Blog Archive: June 2012

Sat, 30 Jun 2012 19:00:00 UTC


Posted By Tim Bray

The other reviews of the Nexus Seven out there are probably unbiased, but theyre awfully rushed (VergeGadget get em on the air in less than 24 hours, which is impressive, but still). Mine are presumably biased, but the fruit of much longer exposure. Mine are absolutely biased by my powerful conviction that the 7-inch form factor is the right one for most personal uses of a tablet. (10-inch wins for sharing across the desk or along the sofa). Screen Its good enough. Any pixel density north of 200dpi or so is fine for me; I care more about color. Which on the 7 is more honest than your typical ultrasaturated Samsung, but on the other hand, I cant actually say that my pictures look better.

Sat, 30 Jun 2012 01:43:03 UTC

Tablets: the down side for non-users

Posted By Greg Lehey

Earlier this week I returned the Android tablet to ALDI without even trying some of the features: it's so not for me that I couldn't be bothered. And the basic disadvantage (no keyboard) is so basic that I don't see myself trying another. But that doesn't mean that tablet pain is over. A few months back I took to adding this line to my .sig: Sent from my desktop computer. That was a direct reference to other messages I receive with the text: Sent from my iPad Note lack of full stop at the end of the sentence.

Sat, 30 Jun 2012 00:50:28 UTC

More lazy load stuff

Posted By Greg Lehey

The lazy loading of images was quite successful, but invariably there were issues. Peter Jeremy uses links, a lynx-like web browser with some graphics functionality. It doesn't do JavaScript, of course, so it was a good test for the code I wrote. It failed: The intention is that the image on the left (clearly a placeholder while I find something more amusing) should be replaced by the one on the right when it is loaded. But links showed both.

Fri, 29 Jun 2012 21:14:36 UTC

Friday Squid Blogging: Another Giant Squid Found

Posted By Bruce Schneier

A dead 13-foot-long giant squid has been found off the coast of New South Wales. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 29 Jun 2012 19:47:28 UTC

FireDogLake Book Salon for Liars and Outliers

Posted By Bruce Schneier

Here's the permalink....

Fri, 29 Jun 2012 19:41:39 UTC

C&B Session: atomic<> Weapons  The C++11 Memory Model and Modern Hardware

Posted By Herb Sutter

Heres another deep session for C&B 2012 on August 5-8  if you havent registered yet, register soon. We got a bigger venue this time, but as I write this the event is currently almost 75% full with five weeks to go. I know, Ive already posted three sessions and a panel. But theres just [...]

Fri, 29 Jun 2012 19:00:00 UTC

Now on Identity

Posted By Tim Bray

As of July 1, Im moving from Googles Android team to our Identity group, to work on OAuth, OpenID, and that sort of stuff. Back to being a full-time Web guy, for a while anyhow. Why? Several reasons. First, it was made increasingly obvious to me that I wouldnt be successful in the Android group unless I moved to headquarters, which really isnt an option for me. Second, Android has the best engineering team its ever been my privilege to work with, but its sort of a silo, and all-engrossing; Its easy to lose sight of the vast and wondrous landscape of online technologies and cultures.

Fri, 29 Jun 2012 11:35:28 UTC

On Securing Potentially Dangerous Virology Research

Posted By Bruce Schneier

Abstract: The problem of securing biological research data is a difficult and complicated one. Our ability to secure data on computers is not robust enough to ensure the security of existing data sets. Lessons from cryptography illustrate that neither secrecy measures, such as deleting technical details, nor national solutions, such as export controls, will work. --------- Science and Nature have...

Fri, 29 Jun 2012 01:19:41 UTC

Lazy loading photos

Posted By Greg Lehey

My diary and other web pages contain a large number of photos, and they're generally larger than those on the average web page. This makes itself noticeable when loading diary pages for previous months: even the thumbnail images add up to several MB of data. That's particularly silly when I include a link like this one, which doesn't include many images. Nevertheless, the whole 5 MB or so of thumbnails gets loaded. This page is for the whole month of March 2011, and it's 5800 lines long. Clearly what's needed is to only load the images if they are to be displayed.

Thu, 28 Jun 2012 13:50:43 UTC

Nuclear Fears

Posted By Bruce Schneier

Interesting review -- by David Roepik -- of The Rise of Nuclear Fear, by Spencer Weart: Along with contributing to the birth of the environmental movement, Weart shows how fear of radiation began to undermine society's faith in science and modern technology. He writes "Polls showed that the number of Americans who felt 'a great deal' of confidence in science...

Wed, 27 Jun 2012 13:30:01 UTC

Puget Sound (Seattle + Eastside) Summer Movies for 2012

Posted By Jeff Barr

Back by popular demand, I present to you the definitive list of outdoor movies for the Puget Sound area. I’ve scoured the web to find every single venue. If I have missed any, leave me a comment or send me … Continue reading →

Wed, 27 Jun 2012 11:35:37 UTC

Top Secret America on the Post-9/11 Cycle of Fear and Funding

Posted By Bruce Schneier

I'm reading Top Secret America: The Rise of the New American Security State, by Dana Priest and William M. Arkin. Both work for The Washington Post. The book talks about the rise of the security-industrial complex in post 9/11 America. This short quote is from Chapter 3: Such dread was a large part of the post-9/11 decade. A culture of...

Wed, 27 Jun 2012 11:30:31 UTC

Russian Nuclear Launch Code Backup Procedure

Posted By Bruce Schneier

If the safe doesn't open, use a sledgehammer: The sledgehammer's existence first came to light in 1980, when a group of inspecting officers from the General Staff visiting Strategic Missile Forces headquarters asked General Georgy Novikov what he would do if he received a missile launch order but the safe containing the launch codes failed to open. Novikov said he...

Wed, 27 Jun 2012 01:32:41 UTC

Microwave oven race condition

Posted By Greg Lehey

We have a Panasonic NN-ST666W microwave oven, now about 5 years old. When it's finished, it signals the fact with 5 loud beeps in 1 second intervals. Long ago I discovered that I could silence it if I pressed the Reset button during that time. Over the years, I've made a game of trying to hit Reset exactly when the first beep starts. It's not easy: hit even a small fraction of a second too early, and it stops counting down. Hit too late and you get a longer beep. Today, finally, I got it exactly on the end. And it reset the time of day clock!

Tue, 26 Jun 2012 20:54:37 UTC

Final episode of Search Engine podcast

Posted By Cory Doctorow

The very last episode of TVOntario's Search Engine's just went out (MP3), and I'm honored to say that it's an interview with me. I started out with Search Engine when it was a broadcast on CBC radio, and I've been pleased to appear on the show several times since it moved to TVO. Host Jesse … [Read more]

Tue, 26 Jun 2012 19:00:00 UTC

Android at IO 2012

Posted By Tim Bray

I was co-lead for the Android sessions at Google IO this year, so Ive seen basically every session, most of them twice, some even more. Heres a highly personal guide to the ten Id go to if I had to pick just ten. 1. Whats New in Android The nature of a keynote means that theres not much room for technical depth on whatever it is we announce there. This is for that. 2. Marketing 101 for Developers You may not like marketing, but the mobile field is pretty crowded so you probably have to do some, along with all that engineering.

Tue, 26 Jun 2012 18:57:43 UTC

E-Mail Accounts More Valuable than Bank Accounts

Posted By Bruce Schneier

This informal survey produced the following result: "45% of the users found their email accounts more valuable than their bank accounts." The author believes this is evidence of some sophisticated security reasoning on the part of users: From a security standpoint, I cant agree more with these people. Email accounts are used most commonly to reset other websites account passwords,...

