Blog Archive: November 2012

Fri, 30 Nov 2012 20:18:00 UTC

Friday Squid Blogging: Possible Squid Eyeball Found in Florida

Posted By Bruce Schneier

It's the size of a softball. No sign of the squid it came from. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 30 Nov 2012 19:00:00 UTC

Back-to-Basics Weekend Reading - Sparse Partitions

Posted By Werner Vogels

The amazing AWS re: Invent conference completed last night and I am on my way to Europe for a last visit to customers this year. I am carrying with me a more theoretical paper on the principles of distributed computing: Sparse Partitions by Awerbug and Peleg. It deals with the failure of control if networks grow larger and presents several solutions based on locality that have found practical applications. Sparse Partition, Baruch Awerbuch and David Peleg, Proceedings of the 31st Annual Symposium on Foundations of Computer Science (FOCS), 503-513, October 1990.

Fri, 30 Nov 2012 11:23:15 UTC

Hacking by the Syrian Government

Posted By Bruce Schneier

Good article on how the Syrian government hacked into the computers of dissidents: The cyberwar in Syria began with a feint. On Feb. 8, 2011, just as the Arab Spring was reaching a crescendo, the government in Damascus suddenly reversed a long-standing ban on websites such as Facebook, Twitter, YouTube, and the Arabic version of Wikipedia. It was an odd...

Fri, 30 Nov 2012 11:00:00 UTC

Back-to-Basics Weekend Reading - Sparse Partitions

Posted By Werner Vogels

The amazing AWS re: Invent conference completed last night and I am on my way to Europe for a last visit to customers this year. I am carrying with me a more theoretical paper on the principles of distributed computing: Sparse Partitions by Awerbug and Peleg. It deals with the failure of control if networks grow larger and presents several solutions based on locality that have found practical applications.

Thu, 29 Nov 2012 22:36:25 UTC

Advances in Attacking ATMs

Posted By Bruce Schneier

Cash traps and card traps are the new thing: [Card traps] involve devices that fit over the card acceptance slot and include a razor-edged spring trap that prevents the customers card from being ejected from the ATM when the transaction is completed. "Spring traps are still being widely used," EAST wrote in its most recently European Fraud Update. "Once the...

Wed, 28 Nov 2012 22:52:44 UTC

eBooks: The pain

Posted By Greg Lehey

I've had to deal with eBooks before, and I wasn't very impressed. At the time the issues were more with the device than the medium. But now that Apple has started bringing out high-resolution displays, I don't suppose it'll be long before eBook readers do the same, and that would fix one of my biggest gripes. Today, however, I got an eBook from the State Library of Victoria. How do I display it? The library gave me three possibilities: view online for 10 minutes, extend for one day (without saying whether this extension would cost anything), or download the eBook and view offline for a week.

Wed, 28 Nov 2012 20:00:00 UTC

AccountChooser

Posted By Tim Bray

This isnt exactly a Google thing, but weve been putting a lot of work into it, and now its about ready to use. I think lots of sites should. Because its easy, private, secure, and reduces login pain. AccountChooser is from the OpenID Foundation, with active input from lots of big tech companies. Its not often that Ive seen this sort of thing happen co-operatively; no discernable jostling or politics. What You See To demonstrate, I built this little app called FavColor that will save one fact about you: your favorite color. Its badge is this little rainbow thingie. FavColor has a conventional sign-in page for people it knows and a conventional sign-up for those it doesnt.

Wed, 28 Nov 2012 19:30:35 UTC

James Bond Movie-Plot Threats

Posted By Bruce Schneier

Amusing post on the plausibility of the evil plans from the various movies....

Wed, 28 Nov 2012 17:37:51 UTC

Redshift: Data Warehousing at Scale in the Cloud

Posted By James Hamilton

Ive worked in or near the database engine world for more than 25 years. And, ironically, every company Ive ever worked at has been working on a massive-scale, parallel, clustered RDBMS system. The earliest variant was IBM DB2 Parallel Edition released in the mid-90s. Its now called the Database Partitioning Feature.   Massive, multi-node parallelism is the only way to scale a relational database system so these systems can be incredibly important. Very high-scale MapReduce systems are an excellent alternative for  many workloads. But some customers and workloads want the flexibility and power of being able to run ad hoc SQL queries against petabyte sized databases.

Wed, 28 Nov 2012 17:00:00 UTC

Expanding the Cloud  Announcing Amazon Redshift, a Petabyte-scale Data Warehouse Service

Posted By Werner Vogels

Today, we are excited to announce the limited preview of Amazon Redshift, a fast and powerful, fully managed, petabyte-scale data warehouse service in the cloud. Amazon Redshift enables customers to obtain dramatically increased query performance when analyzing datasets ranging in size from hundreds of gigabytes to a petabyte or more, using the same SQL-based business intelligence tools they use today. Customers have been asking us for a data warehouse service for some time now and were excited to be able to deliver this to them. Amazon Redshift uses a variety of innovations to enable customers to rapidly analyze datasets ranging in size from several hundred gigabytes to a petabyte and more.

Wed, 28 Nov 2012 16:20:05 UTC

My Pre-LISA checklist

Posted By Tom Limoncelli

Get haircut Print out 2-factor "rescue codes" in case my 2-factor fob is lost of dies. De-junk my wallet. Practice slides for the Ganeti tutorial, Time Management tutorials. Reach out to co-workers about coverage while I'm away. Verify flights and hotel information. Pack What's on your pre-LISA checklist? Please post in the comments. I'd like to know! See you in San Diego!Tom

Wed, 28 Nov 2012 11:55:47 UTC

The Psychology of IT Security Trade-offs

Posted By Bruce Schneier

Good article. I agree with the conclusion that the solution isn't to convince people to make better choices, but to change the IT architecture so that it's easier to make better choices....

Wed, 28 Nov 2012 09:00:00 UTC

Expanding the Cloud ? Announcing Amazon Redshift, a Petabyte-scale Data Warehouse Service

Posted By Werner Vogels

Today, we are excited to announce the limited preview of Amazon Redshift, a fast and powerful, fully managed, petabyte-scale data warehouse service in the cloud. Amazon Redshift enables customers to obtain dramatically increased query performance when analyzing datasets ranging in size from hundreds of gigabytes to a petabyte or more, using the same SQL-based business intelligence tools they use today.

Tue, 27 Nov 2012 18:12:19 UTC

Classified Information Confetti

Posted By Bruce Schneier

Some of the confetti at the Macy's Thanksgiving Day Parade in New York consisted of confidential documents from the Nassau County Police Department, shredded sideways....

Tue, 27 Nov 2012 12:39:05 UTC

Hackback

Posted By Bruce Schneier

Stewart Baker, Orin Kerr, and Eugene Volokh on the legality of hackback....

Mon, 26 Nov 2012 15:53:02 UTC

Why all pharmaceutical research should be made open access

Posted By Cory Doctorow

Here's a podcast of my recent Guardian column, Why all pharmaceutical research should be made open access: One of the strongest arguments for public access in scholarly and scientific publication is the "public debt" argument: if the public pays you to do research, the research should belong to the public. That's a good argument, but … [Read more]

Mon, 26 Nov 2012 15:48:10 UTC

Liars and Outliers Ebook 50% Off and DRM-Free

Posted By Bruce Schneier

Today only, O'Reilly is offering 50% off all its ebooks, including Liars and Outliers. This is probably the cheapest you'll find a DRM-free copy of the book....

Mon, 26 Nov 2012 15:35:19 UTC

Homeland Security Essay Contest

Posted By Bruce Schneier

The Naval Postgraduate School's Center for Homeland Defense and Security is running its sixth annual essay competition. There are cash prizes. (Info on previous years here.)...

Mon, 26 Nov 2012 11:42:20 UTC

Internet of the Dead: the nets collision course with death

Posted By Cory Doctorow

My latest Locus magazine column is "The Internet of the Dead," which discusses the collision course the Internet is on with death. It was inspired by my work to preserve the personal data of my old friend Erik "Possum Man" Stewart, who died unexpectedly and tragically in June: It was while I sat in Possums … [Read more]

Mon, 26 Nov 2012 07:41:45 UTC

iCurrent Endnote

Posted By Ramana Rao

By now, it’s ancient history that iCurrent was acquired  in July of 2010 by the Washington Post.  However, I wanted to tidy up some items floating on this site and finish off the story. iCurrent ran from early 2007 to mid-2010. We raised $3M total  from Crosslink Capital starting with a $500k seed.  My sole board [...]

