Blog Archive: January 2013

Thu, 31 Jan 2013 23:40:16 UTC

New X configuration and other surprises

Posted By Greg Lehey

Started the day off with the task of getting X running correctly on my four monitors. Tried out the xorg.conf file that I had created yesterday, and how about that! All 4 monitors came up. Not in the correct order, and not at the correct resolution, but it was a good start. In addition, the ›OC monitor seems to be delivering EDID information again, and it's not the same as the EDID information I downloaded from the web two months ago. Something to investigate when I get the time. Back to look at the file, and discovered that I had a number of serious errors in it, in particular referring to non-existent devices.

Thu, 31 Jan 2013 19:28:59 UTC

The Eavesdropping System in Your Computer

Posted By Bruce Schneier

Dan Farmer has an interesting paper (long version here; short version here) discussing the Baseboard Management Controller on your computer's motherboard: The BMC is an embedded computer found on most server motherboards made in the last 10 or 15 years. Often running Linux, the BMC's CPU, memory, storage, and network run independently. It runs Intel's IPMI out-of-band systems management protocol...

Thu, 31 Jan 2013 19:15:09 UTC

Internet copyright law has to have public support if its going to work

Posted By Cory Doctorow

The Guardian

Thu, 31 Jan 2013 19:14:52 UTC

Copyright, plagiarism and the Internet

Posted By Cory Doctorow

My latest Guardian column is "Internet copyright law has to have public support if it's going to work," and it goes into the difference between copyright infringement and plagiarism, and tries to understand why so many people got upset at Glee's legal ripoff of a Jonathan Coulton song: Copyright experts were quick to explain that … [Read more]

Thu, 31 Jan 2013 13:09:16 UTC

Power and the Internet

Posted By Bruce Schneier

All disruptive technologies upset traditional power balances, and the Internet is no exception. The standard story is that it empowers the powerless, but that's only half the story. The Internet empowers everyone. Powerful institutions might be slow to make use of that new power, but since they are powerful, they can use it more effectively. Governments and corporations have woken...

Thu, 31 Jan 2013 10:40:15 UTC

Im coming to YOUR town* in February!

Posted By Cory Doctorow

Next Tuesday marks the publication of my latest YA novel, Homeland, and I'll be kicking off a month-long tour across the US on February 5 with a stop in Seattle, followed by Portland and San Francisco. From there, I swing to the southwest -- a region I've never toured! -- with stops in Salt Lake … [Read more]

Thu, 31 Jan 2013 01:29:35 UTC

Network problems without end

Posted By Greg Lehey

My network problems continue. This is completely unacceptable. It's been 10 days since I reported the problems and the issue of the non-responsive cell, and I've only had one response asking me to reinstall my software. I've already sent a message expressing my annoyance, but nobody bothered to reply. Called Internode support today and spoke to Goran, who at least contacted the specialists, who are too important to talk to me directly. It seems that they did report the problem to Optus (I wonder in what form), and that Optus claims that all is running well and there is no congestion.

Thu, 31 Jan 2013 01:13:33 UTC

The curse of Wendy McClelland

Posted By Greg Lehey

While writing my diary for yesterday, discovered a disconcerting problem with the display on my new 27" monitor: What's that? It stayed in the same place on the screen while I moved the window, or when I replaced it with a browser window, but it doesn't look like dead pixels. It wasn't until I iconified the screens that I saw what was on the root window: It's part of the now-removed news item from YouTube, and it was clearly bypassing normal X conventions.

Thu, 31 Jan 2013 00:57:36 UTC

Computer reorganization: taking the plunge

Posted By Greg Lehey

I've been planning to rearrange the machines in my office for months now, at least since I converted my main machine to amd64 over six months ago. There have been many reasons for the delay, but a prime one was the dread of the amount of work and the number of things that could go wrong. But I have new hardware for the machine which will finally allow me to run four displays again on a single machinemaybe. So today I finally reorganized, the first time in the 5½ years I have lived here. To my surprise, nothing serious went wrong.

Wed, 30 Jan 2013 20:00:00 UTC

Maximum N7

Posted By Tim Bray

Way back in August of last year, I tweeted Would totally pay ~$300 for a Nexus 7 with telephony & cellular data. So I did; with my own money I mean. You will be unsurprised to learn that its my favorite Android device ever. I got the maximal version, 32G and GSM, which cost me C$309. My Google Play shopping experience was a little better than at Apple, which always wants me to enter my password at least twice; but not quite as slick as at Amazon. Delivery, at a couple of weeks, was a little slower than Id have liked.

Wed, 30 Jan 2013 18:20:08 UTC

"People, Process, and Technology"

Posted By Bruce Schneier

Back in 1999 when I formed Counterpane Internet Security, Inc., I popularized the notion that security was a combination of people, process, and technology. Back then, it was an important notion; security back then was largely technology-only, and I was trying to push the idea that people and process needed to be incorporated into an overall security system. This blog...