Tue, 26 Jun 2012 16:00:00 UTC

Half-baked thought of the day: job titles

Posted By Tom Limoncelli

Is the person that hand-crafts a bed out of wood he personally chopped from the forest, designed, and built doing the same job as someone that builds a bed factory that makes 100 beds a day? I don't think so. So why do we use the same job title for a person at a 10-person company that maintains 1-2 custom-built, servers, and spends 70% of his or her day answer user questions as the person that maintains a massive 1,000-CPU cluster using Cfengine/Puppet/Chef to orchestrate hundreds of web front-ends, dozens of database servers, and huge numbers of application servers all mass-produced and automated?

Tue, 26 Jun 2012 11:39:19 UTC

Stratfor on the Phoenix Serial Flashlight Bomber

Posted By Bruce Schneier


Tue, 26 Jun 2012 04:16:23 UTC

Google admits that Platos cave doesnt exist

Posted By Cory Doctorow

Here's a podcast of my recent Guardian column, Google admits that Plato's cave doesn't exist: Google's official communiques tell the world that SEO isn't necessary  so long as you "make great content", you'll get higher rankings. The implication is that Google has discovered a mathematical model of relevance, a way of measuring some objective … [Read more]

Tue, 26 Jun 2012 01:15:27 UTC

USB stick recovery: the wrong way

Posted By Greg Lehey

Last night David Yeardley gave me a USB stick which Microsoft recognized, but which it didn't mount. At the very least probably some kind of data corruption. So I took it with me to see if I could recover it. Started off by putting it in dereel, my main machine. I should know better; I've had difficulties in this area before with that machine, which seems to have strangenesses in the USB subsystem. I had them again today. Somehow errors on one USB device affect the entire disk subsystem, and the machine gradually ground to a halt. Left it rebooting and moved on to lagoon, Yvonne's machine.

Mon, 25 Jun 2012 16:17:21 UTC


Posted By Bruce Schneier

There was a conference on resilience (highlights here, and complete videos here) earlier this year. Here's an interview with professor Sander van der Leeuw on the topic. Although he never mentions security, it's all about security. Any system, whether its the financial system, the environmental system, or something else, is always subject to all kinds of pressures. If it can...

Mon, 25 Jun 2012 15:29:35 UTC

A Systematic Methodology for Testing Mobile Apps

Posted By Robert V. Binder

I’ve developed a systematic methodology to design a mobile app test suite and offer an online course that teaches this methodology. The course assumes manual testing, but is completely applicable to testing with any automated tool.  Click here to … Continue reading →

Mon, 25 Jun 2012 15:29:35 UTC

A Systematic Methodology for Testing Mobile Apps

Posted By Robert V. Binder

I’ve developed a systematic methodology to design a mobile app test suite and offer an online course that teaches this methodology. The course assumes manual testing, but is completely applicable to testing with any automated tool.  Click here to view the course notes, which incude a list of specific design techniques and some background [...]

Mon, 25 Jun 2012 15:29:35 UTC

A Systematic Methodology for Testing Mobile Apps

Posted By Robert V. Binder

I’ve developed a systematic methodology to design a mobile app test suite and offer an online course that teaches this methodology. The course assumes manual testing, but is completely applicable to testing with any automated tool.  Click here to view the course notes, which incude a list of specific design techniques and some background [...]

Mon, 25 Jun 2012 15:00:00 UTC

Discrimination means missing out on hiring the best sysadmins

Posted By Tom Limoncelli

Rikki Endsley posted to Google Plus this week:I saw this tweet today from a hiring manager: "Just interviewed for a sysadmin. I'm struggling since she has no social footprint. Is that wrong, or should social be key?" What are your thoughts on a 'social footprint' requirement for sysadmins? link I'm very disturbed hearing a hiring manager say this. " Social Footprint" means how visible the person is on social networks like Facebook, G+, Twitter and so on. What does that have to do with whether or not the person is a good system administrator? It could be a bad thing if it means the person is anti-social or doesn't keep up with the latest innovations.

Mon, 25 Jun 2012 14:03:30 UTC

Interviews with Intel Futurist Brian David Johnson about futurism, society, technology and science fiction

Posted By Cory Doctorow

I did a series of interviews with Intel Futurist Brian David Johnson, as part of my involvement in The Tomorrow Project, which resulted in my writing Knights of the Rainbow Table. Here they are!

Mon, 25 Jun 2012 11:58:25 UTC

Op-ed Explaining why Terrorism Doesn't Work

Posted By Bruce Schneier

Good essay by Max Abrams. I've written about his research before....

Mon, 25 Jun 2012 05:18:27 UTC

Makers remixed in C#

Posted By Cory Doctorow

Supreet Kaur made this delightful C# remix of a pivotal scene in Makers, as part of the coursework for a Game Design degree in London. The remix scored an A+ -- congrats, Supreet!

Mon, 25 Jun 2012 01:13:30 UTC

ImageMagick strangenesses

Posted By Greg Lehey

Part of the photographic processing was documenting things, of course. The comparison images I did of the Hugin fast panorama preview required cropping. For them to work right, they had to be exactly the same crop. Fine, that's what ImageMagick is for. And, not for the first time, I had the devil's own job to get it to crop the way I wanted. Somehow ImageMagick thinks differently from me. In principle, I wanted a 400×330 crop, so I entered: === [email protected] (/dev/pts/10) ~/Photos/20120623 23 -> convert pano-preview-1.gif  -crop 400x330+1190+400 pano-preview-1-detail.gif But, as the documentation tells you if you bother to read it, that doesn't change the size of the canvas, and you end up with a big, empty image with a small crop visible.

Sun, 24 Jun 2012 19:00:00 UTC

A Novel with Three Codas

Posted By Tim Bray

I just read Redshirts by John Scalzi, and enjoyed it hugely; to the extent that the family on the other side of the room wondered why I kept cackling out loud, over on the sofa. The book is silly and sentimental and extremely far-fetched, and at the same time very good, with a strong central idea and a loveable cast. Also its not afraid to mess with your mind a little. Anyone who knows what a redshirt is will enjoy this book. While thats a Star Trek reference, you dont have to think that Star Trek was actually good to appreciate it.

Sat, 23 Jun 2012 23:49:49 UTC

Elect a brainless spammer!

Posted By Greg Lehey

Received unusual spam today: Friend -- Iâ¬"m Andy Miller, campaign manager for Joe â¬SThe Plumberâ¬\\235 Wurzelbacher, who is running for Congress in Ohioâ¬"s 9th district. They say competition is good for everyone, so how about a friendly competition to see who wants a 15-term, far-left liberal out of office the most? Because thatâ¬"s exactly what weâ¬"re doing! Render badly? Yes, that seems to be deliberate. Look at the markup, in particular the nested <strong> tags with no displayable content: <meta content="text/html; charset=windows-1252" http-equiv="Content-Type" /> Friend -- <strong><strong><br /><br /></strong></strong>Iâ¬"m Andy Miller, campaign manager for Joe â¬SThe Plumberâ¬\235 Wurzelbacher, who is running for Congress in Ohioâ¬"s 9th district.

Sat, 23 Jun 2012 02:13:43 UTC

Android keyboard access

Posted By Greg Lehey

I've pretty much given up on this Android tablet. A couple of days ago I downloaded an eBook to it, only to discover that the PDF browser can't display images. In general, it doesn't do very much that I find useful, and the inability to load software on it makes it pretty much useless. But today, while looking for a lost microSD card, I found some accessories for it, in particular a USB adapter suitable for connecting a USB keyboard to the device. Tried it out, and surprise! it worked. And the browser even understands things like the Home and End keys.

Sat, 23 Jun 2012 02:06:56 UTC

OED access made easy

Posted By Greg Lehey

Years ago I bought a copy of the Oxford English Dictionary, which I still use frequently. As I observed at the time of purchase, It is very expensive. Even at the discounted price I found, it cost me over US $200. That makes it one of the most expensive CD-ROMs around. It is supplied with a browser for Microsoft only. It seems to be impossible to access it except via the browser. I never regretted the purchase. The once-off price is no longer a concern, but using Microsoft and a particularly emetic interface is.