Mon, 26 Nov 2012 07:41:45 UTC

iCurrent Endnote

Posted By Ramana Rao

By now, it’s ancient history that iCurrent was acquired  in July of 2010 by the Washington Post.  However, I wanted to tidy up some items floating on this site and finish off the story. iCurrent ran from early 2007 to mid-2010. We raised $3M total  from Crosslink Capital starting with a $500k seed.  My sole board [...]

Mon, 26 Nov 2012 07:41:45 UTC

iCurrent Endnote

Posted By Ramana Rao

By now, it’s ancient history that iCurrent was acquired  in July of 2010 by the Washington Post.  However, I wanted to tidy up some items floating on this site and finish off the story. iCurrent ran from early 2007 to mid-2010. We raised $3M total  from Crosslink Capital starting with a $500k seed.  My sole board […]

Sun, 25 Nov 2012 00:20:02 UTC

Podcast: Interview on Hanselminutes

Posted By Herb Sutter

A few weeks ago at the Build conference, Scott Hanselman and I sat down to talk about C++ and modern UI/UX. The podcast is now live here: The Hanselminutes Podcast, Show #346 Why C++ with Herb Sutter Topics Scott raises include: 2:00 Scott mentions he has used C++ in the past. C++ has changed. We [...]

Sat, 24 Nov 2012 01:02:25 UTC

Computer education for the next generation

Posted By Greg Lehey

Next year Jashank Jeremy will finish school with the the Higher School Certificate or HSC. Today he complained about the quality of his textbooks, unfairly, I thought: Today most mobile phones include digital cameras, internet connectivity using both local 802.11 access points and 3G networks, Bluetooth and also GPS receivers. All these connectivity and other hardware features have resulted in an ever increasing number of innovative Apps coming onto the market. As he said, It's so badly structured, the grammar and spelling is typically terrible, all sorts of things are mentioned and never explained....

Fri, 23 Nov 2012 22:50:52 UTC

Friday Squid Blogging: Another Squid Comic

Posted By Bruce Schneier

Another squid comic. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 23 Nov 2012 20:00:00 UTC

CL XXIV: Autumn Drama

Posted By Tim Bray

Each years Cottage Life ends when you Shut Down For Winter; this sad task includes tidying, sealing, draining, and then going away. We left it later this year than any before, into the season of storms and rain and darkness. Of course, when the sun breaks through that darkness it makes the mountains and so on look awfully good. When the rain sets in its still very beautiful, but hard to photograph properly. Best to stay inside, light a fire in the stove, and get on with the Shutting Down; also reading, eating, and napping. All of which we did. But when darkness arrived the wind picked up and the rumble and crash of the waves grew louder and louder; my thoughts turned to the mighty ship Bodoni tethered to our little floating dock in among the big waves.

Fri, 23 Nov 2012 20:00:00 UTC

CL XXIV: Autumn Drama

Posted By Tim Bray

Each years Cottage Life ends when you Shut Down For Winter; this sad task includes tidying, sealing, draining, and then going away. We left it later this year than any before, into the season of storms and rain and darkness. Of course, when the sun breaks through that darkness it makes the mountains and so on look awfully good. When the rain sets in its still very beautiful, but hard to photograph properly. Best to stay inside, light a fire in the stove, and get on with the Shutting Down; also reading, eating, and napping. All of which we did. But when darkness arrived the wind picked up and the rumble and crash of the waves grew louder and louder; my thoughts turned to the mighty ship Bodoni tethered to our little floating dock in among the big waves.

Fri, 23 Nov 2012 17:51:00 UTC

Cultivated Disinterest in Professional Sports

Posted By Benjamin Mako Hill

Like many of my friends, I have treated professional sports with cultivated indifference. But a year and a half ago, I decided to become a football fan. Several years ago, I was at a talk by Michael Albert at MIT where he chastised American intellectuals for what he claimed was cultivated disdain of professional sports. Albert suggested that sports reflect the go-to topic for small talk and building rapport across class and context. But he suggested that almost everybody who used the term "working class struggle" was incapable of making small talk with members of the working class because  unlike most working class people (and most people in general)  educated people systematically cultivate ignorance in sports.

Fri, 23 Nov 2012 12:18:19 UTC

Preventing Catastrophic Threats

Posted By Bruce Schneier

"Recommendations to Prevent Catastrophic Threats." Federation of American Scientists, 9 November 2012. It's twelve specific sets of recommendations for twelve specific threats. See also this....

Thu, 22 Nov 2012 23:17:50 UTC

dirname: not found

Posted By Greg Lehey

Mail from David Noel today, referring to a problem I had 1½ years ago: creating osreldate.h from newvers.sh /src/FreeBSD/svn/head/include/../sys/conf/newvers.sh: dirname: not found He asked how I solved it. I have no idea. I suspected it might be something to do with environment variables, but despite the verbosity of this diary, I managed to leave out the important part. The best I can find is that newvers.sh shouldn't be run at this point, which suggests some discrepancy in timestamps.

Wed, 21 Nov 2012 23:12:05 UTC

Gizmodo spam?

Posted By Greg Lehey

Strange message in the mail this morning: Date: Tue, 20 Nov 2012 18:31:39 +0000 From:  "FDIC Alert" <[email protected]> To: [email protected] Subject: You  reqired to install a new security version Message-ID: <[email protected]>                  Your Corporated and Business Online Banking Federal                  DepositInsurance Corporation          Your ACH   operations have          been provisionally stopped in order to ensure your security, due to          the expiration of your security version.  We advice you to download ...

Wed, 21 Nov 2012 20:06:29 UTC

Cell Phone Surveillance

Posted By Bruce Schneier

Good article on the different ways the police can eavesdrop on cell phone calls....

Wed, 21 Nov 2012 12:34:40 UTC

Decrypting a Secret Society's Documents from the 1740s

Posted By Bruce Schneier

Great story, both the cryptanalysis process and the Oculists....

Tue, 20 Nov 2012 23:10:15 UTC

DxO: your fault after all!

Posted By Greg Lehey

Over a week ago I finally got DxO support to understand a problem report I had sent in, to stop claiming that it was all my fault, and admit that they had a bug that would be fixed sometime. It was the culmination of over two months of banging my head against a brick wall, including resubmitting the ticket twice, and it felt so good when it stopped. And then a couple of days ago I got a message asking if I was running DxO Optics Pro in a virtual machine. I was quite impressed that they had gone to the trouble to analyse the logs, which were months old.

Tue, 20 Nov 2012 18:53:47 UTC

Anonymous Claims it Sabotaged Rove Election Hacking

Posted By Bruce Schneier

Can anyone make heads or tails of this story? (More links.) For my part, I'd like a little -- you know -- evidence. Remember that Ohio was not the deciding state in the election. Neither was Florida or Virginia. It was Colorado. So even if there was this magic election-stealing software running in Ohio, it wouldn't have made any difference....

Tue, 20 Nov 2012 17:26:22 UTC

Reader Q&A: A good book to learn C++11?

Posted By Herb Sutter

Last night a reader asked one of the questions that helped motivate the creation of isocpp.org: I am trying to learn the new C++. I am wondering if you are aware of resources or courses that can help me learn a little. I was not able to find any books for C++11. Any help would [...]

Tue, 20 Nov 2012 10:51:45 UTC

Why all pharmaceutical research should be made open access

Posted By Cory Doctorow

The Guardian

Tue, 20 Nov 2012 10:51:33 UTC

Beyond the public debt: making a wider case for openness

Posted By Cory Doctorow

My latest Guardian column is "Why all pharmaceutical research should be made open access," and it makes the wider case for open access, beyond the obvious truth that publicly funded work should be available to the public: One of the strongest arguments for public access in scholarly and scientific publication is the "public debt" argument: … [Read more]

Mon, 19 Nov 2012 23:55:54 UTC

Network access for the Friends

Posted By Greg Lehey

Last week I discovered that the Friends of the Ballarat Botanical Gardens are paying an arm and a leg for telephone and Internet access. They've somehow become lumbered with a telephone service with a whopping $44 per month rentalfrom Telstra, of courseand surprisingly high call costs. The result for last month, for very few calls, was a bill for nearly $60. And the Internet connection is just as bad: $40 for a line that, if I recall correctly, has a 512/128 kB speed and 3 GB cap. Why am I so vague about speed and traffic? Looking at the ncable.net.au transact.com.au web site, I can no longer find it.

