Blog Archive: May 2012

Thu, 31 May 2012 23:51:09 UTC


Posted By Ulrich Drepper

I've updated the pagein tool to compile with a recent valgrind version. The tarball also contains a .spec file. I had to work around a bug in valgrind in Fedora 16 and 17.The tarball

Thu, 31 May 2012 19:00:00 UTC

Thai Poutine

Posted By Tim Bray

No, thats not a typo. Ive always seen Poutine as the Great Québec Mistake, a culinary misadventure which for some reason has become sort of hip in our nations downtowns. Basically its fries and gravy and cheese. Except when its in a Thai restaurant. Here we have deep-fried taro root with a lemongrass-chili sauce over tofu and hot peppers. I tried it. It wasnt terrible. It wasnt poutine either, which correlates. This is at one of our local joints, named Bob Likes Thai Food; on the long walls are aggressively-modern paintings of a fork on one side, a spoon on the other; labeled Bobs Fork and Bobs Spoon.

Thu, 31 May 2012 18:19:52 UTC

Tax Return Identity Theft

Posted By Bruce Schneier

I wrote about this sort of thing in 2006 in the UK, but it's even bigger business here: The criminals, some of them former drug dealers, outwit the Internal Revenue Service by filing a return before the legitimate taxpayer files. Then the criminals receive the refund, sometimes by check but more often though a convenient but hard-to-trace prepaid debit card....

Thu, 31 May 2012 11:17:28 UTC

Bar Code Switching

Posted By Bruce Schneier

A particularly clever form of retail theft -- especially when salesclerks are working fast and don't know the products -- is to switch bar codes. This particular thief stole Lego sets. If you know Lego, you know there's a vast price difference between the small sets and the large ones. He was caught by in-store surveillance....

Thu, 31 May 2012 00:38:41 UTC

Finally a use for tablets

Posted By Greg Lehey

When taking photos like today's comparative photos, it's good to have the original at hand to compare. In the past I've done things like printing out a hard copy or dragging a laptop around with me, but both are clumsy. Recently it occurred to me that my GPS navigator is really an adapted tablet, and it does have software to display photos (as long as you truncate the names), so today I copied the photos to the navigator and carried that around with me for the comparisons. Did it work better? Marginally. I can put the navigator in my pocket, but clearly not a laptop.

Thu, 31 May 2012 00:27:02 UTC

Backing up the Friend' computers

Posted By Greg Lehey

While in town, also to the Friends of the Ballarat Botanical Gardens to back up their computer. To my surprise, everything Just Worked: on plugging in the disk, I was offered a number of choices of what to do with it. Possibly out of embarrassment the option of using it as a backup disk was hidden beyond the end of the too-short selection window, but once I found it it was relatively trivial to set it up and start a backup. Next time I'm there I'll take a look at what it did.

Wed, 30 May 2012 17:54:29 UTC

The Psychology of Immoral (and Illegal) Behavior

Posted By Bruce Schneier

When I talk about Liars and Outliers to security audiences, one of the things I stress is our traditional security focus -- on technical countermeasures -- is much narrower than it could be. Leveraging moral, repetitional, and institutional pressures are likely to be much more effective in motivating cooperative behavior. This story illustrates the point. It's about the psychology of...

Wed, 30 May 2012 11:44:56 UTC

The Problem of False Alarms

Posted By Bruce Schneier

The context is tornado warnings: The basic problem, Smith says, it that sirens are sounded too often in most places. Sometimes they sound in an entire county for a warning that covers just a sliver of it; sometimes for other thunderstorm phenomena like large hail and/or strong straight-line winds; and sometimes for false alarm warnings ­ warnings for tornadoes that...

Tue, 29 May 2012 23:37:39 UTC

More panorama fun

Posted By Greg Lehey

Into the office this morning with a firm resolve to do something else than play with panorama viewers. I failed. With a bit of comparison, it didn't take me too long to debug my scripts, and I even found a way to find the error in the configuration file. firefox complained about it: And after fixing that, Emacs indeed agreed that the data was well-formed. Gradually worked out other strangenesses, notably the tricks necessary to get Hugin to create correct equirectangular images: in the Stitcher tab you need to set the field of view to 360×180, and to set the crop to the complete image.

Tue, 29 May 2012 19:07:49 UTC

Backdoor Found in Chinese-Made Military Silicon Chips

Posted By Bruce Schneier

We all knew this was possible, but researchers have found the exploit in the wild: Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption...

Tue, 29 May 2012 11:03:48 UTC

Interview with a Safecracker

Posted By Bruce Schneier

The legal kind. It's interesting: Q: How realistic are movies that show people breaking into vaults? A: Not very! In the movies it takes five minutes of razzle-dazzle; in real life it's usually at least a couple of hours of precision work for an easy, lost combination lockout. [...] Q: Have you ever met a lock you couldn't pick? A:...

Tue, 29 May 2012 01:35:17 UTC

Updating Microsoft

Posted By Greg Lehey

While I was at it with Microsoft, finally paid attention to the warnings that kept showing up: Your computer is in danger. Automatic updates are turned off. I've always been afraid of automatic updates, but maybe they have a point. So I turned them on again and got 97 updates for braindeath and 111 for smart, the VM box. And after braindeath came back, I had no net connectivity. Given that I use rdesktop to access it, that's serious. Turned the KVM to the monitor output and saw a message saying Malware removed. Click here for more information, which disappeared before I could get the mouse there.

Tue, 29 May 2012 00:39:15 UTC

Cracking the Salado

Posted By Greg Lehey

My experience with SaladoConverter yesterday wasn't the best, but the promise of the rewards kept me going todayall day long. Clearly the problem I had with braindeath had less to do with Salado or Java than it did with the messed-up configuration on the box. I have another couple of Microsofts, including one in a VM, where I'm less concerned about messing things up. So I installed Java on it, and how about that! It worked! There are still a number of loose ends with the conversions. The SaladoConverter documentation states that I need an equirectangular projection, and that's easy enough to make with Hugin.

Tue, 29 May 2012 00:09:27 UTC

Two Sessions: C++ Concurrency and Parallelism  2012 State of the Art (and Standard)

Posted By Herb Sutter

Its time for, not one, but two brand-new, up-to-date talks on the state of the art of concurrency and parallelism in C++. Im going to put them together especially and only for C++ and Beyond 2012, and Ill be giving them nowhere else this year: C++ Concurrency  2012 State of the Art (and Standard) [...]

Mon, 28 May 2012 15:48:11 UTC

Temprature Management in Data Centers

Posted By James Hamilton

Cooling is the largest single non-IT (overhead) load in a modern datacenter. There are many innovative solutions to addressing the power losses in cooling systems. Many of these mechanical system innovations work well and others have great potential but none are as powerful as simply increasing the server inlet temperatures. Obviously less cooling is cheaper than more. And, the higher the target inlet temperatures, the higher percentage of time that a facility can spend running on outside air (air-side economization) without process-based cooling.   The downsides of higher temperatures are 1) high semiconductor leakage losses, 2) higher server fan speed which increases the losses to air moving, and 3) higher server mortality rates.