Fri, 22 Jun 2012 21:03:07 UTC

Friday Squid Blogging: Giant Mutant Squid at the Queen's Jubilee

Posted By Bruce Schneier

I think this is a parody, but you can never be sure. Millions of Britons turned out for the Queens four-day celebrations, undaunted by the 500-foot mutant squid that was destroying London. Huge crowds of well-wishers lined the banks of the Thames on Sunday to watch a spectacular flotilla, continuing to cheer and wave even as tentacles thicker than tree...

Fri, 22 Jun 2012 19:01:47 UTC

Colbert Report on the Orangutan Cyberthreat

Posted By Bruce Schneier

Very funny video exposé of the cyberthreat posed by giving iPads to orangutans. Best part is near the end, when Richard Clarke suddenly realizes that he's being interviewed about orangutans -- and not the Chinese....

Fri, 22 Jun 2012 12:20:20 UTC

Economic Analysis of Bank Robberies

Posted By Bruce Schneier

Yes, it's clever: The basic problem is the average haul from a bank job: for the three-year period, it was only £20,330.50 (~$31,613). And it gets worse, as the average robbery involved 1.6 thieves. So the authors conclude, "The return on an average bank robbery is, frankly, rubbish. It is not unimaginable wealth. It is a very modest £12,706.60 per...

Fri, 22 Jun 2012 05:19:02 UTC

Printcrime in German

Posted By Cory Doctorow

Nemo Folkitz has graciously undertaken a German fan-translation of my short-short story Printcrime. The PDF is here, and the text is below. Printcrime Kopiere diese Geschichte. (ursprünglich veröffentlicht im 'Nature Magazine', Januar 2006) Englische Originalversion: Lizensiert unter Creative Commons (CC BY-NC-SA) Die Polizisten zerschlugen den Drucker meines Vaters, als ich acht war. Ich kann … [Read more]

Fri, 22 Jun 2012 01:17:07 UTC

Excel spreadsheets: enough!

Posted By Greg Lehey

So downloading the Friends' membership database as an Excel spreadsheet works, but the column widths are wrong. How do I fix that? Spent some time investigating Microsoft's web site and discovered enormous amounts of documentation, something I hadn't expected. Downloaded the Excel Binary File Format (.xls) Structure Specification and only then discovered that it was 40 MB in size and 1183 pages in length, probably the longest technical document I have ever seen. Is that complexity necessary? To play around a bit, downloaded the spreadsheet to dereel, where it didn't try to view it with Excel, and discovered that it was a tab-delimited document.

Thu, 21 Jun 2012 20:58:35 UTC

Reader Q&A: Why dont modern smart pointers implicitly convert to *?

Posted By Herb Sutter

Today a reader asked a common question: Why doesn’t unique_ptr (and the ilk) appear to have an operator overload somewhat as follows: operator T*() { return get(); }; The reason I ask is because we have reams of old code wanting raw pointers (as function parms), and I would like to replace the outer layers [...]

Thu, 21 Jun 2012 20:40:10 UTC

Talk Video: Welcome to the Jungle (60 min version + Q&A)

Posted By Herb Sutter

While visiting Facebook earlier this month, I gave a shorter version of my Welcome to the Jungle talk, based on the eponymous WttJ article. They made a nice recording and its now available online here: Facebook Engineering Title: Herb Sutter: Welcome to the Jungle In the twilight of Moore’s Law, the transitions to multicore processors, [...]

Thu, 21 Jun 2012 18:03:03 UTC

Far-Fetched Scams Separate the Gullible from Everyone Else

Posted By Bruce Schneier

Interesting conclusion by Cormac Herley, in this paper: "Why Do Nigerian Scammers Say They are From Nigeria?" Abstract: False positives cause many promising detection technologies to be unworkable in practice. Attackers, we show, face this problem too. In deciding who to attack true positives are targets successfully attacked, while false positives are those that are attacked but yield nothing. This...

Thu, 21 Jun 2012 16:00:00 UTC

Amazon DynamoDB - From the Super Bowl to WeatherBug

Posted By Werner Vogels

Amazon DynamoDB is the fastest growing new service in the history of AWS. In the five months since it launched in January, DynamoDB, our fast and scalable NoSQL database service, has been setting AWS growth records. Customers have used DynamoDB to support Super Bowl advertising campaigns, drive Facebook applications, collect and analyze data from sensor networks, track gaming information, and more. Customers such as Electronic Arts, News International, SmugMug, Shazam, IMDb, Amazon Cloud Drive, and many others are using DynamoDB to power their applications. The number of items that customers are storing in DynamoDB is more than doubling every couple of months (an item is the basic unit of data stored in DynamoDB and is between 0-64KB).

Thu, 21 Jun 2012 11:13:06 UTC

Disorganised but effective: how technology lowers transaction costs

Posted By Cory Doctorow

The Guardian

Thu, 21 Jun 2012 11:12:43 UTC

Effective and disorganized: a new thing upon this earth

Posted By Cory Doctorow

My latest Guardian column is "Disorganised but effective: how technology lowers transaction costs," a piece about a new kind of group that has been enabled by the Internet -- a group with no formal structure that can still get stuff done, like Occupy and Anonymous. The things that one person can do define what is … [Read more]

Thu, 21 Jun 2012 10:51:50 UTC

Apple Patents Data-Poisoning

Posted By Bruce Schneier

It's not a new idea, but Apple Computer has received a patent on "Techniques to pollute electronic profiling": Abstract: Techniques to pollute electronic profiling are provided. A cloned identity is created for a principal. Areas of interest are assigned to the cloned identity, where a number of the areas of interest are divergent from true interests of the principal. One...

Thu, 21 Jun 2012 01:13:16 UTC

More friends computer stuff

Posted By Greg Lehey

Mail from Raoul Dixon today with some surprising information. Over the past couple of weeks I have done a significant amount of work to put the Friends of the Ballarat Botanical Gardens membership database online (and password protected, of course) and create mailing lists for various categories of members. And now I discover that he had given Genevieve a memory stick with an Excel spreadsheet of the membership list on it so that she could extract the email addresses. Somehow old habits die hard. He enclosed a copy of the spreadsheet in his message, which showed what could be expected: he had been maintaining his spreadsheet, but not the canonical database, and they were significantly out of sync.

Wed, 20 Jun 2012 19:00:00 UTC

Need a Latin Legal Scholar

Posted By Tim Bray

As some of you may have noticed, last week I proposed a new HTTP status code to signal the situation where a request cant be serviced for legal reasons. Herewith the back story, and an appeal for legal help. Back Story What happened was, I saw a Slashdot thread about British ISPs returning 403 for Pirate Bay requests because of a court order, and how that was broken. I didnt follow the links or read the comments, but it turns out that the root was a blog post by Terence Eden. So I posted to the IETF HTTP mailing list: The thinking about returning 403 when youre forbidden to follow a link seems sound to me.

Wed, 20 Jun 2012 18:19:50 UTC

Rand Paul Takes on the TSA

Posted By Bruce Schneier

Paul Rand has introduced legislation to rein in the TSA. There are two bills: One bill would require that the mostly federalized program be turned over to private screeners and allow airports ­ with Department of Homeland Security approval ­ to select companies to handle the work. This seems to be a result of a fundamental misunderstanding of the economic...

Wed, 20 Jun 2012 18:14:21 UTC

Cover for Homeland, the sequel to Little Brother

Posted By Cory Doctorow

Click for the huge, full version I recently turned in the manuscript for Homeland, the sequel to my 2008 YA novel Little Brother. Tor's going to be bringing it out next February, 2013. I've got two more books coming in the meantime: Rapture of the Nerds (with Charlie Stross) and Pirate Cinema (a YA novel). … [Read more]

Wed, 20 Jun 2012 12:27:22 UTC

Switzerland National Defense

Posted By Bruce Schneier

Interesting blog post about this book about Switzerland's national defense. To make a long story short, McPhee describes two things: how Switzerland requires military service from every able-bodied male Swiss citizen -- a model later emulated and expanded by Israel -- and how the Swiss military has, in effect, wired the entire country to blow in the event of foreign...