Mon, 19 Nov 2012 23:31:25 UTC

FreeBSD compromise fallout

Posted By Greg Lehey

A couple of months ago somebody gained access to a couple of machines in the FreeBSD cluster, apparently by stealing an ssh key. There's no evidence that he did any particular harm, but everybody's taking it very seriously. In my case, I discovered I had private keys on two of the machines, like we all did in the Good Old Days. And it's quite possible they got stolen. So another round of generating new keys, the first in 10 years: -rw-r--r--  1 grog  lemis      683 30 Dec  2001 authorized_keys -rw-r--r--  1 grog  lemis      844 14 Oct  2002 authorized_keys2 -rw-------  1 grog  lemis      736 28 Jan  2002 id_dsa -rw-r--r--  1 grog  lemis      612 28 Jan  2002 id_dsa.pub -rw-------  1 grog  lemis      951 28 Jan  2002 id_rsa -rw-r--r--  1 grog  lemis     ...

Mon, 19 Nov 2012 23:17:06 UTC

More gdb investigations

Posted By Greg Lehey

So why is gdb setting breakpoints in the wrong place? Why, is gdb setting breakpoints in the wrong place? Did some investigation which proved inconclusive. What I found was: On FreeBSD-CURRENT on the i386 platform, it sets the breakpoint correctlyif I don't include debug symbols. On FreeBSD-CURRENT on the i386 platform, it sets the breakpoint 17 bytes from the start if I include debug symbols. On 9-STABLE amd64 it sets the breakpoint on the entry point.

Mon, 19 Nov 2012 18:57:28 UTC

Secure the Internet podcast

Posted By Cory Doctorow

Here's a podcast of my recent Nature comment, co-written with Ben Laurie, Secure the Internet: In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The softwares crypto­graphic certificates, which securely verify the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought … [Read more]

Mon, 19 Nov 2012 18:40:03 UTC

E-Mail Security in the Wake of Petraeus

Posted By Bruce Schneier

I've been reading lots of articles articles discussing how little e-mail and Internet privacy we actually have in the U.S. This is a good one to start with: The FBI obliged apparently obtaining subpoenas for Internet Protocol logs, which allowed them to connect the senders anonymous Google Mail account to others accessed from the same computers, accounts that belonged to...

Mon, 19 Nov 2012 11:41:01 UTC

Security Theater in American Diplomatic Missions

Posted By Bruce Schneier

I noticed this in an article about how increased security and a general risk aversion is harming US diplomatic missions: "Barbara Bodine, who was the U.S. ambassador to Yemen during the Qaeda bombing of the U.S.S. Cole in 2000, told me she believes that much of the security American diplomats are forced to travel with is counterproductive. "There's this idea...

Sun, 18 Nov 2012 23:05:37 UTC

gdb: Your friend in need

Posted By Greg Lehey

Message in the mail today: I had managed to mess up my change to locale(1). It wasn't immediately obvious why, so I went through with gdb: (gdb) b main Breakpoint 1 at 0x8048b41: file /src/FreeBSD/svn/head/usr.bin/locale/locale.c, line 241. (gdb) r Starting program: /usr/obj/src/FreeBSD/svn/head/usr.bin/locale/locale charmap LANG= LC_CTYPE="C" ... Program exited normally. That first command was a breakpoint on main. It should have hit there before doing anything. What went wrong? Took a look at the entrance to main and found: (gdb) x/20i main 0x8048b30 <main>:       push   %ebp 0x8048b31 <main+1>:     mov    %esp,%ebp 0x8048b33 <main+3>:     push   %ebx 0x8048b34 <main+4>:     push   %edi 0x8048b35 <main+5>:     push   %esi 0x8048b36 <main+6>:     sub    $0x1c,%esp 0x8048b39 <main+9>:     mov   ...

Sun, 18 Nov 2012 08:04:57 UTC

Video from Pirate Cinema talk in Deerfield, IL

Posted By Cory Doctorow

Here's the video from my Pirate Cinema tour stop at Deerfield, IL -- I talk war on general purpose computers, copyfighting, and do some Q&A. Cory Doctorow's "Pirate Cinema" 2012 Book Tour stop at Deerfield, IL (Thanks, Psywiped!)

Sun, 18 Nov 2012 07:00:00 UTC

Back-to-Basics Weekend Reading - The Andrew File System

Posted By Werner Vogels

This weekend I am heading to Brussels for meetings with the European Commission, specifically with Vice-president Neelie Kroes who owns the Digital Agenda for the EU, about how to accelerate cloud usage in both business and government in Europe. I am bringing with me a paper with one of first distributed systems that had actually see wide-spread commercial deployment. The Andrew File System (AFS) was developed at CMU and was much more than just a distributed file systems and had a very interesting caching and volume replication architecture. Scale and performance in a distributed file system, John H. Howard, Michael L.

Sat, 17 Nov 2012 23:00:00 UTC

Back-to-Basics Weekend Reading - The Andrew File System

Posted By Werner Vogels

This weekend I am heading to Brussels for meetings with the European Commission, specifically with Vice-president Neelie Kroes who owns the Digital Agenda for the EU, about how to accelerate cloud usage in both business and government in Europe. I am bringing with me a paper with one of first distributed systems that had actually see wide-spread commercial deployment.

Sat, 17 Nov 2012 20:00:00 UTC

Old-World Week

Posted By Tim Bray

I spent most of last week in Antwerp at Devoxx 2012, probably the biggest developer event in Europe. The European context was front-of-mind since, for recreation, the week before Id been occasionally reading US right-wingers introspecting on why theyd lost the election and where America is going. A repeating theme is how the US is at grave danger of becoming like Europe; theyre convinced that thats Baracks hidden agenda. And Europe, you see, is a terrible place. A week there, in only a corner of the continent, but among Eurofolk from all over it, and my opinion that the US wingnuts are just wrong is reinforced.

Sat, 17 Nov 2012 20:00:00 UTC

Old-World Week

Posted By Tim Bray

I spent most of last week in Antwerp at Devoxx 2012, probably the biggest developer event in Europe. The European context was front-of-mind since, for recreation, the week before Id been occasionally reading US right-wingers introspecting on why theyd lost the election and where America is going. A repeating theme is how the US is at grave danger of becoming like Europe; theyre convinced that thats Baracks hidden agenda. And Europe, you see, is a terrible place. A week there, in only a corner of the continent, but among Eurofolk from all over it, and my opinion that the US wingnuts are just wrong is reinforced.

Sat, 17 Nov 2012 11:54:43 UTC

Cinema Pirata: Brazilian edition of Pirate Cinema

Posted By Cory Doctorow

I've just wrapped up a couple of days at the Fliporto literary festival in Olinda, Brazil, and was delighted to get a copy of the newly published Cinema Pirata, the Brazilian edition of Pirate Cinema, published by the excellent Galera Record.

Sat, 17 Nov 2012 11:43:28 UTC

Secure the Internet

Posted By Cory Doctorow

Nature

Sat, 17 Nov 2012 11:42:45 UTC

What do we do about untrustworthy Certificate Authorities?

Posted By Cory Doctorow

OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use … [Read more]

Sat, 17 Nov 2012 00:24:15 UTC

More df work

Posted By Greg Lehey

As planned, more thinking about the changes in df today. The block size calculation was: /*  * Convert statfs returned file system size into BLOCKSIZE units.  * Attempts to avoid overflow for large file systems.  */ fsbtoblk(int64_t num, uint64_t fsbs, u_long bs) {         if (fsbs != 0 && fsbs < bs)                 return (num / (intmax_t)(bs / fsbs));         else                 return (num * (intmax_t)(fsbs / bs)); } No description of the parameters, of course.