Mon, 28 May 2012 11:58:33 UTC

My Last Post About Ethnic Profiling at Airports

Posted By Bruce Schneier

Remember my rebuttal of Sam Harris's essay advocating the profiling of Muslims at airports? That wasn't the end of it. Harris and I conducted a back-and-forth e-mail discussion, the results of which are here. At 14,000+ words, I only recommend it for the most stalwort of readers....

Mon, 28 May 2012 00:03:59 UTC

Java hell

Posted By Greg Lehey

Continued investigating my problems with SaladoConverter today. It looked as if I needed a CLASSPATH: === [email protected] (/dev/pts/8) ~ 59 -> export CLASSPATH=/usr/local/jdk1.6.0/lib === [email protected] (/dev/pts/8) ~ 60 -> java SaladoConverter.jar Exception in thread "main" java.lang.NoClassDefFoundError: SaladoConverter/jar ... At least part of it was just learning how to start it. It seems that the correct invocation was wrong. What I needed was: === [email protected] (/dev/pts/8) ~ 67 -> java -jar SaladoConverter.jar === [email protected] (/dev/pts/8) ~ 68 -> echo $? 0 The only problem was, it didn't do anything.

Sun, 27 May 2012 19:00:00 UTC

Z/1 Unaweep

Posted By Tim Bray

So, I bought this new pair of sandals and theyre just so great I had to pass the word along. No, this is not going to become a product-placement blog (and who here hasnt wondered how much it costs to get talked up on Dooce?) No shoe company is paying for this. (Well, theres an Amazon affiliate link; Ill be rich, I tell you, rich!) I hate shoes, except for certain hiking gear. No shoe Ive ever worn hasnt made my feet sweaty and uncomfortable. So as soon as its warm enough, the shoes go in the cupboard and stay there till autumn.

Sun, 27 May 2012 01:27:14 UTC

Animating panoramas

Posted By Greg Lehey

One of the things that Cartola suggested months ago was that I should use some kind of browser plugin to animate my panoramas. One of the more promising looking ones was SaladoPlayer, which I tried some months ago and with which I ran into documentation problems. Tried again today and got as far as being able to install and display the demonstration panoramas, but to run my own I had to convert the format, which involved the use of SaladoConverter, a Java application. I have Java installed, but don't use it, and the first attempts to run it were less than encouraging: === [email protected] (/dev/pts/8) ~ 29 -> java SaladoConverter.jar Exception in thread "main" java.lang.NoClassDefFoundError: SaladoConverter/jar Caused by: java.lang.ClassNotFoundException: SaladoConverter.jar         at$         at Method)         at         at java.lang.ClassLoader.loadClass( ...

Sat, 26 May 2012 19:00:00 UTC

On Being the New Boss

Posted By Tim Bray

Theres been a lot of linkage this week to David Lowerys Meet The New Boss, Worse Than The Old Boss? Lowery is a music-biz insider, and says hes also a geek; and he really, really hates people like me. He makes some really interesting points; unfortunately, he comes across as a jerk. Tl;dr Which for those who dont know is Net-jargon for Too long; didnt read; it can be used both as a comment, and to tag a summary that precedes anything longish. Lets do both here. First off, Lowerys piece could have been condensed to a third of its length by a good editor.

Fri, 25 May 2012 21:01:55 UTC

Friday Squid Blogging: Squid Ink from the Jurassic

Posted By Bruce Schneier

Seems that squid ink hasn't changed much in 160 million years. From this, researchers argue that the security mechanism of spraying ink into the water and escaping is also that old. Simon and his colleagues used a combination of direct, high-resolution chemical techniques to determine that the melanin had been preserved. The researchers also compared the chemical composition of the...

Fri, 25 May 2012 15:00:00 UTC

Re: My question for LOPSA board candidates

Posted By Tom Limoncelli

[Note: This is a first draft and needs a lot of editing but I know I'm not really going to come back and edit it so I might as well post it today.] LOPSA had their first "meet the candidates" a few weeks ago. I had blogged ahead of time the question I was planning to ask. The question: "I'd like to know about your experience with community-based projects. Please tell us about a project that you took responsibility for seeing through to completion. Please, only projects that are "done" or have reached a self-sustaining mode only. One or two sentences is fine.

Fri, 25 May 2012 11:44:23 UTC

Today is Towel Day

Posted By Tom Limoncelli

Don't forget!

Fri, 25 May 2012 11:43:23 UTC

The Explosive from the Latest Foiled Al Qaeda Underwear Bomb Plot

Posted By Bruce Schneier

Interesting: Although the plot was disrupted before a particular airline was targeted and tickets were purchased, al Qaeda's continued attempts to attack the U.S. speak to the organization's persistence and willingness to refine specific approaches to killing. Unlike Abdulmutallab's bomb, the new device contained lead azide, an explosive often used as a detonator. If the new underwear bomb had been...

Fri, 25 May 2012 01:44:39 UTC

Stipend competition to attend 2012 USENIX Women in Advanced Computing Summit

Posted By Tom Limoncelli

Quoting from email I received: LOPSA is pleased that USENIX shares our goal of bringing attention to the various issues facing women in our industry by hosting the Women in Advanced Computing Summit. This summit is part of their Federated Conferences week, which also includes the ATC conference and others. LOPSA would like to show our support in this area and provide something concrete toward the topic. Matt (from the LOPSA Board) came up with a great idea to provide a stipend to assist someone in attending the conference. We will award based on submission of an essay, but I'll leave those details to the posting about it.

Fri, 25 May 2012 00:26:59 UTC

Retouching panoramas revisited

Posted By Greg Lehey

Interesting message about Hugin in the mail today: how to fill in untidy pieces of the panorama. Just what I need for the panoramas of the Botanical Gardens I took two weeks ago, and which I tried to retouch with very limited success last week. Bruno Postle posted a link to a tutorial. The trick is to include additional images (in this case copies of existing images) without control points, but it left a few questions open. After a lot of experimentation, found a way to do it. The rest of this entry will form the basis of a tutorial. First align the base images: Clearly the hands in the sky need to go away.

Thu, 24 May 2012 19:00:00 UTC

Diablo III

Posted By Tim Bray

Im really not much of a gamer; but I did the Diablo dance back in the day, and have enjoyed revisiting the franchise. Herewith remarks on that thing thats been responsible for so many red-rimmed eyes at early meetings this last couple of weeks. D3 isnt just flawed fun, its interesting in a serious way, I think. I just finished taking a Demon Hunter (now L31) through Normal mode, playing only an hour and a bit in the late evenings. It was fun. In D2 I was an Amazon guy, and enough of the old reflexes still worked that I usually didnt feel like a complete idiot.

Thu, 24 May 2012 16:31:46 UTC

The Ubiquity of Cyber-Fears

Posted By Bruce Schneier

A new study concludes that more people are worried about cyber threats than terrorism. ...the three highest priorities for Americans when it comes to security issues in the presidential campaign are: Protecting government computer systems against hackers and criminals (74 percent) Protecting our electric power grid, water utilities and transportation systems against computer or terrorist attacks (73 percent) Homeland security...