Wed, 30 Jan 2013 16:11:34 UTC

CACM: A decade of OS access-control extensibility

Posted By Robert N. M. Watson

Operating-system access control technology has undergone a remarkable transformation over the last fifteen years as appliance, embedded, and mobile device vendors transitioned from dedicated “embedded operating systems” to general-purpose ones — often based on open-source UNIX and Linux variants. Device vendors look to upstream operating system authors to provide the critical low-level software foundations for [...]

Wed, 30 Jan 2013 12:51:55 UTC

Who Does Skype Let Spy?

Posted By Bruce Schneier

Lately I've been thinking a lot about power and the Internet, and what I call the feudal model of IT security that is becoming more and more pervasive. Basically, between cloud services and locked-down end-user devices, we have less control and visibility over our security -- and have no point but to trust those in power to keep us safe....

Wed, 30 Jan 2013 02:43:16 UTC

Dereel residents want the Radiation Tower

Posted By Greg Lehey

Since Wendy McClelland got interviewed on TV a week ago, a number of things have happened, notably the ABC article on the subject. But we were still unhappy that the majority of the residents didn't have their say. Then Greg Nyary, a resident whom I don't know, arranged for the same team to come to Dereel and interview the proponents. It all happened at very short notice, and it wasn't publicized, but I heard about it from two different directions. Today, a workday, at 11:00, not the ideal time to get a crowd. But get a crowd we did: there must have been somewhere between 50 and 70 people there.

Tue, 29 Jan 2013 20:00:00 UTC

Ingress, Month 3

Posted By Tim Bray

Ingress is into its third month and if any other relatively-mainstream bloggers are covering the story I havent seen it, so this for the record if nothing else. There are strains showing; but interesting developments also. To start with: as of today, Jan. 29, every Zipcar and Jamba Juice location is an Ingress portal, it seems; which feels to me like a news story. [For context, see Ingress and Things About Ingress.] Personal History When I came back to Vancouver from Christmas on the Prairies, it turned out that a few of us had been away and the Green team had pretty well overrun the city.

Tue, 29 Jan 2013 19:06:14 UTC

Backdoors Built in to Barracuda Networks Equipment

Posted By Bruce Schneier

Don't we know enough not to do this anymore?...

Tue, 29 Jan 2013 12:32:58 UTC

Complexity and Security

Posted By Bruce Schneier

I have written about complexity and security for over a decade now (for example, this from 1999). Here's the results of a survey that confirms this: Results showed that more than half of the survey respondents from mid-sized (identified as 50-2500 employees) and enterprise organizations (identified as 2500+ employees) stated that complex policies ultimately led to a security breach, system...

Tue, 29 Jan 2013 03:19:58 UTC

gnuplot POLA violation

Posted By Greg Lehey

As a result of the network problems, I haven't looked at my network link statistics page much recently. But when I looked today, the graphs were all blank. Why? Working with gnuplot is a real pain, but I finally got round to looking at it. Date calculations are particularly painful, not helped by the fact that gnuplot timestamps are seconds since 1 January 2000, while Unix timestamps are seconds since 1 January 1970, so there's this continual offset 946684800 (30 years) in the commands. Here's part of a command file I generate for one of the graphs: set xrange [412654938+39600:412669338+39600] plot "/var/tmp/3glinkstats" using ($1 + 39600 - 946684800):($2) \            title "link status" with lines, \      "/var/tmp/3glinkstats" using ($1 + 39600 - 946684800):($3) \            title "net connectivity (0 to 5)" ...

Tue, 29 Jan 2013 03:18:20 UTC

Internode support going downhill?

Posted By Greg Lehey

My network connection is flakier than ever, so much that I've given up looking at the statistics. Internode support don't seem to be doing anything about it. I've provided them with evidence that it's due to non-responsive cells in the wireless network, but they don't seem to think that that's a problem they can report to Optus. Why? Two years ago I had very similar symptoms, though not the ability to investigate the cause, they contacted Optus and got the thing sorted out pretty quickly. And Max, the technician at that time, knew what he was talking about.

Tue, 29 Jan 2013 01:40:15 UTC

Alternative to DxO Optics Pro

Posted By Greg Lehey

Peter Jeremy asked an obvious question today: why do I bother with DxO Optics Pro given all its problems? The answers are simple: I stick with it because the alternative means learning a new product with new bugs, and making comparisons to see which is better. But then Andy Snow suggested bibble, a program that I had once thought of using, but then not followed through, and which he says can do everything, including raw data conversion. That's simple enough: Bibble doesn't exist any more. It has been bought out by Corel and is now called Corel® AfterShot" Pro. And of course there's a free demo version, so downloaded that and tried it out.

Mon, 28 Jan 2013 19:25:17 UTC

Dangerous Security Theater: Scrambling Fighter Jets

Posted By Bruce Schneier

This story exemplifies everything that's wrong with our see-something-say-something war on terror: a perfectly innocent person on an airplane, a random person identifying him as a terrorist threat, and a complete overreaction on the part of the authorities. Typical overreaction, but in this case -- as in several others over the past decade -- F-15 fighter jets were scrambled to...