Tue, 19 Jun 2012 23:51:43 UTC

Visiting the Hanjin Oslo Container Ship

Posted By James Hamilton

The NASCAR Sprint Cup Stock Car Series kicks its season off with a bang and, unlike other sports, starts the season off with the biggest event of the year rather than closing with it. Daytona Speed Weeks is a multi-week, many race event the finale of which is the Daytona 500. The 500 starts with a huge field of 43 cars and is perhaps famous for some of the massive multi-car wrecks. The 17 car pile-up of 2011, made a 43 card field look like the appropriate amount of redundancy just to get a car over the finish line at the end. <

Tue, 19 Jun 2012 18:02:20 UTC

Attack Against Point-of-Sale Terminal

Posted By Bruce Schneier

Clever attack: When you pay a restaurant bill at your table using a point-of-sale machine, are you sure it's legit? In the past three months, Toronto and Peel police have discovered many that aren't. In what is the latest financial fraud, crooks are using distraction techniques to replace merchants' machines with their own, police say. At the end of the...

Tue, 19 Jun 2012 15:00:00 UTC

MicroReview: Tarsnap

Posted By Tom Limoncelli

I started using Tarsnap to backup my personal server "to the cloud". I found it was quick to set up, easy to learn, and works pretty well. And, yes, I've already made a wiki page that documents how my monthly restore tests will be done. The data is encrypted, which means if you lose your crypto key you can't get your data back so my restore test is done from a different machine to force me to have a copy of the key stored safely off-line. If you are looking to do backups over the internet, check this out.

Tue, 19 Jun 2012 12:11:14 UTC

The Failure of Anti-Virus Companies to Catch Military Malware

Posted By Bruce Schneier

Mikko Hyponnen of F-Secure attempts to explain why anti-virus companies didn't catch Stuxnet, DuQu, and Flame: When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed. They had come through automated reporting mechanisms, but...

Mon, 18 Jun 2012 19:00:00 UTC

United, Still Borked

Posted By Tim Bray

Earlier this year the United/Continental merger went through and pretty well everything customer-facing stopped working. Back in April, Duncan Davidson posted this horror story. Ive been off the road for a couple months, and now I discover that United still cant do advance checkin if youre on a code-share, nor can the airport machines recognize you. So you step up the counter and back into 1982. I pick that year because last time I checked into SFO I bitched and the poor haggard-looking staffer said We moved back in time 30 years. Anyhow, United must be spending a ton more on airport staff, to do the work that used to be automated.

Mon, 18 Jun 2012 17:38:17 UTC

England's Prince Phillip on Security

Posted By Bruce Schneier

On banning guns: "If a cricketer, for instance, suddenly decided to go into a school and batter a lot of people to death with a cricket bat,which he could do very easily, I mean, are you going to ban cricket bats?" In a Radio 4 interview shortly after the Dunblane shootings in 1996. He said to the interviewer off-air afterwards:...

Mon, 18 Jun 2012 15:00:00 UTC

When vendors don't follow through

Posted By Tom Limoncelli

Someone recently asked me how I should handle a vendor that wasn't being responsive: "Twice now I've sent the support team requests and received an automated response and little else. The first ticket took a month for them to answer. The second was closed with a note that they had tried to call me, but I didn't answer. Mind you, they never emailed me to say they had called." I've found that when opening a "case" or "ticket" with a vendor you have to "stay on them" or, more accurately, "manage it ruthlessly until the issue is resolved". Very few vendors are good at follow-through on tickets.

Mon, 18 Jun 2012 11:40:18 UTC

Honor System Farm Stands

Posted By Bruce Schneier

Many roadside farm stands in the U.S. are unmanned. They work on the honor system: take what you want, and pay what you owe. And today at his farm stand, Cochran says, just as at the donut shop years ago, most customers leave more money than they owe. That doesn't surprise social psychologist Michael Cunningham of the University of Louisville...

Mon, 18 Jun 2012 00:36:11 UTC

Lost photo scare

Posted By Greg Lehey

Watching TV in the evening, I wanted to check on a photo I took of the mosque in Herat 45 years ago. And there were no photos! Further checks showed that they were there, but the list of directories had become corrupted. I keep the list with RCS, and a quick comparison showed me that the entries had got lost somewhere between revision 1.2800 and the current revision 1.2878. A binary search with diff finally found: === [email protected] (/dev/pts/8) ~/public_html/photos 107 -> rcsdiff -wur1.2824 -r1.2825 dirlist | grep ^- > foo === [email protected] (/dev/pts/8) ~/public_html/photos 108 -> wc -l foo      334 foo That tallied with the log, of course: === [email protected] (/dev/pts/8) ~/public_html/photos 108 -> rlog dirlist | less ...

Sat, 16 Jun 2012 19:00:00 UTC

On Efficiency

Posted By Tim Bray

Everyone knows its a good thing. Economists talk about productivity and, more seriously, total factor productivity. When theres more, wealth generally increases, which is good. Except when its bad. Its good when I can pick up my rental car without shuffling paper, waiting in line, or standing in front of a counter. It sucks that the only efficient way to get anywhere and do business, in most of North America, requires the unshared use of a ton or so of fossil-fuel-driven steel. < !--Its good when I can walk a couple blocks from my house and hop on a bus that drops me, a few emails and tweets later, where Im going downtown.

Fri, 15 Jun 2012 21:02:33 UTC

Friday Squid Blogging: Woman's Mouth Inseminated by Cooked Squid

Posted By Bruce Schneier

This story is so freaky I'm not even sure I want to post it. But if I don't, you'll all send me the links. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 15 Jun 2012 19:55:06 UTC

FireDogLake Book Salon for Liars and Outliers

Posted By Bruce Schneier

On Sunday, I will be participating in a public discussion about my new book on the FireDogLake website. James Fallows will be the moderator, and I will be answering questions from all comers -- you do have to register an ID, though -- from 5:00 - 7:00 EDT. Stop by and join the discussion....

Fri, 15 Jun 2012 11:51:32 UTC

Rare Rational Comment on al Qaeda's Capabilities

Posted By Bruce Schneier

From "CNN national security analyst" Peter Bergen: Few Americans harbor irrational fears about being killed by a lightning bolt. Abu Yahya al-Libi's death on Monday should remind them that fear of al Qaeda in its present state is even more irrational. Will anyone listen?...

Fri, 15 Jun 2012 00:13:34 UTC

FreeBSD web browser pain

Posted By Greg Lehey

FreeBSD doesn't have it easy with web browsers. Yes, there are versions of all major free browsers for FreeBSD, but plugins are a completely different matter. Things tend to go something like this: To display the content, a plugin is needed. Shall I download it for you?. Yes. (Time passes) Sorry, I could not find a plugin for you. Most plugins can be installed with some effort: they're all individual ports, usually of the Linux plugins, in the Ports Collection, but the annoying thing is that this kind of interaction frequently doesn't tell you which plugin you need. In this case, though, it did: I didn't have Adobe flash support on teevee, my TV computer.

Thu, 14 Jun 2012 17:27:14 UTC

Cheating in Online Classes

Posted By Bruce Schneier

Interesting article: In the case of that student, the professor in the course had tried to prevent cheating by using a testing system that pulled questions at random from a bank of possibilities. The online tests could be taken anywhere and were open-book, but students had only a short window each week in which to take them, which was not...