Thu, 24 May 2012 11:17:59 UTC

The Banality of Surveillance Photos

Posted By Bruce Schneier

Interesting essay on a trove on surveillance photos from Cold War-era Prague. Cops, even secret cops, are for the most part ordinary people. Working stiffs concerned with holding down jobs and earning a living. Even those who thought it was important to find enemies recognized the absurdity of their task. I take photos all the time and these empty blurry...

Thu, 24 May 2012 01:29:46 UTC

Don't trust The Complete FreeBSD

Posted By Greg Lehey

One of the reasons I wrote The Complete FreeBSD was to force myself to learn the things that I needed to document. And so, although it's coming on 10 years since the last edition, I frequently refer to it. Today I had the task of setting up access control for the private pages on the Friends of the Ballarat Botanical Gardens web site. Simple: it's on page 498 of the online version. Set up a .htaccess file, create a password with dbmmanage, and you're away. And that's how I did it in the past. Problem is, it doesn't work any more. I got messages like: [Wed May 23 04:58:40 2012] [error] [client] user grog not found: /mypages/ That's not a password mismatch: the server just couldn't find the user.

Wed, 23 May 2012 19:00:00 UTC


Posted By Tim Bray

Theres this blog called FOSS PATENTS written by a Florian Mueller, and when a software-patent-related issue heats up, reporters often seek out his comments for their stories. Im not sure this is a good idea, and Id like to offer some evidence; articles he wrote on a currently-hot story back in October 2010 and November 2010. This is a small but representative sample of his (many) offerings on the subject. Im not mad at Florian, who has every right to publish his opinions.

Wed, 23 May 2012 17:32:12 UTC

Lessons in Trust from Web Hoaxes

Posted By Bruce Schneier

Interesting discussion of trust in this article on web hoaxes. Kelly's students, like all good con artists, built their stories out of small, compelling details to give them a veneer of veracity. Ultimately, though, they aimed to succeed less by assembling convincing stories than by exploiting the trust of their marks, inducing them to lower their guard. Most of us...

Wed, 23 May 2012 14:28:21 UTC

Urs Holzle @ Open Networking Summit 2012

Posted By James Hamilton

Untitled 1 p.MsoNormal {margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif"; margin-left: 0in; margin-right: 0in; margin-top: 0in; } a:link {color:blue; text-decoration:underline; text-underline:single; } p.MsoListParagraph {margin-top:0in; margin-right:0in; margin-bottom:0in; margin-left:.5in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif"; } Urs Holzle did the keynote talk at the 2012 Open Networking Summit where he focused on Software Defined Networking in Wide Area Networking. Urs leads the Technical Infrastructure group at Google where he is Senior VP and Technical Fellow. Software defined networking (SDN) is the central management of networking routing decisions rather than depending upon distributed routing algorithms running semi-autonomously on each router.  Essentially what is playing out in the networking world is a replay of what we have seen in the server world across many dimensions.

Wed, 23 May 2012 12:25:35 UTC

Privacy Concerns Around "Social Reading"

Posted By Bruce Schneier

Interesting paper: "The Perils of Social Reading," by Neil M. Richards, from the Georgetown Law Journal. Abstract: Our law currently treats records of our reading habits under two contradictory rules ­ rules mandating confidentiality, and rules permitting disclosure. Recently, the rise of the social Internet has created more of these records and more pressures on when and how they should...

Wed, 23 May 2012 02:23:01 UTC

Close that tcpdump!

Posted By Greg Lehey

While looking around the server for the PHP problem, found this: USER      PID %CPU %MEM    VSZ   RSS  TT  STAT STARTED      TIME COMMAND root    90550  0.0 20.4 135716 50768  p3- S    26Dec10 109:52.79 tcpdump icmp 19 months! Fortunately it was probably writing to the controlling terminal, which had gone away. I should keep a better eye on this box, though.

Wed, 23 May 2012 01:45:47 UTC

PHP: can't find preg_match

Posted By Greg Lehey

I've been dragging my heels on getting the membership lists for the Friends of the Ballarat Botanical Gardens online. It's a non-trivial amount of work, and I took the easy way out and used phpMyEdit to do the work. Put that up on the server and found: Fatal error: Call to undefined function preg_match() in /usr/local/www/data/pedit/phpMyEdit.class.php on line 2787 Huh? preg_match() is part of the base PHP installation, and has been for ever (well, since 4.2.0). Went and checked: my server is deliberately not up to date (that would require rebooting and destroying the current uptime of 1332 days), but it's not that old.

Tue, 22 May 2012 18:10:22 UTC

Racism as a Vestigal Remnant of a Security Mechanism

Posted By Bruce Schneier

"Roots of Racism," by Elizabeth Culotta in Science: Our attitudes toward outgroups are part of a threat-detection system that allows us to rapidly determine friend from foe, says psychologist Steven Neuberg of ASU Tempe. The problem, he says, is that like smoke detectors, the system is designed to give many false alarms rather than miss a true threat. So outgroup...

Tue, 22 May 2012 11:24:51 UTC

Security Incentives and Advertising Fraud

Posted By Bruce Schneier

Details are in the article, but here's the general idea: Let's follow the flow of the users: Scammer buys user traffic from and sends it to HQTubeVideos. HQTubeVideos loads, in invisible iframes, some parked domains with innocent-sounding names (, etc). In the parked domains, ad networks serve display and PPC ads. The click-fraud sites click on the ads that...

Mon, 21 May 2012 19:00:00 UTC

Uncrippling Tablets

Posted By Tim Bray

David Weinberger points out in Will tablets always make us non-social consumers? that tablets imply a less-interactive lean-back relationship with the Internet and thus the world. Its possible we can fix this by just uncrippling the keyboard; I cant really have a conversation with the world if I cant jam text in fast, interrupting bursts of high-word-flow with flurries of local edits. I sure dont want to live in a lean-back world.

Mon, 21 May 2012 16:09:30 UTC

The problem with nerd politics

Posted By Cory Doctorow

Here's a podcast of my last Guardian column, The problem with nerd politics: Since the earliest days of the information wars, people who care about freedom and technology have struggled with two ideological traps: nerd determinism and nerd fatalism. Both are dangerously attractive to people who love technology. In "nerd determinism," technologists dismiss dangerous and … [Read more]

Mon, 21 May 2012 15:32:57 UTC

Portrait of a Counterfeiter

Posted By Bruce Schneier

Interesting article from Wired....

Mon, 21 May 2012 00:41:14 UTC

More hugin strangenesses

Posted By Greg Lehey

While playing around with hugin exposure blending, managed somehow to create a completely nonsensical stitching pattern: These were the same images as I had been processing all the time, and they lined up well. And this was just after reading in the .pto project file that had already lined them up correctly. What was wrong? After a bit of checking, discovered that during my EXIF copying experiments, I had accidentally copied the EXIF data from a panorama to one of its components.

