got my first Internet connection in March 1992! Then I was paying 0.45 DM ($0.356 at today's exchange rate) per kilobyte! That corresponds to $356,000 per GB. So since then the data cost has gone down by 99.99996623%. So: how much traffic do I get for the next step down?

Tue, 10 May 2016 01:07:48 UTC

Future directions for Blackbox

Posted By Tom Limoncelli

I maintain an open source project called Blackbox which makes it easy to store GPG-encrypted secretes in Git, Mercurial, Subversion, and others. I've written up my ideas for where the project should go in the future, including renaming the commands, change where the keys are stored, add a "repo-less" mode, and possibly rewrite it in a different language: Feedback welcome! Tom

Tue, 10 May 2016 00:33:53 UTC

Peace in Our Time: how publishers, libraries and writers could work together

Posted By Cory Doctorow

Publishing is in a weird place: ebook sales are stagnating; publishing has shrunk to five major publishers; libraries and publishers are at each others’ throats over ebook pricing; and major writers’ groups are up in arms over ebook royalties, and, of course, we only have one major book retailer left — what is to be... more

Mon, 09 May 2016 18:15:02 UTC

Economist Detained for Doing Math on an Airplane

Posted By Bruce Schneier

An economics professor was detained when he was spotted doing math on an airplane: On Thursday evening, a 40-year-old man ­-- with dark, curly hair, olive skin and an exotic foreign accent --­ boarded a plane. It was a regional jet making a short, uneventful hop from Philadelphia to nearby Syracuse. Or so dozens of unsuspecting passengers thought. The curly-haired...

Mon, 09 May 2016 15:00:00 UTC

Preview a chapter of our new book in acmqueue magazine!

Posted By Tom Limoncelli

The new issue of acmqueue magazine contains a preview of a chapter from our next book, the 3rd edition of TPOSANA. This issue contains a preview of a chapter from our next book, the 3rd edition of TPOSANA. The chapter is called "The Small Batches Principle". We are very excited to be able to bring you this preview and hope you find the chapter fun and educational. The book won't be out until Oct 7, 2016, so don't miss this opportunity to read it early! ACM members can access it online for free, or a small fee gets you access to it online or via an app.

Mon, 09 May 2016 11:19:22 UTC

NIST Starts Planning for Post-Quantum Cryptography

Posted By Bruce Schneier

Last year, the NSA announced its plans for transitioning to cryptography that is resistant to a quantum computer. Now, it's NIST's turn. Its just-released report talks about the importance of algorithm agility and quantum resistance. Sometime soon, it's going to have a competition for quantum-resistant public-key algorithms: Creating those newer, safer algorithms is the longer-term goal, Moody says. A key...

Sun, 08 May 2016 23:22:05 UTC

ENIAC circuitry

Posted By Greg Lehey

Yesterday Diomidis Spinellis published a blog entry relating to a book he has been reading, ENIAC in Action. In particular, he had tracked down one of the valves used in the circuitry, a 7AK7 pentode. Somehow that designation looks Just Plain Wrong. One of the most common ways of naming valves of those days was, as here, a number, letters and number. The first number was the heater voltage, the letters were used for differentiation from other similar valves, and the second number was the number of external connections. So this valve should have a heater voltage of 7 V and also have 7 connections (heater, cathode, 3 grids and anode; the heater has two connections).

Sun, 08 May 2016 19:00:00 UTC

Hemlock Ocean

Posted By Tim Bray

I care most about the ocean, while Lauren cares more for the forest; fortunately the Pacific Northwest offers Cottage-Life compromises; illustrated with the help of a giant Hemlock. What happened was, a few years ago a construction project accidentally left behind a bare earth platform down near the water. We ordered 10kg of Coastal Forest Revegetation Seed Mix and used it liberally; now its a delightful little meadow, suitable for stretching out and considering the great seaside evergreens. Heres a sideways look, lying down. Fortunately nobody was nearby watching me scrunch myself down behind the camera and bend away unsightly blades.

Sun, 08 May 2016 00:37:07 UTC

X crashes hard

Posted By Greg Lehey

One of the alternatives for Al Jazeera is their own streaming service. By comparison, it has a number of disadvantages. By far the biggest is that there's no way to position the stream, though you can pause it. But that means starting at exactly the right time and waiting through things like weather forecasts for the Americas. By contrast, the YouTube version can be positioned back up to 2 hours. Today I was watching anyway when something happened that I have never seen before. First, the browser display froze. Then the X display went blankonly the one on which the browser was running (:0.1).