Thu, 14 Jun 2012 11:40:29 UTC

Cyberwar Treaties

Posted By Bruce Schneier

We're in the early years of a cyberwar arms race. It's expensive, it's destabilizing, and it threatens the very fabric of the Internet we use every day. Cyberwar treaties, as imperfect as they might be, are the only way to contain the threat. If you read the press and listen to government leaders, we're already in the middle of a...

Thu, 14 Jun 2012 06:42:52 UTC

Excerpt from Rapture of the Nerds, Charlie Strosss and my comic novel of the Singularity

Posted By Cory Doctorow

Suicide Girls has published an excerpt from Rapture of the Nerds, the novel Charlie Stross and I wrote, which will come out in September. Charlie and I will be touring the book together briefly after Labor Day. The details are still being settled, but there's going to be some very exciting stops! Rapture is the … [Read more]

Thu, 14 Jun 2012 00:35:57 UTC

Google Maps: the pain

Posted By Greg Lehey

Yesterday's diary included a number of Google Maps to illustrate my point. Getting them in there wasn't easy. Yes, you can click on the and get HTML to embed, but it doesn't work. There are instructions online that tell you exactly the same thing. But what you get isn't quite what you expect. Here the screenshot that, in desperation, I finally used, and then the generated HTML: View Larger Map Following the View Larger Map link gives a map that does include the entire route.

Thu, 14 Jun 2012 00:15:19 UTC

SD card problems

Posted By Greg Lehey

While in Melbourne yesterday I took a photo of the new façade of Fleischer's with my old Nikon “Coolpix” L1. Reading it in today with my Apple, I got a message I hadn't expected: === [email protected] (/dev/ttyp9) ~ 3 -> mkdir Photos/20120612 === [email protected] (/dev/ttyp9) ~ 4 -> cp -p NIKON/DSCN0427.JPG Photos/20120612 cp: NIKON/DSCN0427.JPG: Argument list too long NIKON is a symlink to /Volumes/128MB/DCIM/100NIKON, the directory on the SD card where the images are stored. Further investigation showed that I could copy all the other images in the directory, just not that one.

Wed, 13 Jun 2012 17:08:44 UTC

Teaching the Security Mindset

Posted By Bruce Schneier

In 2008 I wrote about the security mindset and how difficult it is to teach. Two professors teaching a cyberwarfare class gave an exam where they expected their students to cheat: Our variation of the Kobayashi Maru utilized a deliberately unfair exam -- write the first 100 digits of pi (3.14159...) from memory and took place in the pilot offering...

Wed, 13 Jun 2012 16:21:19 UTC

Peaches and Pecans: thoughts on outward growth

Posted By Theo Schlossnagle

Wed, 13 Jun 2012 16:21:19 UTC

Peaches and Pecans

Posted By Theo Schlossnagle

Wed, 13 Jun 2012 15:00:00 UTC

ProTip: make rsync fail more reliably

Posted By Tom Limoncelli

A co-worker of mine recently noticed that I tend to use rsync in a way he hadn't seen before: rsync -avP --inplace $FILE_LIST desthost:/path/to/dest/. Why the "slash dot" at the end of the destination? I do this because I want predictable behavior and the best way to achieve that is to make sure the destination is a directory that already exists. I can't be assured that /path/to/dest/ exists, but I know that if it exists then "." will exist. If the destination path doesn't exist, rsync makes a guess about what I intended, and I don't write code that relies on "guesses".

Wed, 13 Jun 2012 11:45:30 UTC

High-Quality Fake IDs from China

Posted By Bruce Schneier

USA Today article: Most troubling to authorities is the sophistication of the forgeries: Digital holograms are replicated, PVC plastic identical to that found in credit cards is used, and ink appearing only under ultraviolet light is stamped onto the cards. Each of those manufacturing methods helps the IDs defeat security measures aimed at identifying forged documents. The overseas forgers are...

Wed, 13 Jun 2012 01:23:04 UTC

Trust your GPS navigator!

Posted By Greg Lehey

We had a number of other destinations in Melbourne, so I let the navigator work out the best route. It chose Carba-Tec in Springvale, and suggested a route. 28 km, 38 minutes, closely resembling this Google Map: But David had been there before, and he had a different route: Google calculates that one as 40 km and 50 minutes.

Wed, 13 Jun 2012 00:57:26 UTC

Android tablet: some insights

Posted By Greg Lehey

I've more or less given up on this Android tablet, but I did some final checking and found this thread about it on Whirlpool. It's surprising how many people really dislike it for reasons that didn't worry me, but they did confirm that these Error -101 messages were due to Google Play and not to the tablet in itself. Maybe they'll fix it, but it seems that a large number of purchasers will have given the tablets back by then. I'm in no hurry, so I'll contact ALDI when I have time.

Tue, 12 Jun 2012 16:00:00 UTC

Researching looking for Sysadmins to take survey

Posted By Tom Limoncelli

Short version: Take this survey, you might win a $100 Amazon gift card but more importantly you'll be helping great research. Long version: Hello All, Some of you may recognize my name - and some of you may recognize my research. :) I study sysadmins and help organizations find ways to understand the work of system administration better, in part, so they can build better software. I conducted a study a few years ago that I presented at LISA, and I'm working on extending it to a journal paper. This extended publication would dramatically increase readership of the results to include top researchers and executives, so I think it's a worthy endeavor.

Tue, 12 Jun 2012 13:32:03 UTC

Google admits that Platos cave doesnt exist

Posted By Cory Doctorow

The Guardian

Tue, 12 Jun 2012 13:31:42 UTC

Google search results are editorial, not (merely) mathematical

Posted By Cory Doctorow

My latest Guardian column is "Google admits that Plato's cave doesn't exist," a discussion of how Google has changed the way it talks about its search-results, shifting from the stance that rankings are a form of pure math to the stance that rankings are a form of editorial judgment. Google has, to date, always refused … [Read more]

Tue, 12 Jun 2012 10:09:50 UTC

Israel Demanding Passwords at the Border

Posted By Bruce Schneier

There have been a bunch of stories about employers demanding passwords to social networking sites, like Facebook, from prospective employees, and several states have passed laws prohibiting this practice. This is the first story I've seen of a country doing this at its borders. The country is Israel, and they're asking for passwords to e-mail accounts....

Mon, 11 Jun 2012 20:38:45 UTC

LOPSA Elections

Posted By Tom Limoncelli

The LOPSA board elections are happening. Turn-out so far is around 11%, which is pathetic. Folks, if you are a member, vote! This mailing list post has more details: Voting takes just a few minutes. (And if you aren't a member, join up and vote!)

Mon, 11 Jun 2012 15:17:03 UTC

The Curious Case of Internet Privacy

Posted By Cory Doctorow

Here's a podcast of my recent Tech Review feature, The Curious Case of Internet Privacy: Why do we seem to value privacy so little? In part, it's because we are told to. Facebook has more than once overridden its users' privacy preferences, replacing them with new default settings. Facebook then responds to the inevitable public … [Read more]

Mon, 11 Jun 2012 15:00:00 UTC

Reducing latency the Google Way

Posted By Tom Limoncelli

Website latency is a major issue. Jeff Dean from Google has given a presentation that, for the first time, reveals some of the techniques used at Google. Seeing the presentation reminded me of the "shock and amazement" I had when RAID was invented (yes, kids, RAID used to be a "new thing"). An abstract and slides are available here The slides are well worth a read.

Mon, 11 Jun 2012 14:13:04 UTC

Students assigned to cheat on exam use doctored Little Brother cover and many other methods

Posted By Cory Doctorow

The IEEE's Computer and Reliability Societies recently published "Embracing the Kobayashi Maru," by James Caroland (US Navy/US Cybercommand) and Greg Conti (West Point) describing an exercise in which they assigned students to cheat on an exam -- either jointly or individually. The goal was to get students thinking about how to secure systems from adversaries … [Read more]

Mon, 11 Jun 2012 11:36:49 UTC

Changing Surveillance Techniques for Changed Communications Technologies

Posted By Bruce Schneier

New paper by Peter P. Swire -- "From Real-Time Intercepts to Stored Records: Why Encryption Drives the Government to Seek Access to the Cloud": Abstract: This paper explains how changing technology, especially the rising adoption of encryption, is shifting law enforcement and national security lawful access to far greater emphasis on stored records, notably records stored in the cloud. The...