Fri, 16 Nov 2012 22:30:44 UTC

Friday Squid Blogging: Vampire Squid

Posted By Bruce Schneier

Vampire squid eats marine wastes (paper and video). As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 16 Nov 2012 18:11:27 UTC

Jamming 4G Cell Networks

Posted By Bruce Schneier

It's easy....

Fri, 16 Nov 2012 12:13:03 UTC

Stealing VM Keys from the Hardware Cache

Posted By Bruce Schneier

Research into one VM stealing crypto keys from another VM running on the same hardware. ABSTRACT: This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized...

Thu, 15 Nov 2012 22:40:13 UTC

Making df legible

Posted By Greg Lehey

Surprisingly there was little feedback on my changes to ls, so today I continued with df, adding a -, option: === grog@eureka (/dev/pts/14) /src/FreeBSD/svn/head/bin/df 22 -> df /Photos/ Filesystem  1024-blocks       Used     Avail Capacity  Mounted on /dev/ada1p1  1952969248 1474989512 458450044    76%    /Photos === grog@eureka (/dev/pts/14) /src/FreeBSD/svn/head/bin/df 23 -> df -, /Photos/ Filesystem    1024-blocks          Used       Avail Capacity  Mounted on /dev/ada1p1 1,952,969,248 1,474,989,512 458,450,044    76%    /Photos It's interesting to note that commas in sizes are standard in Microsoft's COMMAND.EXE.

Thu, 15 Nov 2012 12:45:24 UTC

The Terrorist Risk of Food Trucks

Posted By Bruce Schneier

This is idiotic: Public Intelligence recently posted a Powerpoint presentation from the NYC fire department (FDNY) discussing the unique safety issues mobile food trucks present. Along with some actual concerns (many food trucks use propane and/or gasoline-powered generators to cook; some *gasp* aren't properly licensed food vendors), the presenter decided to toss in some DHS speculation on yet another way...

Thu, 15 Nov 2012 11:36:28 UTC

Early-bird discount for LISA'12 ends on Nov 19th!

Posted By Tom Limoncelli

LISA is coming to San Diego, CA, December 9-14, 2012 and, as always, the committee has put together an amazing schedule of programs. Come for a few days of training, 2-days of technical sessions, or spend an entire week immersed in sysadmin geekery! Take anywhere from 1 to 6 full days of training and create the curriculum that meets your needs. https://www.usenix.org/conference/lisa12/training-program/training-program Take advantage of 47 half- and full-day training sessions from industry leaders, including my highly rated "Intro to Time Management" and "Team Efficiency" tutorials. Take the all-new training class "Build your own cloud with Ganeti Virtual Cluster Manager" co-taught by Guido Trotter and myself.

Thu, 15 Nov 2012 11:14:45 UTC

Speaking in London on Nov 24 about the Snoopers Charter

Posted By Cory Doctorow

Hey, Londoners! I'm speaking at one of the Open Rights Group's meetings on the Snooper's Charter (the proposed new mass-scale network spying bill) in London on Nov 24. It's free, but they'd like you to register so they know how many to plan for.

Thu, 15 Nov 2012 10:48:33 UTC

Interview on IT and corporate IT policy

Posted By Cory Doctorow

Here's an interview I did with the ITSM podcast, about information technology, IT policy, and corporate IT and its implications. MP3 link

Thu, 15 Nov 2012 00:54:40 UTC

More USB pain

Posted By Greg Lehey

Recently I've been having trouble with the wireless keyboard on teevee, my TV computer. For some reason it can no longer reliably communicate with the USB dongle. It's not the dongle, since the mouse has no difficulty. So yesterday I plugged in a cable USB keyboard. And then today I could no longer use the remote control! I've been moaning about lirc for years, but lately it's been running well, and I've forgotten how to debug it. Finally found irw and tried it out. No reaction. Ran ktrace against lircd. No input. Took another look at the running lircd process: USER         PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND root         961  0.0  0.1  5336   608  ??

Wed, 14 Nov 2012 23:42:31 UTC

More panorama reprocessing

Posted By Greg Lehey

Continued looking at my photos of 27 November 2011 today. It seems that it's not a good idea to use the old project files for images that have been reprocessed. Here again the comparison between the original, the reprocessed version using the old project files, and the reprocessed version starting from scratch: Interestingly, the stitching results were not overly good.

Wed, 14 Nov 2012 18:28:08 UTC

Webmail as Dead Drop

Posted By Bruce Schneier

I noticed this amongst the details of the Petraeus scandal: Petraeus and Broadwell apparently used a trick, known to terrorists and teenagers alike, to conceal their email traffic, one of the law enforcement officials said. Rather than transmitting emails to the other's inbox, they composed at least some messages and instead of transmitting them, left them in a draft folder...

Wed, 14 Nov 2012 15:20:04 UTC

Copyright debate in Denmark

Posted By Cory Doctorow

Here's a recording of a debate I participated in on Monday at Denmark's Fagfestival (yes, really -- Danish has weird English cognates) 2012, the largest gathering of journalists in the country. I debated Peter Schønning, a prominent Danish copyright lawyer, in an event hosted by Henrik Føhns. MP3 link

Wed, 14 Nov 2012 13:19:39 UTC

Interview with Geeks Guide to the Galaxy

Posted By Cory Doctorow

I did an interview with The Geek's Guide to the Galaxy, which they've published in both text and MP3 form. We talked about Pirate Cinema, Rapture of the Nerds, the Humble Ebook Bundle, the future of publishing, the Disney/Star Wars merger, and lots more: Wired: Do you ever get letters from kids who have been … [Read more]

Wed, 14 Nov 2012 11:57:07 UTC

Keys to the Crown Jewels Stolen?

Posted By Bruce Schneier

At least, that's the story: The locks at the Tower of London, home to the Crown Jewels, had to be changed after a burglar broke in and stole keys. The intruder scaled gates and took the keys from a sentry post. Guards spotted him but couldn't give chase as they are not allowed to leave their posts. But the story...

Wed, 14 Nov 2012 10:07:28 UTC

Digital Human podcast on death

Posted By Cory Doctorow

I recently recorded an interview with the BBC's Digital Human programme, which was recording an episode on death. It's came out very well. MP3 Link

Tue, 13 Nov 2012 12:49:24 UTC

Theres no way to stop children viewing porn in Starbucks

Posted By Cory Doctorow

The Guardian

Tue, 13 Nov 2012 12:49:05 UTC

Why the UKs mandatory opt-out censorware plan is stupid

Posted By Cory Doctorow

My latest Guardian column is "There's no way to stop children viewing porn in Starbucks," a postmortem analysis of the terrible debate in the Lords last week over a proposed mandatory opt-out pornography censorship system for the UK's Internet service providers. In order to filter out adult content on the internet, a company has to … [Read more]

Tue, 13 Nov 2012 12:15:35 UTC

Free Online Cryptography Course

Posted By Bruce Schneier

Dan Boneh of Stanford University is offering a free online cryptography course. The course runs for six weeks, and has five to seven hours of coursework per week. It just started last week....

Mon, 12 Nov 2012 21:35:24 UTC

Another X hang!

Posted By Greg Lehey

It's been well over a month since I installed the new nVidia driver for X and solved my X hang problems. I thought. Today it happened again, again under similar circumstances. The symptoms are not quite the same: It's slower now, and it's possible to move the mouse cursor a little from the edge of the monitor before it jumps back. But it's just as fatal. In fact, it would seem it was more. My ›ŸC monitor came back in 1280×1024 resolution. Investigating the log files showed: (WW) Nov 12 14:47:47 NVIDIA(GPU-0): Unable to read EDID for display device CRT-0 ...

Mon, 12 Nov 2012 20:49:03 UTC

Researching Dr. Livingstone

Posted By Greg Lehey

A couple of days ago my daily cron job sent me a calendar entry that looked wrong: Nov 10  Henry Stanley asks David Livingston, "Dr. Livingston, I presume?" , 1871 Livingston? That should be Livingstoneshouldn't it? Checked in the source of all knowledge and confirmed it. But also that the date was 27 October 1871. OK, we can fix that, so I did, and committed it. This morning I had not one but 5 messages awaiting me from Marc Balmer, who had successively discovered that the German Wikipedia had 28 October, and that the entries for Stanley in both languages had 10 November.