Mon, 28 Jan 2013 15:00:00 UTC

LOPSA-NJ February 7 meeting is a "Cluster Meeting"

Posted By Tom Limoncelli

This month the NJ chapter of LOPSA's meeting will be something special. Rather than meeting at a library near Princeton, there will be two meetings on the same day: one north and one south. Each meeting will be held at a diner and there will be a suggested discussion topic. Generally someone takes notes at each diner and posts them online. It is interesting to see what each group does with the topic. We've done this a few times before and the discussion is always quite lively. This time the topic is: What's the best new tool you've started using in the last 24 months?

Mon, 28 Jan 2013 14:27:27 UTC

Reading from Homeland

Posted By Cory Doctorow

Here's a reading from my upcoming novel, Homeland, the sequel to Little Brother. It's a rehearsal for the readings I'll be giving at schools and libraries when I leave for my 22-city US tour next week. He fitted me with a blood pressure cuff -- yeah, it was a tactical cuff, which clearly made this … [Read more]

Mon, 28 Jan 2013 12:07:31 UTC

Violence as a Contagious Disease

Posted By Bruce Schneier

This is fascinating: Intuitively we understand that people surrounded by violence are more likely to be violent themselves. This isn't just some nebulous phenomenon, argue Slutkin and his colleagues, but a dynamic that can be rigorously quantified and understood. According to their theory, exposure to violence is conceptually similar to exposure to, say, cholera or tuberculosis. Acts of violence are...

Sun, 27 Jan 2013 05:54:59 UTC

Little Brother up for The Atlantics Feb book-club choice

Posted By Cory Doctorow

The Atlantic's book club, 1book140, is asking for votes on its book for February. I'm surprised and delighted to see my novel Little Brother on that list, and the timing couldn't be better, what with the sequel, Homeland, coming out on Feb 5. It's also in great company: "Wonderstruck" by Brian Selznick; "Are You There … [Read more]

Sun, 27 Jan 2013 00:03:49 UTC

Still more DxO strangenesses

Posted By Greg Lehey

House photo day again today. DxO Optics Pro converted them in fast mode133 images in 66 minutes, 22 seconds, almost exactly 30 seconds per image. While stitching ran into trouble with the garden north image: the control point detector couldn't link all the images. Further investigation showed surprising chromatic aberration, which I traced back to DxO: it had turned off all the corrections. Why? I've seen this beforeit's one of the issues I raised with my collection of error reports last year, and which they told me in no uncertain terms was because I was running in a virtual machine. Well, surprise, surprise, it's still here.

Sat, 26 Jan 2013 05:49:33 UTC

Teachers, librarians, etc: sign up for free copies of Homeland, the sequel to Little Brother

Posted By Cory Doctorow

Homeland, the sequel to Little Brother, comes out on Feb 5, and as with my previous books, I'm going to be making it available as a free CC-licensed download. Whenever that happens, lots of people write to me to tell me how much they enjoyed it, and ask if they can just send me some … [Read more]

Sat, 26 Jan 2013 01:37:59 UTC

Serial console for virtual machine

Posted By Greg Lehey

As planned, investigated setting up a serial interface for a VirtualBox virtual machine today, according to the instructions Callum Gibson had worked out: In the VM configuration, enable a serial port and select Host pipe and Create pipe. We both put the pipe in /tmp. Create a file /boot.config an the guest, with the content -Dh (dual console mode, force serial console). This is described in boot(8). Boot the guest and attach a telnet to the pipe generated in /tmp.

Sat, 26 Jan 2013 01:28:24 UTC

Password security

Posted By Greg Lehey

I'm continually ranting about the stupid rules people make me use to create passwords on web sites. Today I found a site that does a security check on passwords. No idea how accurate it is, but it confirms my expectation that these rules aren't very useful. Here some times for typical passwords (none of which, of course, I use): abc123       instantly 4711 (typical PIN)       instantly 4712       2.5 µs ...

Sat, 26 Jan 2013 01:09:52 UTC

How to put a Microsoft box to sleep

Posted By Greg Lehey

Despite the strangenesses with processing times, using a dedicated Microsoft box to process my photos is working out quite well. I put the box to sleep when I'm not using it, wake it up to process photos, and put it back to sleep again afterwards. Well, I try. I've set the power button to put the box to sleep, and discovered that it won't work if I still have an rdesktop session open. But it doesn't always work when I disconnect. Today I have come up with an explanation that may be correct: it only works if the (invisible) screen saver isn't enabled.