Mon, 11 Jun 2012 10:40:47 UTC

On receiving an honourary doctorate in computer science from the Open University

Posted By Cory Doctorow

Last Friday, June 8, I was immensely, fantastically thrilled to receive an honourary doctorate in computer science from the Open University, an institution I have long held in high esteem and where it has been my privilege to serve as a visiting senior lecturer. The degree was conferred in a fabulous ceremony at the Milton … [Read more]

Mon, 11 Jun 2012 01:15:34 UTC

Checking facts

Posted By Greg Lehey

Talking to Yvonne about the orphaned Home and End keys this afternoon, and demonstrated my claim that firefox doesn't Do The Right Thing with those keys. I failed: it now does! Home takes you to the top of the page, and End to the bottom, just as I would expect. Further experimentation showed that it works on all browsers that I tried, with the exception of course of the Android. I wonder how long that has been going on, or whether it had something to do with the Northgate keyboards I used to use.

Mon, 11 Jun 2012 00:20:49 UTC

More Android fun

Posted By Greg Lehey

Tried a little bit more with the Android tablet. When I came into the office, I had a tcpdump running which showed me continual: 08:49:58.560381 ARP, Request who-has tell, length 46 08:50:07.211430 ARP, Request who-has tell, length 46 08:50:07.211457 ARP, Reply is-at 00:10:dc:59:7f:6a (oui Unknown), length 28 08:50:07.211688 IP > UDP, length 7 08:50:07.280238 IP > ICMP host unreachable - admin prohibited filter, length 36 flachmann is the tablet, and cojones the Internet gateway. This was while it was suspended.

Sun, 10 Jun 2012 19:00:00 UTC

Port Mann

Posted By Tim Bray

Greater Vancouvers geography includes inlets of the vast Pacific and the delta of the mighty Fraser; thus a lot of bridges. The Port Mann is one of the biggest and its getting a bigger replacement; I have pictures. Not only does it connect Vancouver to our biggest burb Surrey, it carries the Trans-Canada Highway. So it really is a big deal. These are snapped leaning out of and through the van windows as Lauren drove us across the bridge, from south to north. Here, as we head onto the bridge, a sunset with infrastructure. The old bridge is pretty big but the fast-growing replacement makes it feel small and old.

Sun, 10 Jun 2012 12:05:34 UTC

Call for papers: Workshop on Adaptive Host and Network Security

Posted By Robert N. M. Watson

Stu Wagner, Bob Laddaga, and I are pleased to announce the call for papers for a new Workshop on Adaptive Host and Network Security, to take place at the Sixth IEEE Conference on Self-Adaptive and Self-Organizing Systems in September 2012 in Lyon, France. Over the past decade the threat of cyber attacks on critical commercial and [...]

Sun, 10 Jun 2012 00:03:16 UTC

Getting apps for Android

Posted By Greg Lehey

After establishing that the built-in PDF reader on the Android tablet was sub-optimal, went looking for something else on the web. The first attempt brought me to this viewer, which, as they say, is in beta status and very slow. I can confirm that. Not what I'm looking for. Where's the Adobe offering? Another search then pointed me at Google Play. If I needed any confirmation that this tablet is a toy, this seems to supply some of it. So I tried that. First, I had to log in with my Google account. Since this tablet is going to be returned, I chose to add a new account.

Sat, 09 Jun 2012 23:46:26 UTC

Keyboard navigation through the years

Posted By Greg Lehey

My experiments with the Android tablet got me thinking. When I first came into contact with computers, a keyboard was effectively a (tele)typewriter keyboard. In the 1970s CRT monitors came into use, and keyboards gradually acquired keys to navigate the screen. In 1981, the IBM 5150 had the keys we still see on modern keyboards: 4 arrow keys, PageUp, PageDown, Home and End. The cursor keys still work. PageUp and PageDown do sometimes too, though programs like firefox don't always do what I would expect. And it seems that people have forgotten about Home and End altogether. Look at all those web pages with a link top of page.

Sat, 09 Jun 2012 00:23:18 UTC

More Android experience

Posted By Greg Lehey

The more I look at this Android tablet, the more I realize it's not for me. There are two separate aspects: most importantly, the whole idea of interacting with a device by rubbing my fingers over its surface disagrees with me for a number of reasons. In addition, this particular tablet seems to be a poor representative of its kind. The real issue remains the manner of interfacing with it. The most obvious problem is the lack of keyboard, though it goes beyond that. A couple of days ago I wrote that using a touch screen keyboard is 10 times slower than a real keyboard.

Fri, 08 Jun 2012 21:28:48 UTC

Friday Squid Blogging: Baby Opalescent Squid

Posted By Bruce Schneier

Baby squid larvae are transparent after they hatch, so you can see the chromataphores (color control mechanisms) developing after a few days. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 08 Jun 2012 11:43:22 UTC

The Catastrophic Consequences of 9/11

Posted By Bruce Schneier

This is an interesting essay -- it claims to be the first in a series -- that looks at the rise of "homeland security" as a catastrophic consequence of the 9/11 terrorist attacks: In this usage catastrophic is not a pejorative, it is a description of an atypically radical shift in perception and behavior from one condition to another very...

Fri, 08 Jun 2012 00:37:48 UTC

Android tablet: more experience

Posted By Greg Lehey

Spent a fair amount of time playing with the Android tablet today. I'm no closer to making friends with it. The small size is about the only good thing about it, and without a keyboard I find it extremely frustrating to use. It's certainly not helped by the fact that I can only get the touch screen to respond when I touch it with my finger. A stylus has no effect. It seems that the screen is capacitative and requires a larger object. I had thought that I was selecting by touching (only) with my fingernail, but it seems it was sensing my finger and giving unexpected results.

Thu, 07 Jun 2012 23:37:00 UTC

Weird Latency in Request Handling and Session State

Posted By Terry Coatta

I just spent a couple of hours working with another developer on a weird request latency problem in certain ASP.NET requests. We've got an aspx page with a number of images that are themselves fetched via an aspx page (because they are being pulled out of the DB). When looking at the timeline for these requests in Chrome, most of them would complete quite quickly (less than 200 ms) but typically there were 2 that took much longer; one usually around 1 sec, and then other usually around 500 ms. We already had logging in place that was measuring the time from BeginRequest() to EndRequest(), and the logs showed a consistent processing time for all of the image requests, even the two that were taking much longer to get back the browser.

Thu, 07 Jun 2012 23:37:00 UTC

Weird Latency in Request Handling and Session State

Posted By Terry Coatta

I just spent a couple of hours working with another developer on a weird request latency problem in certain ASP.NET requests. We've got an aspx page with a number of images that are themselves fetched via an aspx page (because they are being pulled out of the DB). When looking at the timeline for these requests in Chrome, most of them would complete quite quickly (less than 200 ms) but typically there were 2 that took much longer; one usually around 1 sec, and then other usually around 500 ms. We already had logging in place that was measuring the time from BeginRequest() to EndRequest(), and the logs showed a consistent processing time for all of the image requests, even the two that were taking much longer to get back the browser.

Thu, 07 Jun 2012 23:37:00 UTC

Weird Latency in Request Handling and Session State

Posted By Terry Coatta

I just spent a couple of hours working with another developer on a weird request latency problem in certain ASP.NET requests. We've got an aspx page with a number of images that are themselves fetched via an aspx page (because they are being pulled out of the DB). When looking at the timeline for these requests in Chrome, most of them would complete quite quickly (less than 200 ms) but typically there were 2 that took much longer; one usually around 1 sec, and then other usually around 500 ms. We already had logging in place that was measuring the time from BeginRequest() to EndRequest(), and the logs showed a consistent processing time for all of the image requests, even the two that were taking much longer to get back the browser.