Mon, 21 May 2012 00:29:13 UTC

avidemux2: the inflexibility of Microsoft under X

Posted By Greg Lehey

Yvonne wanted to upload a video to YouTube today, but it was too long, so she asked me to cut it into manageable pieces for her. Not a problem: I've been there before with avidemux2. So I fired it up, processed, saved it and... couldn't find the result. On further examination, I found: === [email protected] (/dev/pts/0) /Photos/yvonne/20120425 13 -> avidemux2_gtk Maureen-on-Morena-1 *************************   Avidemux v2.5.6 ************************* (hundreds of lines of debug output omitted) So the cwd was /Photos/yvonne/20120425. But there was nothing there. Tried again and looked at the save page and found: This horrible program has completely ...

Sat, 19 May 2012 23:42:08 UTC

More panorama experiments

Posted By Greg Lehey

Last week I did experiments with multiple alternate exposures from the same position and aligned together, but stitching only one version. That allowed me to make several panoramas with different appearance, and was particularly useful in the case of the garden SE panorama that includes the shade area and the sky. Today I looked at two other panoramas. One of the problems with the verandah panorama is the lighting in the back corner, so today I put a remote-controlled studio flash in the room next to it and let it fire on that area: On the whole, that didn't look particularly good.

Sat, 19 May 2012 19:00:00 UTC

Laugh at an Eagle

Posted By Tim Bray

Theyre serious, fierce-looking birds; except when theyre not. These two were hanging out next to our cabin, so I settled down with the big lens on the camera, hoping to get a dramatic shot of one or both taking wing. One somehow snuck off while I wasnt looking, and then the other decided it needed to clean up. This went on for a remarkably long time. I can report that the process works great; that was a fine-looking eagle when it finally flew away. I missed that shot too.

Sat, 19 May 2012 00:53:41 UTC

USB problems software, not hardware?

Posted By Greg Lehey

For a long time I've had continual problems with a number of different USB devices on a number of different computers. About the only thing in commonmost of the time, anywayis the operating system: FreeBSD. Is there some problem there? Or are most USB devices just flaky? It's not as if I haven't had USB problems with other operating systems, after all, and the fact that it happens less often might just be due to the fact that I don't use them as often. Today I had a number of disk errors while backing up my photos. It could be the disk, of course, but there was something funny about them.

Fri, 18 May 2012 21:26:57 UTC

Friday Squid Blogging: Squid Scalp Massager

Posted By Bruce Schneier

Cheap! As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 18 May 2012 11:06:51 UTC

Kip Hawley Reviews Liars and Outliers

Posted By Bruce Schneier

In his blog: I think the most important security issues going forward center around identity and trust. Before knowing I would soon encounter Bruce again in the media, I bought and read his new book Liars & Outliers and it is a must-read book for people looking forward into our security future and thinking about where this all leads. For...

Fri, 18 May 2012 00:19:52 UTC

Backing up the Friends's computers

Posted By Greg Lehey

The real reason for my attendance was to complete some of the jobs I had with the Friends' computers: a new CRT monitor for one with a damaged LCD monitor, setting up an account for non-privileged users on their new laptop, and installing the new backup disk. The latter proved more difficult than I thought. Yes, it's trivial to install a USB disk, but the box said it contained backup software. So it did, too, an extended trial, after which you have to buy it. Somehow that's not my style, so I gave up. I'll have to investigate what we can use instead.

Thu, 17 May 2012 17:28:45 UTC

Cybersecurity at the Doctor's Office

Posted By Bruce Schneier

I like this essay because it nicely illustrates the security mindset....

Thu, 17 May 2012 17:06:03 UTC

VC++ and Win8 Metro apps: May 18, livestream and on-demand

Posted By Herb Sutter

Reblogged from Sutters Mill: Want to know how to write cool tablet apps using Visual C++? On May 18, Microsoft is hosting a one-day free technical event for developers who want to write Metro apps for Windows 8 using Visual C++. Im giving the opening talk, and the rest of the day is full of [...]

Thu, 17 May 2012 12:41:03 UTC


Posted By Diomidis D. Spinellis

Even by our fields dizzying rate of progress I wouldnt expect to revisit the subject of version control just six years after I first wrote about it in this column ( Version Control Systems . Software , 22(5):108109, September/October 2005). Yet here we are. The new kid on the block is git, a distributed revision control system available on all mainstream development platforms through a Free Software license. Git, a brainchild of Linus Torvalds, began its life in 2005 as the revision management system used for coordinating the development of the Linux kernel. Over the years its functionality, portability, efficiency, and third-party adoption have evolved by leaps and bounds to make it its categorys leader.

Thu, 17 May 2012 12:20:14 UTC

Rules for Radicals

Posted By Bruce Schneier

It was written in 1971, but this still seems like a cool book: For an elementary illustration of tactics, take parts of your face as the point of reference; your eyes, your ears, and your nose. First the eyes: if you have organized a vast, mass-based people's organization, you can parade it visibly before the enemy and openly show your...

Thu, 17 May 2012 05:09:56 UTC

HTML mail revisited

Posted By Greg Lehey

While at the Friends, Genevieve asked me how to incorporate the FBBG banner in outgoing emails. Aaargh! HTML mail with gratuitous images! The horror! That's been my standpoint since HTML mail first came out, but I'm beginning to wonder how tenable it is. HTML is still an issue for email, and certainly I'd hate to see us send out messages only in HTML, but in some cases it makes sense. Is this one of them? Maybe. The typical Friend is probably used to it, and getting a message only in monospace text would probably appear unprofessional.

Thu, 17 May 2012 04:58:48 UTC

Backing up the Friends

Posted By Greg Lehey

While in the area, dropped in at the Ballarat Botanical Gardens to visit Genevieve Lowe at the Friends. It seems they have a new computer for the accounts, and there's no backup. Coincidentally Liz Gilfillan, the president, walked in, and I got authorization from her to buy a 1 TB USB disk for backups. Down to Officeworks, where the prices for external disks blew me awayup to $279 for a 2 TB unit, and the cheapest was $127. That's a big difference from last June, when the cheapest 2 TB unit was $98. Is that still the effect of the Thai floods last year?

Wed, 16 May 2012 18:50:05 UTC

USB Drives and Wax Seals

Posted By Bruce Schneier

Need some pre-industrial security for your USB drive? How about a wax seal? Neat, but I recommend combining it with encryption for even more security!...

Wed, 16 May 2012 11:15:10 UTC

Security Vulnerabilities in Airport Full-Body Scanners

Posted By Bruce Schneier

According to a report from the DHS Office of Inspector General: Federal investigators "identified vulnerabilities in the screening process" at domestic airports using so-called "full body scanners," according to a classified internal Department of Homeland Security report. EPIC obtained an unclassified version of the report in a FOIA response. Here's the summary....

Wed, 16 May 2012 00:11:52 UTC

Blood pressure monitors

Posted By Greg Lehey

While taking things apart, also took a look at my old blood pressure monitor. I'm pretty sure the inaccuracy is due to the too-fast release of pressure, and I suspected that it might be possible to adjust it. Found the release valve under the circuit board (on the right in the second image, connected by the blue cables): Unfortunately there's nothing there to adjust.