Sat, 26 Jan 2013 01:04:46 UTC

DxO random processing times again

Posted By Greg Lehey

I've already observed that the processing times for DxO Optics Pro are variable between extremely slow and glacial. Today I had more strangenesses in the processing times. Recently the times have been in the order of about 25 seconds per image, but today I converted 4 images, and it took 3 minutes, 32 seconds, or 53 seconds per image. Then I converted another two, which took 56 seconds28 seconds per image. Stupidly, I deleted them, and I had to reprocess them. Not easy: DxO doesn't want to do that unless I change some conversion parameters. So did that, then changed back to the original values, and converted them again.

Sat, 26 Jan 2013 00:54:06 UTC

Mail delivery strangenesses

Posted By Greg Lehey

Early this morning, Yvonne told me that she hadn't received any non-local mail since last night. On further investigation, neither had I. Went looking around and discovered that my fetchmail config sent the incoming messages to dereel, which then delivered to /eureka. For some reason, it seemed, this was failing, possibly due to NFS lock issues. It was relatively trivial to change the .fetchmailrc to point to eureka, so did that, and pointed Yvonne at her ~/Mail/backup file, where I save everything that comes in, just to protect against procmail issues. But that didn't work. The files landed in ~/Mail/backup, but not in /var/mail.

Fri, 25 Jan 2013 22:15:12 UTC

Friday Squid Blogging: Squirming Tentacle USB Drive

Posted By Bruce Schneier

Just the thing. (Note that this is different than the previous squid USB drive I blogged about.) As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 25 Jan 2013 20:47:30 UTC

Video Interview with Me

Posted By Bruce Schneier

This interview was conducted last month, at an artificial intelligence conference at Oxford....

Fri, 25 Jan 2013 18:16:28 UTC

Rapture of the Nerds, the UK cover

Posted By Cory Doctorow

How awesome is this cover for the forthcoming UK edition of Rapture of the Nerds? Way, way awesome.

Fri, 25 Jan 2013 17:00:00 UTC

Back-to-Basics Weekend Reading - Epidemics

Posted By Werner Vogels

My paper to read this weekend was the Alan Demers' seminal paper on epidemic techniques for database replication. I realized that in 2004, before my Amazon days, I already wrote a blog post about the fundamental publications in the area of epidemics, so this seems like a good moment to revisit that with updated links, etc. History of Epidemics In the past 6-8 years we have been using various epidemic techniques in building our reliable and scalable distributed systems with great success. Now that industry is starting to deal with issues of scale that can almost only be solved by using epidemic techniques, it becomes important to produce some basic pointers to the origin of the use of epidemics in distributed systems.

Fri, 25 Jan 2013 13:03:50 UTC

Shaming as Punishment for Repeated Drunk Driving

Posted By Bruce Schneier

Janesville, Wisconsin, has published information about repeated drunk driving offenders since 2010. The idea is that the public shame will reduce future incidents....

Fri, 25 Jan 2013 01:17:12 UTC

Internode: please reinstall your software

Posted By Greg Lehey

So a few days ago I sent traces of my UMTS network connectiona to Internode support showing that specific cells were associating but not accepting data. Today I got mail back. Here some excerpts, reformatted for legibility: Hi Gary, I can see in the ticket you mentioned you have done near all trouble-shooting, but the evidence we need are as follows. -download tests that show a drop in download speed (screencaps of this)   - you can download any of the tests from -screencaps showing that the dongle works at another location.

Fri, 25 Jan 2013 00:21:38 UTC

Revirtualizing dereel

Posted By Greg Lehey

Spent some time carefully analyzing yesterday's disaster with virtualizing There were two main issues: the symbolic links to files mounted from dereel, and the status of the virtual machine if X crashes. After much investigation, discovered that there weren't too many executables run from dereel, but that the libraries were a different matter. On the other hand, at least for the time being, I need to run dereel anyway. I'm running a newer version of PHP on eureka, and it's too leet to run some of my older web pages, so I run a second web server on dereel to handle them.

Thu, 24 Jan 2013 23:44:19 UTC

Aaron Swartz

Posted By Benjamin Mako Hill

I moved to Boston in 2005 at the same time that Aaron Swartz did and we were introduced by a mutual friend. Aaron was one of my first friends in Boston and we became close. When Aaron moved to San Francisco, I moved into his apartment in Somerville where he kept a room for a [...]

Thu, 24 Jan 2013 21:03:41 UTC

Hello world!

Posted By Robert V. Binder

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

Thu, 24 Jan 2013 21:00:00 UTC

Bug of the day: getent's surprise

Posted By Tom Limoncelli

What's wrong with this as a way to turn a hostname into a FQDN? FQDN=$(getent hosts "$SHORT" | awk '{ print $2 }') Answer: getent can return multiple lines of results. This only happens if the system is configured to check /etc/hosts before DNS and if /etc/hosts lists the hostname multiple times. There may be other ways this can happen too, but that's the situation that bit me. Of course, there shouldn't be multiple repeated lines in /etc/hosts but nothing forbids it. As a result you can end up with FQDN="hostname.dom.ain hostname.dom.ain which, and I'm just guessing here, is going to cause problems elsewhere in your script.