Mon, 12 Nov 2012 19:03:48 UTC

Fairy Wren Passwords

Posted By Bruce Schneier

Mother fairy wrens teach their children passwords while they're still in their eggs to tell them from cuckoo impostors: She kept 15 nests under constant audio surveillance, and discovered that fairy-wrens call to their unhatched chicks, using a two-second trill with 19 separate elements to it. They call once every four minutes while sitting on their eggs, starting on the...

Mon, 12 Nov 2012 13:00:00 UTC

Expanding the Cloud  introducing the Asia Pacific (Sydney) Region

Posted By Werner Vogels

Today, Amazon Web Services is expanding its worldwide coverage with the launch of a new AWS Region in Sydney, Australia. This new Asia Pacific (Sydney) Region has been highly requested by companies worldwide, and it provides low latency access to AWS services for those who target customers in Australia and New Zealand. The Region launches with two Availability Zones to help customers build highly available applications. I have visited Australia at least twice every year for the past four years and I have seen first-hand evidence of the tremendous interest there is in the AWS service. Many young businesses as well as established enterprises are already using AWS, many of them targeting customers globally.

Mon, 12 Nov 2012 11:47:17 UTC

Encryption in Cloud Computing

Posted By Bruce Schneier

This article makes the important argument that encryption -- where the user and not the cloud provider holds the keys -- is critical to protect cloud data. The problem is, it upsets cloud providers' business models: In part it is because encryption with customer controlled keys is inconsistent with portions of their business model. This architecture limits a cloud provider's...

Mon, 12 Nov 2012 05:00:00 UTC

Expanding the Cloud ? introducing the Asia Pacific (Sydney) Region

Posted By Werner Vogels

Today, Amazon Web Services has greater worldwide coverage with the launch of a new AWS Region in Sydney, Australia. This new Asia Pacific (Sydney) Region has been highly requested by companies worldwide, and it provides low latency access to AWS services for those who target customers in Australia and New Zealand.

Mon, 12 Nov 2012 00:23:46 UTC

DxO problem report: success!

Posted By Greg Lehey

It's been well over two months since I reported a problem to DxO: the Process tab of DxO Optics Pro now displays all images, taking a long time to do so, and they're out of order. After three attempts to get the support person to read the problem report, I got theincorrectinformation that there was no way to suppress the display. When I asked him yet again to address the issue of the incorrect sort order, he closed the ticket without any further answer. So I entered another ticket, this time in German to get a different support person, and got an inappropriate answer.

Sat, 10 Nov 2012 23:29:04 UTC

Radiation tower affects property values

Posted By Greg Lehey

One of the objections raised to the radiation tower in Bannockburn on 13 March 2012 was that the presence of the tower would greatly devalue the property. Elaine J. Stroud-Kaminski of 2895 Colac-Ballarat Road, Dereel, on the corner of Swamp Road, claimed the presence would greatly devalue the property, by between $60,000 to $100,000. That's clearly nonsense, since the online property valuations suggest that the property is only worth about $150,000, but possibly she believes it, since the house is now up for sale. The truth, of course, looks very different. Got a call today from a bloke who didn't give his name, but who was thinking of moving to Dereel and wanted to know what the current state of play was.

Sat, 10 Nov 2012 23:23:50 UTC

Pointy hat for grog

Posted By Greg Lehey

Into the office this morning: I was less than thorough on my last commit to ls, and Peter Wemm had cleaned up the mess. I had replaced space sequences with corresponding tabs everywhere. That's desired in indentation, largely irrelevant in comments, but it makes a real mess of format strings, and ls -l no longer lined up. Another pointy hat for my collection.

Sat, 10 Nov 2012 20:00:00 UTC

Doe Laughs at the Rite

Posted By Tim Bray

I ran across an article by this dude Andy Doe, who used to run classical music at iTunes, and then was at Naxos records, called What Is Going on with the Record Industry? Worth reading and worth following links from too. It turns out Doe has a blog called Proper Discord, a large part of which is devoted to silly classical-record covers with snarky captions. Hes so good at it that he got invited to contribute such a piece, pretty hilarious, to The Rite of Spring at One Hundred. Woah, The Rite of Spring is 100? Now thats a good excuse for a celebration; its one of the best pieces of music ever written.

Sat, 10 Nov 2012 20:00:00 UTC

How To Watch Blood and Chrome

Posted By Tim Bray

We watched all of BSG redux, and even though we loathed Caprica thought Blood & Chrome deserved a shot. Plus its online. Easily accessible on my computer, but I like to watch TV on my TV. Heres how. Buy a Roku. Install a Plex server on a nearby computer; in our case our living-room mainframe Mac Pro. Fight your way through the creaky, irritating Plex channel selector to find and install the YouTube channel. Install the Plex channel on your Roku. Configure Plex on Roku to know about the nearby Plex server. Tune in Plex on Roku, select the YouTube channel.

Sat, 10 Nov 2012 20:00:00 UTC

What Conservatives are For

Posted By Tim Bray

Im no right-winger but Ive long felt that a healthy society needs sane progressives and sane conservatives, and that many of Americas difficulties are related to an absence of the latter. So heres a proposed Sane-conservative manifesto, written from outside. 1. Be Cautious Anyone whos dealt with the public sector, or even paid close attention to the news, knows that many government programs dont work very well. Some just fritter away energy and money to no particular effect, others turn actively harmful. Its not that those launching them are malicious or stupid; its that people are complicated and, in the societal aggregate, insanely complicated.

Sat, 10 Nov 2012 20:00:00 UTC

What Conservatives are For

Posted By Tim Bray

Im no right-winger but Ive long felt that a healthy society needs sane progressives and sane conservatives, and that many of Americas difficulties are related to an absence of the latter. So heres a proposed Sane-conservative manifesto, written from outside. 1. Be Cautious Anyone whos dealt with the public sector, or even paid close attention to the news, knows that many government programs dont work very well. Some just fritter away energy and money to no particular effect, others turn actively harmful. Its not that those launching them are malicious or stupid; its that people are complicated and, in the societal aggregate, insanely complicated.

Sat, 10 Nov 2012 20:00:00 UTC

How To Watch Blood and Chrome

Posted By Tim Bray

We watched all of BSG redux, and even though we loathed Caprica thought Blood & Chrome deserved a shot. Plus its online. Easily accessible on my computer, but I like to watch TV on my TV. Heres how. Buy a Roku. Install a Plex server on a nearby computer; in our case our living-room mainframe Mac Pro. Fight your way through the creaky, irritating Plex channel selector to find and install the YouTube channel. Install the Plex channel on your Roku. Configure Plex on Roku to know about the nearby Plex server. Tune in Plex on Roku, select the YouTube channel.

Sat, 10 Nov 2012 20:00:00 UTC

Doe Laughs at the Rite

Posted By Tim Bray

I ran across an article by this dude Andy Doe, who used to run classical music at iTunes, and then was at Naxos records, called What Is Going on with the Record Industry? Worth reading and worth following links from too. It turns out Doe has a blog called Proper Discord, a large part of which is devoted to silly classical-record covers with snarky captions. Hes so good at it that he got invited to contribute such a piece, pretty hilarious, to The Rite of Spring at One Hundred. Woah, The Rite of Spring is 100? Now thats a good excuse for a celebration; its one of the best pieces of music ever written.

Sat, 10 Nov 2012 01:27:35 UTC

More source tweaks

Posted By Greg Lehey

Yesterday's FreeBSD commits didn't go unchallenged. Somehow my Emacs configuration has reverted to using spaces instead of tabs for indentation, and that's in violation of style(9). So another couple of cosmetic changes.

Sat, 10 Nov 2012 01:04:06 UTC

Unexpected issues with clang

Posted By Greg Lehey

The FreeBSD project is in the process of changing the C and C++ compiler from gcc to clang, mainly, I think, because of license issues. The transition is going relatively smoothly, and one day I might even get used to the horrible gaudy error messages. And maybe they'll get the compiler to run in less than 2 GB of memory. But today came a message on the FreeBSD-current mailing list: calendar(1) has stopped working. The last serious work on that was done by Chris Yeardley, coincidentally committed a year ago today. So I took a look: /usr/share/calendar/calendar.music:231:17: warning: missing terminating ' character [-Winvalid-pp-token] 12/16   Don McLean's "American Pie" is released, 1971                   ^ That wasn't in colour, but it clearly comes from clang.