Tue, 15 May 2012 11:17:04 UTC

U.S. Exports Terrorism Fears

Posted By Bruce Schneier

To New Zealand: United States Secretary of Homeland Security Janet Napolitano has warned the New Zealand Government about the latest terrorist threat known as "body bombers." [...] "Do we have specific credible evidence of a [body bomb] threat today? I would not say that we do, however, the importance is that we all lean forward." Why the headline of this...

Tue, 15 May 2012 01:23:05 UTC

Electric collar: useless!

Posted By Greg Lehey

It's been nearly a month since we got a new remote control electric collar for Nemo. This one workedonce. The contacts to the skin look dubious, but the real problem seemed to be battery consumption. Since there were no instructions, and there appeared to be no way to turn the receiver off, I removed the battery after every use. Despite that, the battery was flat within an hour or two of use. So we bought a new one$7.50, a significant proportion of the $28 we paid for the collar. And it was drained in a similar time. So we ordered a pack of 8 from China (also about $7.50 for the lot), and they arrived today.

Mon, 14 May 2012 17:37:36 UTC

Advance praise for Pirate Cinema

Posted By Cory Doctorow

My next YA novel is Pirate Cinema, which hits stands on Oct 2. The book has been complete for a long time, and now is the part in its lifecycle where it is in ballistic flight, having been launched from my device with all the skill and concentration that I can muster, with nothing else … [Read more]

Mon, 14 May 2012 15:47:57 UTC

The problem with nerd politics

Posted By Cory Doctorow

The Guardian

Mon, 14 May 2012 15:47:38 UTC

Nerd fatalism, nerd determinism: the problem with nerd politics

Posted By Cory Doctorow

My latest Guardian column is "The problem with nerd politics," and it discusses the twin evils of "nerd determinism" and "nerd fatalism" -- both convenient excuses for people who care about technology policy to avoid politics. In "nerd determinism," technologists dismiss dangerous and stupid political, legal and regulatory proposals on the grounds that they are … [Read more]

Mon, 14 May 2012 15:40:37 UTC

Why the death of DRM would be good news for readers, writers and publishers

Posted By Cory Doctorow

Here's a podcast of my last Guardian column, Why the death of DRM would be good news for readers, writers and publishers: At the end of April, Tor Books, the world's largest science fiction publisher, and its UK sister company, Tor UK, announced that they would be eliminating digital rights management (DRM) from all of … [Read more]

Mon, 14 May 2012 11:19:44 UTC

The Trouble with Airport Profiling

Posted By Bruce Schneier

Why do otherwise rational people think it's a good idea to profile people at airports? Recently, neuroscientist and best-selling author Sam Harris related a story of an elderly couple being given the twice-over by the TSA, pointed out how these two were obviously not a threat, and recommended that the TSA focus on the actual threat: "Muslims, or anyone who...

Mon, 14 May 2012 07:21:11 UTC

Im Still Alive&

Posted By Jeff Barr

I can’t believe I haven’t had time to write a single post so far this year. Here’s what I have been up to: Blogging up a storm on The AWS Blog. Taping episodes of my video podcast, The AWS Report: … Continue reading →

Mon, 14 May 2012 05:01:00 UTC

Dynamic Content Support in Amazon CloudFront

Posted By Werner Vogels

In the past three and a half years, Amazon CloudFront has changed the content delivery landscape. It has demonstrated that a CDN does not have to be complex to use with expensive contracts, minimum commits, or upfront fees, such that you are forcibly locked into a single vendor for a long time. CloudFront is simple, fast and reliable with the usual pay-as-you-go model. With just one click you can enable content to be distributed to the customer with low latency and high-reliability. Today Amazon CloudFront has taken another major step forward in ease of use. It now supports delivery of entire websites containing both static objects and dynamic content.

Mon, 14 May 2012 01:18:00 UTC

Date Arithmetic

Posted By Benjamin Mako Hill

When I set an alarm, my clock, now running on the computer in my pocket, is smart enough to tell me how much time will pass until the alarm is scheduled to sound. This has eliminated the old problem of sleeping past meetings before being surprised by an alarm precisely half a day after I had originally planned to wake. The price has been having to know exactly how little I will sleep: a usually depressing fact that had previously been obscured by my difficulty doing time arithmetic in my most somnolent moments.

Mon, 14 May 2012 00:57:00 UTC

Diamond Clarity

Posted By Benjamin Mako Hill

I3’I2’I1’SI2’SI1’VS2’VS1’VVS2’VVS1’IF’FL The GIA diamond clarity scale, shown above, is rather opaque.

Sun, 13 May 2012 19:00:00 UTC


Posted By Tim Bray

Particularly intense botanical red; it remains the Achilles heel of the sensor in many (all?) digicams. I often see things in my garden that I just cant get close to with the combination of camera and screen; hm, perhaps the problem is computer screens not camera sensors? Here we have some Japanese maple leaves against blue sky. The leaves were actually redder than this, but at least the sensor, while losing some of the intensity, managed to get close to the tint.

Sat, 12 May 2012 23:59:41 UTC

More photo experiments

Posted By Greg Lehey

It's mid-autumn, and it shows: I still have issues getting good shadow detail in my images. In the image above I went back to the HDR techniques I've been using earlier, but in general that doesn't seem to be the best choice. One of the main issues is that when taking panoramas, the canonical instructions are to give each component image the same exposure. That gives rise to images like this from the north view sequence (in this case without any further processing): Clearly that's completely underexposed (3 EV, in fact), but another image to the left is correctly exposed (for the highlights): ...

Fri, 11 May 2012 21:58:04 UTC

Friday Squid Blogging: New Book on Squid

Posted By Bruce Schneier

Kraken: The Curious, Exciting, and Slightly Disturbing Science of Squid. And a review. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 11 May 2012 11:42:22 UTC

Smart Phone Privacy App

Posted By Bruce Schneier

MobileScope looks like a great tool for monitoring and controlling what information third parties get from your smart phone apps: We built MobileScope as a proof-of-concept tool that automates much of what we were doing manually; monitoring mobile devices for surprising traffic and highlighting potentially privacy-revealing flows [...] Unlike PCs, we have little control over the underlying privacy and security...

Fri, 11 May 2012 08:05:21 UTC

Seattle library hides 1,000 books around town for young people to find

Posted By Cory Doctorow

The Seattle Public Library system's annual Summer Reading Program is called Century 22: Read the Future, and is tied in with the 50th anniversary of the Seattle World's Fair. Young people are encouraged to scour the city's landmarks for 1,000 books hidden throughout town, and then to re-hide them for other kids to find. Among … [Read more]

Fri, 11 May 2012 05:00:00 UTC

Tom @ LOPSA PICC 2012, New Brunswick, NJ, May 11-12, 2012

Posted By Tom Limoncelli

I'll be there any I hope you will be there too!