Thu, 07 Jun 2012 19:00:00 UTC

Public-Speaking Antipatterns

Posted By Tim Bray

I am working on the Google IO sessions; this includes a large number of rehearsals. One premise of IO is that we put actual engineers, the people who build the good stuff, on stage; they deserve, and receive, support in polishing their material. Ive observed that every good early-stage presentation is good in its own way, but that many of those that need work need the same work. All this has been said before, but it cant hurt to say it again. Adapted from an internal email. Death to Bullet Lists Few things are more boring than an engineer reading words out of lists to a room full of people, all of whom can read.

Thu, 07 Jun 2012 11:15:06 UTC

Homeland Security as Security Theater Metaphor

Posted By Bruce Schneier

Look at the last sentence in this article on hotel cleanliness: "I relate this to homeland security. We are not any safer, but many people believe that we are," he said. It's interesting to see the waste-of-money meme used so cavalierly....

Thu, 07 Jun 2012 01:08:17 UTC

Android tablet: first impressions

Posted By Greg Lehey

Yvonne went shopping today and brought back an Android tablet which was on special at ALDI this week. It had only been on sale for a couple of hours, but she had to try all 3 shops to find the very last one available. Why do I want an Android tablet? Why, do I want an Android tablet? I don't know, but ALDI will give me two months to find out. The price is less than that of any laptop, and it might be just what we need in the kitchen to look up the contents of the deep freeze or display a recipe, and it has a 1024×768 display that would potentially be more suited to reading e-books than the dedicated E-book readers.

Wed, 06 Jun 2012 14:36:46 UTC


Posted By Bruce Schneier

Ghostery is a Firefox plug-in that tracks who is tracking your browsing habits in cyberspace. Here's a TED talk by Gary Kovacs, the CEO of Mozilla Corp., on it. I use AdBlock Plus, and dump my cookies whenever I close Firefox. Should I switch to Ghostery? What do other people do for web privacy?...

Wed, 06 Jun 2012 06:22:59 UTC

The Curious Case of Internet Privacy

Posted By Cory Doctorow

Technology Review

Wed, 06 Jun 2012 06:22:35 UTC

Internet privacy: a hard bargain

Posted By Cory Doctorow

I wrote a piece for MIT's Technology Review on the way that Internet privacy works, and the deficiency of our tools -- browsers, phones -- in protecting it: Even if you read the fine print, human beings are awful at pricing out the net present value of a decision whose consequences are far in the … [Read more]

Wed, 06 Jun 2012 02:54:38 UTC

Viewing large images: an alternative

Posted By Greg Lehey

Callum Gibson was interested by the problems viewing my 440 MP JPEG images. They crashed web browsers, and even the old xv program had memory pressure with them. Callum discovered nip2, part of VIPS, which does much better. The interface appears strange, but I haven't explored it much yet. It certainly handles the big images well. Here's a comparison of memory usage for the three programs I've tried on the 56 MB image: Program       Memory ...

Wed, 06 Jun 2012 01:36:58 UTC

More Friends computer stuff

Posted By Greg Lehey

Into town today to visit the Friends of the Ballarat Botanical Gardens. Chris Yeardley has done a design experiment for a plant database, and we wanted to show it to Yvonne Curbach, the new leader of the Growing Friends. She was interested, but more so in our examples than in the layout of the pages: the Buddleja globosa photos, she said, weren't Buddleja globosa at all, but Buddleja × weyeriana, possibly Sungoldand she dragged out a book to prove it.

Tue, 05 Jun 2012 19:10:01 UTC

GotW #105: Smart Pointers, Part 3 (Difficulty: 7/10)

Posted By Herb Sutter

JG Question 1. What are the performance and correctness implications of the following function declaration? Explain.   Guru Question 2. A colleague is writing a function f that takes an existing object of type widget as a required input-only parameter, and trying to decide among the following basic ways to take the parameter (omitting const): [...]

Tue, 05 Jun 2012 19:03:20 UTC

GotW #104: Solution

Posted By Herb Sutter

The solution to GotW #104 is now live. Filed under: C++, GotW

Tue, 05 Jun 2012 18:16:59 UTC

Security and Human Behavior (SHB 2012)

Posted By Bruce Schneier

I'm at the Fifth Interdisciplinary Workshop on Security and Human Behavior, SHB 2012. Google is hosting this year, at its offices in lower Manhattan. SHB is an invitational gathering of psychologists, computer security researchers, behavioral economists, sociologists, law professors, business school professors, political scientists, anthropologists, philosophers, and others -- all of whom are studying the human side of security --...

Tue, 05 Jun 2012 15:00:00 UTC

The road to intentional, formal, system administration education

Posted By Tom Limoncelli

System Administration is maturing and, yet, there is no accepted standard curriculum. It is ironic, and somewhat scary, that a field that society is more and more dependent on has no formal, accepted, educational path. I propose a framework that is similar to that of the electrical/electronics industry. To become a doctor there is a generally accepted educational path. Undergraduate "pre med" or biology program, medical school, internship, and so on. It gives me great comfort that the doctors that I see follow a formal path. Sysadmins, however, often "fall into" the career. I know many sysadmins whose formal education is in physics, for example, because it teaches them the rigors of mathematics, measurement, and thinking in terms of systems.

Tue, 05 Jun 2012 11:07:26 UTC

Interesting Article on Libyan Internet Intelligence Gathering

Posted By Bruce Schneier

This is worth reading, for the insights it provides on how a country goes about monitoring its citizens in the information age: a combination of targeted attacks and wholesale surveillance. I'll just quote one bit, this list of Western companies that helped: Amesys, with its Eagle system, was just one of Libya's partners in repression. A South African firm called...

Mon, 04 Jun 2012 23:00:00 UTC

What language should a sysadmin learn?

Posted By Tom Limoncelli

Someone recently asked me what language a sysadmin should learn. If you are a sysadmin for Windows the answer is pretty easy: PowerShell. The answer is more complicated for Unix/Linux sysadmins because there are more choices. Rather than start a "language war", let me say this: I think every Unix/Linux sysadmin should know shell (sh or bash) plus one of Perl, Ruby, Python. It doesn't matter which. The above statement is more important to me than whether I think Perl, Python or Ruby is better, or has more job openings, or whatever criteria you use. Let me explain: It is really important to learn bash because it is so fundamental to so many parts of your job.

Mon, 04 Jun 2012 22:59:33 UTC

Panoramas: done!

Posted By Greg Lehey

I had more or less tidied up my panorama stuff yesterday, so there wasn't really much left to do today, and I finally got it completed. It only took most of the day. The real issue is the sheer time it takes to process images of this size. My verandah centre panorama is normally about 9000×6000 pixels (54 MP), and this seems to be about the largest that current web-based tools can easily handle. The full-sized images were 26046×16811, or 438 MP, and I wasn't able to display even one of them on a web browser. firefox blew up to 1.8 GB of memory, with X increasing by another 2 GB of virtual memory, and the system ground to a halt until firefox finally crashed.

Mon, 04 Jun 2012 11:36:33 UTC

The Unreliability of Eyewitness Testimony

Posted By Bruce Schneier

Interesting article: The reliability of witness testimony is a vastly complex subject, but legal scholars and forensic psychologists say it's possible to extract the truth from contradictory accounts and evolving memories. According to Barbara Tversky, professor emerita of psychology at Stanford University, the bottom line is this: "All other things equal, earlier recountings are more likely to be accurate than...