Thu, 24 Jan 2013 20:00:00 UTC

Spies Love Books

Posted By Tim Bray

Actually I should have commas in the title because Sweet Tooth by Ian McEwan is a book initially about spies but more about love and really mostly about books, and writing them. Which some may call incestuous, but people who read books like books so why not? Just before I took off for a short visit to Britain I asked on Google+ OK, getting on the long flight to LHR in a few hours, and my queue of unread page-turners is empty. What's a can't-miss from recent months? It worked well, and I ended up buying the two recommended by Richard Smith; this and Canada by Richard Ford, which I havent read yet.

Thu, 24 Jan 2013 19:33:22 UTC

Identifying People from their Writing Style

Posted By Bruce Schneier

It's called stylometry, and it's based on the analysis of things like word choice, sentence structure, syntax and punctuation. In one experiment, researchers were able to identify 80% of users with a 5,000-word writing sample. Download tools here, including one to anonymize your writing style....

Thu, 24 Jan 2013 18:41:12 UTC

Cascadia IT Conference 2013 schedule announced!

Posted By Tom Limoncelli

Cascadia IT Conference 2013 has announced their tutorial lineup and it looks great! If you are in the Seattle area, or can travel there, this is a can't miss conference! Here are some of the tutorial titles: Root Cause analysis -- Intermediate PowerShell Fundamentals Building Your Powershell Toolkit Resolv the World with Chef: An Introduction to Chef for Sysadmins Build A SysAdmin Sandbox An Introduction to Puppet Navigating the Business World for Sysadmins: The Trusted Adviser Navigating the Business World for Sysadmins: Methods IPv6 -- An Introduction The Compassionate Geek: Mastering Customer Service for IT Professionals Over the Edge System Administration The technical sessions will be announced in a few days followed by registration.

Thu, 24 Jan 2013 12:48:36 UTC

Identifying People from their DNA

Posted By Bruce Schneier

Interesting: The genetic data posted online seemed perfectly anonymous ­- strings of billions of DNA letters from more than 1,000 people. But all it took was some clever sleuthing on the Web for a genetics researcher to identify five people he randomly selected from the study group. Not only that, he found their entire families, even though the relatives had...

Thu, 24 Jan 2013 00:28:20 UTC

Migrating dereel to VM

Posted By Greg Lehey

Today got round to the next stage of my computer restructure: test whether I could really drive my HDMI monitor via the HDMI output. I did that on to avoid disruption to, my main machine. After a bit of messing with the BIOS, the result: yes, I can. That's more than I can say for the DVI connection: That's not serious, beyond the fact that I can't test in that housing. But maybe I should move the motherboard to something more conventional.

Wed, 23 Jan 2013 20:00:00 UTC

How to Think About OAuth

Posted By Tim Bray

Im not a deep OAuth 2.0 expert yet; at this point that label is reserved for the (substantial number of) people who wrote the specs. But Ive worked with a few implementations and talked it over with smart people, and I have opinions. Summary: Its a framework not a protocol, it has irritating problems, and its really very useful. Real Internet Protocols I mean things like HTTP and SMTP; plug a client and a server into each other and if it doesnt Just Work, thats surprising. OAuth 2.0 isnt one of those; the language of the spec is full of Out of scope and At the discretion of the implementor.

Wed, 23 Jan 2013 18:55:43 UTC

The Security of the Mega File-Sharing Service

Posted By Bruce Schneier

Ever since the launch of Kim Dotcom's file-sharing service, I have been asked about the unorthodox encryption and security system. I have not reviewed it, and don't have an opinion. All I know is what I read: this, this, this, this, and this. Please add other links in the comments....

Wed, 23 Jan 2013 15:27:51 UTC

The Importance of Being Declarative

Posted By Diomidis D. Spinellis

A declarative programming style focuses on what you want your program to do rather than how to perform the task. Through diverse programming techniques, libraries, and specialized languages, you end up with code that sidesteps nitty-gritty implementation details, dealing instead with a tasks big picture.

Wed, 23 Jan 2013 13:51:13 UTC

Suicide Girls interview about Homeland, part two

Posted By Cory Doctorow

Suicide Girls has just published part two of its two-part interview with me about Homeland, the sequel to Little Brother (here's part one). In it, we talk about activism, clicktivism, and the future of Internet-connected politics: There is a lot of cynicism about clicktivism and the idea that if its too easy to be politicized, … [Read more]

Wed, 23 Jan 2013 12:14:37 UTC

Commenting on Aaron Swartz's Death

Posted By Bruce Schneier

There has been an enormous amount written about the suicide of Aaron Swartz. This is primarily a collection of links, starting with those that use his death to talk about the broader issues at play: Orin Kerr, Larry Lessig, Jennifer Granick, Glenn Greenwald, Henry Farrell, danah boyd, Cory Doctorow, James Fallows, Brewster Kahle, Carl Malamud, and Mark Bernstein. Here are...