Sat, 07 May 2016 23:57:19 UTC

Streaming multimedia issues

Posted By Greg Lehey

Some months ago, SBS stopped daily broadcasts of news from Al Jazeera. That's a pity, because it's the only English-language news service that isn't tied to the viewpoint of a particular Western country. But I found a streaming service on YouTube: It's designated BETA, and for good reason. There seem to be significant issues with streaming, including various repeatable image reproduction problems such as image becoming unsharp and tearing. I can backspace and find exactly the same problem in the same place, so it doesn't seem to be related to my connection.

Sat, 07 May 2016 19:49:03 UTC

The Computer Tube

Posted By Diomidis D. Spinellis

I've been reading the book ENIAC in Action , which details the fascinating ten-year history of the first general-purpose programmable electronic computer. In it I found a reference to 7AK7, the so-called computer tube , which improved the reliability of tube computers.

Sat, 07 May 2016 01:12:54 UTC

Men's shed computer

Posted By Greg Lehey

Doug Braddy came by this afternoon to pick up his computer. Clearly he wasn't in a hurryit's been nearly a month. Over with him to the Men's shed and connected it up. They already have an Internet connection (National Broadband Network with Aussie Broadband), and they had taken the preconfigured router option, so I really didn't have much more to do than to plug the machine in, confirm that it couldn't recover from power failure during hibernation, and that the mouse was completely lame. Fortunately they had a new wireless mouse, and that, too, worked out of the box. Most of the time was spent waiting for Doug to find a power strip.

Sat, 07 May 2016 00:12:54 UTC

Men's shed computer

Posted By Greg Lehey

Doug Braddy came by this afternoon to pick up his computer. Clearly he wasn't in a hurryit's been nearly a month. Over with him to the Men's shed and connected it up. They already have an Internet connection (National Broadband Network with Aussie Broadband), and they had taken the preconfigured router option, so I really didn't have much more to do than to plug the machine in, confirm that it couldn't recover from power failure during hibernation, and that the mouse was completely lame. Fortunately they had a new wireless mouse, and that, too, worked out of the box. Most of the time was spent waiting for Doug to find a power strip.

Fri, 06 May 2016 21:11:56 UTC

Friday Squid Blogging: Firefly Squid in the News

Posted By Bruce Schneier

It's a good time to see firefly squid in Japan. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 06 May 2016 19:10:23 UTC

Dilbert on Electronic Voting Machines

Posted By Bruce Schneier

Accurate (the cartoon, not the machines)....

Fri, 06 May 2016 11:12:29 UTC

White House Report on Big Data Discrimination

Posted By Bruce Schneier

The White House has released a report on big-data discrimination. From the blog post: Using case studies on credit lending, employment, higher education, and criminal justice, the report we are releasing today illustrates how big data techniques can be used to detect bias and prevent discrimination. It also demonstrates the risks involved, particularly how technologies can deliberately or inadvertently perpetuate,...

Thu, 05 May 2016 19:00:00 UTC

10 git aliases I can't believe you don't have already

Posted By Tom Limoncelli

It makes me sad to see people type more than they have to. With these aliases, you reduce the 4 most common commands to 2 letter abbreviations: git config --global checkout git config --global branch git config --global commit git config --global status NOTE: This updates your ~/.gitconfig file and adds aliasses "co", "br", "ci", and "st". If you collaborate with others, git pull makes a messy log. Instead, always type git pull --rebase --ff-only. This will make the merge history a lot more linear when possible, otherwise it falls back to the normal pull behavior.

Thu, 05 May 2016 11:31:32 UTC

Own a Pair of Clipper Chips

Posted By Bruce Schneier

The AT&T TSD was an early 1990s telephone encryption device. It was digital. Voice quality was okay. And it was the device that contained the infamous Clipper Chip, the U.S. government's first attempt to put a back door into everyone's communications. Marcus Ranum is selling a pair on eBay. He has the decryption wrong, though. The TSD-3600-E is the model...