Thu, 10 May 2012 10:46:52 UTC

Security Fail

Posted By Bruce Schneier


Thu, 10 May 2012 00:01:00 UTC

Panel Discussion on Open Source Testing Tools

Posted By Robert V. Binder

A few days ago, I participated in a panel discussion on using open source tools for testing at the QUEST conference with the two founders of Selenium: Jason Huggins of Sauce Labs and Simon Stewart of Google. Before the panel … Continue reading →

Thu, 10 May 2012 00:01:00 UTC

Panel Discussion on Open Source Testing Tools

Posted By Robert V. Binder

A few days ago, I participated in a panel discussion on open source tools for testing at the QUEST conference with the two founders of Selenium: Jason Huggins of Sauce Labs and Simon Stewart of Google. Before the panel started we chatted a bit with the moderator. We couldn’t come up with any contentious issues, so [...]

Thu, 10 May 2012 00:01:00 UTC

Panel Discussion on Open Source Testing Tools

Posted By Robert V. Binder

A few days ago, I participated in a panel discussion on open source tools for testing at the QUEST conference with the two founders of Selenium: Jason Huggins of Sauce Labs and Simon Stewart of Google. Before the panel started we chatted a bit with the moderator. We couldn’t come up with any contentious issues, so [...]

Wed, 09 May 2012 23:41:53 UTC

Keyboards: end of an era?

Posted By Greg Lehey

My new Sun keyboard arrived today (left). Not quite what they advertised (right): In particular, the Return key is completely different, and that was one of the aspects I looked at before ordering it. I'll have to see whether I can come to terms with it or not. In addition, it has British key caps (£ over the 3 key, for example), and there's at least one extra key to the left of the Z key, marked \ and |, but in the default map it produces < and >.

Wed, 09 May 2012 21:00:00 UTC

AWS re: Invent

Posted By Werner Vogels

Hundreds of thousands of businesses in over 190 countries are relying on AWS to support some or all of their business and IT needs. From SAP and Oracle production installations to risk management HPC, from Internet banking to protein folding, from social gaming to mobile collaboration tools, from video distribution to hotel reservations systems, supply chain management and medical archiving, the list of what our customers achieve using the AWS cloud is fascinating. Many of our customers will tell you that although the cost savings that AWS brings them are important, more important is that they are able to be more agile, that they are able to move faster in a world with murderous competition and highly compressed time-to-markets.

Wed, 09 May 2012 19:00:00 UTC

CL XVII: Faraways

Posted By Tim Bray

Its May so Cottage Life is recurring. On the island, many of the things one sees and wishes to photograph are far away thus must be captured through fairly specialized lenses which tend to impose their perceptions, particularly when the lenses are elderly and actually not that elite. Here are three of those. The lens in question is my Tokina f5.6 400mm, which has a story attached. I processed these in Lightroom. It has a superb noise-reduction module, which on this occasion I wished had negative settings to crank up the vintage-telephoto grainy dreaminess. Which would probably betray truth-before-beauty.

Wed, 09 May 2012 11:24:17 UTC

RuggedCom Inserts Backdoor into Its Products

Posted By Bruce Schneier

All RuggedCom equipment comes with a built-in backdoor: The backdoor, which cannot be disabled, is found in all versions of the Rugged Operating System made by RuggedCom, according to independent researcher Justin W. Clarke, who works in the energy sector. The login credentials for the backdoor include a static username, "factory," that was assigned by the vendor and can't be...

Wed, 09 May 2012 01:51:46 UTC

Geekdad on Great Big Beautiful Tomorrow

Posted By Cory Doctorow

Erik Wecks has a thoughtful and smart analysis of my little book The Great Big Beautiful Tomorrow in Wired's GeekDad today (spoilers ahoy!)

Wed, 09 May 2012 00:49:02 UTC

Computer crash

Posted By Greg Lehey

dereel, my main machine, crashed (or rather, hung) this afternoon. Nothing in the log files, which is normal enough. That's why I log remotely to another machine, in this case cojones, the machine that is connecting me to the Internet until the NBN radiation tower is finally complete. But something went wrong there: syslogd hung itself up a month ago and I didn't notice, so there's no evidence of what caused the hang. On the bright side, this happens so seldom that it's worth mentioning here.

Wed, 09 May 2012 00:45:26 UTC

NBN tower: the lunatic fringe continues

Posted By Greg Lehey

Bad news from Amy Boyd of the Golden Plains Shire Council: somebody (not yet known who, but we can guess) has put in an objection to the erection of the NBN tower. That means it goes to the VCAT to waste our time and their money. Now it's unlikely that it will be operational before Christmas.

Tue, 08 May 2012 21:00:00 UTC

Expanding the Cloud for Windows Developers

Posted By Werner Vogels

The software that powers todays world of Internet services has become incredibly diverse. Todays announcement of Amazon RDS for Microsoft SQL Server and .NET support for AWS Elastic Beanstalk marks another important step in our commitment to increase the flexibility for AWS customers to use the choice of operating system, programming language, development tools and database software that meet their application requirements. Using the AWS Toolkit for Visual Studio, you can now deploy your .NET applications to AWS Elastic Beanstalk directly from your Visual Studio environment without changing any code. You can then off load the management and scaling of your database and application stack to Amazon RDS and AWS Elastic Beanstalk, and focus on adding value to your customers.

Tue, 08 May 2012 19:00:00 UTC


Posted By Tim Bray

Ive been working on some ideas for clean-screen apps; instead of controlling them with the touch screen, you wave your device around or tap it or shake it. To do this, Ive been learning about the output of the sensors you find on Android devices. Ive found that the documentation, while complete, contains some scary-looking math and assumes you know more about quaternions and rotation vectors than the average developer. Well, more than I do. So I created a little app called Sensplore which captures sensor data, dresses it up in CSV (spreadsheet) format, and emails it to you. Its Apache2-licensed on Google code; for those who just want to run it, go hit Google Play Apps.

Tue, 08 May 2012 18:14:17 UTC

A Foiled Terrorist Plot

Posted By Bruce Schneier

We don't know much, but here are my predictions: There's a lot more hyperbole to this story than reality. The explosive would have either 1) been caught by pre-9/11 security, or 2) not been caught by post-9/11 security. Nonetheless, it will be used to justify more invasive airport security....

Tue, 08 May 2012 12:03:52 UTC

Overreacting to Potential Bombs

Posted By Bruce Schneier

This is a ridiculous overreaction: The police bomb squad was called to 2 World Financial Center in lower Manhattan at midday when a security guard reported a package that seemed suspicious. Brookfield Properties, which runs the property, ordered an evacuation as a precaution. That's the entire building, a 44-story, 2.5-million-square-foot office building. And why? The bomb squad determined the package...

Tue, 08 May 2012 00:50:16 UTC

Catching missing images

Posted By Greg Lehey

All this photo reprocessing brings a danger, of course: I could rename or remove an image to which I have referred on a web page. I already have a 404 document that sends me email if a page on my site refers to a non-existent page, and that has greatly improved things. But you don't get a 404 for a missing image. On the other hand, nearly all my images are generated by a PHP function, so it's (relatively) easy to check whether the image exists or not. The difficulty is mapping the URL to the local path name. I got that done, and I was still having it claim that the images didn't exist.