Sat, 10 Nov 2012 01:00:00 UTC

Back-to-Basics Weekend Reading - Using Encryption for Authentication

Posted By Werner Vogels

Now that I am enjoying some time in Seattle with real weekends, I like to remind you that my reading list is called back-to-basics. My goal with reading these papers is that by revisiting the original problems systems researchers were trying to solve you get a much better understanding of the challenges we are often still faced with today. That means that many papers on these papers are "old", as I was recently told, even published before some of you were born :-). That might definitely be the case with this famous Needham - Schroeder paper from 1978. Roger Needham and Mike Schroeder were some of the first researchers to tackle the problem of secure communication over insecure networks; their protocols deal with how to authenticate both parties and how to establish a secure channel between the parties.

Fri, 09 Nov 2012 22:16:27 UTC

Friday Squid Blogging: Squid Ink as a Condiment

Posted By Bruce Schneier

Burger King introduces a black burger with ketchup that includes squid ink. Only in Japan, of course....

Fri, 09 Nov 2012 19:32:39 UTC

How To Tell if Your Hotel Guest Is a Terrorist

Posted By Bruce Schneier

From the Department of Homeland Security, a handy list of 19 suspicious behaviors that could indicate that a hotel guest is actually a terrorist. I myself have done several of these. More generally, this is another example of why all the "see something say something" campaigns fail: "If you ask amateurs to act as front-line security personnel, you shouldn't be...

Fri, 09 Nov 2012 17:00:00 UTC

Back-to-Basics Weekend Reading - Using Encryption for Authentication

Posted By Werner Vogels

Now that I am enjoying some time in Seattle with real weekends, I like to remind you that my reading list is called back-to-basics. My goal with reading these papers is that by revisiting the original problems systems researchers were trying to solve you get a much better understanding of the challenges we are often still faced with today.

Fri, 09 Nov 2012 12:41:39 UTC

How Terrorist Groups Disband

Posted By Bruce Schneier

Interesting research from RAND: Abstract: How do terrorist groups end? The evidence since 1968 indicates that terrorist groups rarely cease to exist as a result of winning or losing a military campaign. Rather, most groups end because of operations carried out by local police or intelligence agencies or because they join the political process. This suggests that the United States...

Thu, 08 Nov 2012 23:57:12 UTC

Finally: the commits

Posted By Greg Lehey

Finally I've got round to committing all the patches I have been collecting, and while I was at it also addressed the checklist I made last month. Some of it, anyway. I'm still thinking about the rest, and since the recent change of compiler from gcc to clang, I'm not going to bother about fixing gcc.

Thu, 08 Nov 2012 23:00:00 UTC

Improving the Cloud - More Efficient Queuing with SQS

Posted By Werner Vogels

The Amazon Simple Queue Service (SQS) is a highly scalable, reliable and elastic queuing service that 'just works'. Customers from various verticals (media, social gaming, mobile, news, advertisement) such as Netflix, Shazam and Scopely have used SQS in variety of use-cases requiring loose coupling and high performance. For example, AWS customers use SQS for asynchronous communication pipelines, buffer queues for databases, asynchronous work queues, and moving latency out of highly responsive requests paths. Today, the SQS team is launching two important features  Long Polling and richer client functionality in the SQS SDK  that we believe will extend the reach of SQS to new use cases by reducing the cost of high scale messaging for our customers.

Thu, 08 Nov 2012 20:00:00 UTC

Sending and Receiving

Posted By Tim Bray

Yes, this is about social media; is that still a thing? I depend on this blog and syndication feeds and Twitter and G+, all at once at the same time, and in a complicated and messy way. But life isnt terrible. Broadcasting The screen caps show see my current stats on Twitter (above) and Google+ (below); the nice round number on Twitter provoked this piece. I use them both as broadcast media, and they both work just fine for that. I get the feeling that Twitter reaches more influencers and is more effective for getting a crucial piece of news flowing its way around the planet.

Thu, 08 Nov 2012 20:00:00 UTC

Sending and Receiving

Posted By Tim Bray

Yes, this is about social media; is that still a thing? I depend on this blog and syndication feeds and Twitter and G+, all at once at the same time, and in a complicated and messy way. But life isnt terrible. Broadcasting The screen caps show see my current stats on Twitter (above) and Google+ (below); the nice round number on Twitter provoked this piece. I use them both as broadcast media, and they both work just fine for that. I get the feeling that Twitter reaches more influencers and is more effective for getting a crucial piece of news flowing its way around the planet.

Thu, 08 Nov 2012 19:24:59 UTC

Gary McGraw on National Cybersecurity

Posted By Bruce Schneier

Good essay, making the point that cyberattack and counterattack aren't very useful -- actual cyberdefense is what's wanted. Creating a cyber-rock is cheap. Buying a cyber-rock is even cheaper since zero-day attacks exist on the open market for sale to the highest bidder. In fact, if the bad guy is willing to invest time rather than dollars and become an...

Thu, 08 Nov 2012 15:00:00 UTC

Improving the Cloud - More Efficient Queuing with SQS

Posted By Werner Vogels

The Amazon Simple Queue Service (SQS) is a highly scalable, reliable and elastic queuing service that ‘just works’. Customers from various verticals (media, social gaming, mobile, news, advertisement) such as Netflix, Shazam and Scopely have used SQS in variety of use-cases requiring loose coupling and high performance. For example, AWS customers use SQS for asynchronous communication pipelines, buffer queues for databases, asynchronous work queues, and moving latency out of highly responsive requests paths.

Thu, 08 Nov 2012 12:57:17 UTC

Micromorts

Posted By Bruce Schneier

Here's a great concept: a micromort: Shopping for coffee you would not ask for 0.00025 tons (unless you were naturally irritating), you would ask for 250 grams. In the same way, talking about a 1/125,000 or 0.000008 risk of death associated with a hang-gliding flight is rather awkward. With that in mind. Howard coined the term "microprobability" (¼p) to refer...

Thu, 08 Nov 2012 00:26:46 UTC

Completing the ls work

Posted By Greg Lehey

I've made a number of modifications to ls over the years: the -X option to display file names in hex, the -y option and also the LS_SAMESORT environment variable to work around the mandated breakage in the standards. Most recently I've added the -, option to break large file sizes with commas (or whatever your locale provides). But I still haven't committed any of them. I described the issues a while back, but it's been nearly a month since then. So finally I prepared the commit. First thing is clear: I have waited far too long. It's been nearly 4 years since I did the LS_SAMESORT stuff, and of course the sources have changed since then.

Wed, 07 Nov 2012 20:00:00 UTC

Explaining the Election

Posted By Tim Bray

A pretty well full and complete explanation of the US election results may be found in The Right Republican, published in The Economist at the end of 2011. I quote: Nowadays, a candidate must believe not just some but all of the following things: that abortion should be illegal in all cases; that gay marriage must be banned even in states that want it; that the 12m illegal immigrants, even those who have lived in America for decades, must all be sent home; that the 46m people who lack health insurance have only themselves to blame; that global warming is a conspiracy; that any form of gun control is unconstitutional; that any form of tax increase must be vetoed, even if the increase is only the cancelling of an expensive and market-distorting perk; that Israel can do no wrong and the so-called Palestinians, to use Mr Gingrich's term, can do ...

Wed, 07 Nov 2012 20:00:00 UTC

Explaining the Election

Posted By Tim Bray

A pretty well full and complete explanation of the US election results may be found in The Right Republican, published in The Economist at the end of 2011. I quote: Nowadays, a candidate must believe not just some but all of the following things: that abortion should be illegal in all cases; that gay marriage must be banned even in states that want it; that the 12m illegal immigrants, even those who have lived in America for decades, must all be sent home; that the 46m people who lack health insurance have only themselves to blame; that global warming is a conspiracy; that any form of gun control is unconstitutional; that any form of tax increase must be vetoed, even if the increase is only the cancelling of an expensive and market-distorting perk; that Israel can do no wrong and the so-called Palestinians, to use Mr Gingrich's term, can do ...