Mon, 04 Jun 2012 11:21:58 UTC


Posted By Bruce Schneier

Flame seems to be another military-grade cyber-weapon, this one optimized for espionage. The worm is at least two years old, and is mainly confined to computers in the Middle East. (It does not replicate and spread automatically, which is certainly so that its controllers can target it better and evade detection longer.) And its espionage capabilities are pretty impressive. We'll...

Mon, 04 Jun 2012 07:18:08 UTC

Remixable Grade 10 course materials for Little Brother

Posted By Cory Doctorow

Tracey Hughes assigned Little Brother to her grade 10 students in Peterborough, Ontario (Canada), and developed some course materials that she's generously agreed to share with other teachers to remix, adapt, and reuse. She writes: The intent of sharing my teacher resources for Little Brother stems from my pleasure and success teaching the text with … [Read more]

Mon, 04 Jun 2012 01:44:00 UTC

Why Facebook's Network Effects are Overrated

Posted By Benjamin Mako Hill

A lot of people interested in free software, and user autonomy and network services are very worried about Facebook. Folks are worried for the same reason that so many investors are interested: the networks effects brought by hundreds of millions of folks signed up to use the service. Network effects -- the concept that a good or service increases in value as more people use it -- are not a new problem for free software. Software developers target Microsoft Windows because that is where the large majority of users are. Users with no love for Microsoft and who are otherwise sympathetic to free software use Windows because programs they need will only run there.

Sun, 03 Jun 2012 23:43:52 UTC

Still more panorama processing

Posted By Greg Lehey

Into the office this morning, and my big panorama had been stitched, all 1 GB of it: -rw-r--r--  1 grog  lemis  1078003761 Jun  3 00:56 X00-82.tif Only later did I discover the errors: Where did those stripes come from? They roughly coincide with the layers I took, but I haven't had problems like that before.

Sun, 03 Jun 2012 19:00:00 UTC

Handset Love

Posted By Tim Bray

The press loves tablets. New-media theorists love tablets. The hardware makers love tablets. Tablets might become the default Personal Computers. But in 2012, my heart is still with handsets. Pocketable The device is with me unless Im naked or in my swimming suit. The best Internet device, like the best camera, is the one you have with you. Speaking of Cameras Theyre really getting pretty good; the days of the point-&-shoot may be numbered. Online Lots of tablets are WiFi-only, and thats fine, I guess, as long as Im in my home or office. And yeah, if I have a handset I can make a hotspot for a tablet.

Sun, 03 Jun 2012 14:37:09 UTC


Posted By Theo Schlossnagle

Sun, 03 Jun 2012 07:15:49 UTC

Publishings Virtue

Posted By Cory Doctorow

Publishers Weekly

Sun, 03 Jun 2012 07:15:22 UTC

Publishings hidden virtues

Posted By Cory Doctorow

My latest Publishers Weekly column is "Publishing's Virtue," a look at the relative moral uprightness of trade publishing, especially when compared to the record labels and movie studios, with their just reputation as rapacious crooks who rip off artists at every turn. if you're trying to convince Internet users to buy instead of pirate because … [Read more]

Sun, 03 Jun 2012 04:57:24 UTC

Facebook Folly  OSS C++ Libraries

Posted By Herb Sutter

Ive been beating the drum this year that the biggest problem facing C++ today is the lack of a large set of de jure and de facto standard libraries. My team at Microsoft just recently announced Casablanca, a cloud-oriented C++ library and that we intend to open source, and were making other even bigger efforts [...]

Sun, 03 Jun 2012 00:11:02 UTC

A day wasted with panoramas

Posted By Greg Lehey

The sheer processing time for my high-res panoramas yesterday meant that I didn't get them finished. Started today with the verandah panorama, which despite my fears closed pretty well, and started to stitch it round 9:00. nona ran for about 20 minutes for the 56 images, so enblend started at 9:20. It used over an hour of CPU time and ran for 4 hours and 40 minutes! Sat Jun  2 13:58:06 EST 2012 USER   PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND grog 75510 61.4 33.0 1577968 1026852  ??  DN    9:20AM  61:45.92 [enblend] It produced a 1 GB TIFF output filewith the wrong dimensions!

Sat, 02 Jun 2012 19:00:00 UTC

Otaku with Vintage Marbles

Posted By Tim Bray

It was a Saturday afternoon with child-care duties and nothing planned; the Straights event listings turned up a Pop Culture Collectibles Fair and Computer Swap Meet said to include toys and comic books, so I grabbed a nearby kid and took off. At the Scottish Cultural Centre. You could get a decent-looking not-too-old MacBook for $300. I came home with two Sixties comic books for the kid: one Tweety Bird, one Roadrunner. Also a CD: The Best of John Lee Hooker, 1965 to 1974. Also, a bag of vintage marbles. The whole thing, including admission, came in under $20.

Fri, 01 Jun 2012 23:04:27 UTC

Were hiring (again & more)

Posted By Herb Sutter

The Visual C++ team is looking for a number of people to do work on C++11, parallelizing/vectorizing, cloud, libraries, and more. All I can say is that theres a lot of cool stuff in the pipeline that directly addresses real needs, including things people regularly comment on this blog about that I cant answer specifically [...]

Fri, 01 Jun 2012 22:24:10 UTC

Panoramas: can of worms

Posted By Greg Lehey

Today was the first day of winter, but the weather was very nice, sunny and windstill, ideal weather for panoramas. And tomorrow the monthly extra photos were due, so I decided to take them today instead. After getting SaladoPlayer working, it's clear that I need to refine my panorama schedule. I wanted a higher resolution version of the verandah panorama, and Callum Gibson wanted to see some other circular panoramas apart from that one. I chose the garden centre and dam panoramas. None of them were easy. I had multiple problems with the garden centre. Since I had enough space, I decided to locate the bottom row so low that parts of the tripod mount were visible.

Fri, 01 Jun 2012 21:40:38 UTC

Friday Squid Blogging: Mimicking Squid Camouflage

Posted By Bruce Schneier

Interesting: Cephalopods - squid, cuttlefish and octopuses - change colour by using tiny muscles in their skins to stretch out small sacs of black colouration. These sacs are located in the animal's skin cells, and when a cell is ready to change colour, the brain sends a signal to the muscles and they contract. This makes the sacs expand and...

Fri, 01 Jun 2012 21:14:05 UTC

Why are AWS Command-Line Tools so Slow?

Posted By Diomidis D. Spinellis

Amazon's Elastic Compute Cloud command-line tools are useful building blocks for creating more complex shell scripts. They allow you to start and stop instances, get their status, add tags, manage storage, IP addresses, and so on. They have one big disadvantage: they take a long time to run. For instance, running ec2-describe-instances for six instances takes 19 seconds on an m1.small AWS Linux instance. One answer given , is that this is caused by JVM startup overhead. I found that hard to believe, because on the same machine a Java "hello world" program executes in 120ms, and running ec2-describe-instances --help takes just 321ms.

Fri, 01 Jun 2012 18:08:17 UTC

Obama's Role in Stuxnet and Iranian Cyberattacks

Posted By Bruce Schneier

Really interesting article....

Fri, 01 Jun 2012 11:48:41 UTC

The Vulnerabilities Market and the Future of Security

Posted By Bruce Schneier

Recently, there have been several articles about the new market in zero-day exploits: new and unpatched computer vulnerabilities. It's not just software companies, who sometimes pay bounties to researchers who alert them of security vulnerabilities so they can fix them. And it's not only criminal organizations, who pay for vulnerabilities they can exploit. Now there are governments, and companies who...

Fri, 01 Jun 2012 01:49:56 UTC

Posted By Ulrich Drepper

The original plan was to have some program sI wrote to be added to the procps or util-linux package but the maintainers haven't been responsive. Therefore here they are in a package on their own. I call the package putils (available from my private server) and the following programs are available so far: plimitShow or set the limits of a process pfilesShow information about the files open inside a process These programs will be familiar to Solaris users. There are likely a few more programs to follow.