Wed, 04 May 2016 19:28:45 UTC

$7 Million Social Media Privacy Mistake

Posted By Bruce Schneier

Forbes estimates that football player Laremy Tunsil lost $7 million in salary because of an ill-advised personal video made public....

Wed, 04 May 2016 19:00:00 UTC

On Color

Posted By Tim Bray

I just enjoyed reading The Search for Our Missing Colors by Amos Zeeberg in The New Yorker, and it gives me mental wire to hang some words and pictures on color and its absence. Color is hard I spent a few years in the publishing-technology business. Id go to the conferences, and thered always be seminars and boot-camps on Color. Like, twelve hours over two days, advertised as An introduction to a few of the basic issues in color. Lightly processed: backed off the highlights, darkened the darks, sharpened a bit. And applied Lightrooms PROVIA/STANDARD profile. Spend a little while digging into gamuts and color spaces and Pantone and CMYK and transmission and emission and reflection and so on, and youll see what they mean.

Wed, 04 May 2016 11:51:25 UTC

Credential Stealing as an Attack Vector

Posted By Bruce Schneier

Traditional computer security concerns itself with vulnerabilities. We employ antivirus software to detect malware that exploits vulnerabilities. We have automatic patching systems to fix vulnerabilities. We debate whether the FBI should be permitted to introduce vulnerabilities in our software so it can get access to systems with a warrant. This is all important, but what's missing is a recognition that...

Wed, 04 May 2016 00:15:48 UTC

Auspost but no email

Posted By Greg Lehey

When I took my camera to the post office yesterday, they promised me that it would be in Sydney by this morning, and that I would receive email. Given that it took them nearly a week last time, I wasn't convinced. No email this morning. OK, where is it? Tracking number into the online tracker: Warning: fopen(/home/grog/ failed to open stream: No such file or directory in /usr/home/grog/ on line 1155 Can't open /home/grog/ Delivered! And then awaiting collection! How can that be? The wonders of reverse chronological listing! But where was my email?

Tue, 03 May 2016 21:20:50 UTC

I am Satoshi Nakamoto, inventor of Bitcoin

Posted By Tom Limoncelli

There is a long and fraught history in Bitcoin of claims and counterclaims about who Satoshi is. I might as well confess that he is me. I come forward at this time because Craig Wright claims to be Satoshi and I can't stand such intentional scammery. If you read any of my pre-Bitcoin books, you'll see there are many pages where the first letter of each line reads "I am Satoshi Nakamoto" and "Someday I will invent Bitcoin". If you can't find the page that contains this, buy more copies of the books. You just haven't found the right one. Please use this link, since it includes my Amazon Associates code.

Tue, 03 May 2016 18:10:03 UTC

Julian Sanchez on the Feinstein-Burr Bill

Posted By Bruce Schneier

Two excellent posts....

Tue, 03 May 2016 18:02:52 UTC

The open webs guardians are acting like its already dead

Posted By Cory Doctorow

The World Wide Web Consortium — an influential standards body devoted to the open web — used to make standards that would let anyone make a browser that could view the whole Web; now they’re making standards that let the giant browser companies and giant entertainment companies decide which browsers will and won’t work on... more

Mon, 02 May 2016 23:41:50 UTC

NBN Satellite: Salvation!

Posted By Greg Lehey

Julie Donaghy posted a reference to this article on Facebook today: The National Broadband Networks new Sky Muster satellite is now operational. So? It seems that there are enough people waiting for it, not understanding the issues. The alternative would be to put a fixed wireless antenna on a tower. That would cost money, of course, but satellite connections are more expensive, so it could make itself paid. Time for an explanation page. ACM only downloads articles once.

Mon, 02 May 2016 20:45:31 UTC

Fake Security Conferences

Posted By Bruce Schneier

Turns out there are two different conferences with the title International Conference on Cyber Security (ICCS 2016), one real and one fake. Richard Clayton has the story....

Mon, 02 May 2016 14:01:13 UTC

Vulnerabilities in Samsung's SmartThings

Posted By Bruce Schneier

Interesting research: Earlence Fernandes, Jaeyeon Jung, and Atul Prakash, "Security Analysis of Emerging Smart Home Applications": Abstract: Recently, several competing smart home programming frameworks that support third party app development have emerged. These frameworks provide tangible benefits to users, but can also expose users to significant security risks. This paper presents the first in-depth empirical security analysis of one such...