Wed, 07 Nov 2012 19:39:08 UTC

New SSL Vulnerability

Posted By Bruce Schneier

It's hard for me to get too worked up about this vulnerability: Many popular applications, HTTP(S) and WebSocket transport libraries, and SOAP and REST Web-services middleware use SSL/TLS libraries incorrectly, breaking or disabling certificate validation. Their SSL and TLS connections are not authenticated, thus they -- and any software using them -- are completely insecure against a man-in-the-middle attacker. Great...

Wed, 07 Nov 2012 12:16:10 UTC

Regulation as a Prisoner's Dilemma

Posted By Bruce Schneier

This is the sort of thing I wrote about in my latest book. The Prisoners Dilemma as outlined above can be seen in action in two variants within regulatory activities, and offers a clear insight into why those involved in regulation act as they do. The first relationship is that between the various people and organisations being regulated ­ banks,...

Wed, 07 Nov 2012 04:15:00 UTC

Why Romney lost today and how Republicans can win in 2016

Posted By Tom Limoncelli

How to win the most votes? Let me share two datapoints: The Obama campaign was lackluster and just couldn't get momentum. About a month ago he changed his speeches to be pretty hardcore liberal talking points. Suddenly the enthusiasm and polling started doing much better. In the last weeks of the campaign, Romney started stealing Obama's talking points, sounding as liberal as he could be. Suddenly the Romney momentum started building. In fact, if he had kept this up or if the election was a few weeks later, he might have one. Both of these data points indicate that to gain more votes, politicians need to "run to the left".

Tue, 06 Nov 2012 21:11:12 UTC

Fridays Q&A session now online

Posted By Herb Sutter

My live Q&A after Fridays The Future of C++ talk is now online on Channel 9. The topics revolved around& & recent progress and near-future directions for C++, both at Microsoft and across the industry, and talks about some announcements related to C++11 support in VC++ 2012 and the formation of the Standard C++ Foundation. [...]

Tue, 06 Nov 2012 18:17:00 UTC

Three-Rotor Enigma Machine Up for Auction

Posted By Bruce Schneier

Expensive, but it's in complete working order. They're also auctioning off a complete set of rotors; those are even rarer than the machines -- which are often missing their rotors....

Tue, 06 Nov 2012 16:13:43 UTC

Wanted: RSA Exhibitor for Book Signing

Posted By Bruce Schneier

Is anyone out there interested in buying a pile of copies of my Liars and Outliers for a giveaway and book signing at the RSA Conference? I can guarantee enormous crowds at your booth for as long as there are books to give away. This could also work for an after-hours event. Please let me know. I can get you...

Tue, 06 Nov 2012 12:40:09 UTC

New Vulnerability Against Industrial Control Systems

Posted By Bruce Schneier

It doesn't look good. These are often called SCADA vulnerabilities, although it isn't SCADA that's involved here. They're against programmable logic controllers (PLCs): the same industrial controllers that Stuxnet attacked....

Mon, 05 Nov 2012 21:55:02 UTC

Mixing photos

Posted By Greg Lehey

Yvonne showed me a funny photo yesterday, a statue with holes in itclearly a montage of two photos. It was on here today, gone tomorrow Facebook, so I can't find it any more. I can do that too, I said, thinking of Hugin, so I set to to take some experimental photos. The first one didn't work at all well: the control points were all detected correctly, but the resultant image looked nothing like what I expected. At a guess took another series with a second image to the right: In principle I only need the first ...

Mon, 05 Nov 2012 20:54:47 UTC

New Jersey Allows Voting by E-Mail

Posted By Bruce Schneier

I'm not filled with confidence, but this seems like the best of a bunch of bad alternatives....

Mon, 05 Nov 2012 20:00:00 UTC

Dear America

Posted By Tim Bray

Congrats on having gotten through another overly-long election. Notes from a spectator looking south from north of 49°. If the outcome is anything but Obama-POTUS/Dem-Senate/GOP-House, were into major-news-story territory, as in how could the phalanx of statisticians led by Nate Silver have been wrong? Seriously, the polls were fairly steady and linear this time around, Bayesian mechanics should have worked. Doubters in need of straws to grasp at, check out Colby Cosh, who points out flaws in Mr Silvers track record. Notably, that his baseball stats-wrangling failed to predict the achievements of Ichiro Suzuki. However, I detect nothing in the current political landscape as anomalous as Ichiro has been in baseball.

Mon, 05 Nov 2012 20:00:00 UTC

Dear America

Posted By Tim Bray

Congrats on having gotten through another overly-long election. Notes from a spectator looking south from north of 49°. If the outcome is anything but Obama-POTUS/Dem-Senate/GOP-House, were into major-news-story territory, as in how could the phalanx of statisticians led by Nate Silver have been wrong? Seriously, the polls were fairly steady and linear this time around, Bayesian mechanics should have worked. Doubters in need of straws to grasp at, check out Colby Cosh, who points out flaws in Mr Silvers track record. Notably, that his baseball stats-wrangling failed to predict the achievements of Ichiro Suzuki. However, I detect nothing in the current political landscape as anomalous as Ichiro has been in baseball.

Mon, 05 Nov 2012 19:26:20 UTC

New WWII Cryptanalysis

Posted By Bruce Schneier

I'd sure like to know more about this: Government code-breakers are working on deciphering a message that has remained a secret for 70 years. It was found on the remains of a carrier pigeon that was discovered in a chimney, in Surrey, having been there for decades. It is thought the contents of the note, once decoded, could provide fresh...

Mon, 05 Nov 2012 14:59:58 UTC

Automated calls, fraud and the banks: a mismatch made in hell

Posted By Cory Doctorow

Here's a podcast of my recent Guardian column, Automated calls, fraud and the banks: a mismatch made in hell: The banks are now outsourcing their fraud prevention to computers that can make dozens of calls all at once, around the clock, fishing (or phishing) for someone who just happened to have made an unusual purchase … [Read more]

Mon, 05 Nov 2012 12:19:55 UTC

On the Ineffectiveness of Airport Security Pat-Downs

Posted By Bruce Schneier

I've written about it before, but not half as well as this story: "That search was absolutely useless." I said. "And just shows how much of all of this is security theatre. You guys are just feeling up passengers for no good effect, which means that you get all the downsides of a search -- such as annoyed travellers who...

Sun, 04 Nov 2012 01:52:05 UTC

Radiation tower: when?

Posted By Greg Lehey

As a result, did a bit of investigation about the state of Wendy's appeal to VCAT. Not good: according to this discussion the date for the hearing has still not been set, after over 6 months. It should have been heard (and dismissed) by now. And there are suggestions that NBN may then postpone the erection until 2015! Under those circumstances, I wonder if we shouldn't be looking to build somewhere else.

Sat, 03 Nov 2012 23:12:50 UTC

Our industry is young again, and its all about UI

Posted By Herb Sutter

Jeff Atwoods post two days ago inspired me to write this down. Thanks, Jeff. I can’t even remember the last time I was this excited about a computer.  Jeff Atwood, November 1, 2012 Our industry is young again, full of the bliss and sense of wonder and promise of adventure that comes with youth. [...]

Sat, 03 Nov 2012 22:06:31 UTC

Talk now online: The Future of C++ (VC++, ISO C++)

Posted By Herb Sutter

Yesterday, many thousands of you were in the room or live online for my talk on The Future of C++. The talk is now available online. This has been a phenomenal year for C++, since C++11s publication just 12 months ago. And yesterday was a great day for C++. Yesterday I had the privilege of [...]

Sat, 03 Nov 2012 21:48:15 UTC

More network issues

Posted By Greg Lehey

For a change, I didn't have a network connectivity dropout today, though it was hard to tell: in mid-afternoon connectivity dropped to a minimum, with ping times as high as 20 seconds. Looking at my logs, I found: Nov  3 15:25:18 nerd-gw fstats: +CGREG  1  81E3  8FC8F2E Nov  3 15:25:23 nerd-gw fstats: +CGREG  1  81E3  142 1351916924 0.561693 5   # Sat 3 Nov 2012 15:28:44 EST 890.166 ms That's an interesting cell ID. All the ones I've sen so far are 8 digits, but this was only 3.