Tue, 22 Jan 2013 23:39:55 UTC

Hacking ls, the discussion

Posted By Greg Lehey

My article about adding an option to ls a few months back aroused some interest, and Lim Cheng Soon asked for permission to publish it in Hacker Monthly, where he changed the title to Hacking ls -l. In the process discovered a very lively discussion about the article, all apparently dated the day I wrote it and long before the publication in Hacker News. Some are worth addressing: Some addressed the usefulness of adding the -, option in the first place.

Tue, 22 Jan 2013 23:13:54 UTC

Upgrading graphics cards

Posted By Greg Lehey

So before returning this incorrectly described graphics card to Mwave, I wanted to see whether I could use it to drive three monitors, including the HDMI connection. Tried to put it into dxo, the Microsoft box. No go: it's too wide, so I'll have to try it in dereel. But before I do that it makes sense to migrate what's left of dereel (32 bit FreeBSD 8.1) to a VirtualBox machine. And that required setting up disks, which took a while. Mañana.

Tue, 22 Jan 2013 18:04:33 UTC

Google's Authentication Research

Posted By Bruce Schneier

Google is working on non-password authentication techniques. But for Google's password-liberation plan to really take off, theyre going to need other websites to play ball. "Others have tried similar approaches but achieved little success in the consumer world," they write. "Although we recognize that our initiative will likewise remain speculative until we've proven large scale acceptance, were eager to test...

Tue, 22 Jan 2013 11:23:44 UTC

Thinking About Obscurity

Posted By Bruce Schneier

This essay is worth reading: Obscurity is the idea that when information is hard to obtain or understand, it is, to some degree, safe. Safety, here, doesn't mean inaccessible. Competent and determined data hunters armed with the right tools can always find a way to get it. Less committed folks, however, experience great effort as a deterrent. Online, obscurity is...

Tue, 22 Jan 2013 00:47:07 UTC

DxO: Random processing times?

Posted By Greg Lehey

Lately my DxO Optics Pro processing times have been particularly good, at least in comparison to what they have beencloser to 25 seconds per image than the previous 45 seconds. Why? I have no idea. I saw this under VirtualBox as well, but there I thought that maybe it had something to do with VirtualBox. I'm beginning to think that it's riddled with heisenbugs. Certainly the screen refresh code is very dubious. Still, as long as it lasts, it's an advantage.

Tue, 22 Jan 2013 00:29:11 UTC

Video card: time to tidy up

Posted By Greg Lehey

The new video card raises an issue that has been looming for some time: I should both tidy up and rearrange my office. I haven't really changed anything in over 5 years, and it shows: The second photo shows the mess behind the monitors, where I can't get at it very well, looking down from above. The open chassis on the left is boskoop, my Apple, and on the right is the back of eureka.

Tue, 22 Jan 2013 00:06:35 UTC

New video card

Posted By Greg Lehey

It's been several months since I got my new monitor. And for that time I've had to split my X configuration across two machines, because the display cards in eureka can't handle all the monitors. I've been planning to replace one of the cards for some time now, but research is important, especially since the documentation of these cards is so terrible. I had more or less decided on an nVidia GeForce GT 640 as a good compromise between cost and number of monitors supported. But some of the cards don't have enough outputs. So last weekend I did some research and found a number of cards with the chipset.

Mon, 21 Jan 2013 23:14:17 UTC

Updating Microsoft, continued

Posted By Greg Lehey

Today was the start of a new billing month for my Internet traffic, so I was able to continue with my software downloads and updates. In the end I downloaded nearly 1.25 GB of data, including further updates for dxo, my Microsoft Windows box. When I postponed 10 days ago, there were three updates outstanding, none of them new. Today it changed its mind: I needed to download Service Pack 2, some 350 MB (or was that 45? It didn't seem to be sure). So it downloaded that, and then it told me that I needed to install another 66 important updates.

Mon, 21 Jan 2013 16:11:56 UTC

RIP, Aaron Swartz

Posted By Cory Doctorow

On today's podcast, I read read my obituary for Aaron Swartz, and the afterword he wrote for my upcoming novel, Homeland. I met Aaron when he was 14 or 15. He was working on XML stuff (he co-wrote the RSS specification when he was 14) and came to San Francisco often, and would stay with … [Read more]

Mon, 21 Jan 2013 12:38:47 UTC

TSA Removing Rapiscan Full-Body Scanners from U.S. Airports

Posted By Bruce Schneier

This is big news: The U.S. Transportation Security Administration will remove airport body scanners that privacy advocates likened to strip searches after OSI Systems Inc. (OSIS) couldn't write software to make passenger images less revealing. This doesn't mean the end of full-body scanning. There are two categories of these devices: backscatter X-ray and millimeter wave. The government said Friday it...