Mon, 07 May 2012 19:00:00 UTC


Posted By Tim Bray

Two wet rhodos and a tricolor carpet. First the carpet. This is the grass under the magnolia tree, which accounts for the pink and green; the blue comes from the Spanish Bluebells, which will probably dead by the time you read this, since theyre wildly invasive and have to be beaten back regularly. Now the rhododendron. I was having trouble figuring out which to run and decided, as on too many other occasions, that bits are pretty well free.

Mon, 07 May 2012 17:04:24 UTC

A Prose By Any Other Name

Posted By Cory Doctorow

Here's a podcast of my last Locus column, A Prose By Any Other Name: Back in 2005, I did something weird. I decided that I would embark on a project to write short stories with the same (or similar) titles to famous science fiction books and stories. My initial motivation for this was Ray Bradbury … [Read more]

Mon, 07 May 2012 14:42:14 UTC

VC++ and Win8 Metro apps: May 18, livestream and on-demand

Posted By Herb Sutter

Want to know how to write cool tablet apps using Visual C++? On May 18, Microsoft is hosting a one-day free technical event for developers who want to write Metro apps for Windows 8 using Visual C++. Im giving the opening talk, and the rest of the day is full of useful technical information on [...]

Mon, 07 May 2012 13:22:11 UTC

Makers, the Masters thesis

Posted By Cory Doctorow

Noah Brewer just successfully defended his MA English thesis Re-Makers: The Novel in Digital Collaborative Space at the University of Georgia. As the title implies, the piece is about my novel Makers. It's a smart piece of work, and I'm both tickled and honored.

Mon, 07 May 2012 11:52:51 UTC

Naval Drones

Posted By Bruce Schneier

With all the talk about airborne drones like the Predator, it's easy to forget that drones can be in the water as well. Meet the Common Unmanned Surface Vessel (CUSV): The boat -- painted in Navy gray and with a striking resemblance to a PT boat -- is 39 feet long and can reach a top speed of 28 knots....

Mon, 07 May 2012 00:10:50 UTC

Spammers in glass houses

Posted By Greg Lehey

Recently I have been inundated with spam with subject lines like Employment you've been searching! and New job vacancy - see details. Much of it came from people I know, notably in the FreeBSD project, but even more came from me myself. The messages clearly come from combinations of user and ISP that can be broken in to, and about the only thing they have in common is a line matching the regexp please reply to .*,with, notably with a missing space after the comma. So, is somebody trying to discredit Looking at the whois data, it seems not:    Domain Name: EMPLOYMENTEU.COM    Updated Date: 04-may-2012    Creation Date: 04-may-2012 Registrant Contact:    Jordan R.

Sun, 06 May 2012 00:33:28 UTC

101 uses for a dead computer

Posted By Greg Lehey

Once upon a time a computer was something expensive. Now we're throwing out computers that could still run rings round a CDC 7600, the supercomputer of my youth. Talking with Chris Yeardley after dinner and discovered that I had at least 20 computers, not counting motherboards, in and around my office, most of them functional and a number belong to Chris. Chris suggested that we should write an article 101 uses for a dead computer, so I brought out a handful of laptops and we started playing around: ...

Sat, 05 May 2012 01:43:38 UTC

Finally, a new keyboard

Posted By Greg Lehey

It's been three months since I started looking for a new keyboard. Surprisingly, my current one, now pushing 23 years old, has recovered somewhat and now no longer bounces as much as it did. In the meantime I've been looking for a cheap Sun Type 7 keyboard, which looks relatively similar and has a USB connector: In particular, there are 10 keys in 2 columns to the left of the main keyboard. Yes, I know, they have special functions under Solaris, but in the end they only generate scan codes, so I can modify a key map to get them to generate F1 to F10.

Sat, 05 May 2012 01:31:54 UTC

Forwarding and maintaining headers

Posted By Greg Lehey

Yesterday I had to admit I was wrong: most MUAs discard most headers when forwarding email, even mutt. Well, maybe. The real issue is what is meant by forwarding. There are three different approaches: Simply forward a message the way an MTA would do, putting in a Resent-From: header to show what has happened. In this case, of course, the headers are intact. Create a message containing the quoted text of the old message.

Sat, 05 May 2012 01:15:09 UTC

Another network hang

Posted By Greg Lehey

Into the office this morning to find us off the Net again, since nearly 9 hours. The ppp process was running, signal strength was normal, no messages in /var/log/ppp.log. But a ping gave me ping: sendto: No buffer space available. Restarted PPP, and things worked again. Somehow there are too many things that can cause link interruptions. When I started keeping records, it was to monitor ADSL line quality, and I had good metrics from the modem to help me. Now the problems can be this horrible flaky Huawei 1762 USB toy, the link itself, or the Optus network behind it. Once it gets to Internode, I have not (yet) had any further problems.

Fri, 04 May 2012 23:16:20 UTC

Looking for compiler engineers

Posted By Herb Sutter

Are you a compiler engineer or know one, and looking for interesting work on a top-notch team? Were hiring. (That particular link says two openings, but there are more.) Filed under: C++, Microsoft

Fri, 04 May 2012 21:01:04 UTC

Friday Squid Blogging: Squid Bicycle Parking Sculpture

Posted By Bruce Schneier

Neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 04 May 2012 19:00:00 UTC

Ghost Fluff

Posted By Tim Bray

Actually, the title is The Ghost Writer; I first noticed it in a movie my neighbor on a plane was watching and thought the visuals were pretty good. Which is relevant because the book turns out to be more or less perfect airline fluff: High velocity, a powerful hook into the real world, and very competent writing. The premise is that a recently-exited British Prime Minister who looks and smells and sounds like Tony Blair gets in a bunch of trouble for having facilitated torture in the War-on-Terror context, just as his autobiographys ghost writer turns up dead. The point-of-view is the replacement ghosts, and while theres no actual violence, the sense of offscreen menace is satisfyingly high.

Fri, 04 May 2012 18:31:57 UTC

Tampon-Shaped USB Drive

Posted By Bruce Schneier

This vendor is selling a tampon-shaped USB drive. Although it's less secure now that there are blog posts about it....

Fri, 04 May 2012 11:31:19 UTC

Facial Recognition of Avatars

Posted By Bruce Schneier

I suppose this sort of thing might be useful someday. In Second Life, avatars are easily identified by their username, meaning police can just ask San Francisco-based Linden Labs, which runs the virtual world, to look up a particular user. But what happens when virtual worlds start running on peer-to-peer networks, leaving no central authority to appeal to? Then there...

Fri, 04 May 2012 05:40:32 UTC

What Ive learned by writing stories with the same titles as famous books

Posted By Cory Doctorow

My latest Locus column, "A Prose By Any Other Name," is a state-of-the-project report on my longrunning habit of writing science fiction stories with the same titles as famous books, and the interesting things I've discovered about creativity and my subconscious along the way. The more I thought about writing stories with borrowed titles, the … [Read more]

Fri, 04 May 2012 00:52:08 UTC

Email, gmail and other strangenesses

Posted By Greg Lehey

More playing around with the Friends of the Ballarat Botanical Gardens email today. Further investigation of the issue of headers in forwarded mail messages show that I was just plain wrong, and Sean is right: just about no MUA, not even mutt, preserves headers in forwarded messages. I was really thinking of bouncing, not forwarding, and that's something that Microsoft-space MUAs don't seem to understand. In the process, discovered things about gmail that were less than pleasant: apart from an inability to configure many things (like date formats, for example), I can't find any way to edit outgoing messages. Yes, it opens up a form on the web browser, but unlike most forms, I can't redirect this one to a real editor.