Sat, 03 Nov 2012 21:35:33 UTC

Photo processing speed

Posted By Greg Lehey

House photo day today. Together with the photos from the open gardens, a total of 168 photos to process. It was also the first day I've done any serious processing with DxO Optics Pro version 8, and some of the settings are different from version 7. Processed about 50 of the photos before it occurred to me that the settings I had weren't optimal, and I had to start again. And I'm back to 2 minutes per image processing time. Or am I? Later in the first, abortive processing it seemed to get faster. So I kept track of the creation timestamps of the output files.

Sat, 03 Nov 2012 21:25:34 UTC

DxO bug: solved

Posted By Greg Lehey

Mail from a Pascal at DxO support today. One sentence: Die Lösung sehe sie hier (you see the solution here). Further investigation shows that there was a video clip attached, showing how to set the sort order in the image browser. What's wrong with this picture? It's strangely out of focus, for one thing. But more to the point: It doesn't explain why it should be a solution. I think this may be my fault: DxO seems not to handle German support well.

Sat, 03 Nov 2012 19:00:00 UTC

That Time of Year

Posted By Tim Bray

In which northern-hemisphere photographers are tempted to shoot autumn leaves, autumn leaves, and more autumn leaves. Im jaded but couldnt resist these. In Vancouver, we dont rake leaves, we shovel them.

Sat, 03 Nov 2012 19:00:00 UTC

That Time of Year

Posted By Tim Bray

In which northern-hemisphere photographers are tempted to shoot autumn leaves, autumn leaves, and more autumn leaves. Im jaded but couldnt resist these. In Vancouver, we dont rake leaves, we shovel them.

Fri, 02 Nov 2012 21:54:32 UTC

DxO problem: worked around

Posted By Greg Lehey

A message from another DxO support person today, an English reply (judging by the name Olivier presumably from a Frenchman) to my German problem report stating once again that my Microsoft Windows XP system with 3 GB of memory was too wimpy to run DxO Optics Pro, independent of the processor. Never mind that the specifications say a minimum of 2 GB, nor that at the time the problem occurred the system had 2 GB of memory free, nor that the problem also occurs with the 64 bit version of Windows 8. In addition, despite many requests for trace output, he couldn't find it.

Fri, 02 Nov 2012 18:00:00 UTC

Back-to-Basics Weekend Reading - Weighted Voting for Replicated Data

Posted By Werner Vogels

The last two weeks in Europe and Israel (The image above is from Tel Aviv) were intense so I didn't get to do much reading, hence I didn't post any reading suggestions. This weekend I pick a true back-to-basics paper to read; Dave Gifford's paper on Weighted Voted was the first to describe the "r+w" overlapping quorum approach to reason about the consistency of replicated data. Weighted voting for replicated data, David K. Gifford, Proceedings of the 7th ACM Symposium on Operating Systems Principles, December 10-12, 1979, Pacific Grove, CA USA

Fri, 02 Nov 2012 15:00:00 UTC

Pimlical on Android... now on Google Play

Posted By Tom Limoncelli

Time Management for Sysadmins mentions the Pimlical's DateBk software a lot. It is one of the finest time management software packages around. It was way ahead of its time Sadly it was only available for the Palm series of PDAs. Pimlical's equivalent program for Android is called "Advanced Calendar". Until recently the installation process was a bit... odd. Now it is available on the Google Play app store. As a result, it is much easier to install. Check it out here: https://play.google.com/store/apps/details?id=com.pimlicosoftware.PimlicalA

Fri, 02 Nov 2012 11:37:14 UTC

Loopholes

Posted By Bruce Schneier

Interesting This American Life show on loopholes. The first part is about getting around the Church's ban against suicide. The second part is about an interesting insurance scheme....

Fri, 02 Nov 2012 11:30:07 UTC

Friday Squid Blogging: Squid Costume

Posted By Bruce Schneier

This is great....

Fri, 02 Nov 2012 11:00:00 UTC

Back-to-Basics Weekend Reading - Weighted Voting for Replicated Data

Posted By Werner Vogels

The last two weeks in Europe and Israel (The image above is from Tel Aviv) were intense so I didn’t get to do much reading, hence I didn’t post any reading suggestions. This weekend I pick a true back-to-basics paper to read; Dave Gifford’s paper on Weighted Voted was the first to describe the “r+w” overlapping quorum approach to reason about the consistency of replicated data.

Thu, 01 Nov 2012 23:45:55 UTC

More DxO pain

Posted By Greg Lehey

My support issues with DxO Optics Pro are getting no better. The one problem that remains is the silly duplicate, incorrectly sorted display of images in the Process tab. I've asked four times for this to be addressed, without success, and now I just get the message This ticket is closed. Hopefully this is just the individual support person and not the company. Put in another ticket, in German in the hope that somebody else will get it. We'll see.

Thu, 01 Nov 2012 19:00:00 UTC

Four Not For Me

Posted By Tim Bray

Ive been reading lots this last year (less music, almost no videogames) writing here about the good ones, and mostly silent about the others. But theres this category of books I didnt like but you might, because I think the failing might be in me not the work. As in good, but not for me. Herewith, then, words on Assumption by Percival Everett, Malarky by Anakana Schofield, Mr. Penumbra's 24-Hour Bookstore by Robin Sloan, and The Yiddish Policemen's Union by Michael Chabon. Malarky Disclosure: Anakana is a Vancouver Irishwoman and I know her, our kids were in school together and shes been to our parties.

Thu, 01 Nov 2012 19:00:00 UTC

Nouveau Spam

Posted By Tim Bray

Gmail is really good at spam these days. Its been forever since Ive seen any pharmaceuticals or watches or penny stocks; the very occasional 419 and virtuous-girl-looking-for-friends leaks through. However, there is a steady flow, one or two per day, of intensely-miscellaneous pitches for products or services that look perfectly reasonable and mainstream  except for being spam-promoted. Theyre actually sort of, uh, interesting. Here are a few days worth, in the order I received them; the geographic distribution is remarkable. Cheery Spanish condom store. Italian commercial truck rentals. Bright-colored trucks at low daily rates! Mexican e-billing systems. Boring presentation, probably appropriate. Swedish anti-explosive gas-tank treatment, for motor racers.

Thu, 01 Nov 2012 19:00:00 UTC

Nouveau Spam

Posted By Tim Bray

Gmail is really good at spam these days. Its been forever since Ive seen any pharmaceuticals or watches or penny stocks; the very occasional 419 and virtuous-girl-looking-for-friends leaks through. However, there is a steady flow, one or two per day, of intensely-miscellaneous pitches for products or services that look perfectly reasonable and mainstream  except for being spam-promoted. Theyre actually sort of, uh, interesting. Here are a few days worth, in the order I received them; the geographic distribution is remarkable. Cheery Spanish condom store. Italian commercial truck rentals. Bright-colored trucks at low daily rates! Mexican e-billing systems. Boring presentation, probably appropriate. Swedish anti-explosive gas-tank treatment, for motor racers.

Thu, 01 Nov 2012 19:00:00 UTC

Four Not For Me

Posted By Tim Bray

Ive been reading lots this last year (less music, almost no videogames) writing here about the good ones, and mostly silent about the others. But theres this category of books I didnt like but you might, because I think the failing might be in me not the work. As in good, but not for me. Herewith, then, words on Assumption by Percival Everett, Malarky by Anakana Schofield, Mr. Penumbra's 24-Hour Bookstore by Robin Sloan, and The Yiddish Policemen's Union by Michael Chabon. Malarky Disclosure: Anakana is a Vancouver Irishwoman and I know her, our kids were in school together and shes been to our parties.

Thu, 01 Nov 2012 11:34:11 UTC

Peter Neumann Profile

Posted By Bruce Schneier

Really nice profile in the New York Times. It includes a discussion of the Clean Slate program: Run by Dr. Howard Shrobe, an M.I.T. computer scientist who is now a Darpa program manager, the effort began with a premise: If the computer industry got a do-over, what should it do differently? The program includes two separate but related efforts: Crash,...