Sat, 19 Jan 2013 22:35:11 UTC

Lame mouse again

Posted By Greg Lehey

Into the office this morning to find my mouse cursor moving slowly and unevenly. Further investigation seemed to show that it was related to where I placed the mouse on the (active) mouse pad. It looks as if it is dying. After a bit of searching found another one with side buttons (from teevee) and used that for the day. But in the evening the thing was working normally again. What's wrong here? Should I care? A mouse costs nothing, but where do you find one with which you can simulate the middle button? Since people replaced the middle button with a scroll wheel, I've been remapping the side button as Button 2.

Sat, 19 Jan 2013 20:00:00 UTC


Posted By Tim Bray

Heres an assertion: Women arent interested in coding jobs. Its both obviously true (look at the numbers) and horribly misleading, because lots of women are interested and get great jobs in my profession. This piece isnt about women and software, its about how to patch English so we can talk clearly about this sort of stuff. The essential truth here is statistical: By any measure, the number of women who choose to engage with computing is dramatically lower than the number of men. The essential danger is the temptation to reason from statistics to individuals; Men are better coders, so Im going to pick Joe rather than Karen to interview for the job. The Pattern-Matching Problem Our minds contain a pattern-matching engine that is immensely strong at inferring the particular from the general; which was probably an evolutionary advantage when we were hunter-gatherers worrying about weather patterns and predator behavior ...

Fri, 18 Jan 2013 21:31:17 UTC

Friday Squid Blogging: The Search for the Colossal Squid

Posted By Bruce Schneier

Now that videographers have bagged a giant squid, the search turns to the colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Thu, 17 Jan 2013 20:00:00 UTC

Geek Beers

Posted By Tim Bray

Im in London next week for the OIDF Workshop. I plan to spend the evening of Tuesday January 22nd with my bum on a seat in The Phoenix and a beer in front of me. Anyone who has an opinion about Identity or Android or Google or photography or Japanese Metal bands, drop by and say hello.

Thu, 17 Jan 2013 17:41:32 UTC

Behold: the stupid face I will make in the 3D scanner

Posted By Cory Doctorow

The people have spoken. I offered to have my head 3D-scanned while making a ridiculous face originated by John "Rubberface" Scalzi if enough was donated to Jay Lake's cancer treatment fundraiser. After an exhaustive poll, the Internet chose this face. I've started practicing already. Dear Cory Doctorow: The Masses Have Decided That This is the … [Read more]

Thu, 17 Jan 2013 15:50:13 UTC

Man-in-the-Middle Attacks Against Browser Encryption

Posted By Bruce Schneier

Last week, a story broke about how Nokia mounts man-in-the-middle attacks against secure browser sessions. The Finnish phone giant has since admitted that it decrypts secure data that passes through HTTPS connections -- including social networking accounts, online banking, email and other secure sessions -- in order to compress the data and speed up the loading of Web pages. The...

Thu, 17 Jan 2013 13:39:07 UTC

Essay on FBI-Mandated Backdoors

Posted By Bruce Schneier

Good essay by Matt Blaze and Susan Landau....

Thu, 17 Jan 2013 04:54:02 UTC


Posted By Benjamin Mako Hill

I just returned home from Aaron Swartz’s funeral in Chicago. Aaron was a good friend. The home I’ve returned to is an apartment that was Aaron’s before it was mine, that I have lived in with Aaron during several stints, and that I still share with many of his old books and posters. Although, I’ve [...]

Wed, 16 Jan 2013 23:19:47 UTC

Google false positives

Posted By Greg Lehey

Spent a lot of time today trying to open the head of my Mecablitz, without success. The information I got yesterday wasn't really sufficient, and I went out looking for other information. Google is your friend, right? Well, up to a point. It seems that in the last few years the quality of the results has dropped. What would I like to find? Mecablitz 58 AF-1 service manual. But of the first 10 results I found there, only 3 even included the word service, and that out of context with manual. Why did I get the other 7? OK, the double quotes still work, so I looked for Mecablitz 58 AF-1 "service manual".

Wed, 16 Jan 2013 12:25:47 UTC

Cheating at Chess

Posted By Bruce Schneier

There's a fascinating story about a probable tournament chess cheat. No one knows how he does it; there's only the facts that 1) historically he's not nearly as good as his recent record, and 2) his moves correlate almost perfectly with one of best computer chess programs. The general question is how valid statistical evidence is when there is no...

Wed, 16 Jan 2013 02:18:55 UTC

Network flakiness: new insights

Posted By Greg Lehey

My network connection is bad again. I get the feeling it happens when it's warm. Today it was not timing out, but I was getting impossibly bad connection quality. Went through the whole rigmarole of restarting the ppp process, popping the modem, even rebooting the machine. No help. Then it occurred to me to compare the throughput with the continual cell hops, so I ran a ping every 5 seconds. Bingo! 64 bytes from icmp_seq=0 ttl=55 time=88.779 ms ... 64 bytes from icmp_seq=6 ttl=55 time=130.933 ms Jan 15 17:53:59 nerd-gw fstats: Cell lost: 81e3 8fc48e8 (4) Jan 15 17:53:59 nerd-gw fstats: Cell found: -> 81e3 8fc8e4a Jan 15 17:54:57 nerd-gw fstats: Cell change: 81e3 8fc8e4a (4) -> 81e3 8fc48e8 64 bytes from icmp_seq=10 ttl=55 time=59517.631 ms 64 bytes from icmp_seq=11 ttl=55 time=54619.341 ms 64 bytes from icmp_seq=12 ttl=55 time=49707.053 ms 64 bytes from icmp_seq=13 ...