Fri, 04 May 2012 00:19:45 UTC

Unable to start X

Posted By Greg Lehey

Into the office this morning to discover my mouse limping. It moved relatively smoothly over the root window, but it kept sticking when moving over other windows. I don't understand the details of the mouse processing in X in any detail, but at the very least it needs to send messages to the window, as a quick play with xev indicates: MotionNotify event, serial 27, synthetic NO, window 0x6a00004,     root 0x501, subw 0x0, time 2584229172, (128,68), root:(133,89),     state 0x0, is_hint 0, same_screen YES Looking at my X server, it had been running for a while, and had hit nearly a gigabyte of memory: USER         PID %CPU %MEM   VSZ   RSS    TT  STAT STARTED      TIME COMMAND root   ...

Thu, 03 May 2012 19:23:01 UTC

Structured Speaking

Posted By Tom Limoncelli

I've found that a structure that gives obvious "book-ends" around each topic make it easier for the audience to follow. Most of my talks lately have been either 4-5 small case studies or a Top 10 List. Each case study is a repetition of "who are the players, what happened, what did we learn". The repetition gives the audience a clear understanding of "we're moving to the next topic now" because they see the pattern. In a Top 10 list there is the obvious "book end" of announcing the next number. I started doing this after seeing too many presentations where the presenter runs topic to topic smeared together with very little separation.

Thu, 03 May 2012 17:53:28 UTC

Reader Q&A: What about VC++ and C99?

Posted By Herb Sutter

I occasionally get asked about whether, or how well, Visual C++ supports C99. This week, I just posted two replies to this questions on UserVoice (merged below). Last fall, I also answered it in an interview with Dr. Dobbs (recommended for some rationale discussion). The short answer is that Visual C++s focus is to support [...]

Thu, 03 May 2012 16:21:21 UTC

Why the death of DRM would be good news for readers, writers and publishers

Posted By Cory Doctorow

The Guardian

Thu, 03 May 2012 16:21:01 UTC

What dropping DRM across the industry would do for publishing

Posted By Cory Doctorow

My latest Guardian column, "Why the death of DRM would be good news for readers, writers and publishers," looks at the wider consequences of Tor Books' dropping DRM on its ebooks, and what it would mean for writers and publishers if DRM was dropped across the industry: oat. Back when ebook sales began to kick … [Read more]

Thu, 03 May 2012 11:22:45 UTC

Criminal Intent Prescreening and the Base Rate Fallacy

Posted By Bruce Schneier

I've often written about the base rate fallacy and how it makes tests for rare events -- like airplane terrorists -- useless because the false positives vastly outnumber the real positives. This essay uses that argument to demonstrate why the TSA's FAST program is useless: First, predictive software of this kind is undermined by a simple statistical problem known as...

Thu, 03 May 2012 00:49:51 UTC

Migrating from TransACT

Posted By Greg Lehey

Yesterday's experience made it clear that we should migrate email for the Friends of the Ballarat Botanical Gardens from TransACT to gmail as soon as possible. The first step, of course, is to forward the messages from TransACT until we can wean people from sending them there in the first placea problem not made any simpler by the fact that messages continue to be sent from that address without a Reply-To: header. But how? I couldn't find anything. So I tried calling TransACT technical support at 13 30 61. Optus regrets that the number you have dialled has been disconnected. Repeatedly.

Wed, 02 May 2012 20:00:34 UTC

Big in Japan!

Posted By Cory Doctorow

I'm incredibly chuffed to learn that the Japanese edition of Little Brother is up for this year's Seiun award, along with Bacigalupi's Windup Girl, Mieville's The City & the City, Wilson's Chronoliths, Delany's Dhalgren and Ballad's Millennium People.

Wed, 02 May 2012 19:00:00 UTC

Browsers and Apps in 2012

Posted By Tim Bray

Its like this: The browsers doomed, because apps are the future. Wait! Apps are doomed because HTML5 is the future. I see something almost every day saying one or the other. Only its mostly wrong. [If you dont want to read my opinions, hop to the end of this post for months & months worth of links to things I thought worth reading on the subject.] Apps Win If you want immersive/interactive polish, with ultra-fine control over your gradients and textures and how the things on the screen react to being touched, you need an app. If you want to capture what the phone can see, permute that images colors based on how hard you shake it, and vibrate in the users hand to say its time to stop shaking, you need an app.

Wed, 02 May 2012 17:41:39 UTC

Al Qaeda Steganography

Posted By Bruce Schneier

The reports are still early, but it seems that a bunch of terrorist planning documents were found embedded in a digital file of a porn movie. Several weeks later, after laborious efforts to crack a password and software to make the file almost invisible, German investigators discovered encoded inside the actual video a treasure trove of intelligence -- more than...

Wed, 02 May 2012 12:10:38 UTC

Cybercrime as a Tragedy of the Commons

Posted By Bruce Schneier

Two very interesting points in this essay on cybercrime. The first is that cybercrime isn't as big a problem as conventional wisdom makes it out to be. We have examined cybercrime from an economics standpoint and found a story at odds with the conventional wisdom. A few criminals do well, but cybercrime is a relentless, low-profit struggle for the majority....

Wed, 02 May 2012 00:15:44 UTC

Where does that malware come from?

Posted By Greg Lehey

After months of inactivity, the Friends of the Ballarat Botanical Gardens have come back to life. Today I got a number of mail messages from the mail address that I'm trying to close down: it's in the TransACT domain, so not only does it not reflect our domain, but it also ties us to TransACT. The more I look at that, the less sense it makes. One of the messages looked very dubious: From [email protected] Tue May  1 11:28:06 2012 Received: from         (SquirrelMail authenticated user [email protected])         by with HTTP;         Tue, 1 May 2012 11:28:06 +1000 (EST) Message-ID: <[email protected]> Date: Tue, 1 May 2012 11:28:06 +1000 (EST) Subject: Email update request From: "Friends of Ballarat Botanic Gardens" <[email protected]> To: [email protected] User-Agent: SquirrelMail/1.4.9a ---------------------------- Original Message ---------------------------- Subject: e-mail verifications From: ...

Tue, 01 May 2012 12:31:44 UTC

When Investigation Fails to Prevent Terrorism

Posted By Bruce Schneier

I've long advocated investigation, intelligence, and emergency response as the places where we can most usefully spend our counterterrorism dollars. Here's an example where that didn't work: Starting in April 1991, three FBI agents posed as members of an invented racist militia group called the Veterans Aryan Movement. According to their cover story, VAM members robbed armored cars, using the...