Wed, 16 Jan 2013 00:20:29 UTC

Videos: Panel, and C++ Concurrency

Posted By Herb Sutter

Im about two weeks late posting this, but two more C++ and Beyond 2012 videos are now available online. The first is my 30-min concurrency talk: C++ and Beyond 2012: C++ Concurrency (Herb Sutter) Ive spoken and written on these topics before. Heres whats different about this talk: Brand new: This material goes beyond what [...]

Wed, 16 Jan 2013 00:08:30 UTC

Java vulnerabilities

Posted By Herb Sutter

With the help of friends Robert Seacord and David Svoboda of CERT in particular, I posted a note and link to their CERT post today because people have been misunderstanding the recent Java vulnerabilities, thinking theyre somehow really C or C++ vulnerabilities because Java is implemented in C and C++. From the post: Are the [...]

Tue, 15 Jan 2013 12:10:50 UTC

Lexical Warfare

Posted By Bruce Schneier

This essay, which uses the suicide of Aaron Swartz as a jumping off point for how the term "hactivist" has been manipulated by various powers, has this to say about "lexical warfare": I believe the debate itself is far broader than the specifics of this unhappy case, for if there was prosecutorial overreach it raises the question of whether we...

Tue, 15 Jan 2013 04:32:32 UTC

Customer Trust

Posted By James Hamilton

In the cloud there is nothing more important than customer trust. Without customer trust, a cloud business cant succeed. When you are taking care of someone elses assets, you have to treat those assets as more important than your own. Security has to be rock solid and absolutely unassailable. Data loss or data corruption has to be close to impossible and incredibly rare.  And all commitments to customers have to be respected through business changes. These are hard standards to meet but, without success against these standards, a cloud service will always fail. Customers can leave any time and, if they have to leave, they will remember you did this to them.

Mon, 14 Jan 2013 23:18:27 UTC

Your account has been disabled

Posted By Greg Lehey

Logged into the ANZ web banking application todayor I tried to: This Customer Registration Number has been disabled. Why that? I have a link to on a private page, but of course they don't allow you to save passwords, so it's possible I made a paste-o. Tried again on another browser, and sure enough, it worked. But why did I get the message? One thing's clear: it's imprecise. This CRN. Why doesn't the page repeat the number? That way it would be clear if you've just made a mistake in the number.

Mon, 14 Jan 2013 19:27:28 UTC

Anti-Surveillance Clothing

Posted By Bruce Schneier

It's both an art project and a practical clothing line. ...Harvey's line of "Stealth Wear" clothing includes an "anti-drone hoodie" that uses metalized material designed to counter thermal imaging used by drones to spot people on the ground. He's also created a cellphone pouch made of a special "signal attenuating fabric." The pocket blocks your phone signal so that it...

Mon, 14 Jan 2013 18:55:25 UTC

Which silly John Scalzi face should I model in the 3D scanner?

Posted By Cory Doctorow

As previously mentioned, I have committed to recreating a funny face made by John Scalzi, then getting my head 3D scanned while pulling said face, and releasing the scan as a CC-BY download on Thingiverse. It's all part of this most worthy fundraiser to help with the treatment and expenses from Jay Lake's cancer. Scalzi … [Read more]

Mon, 14 Jan 2013 18:37:01 UTC

Liability vs Leverage

Posted By Cory Doctorow

Tools of Change

Mon, 14 Jan 2013 18:36:44 UTC

How Internet copyright laws let Big Content get away with paying less to artists

Posted By Cory Doctorow

I've written an essay on how copyright enforcement laws let entertainment companies get away with paying less to artists for the O'Reilly Tools of Change blog. The ToC folks asked to to contribute something related to the keynote I'll be doing at their annual conference in NYC next month, as part of my tour for … [Read more]

Mon, 14 Jan 2013 14:27:20 UTC

Links for Monday, January 14, 2013

Posted By Jeff Barr

NYC Resistor: Vector Display Introduction – “Vector displays are now mostly historical oddities  old arcade games like Asteroids or Tempest, or ancient FAA radar displays  which gives them a certain charm. Unlike modern raster displays, the electron beam … Continue reading →

Mon, 14 Jan 2013 12:54:58 UTC

The Origins of War

Posted By Bruce Schneier

Philosophy professor David Livingstone Smith on the origins of war....

Sun, 13 Jan 2013 20:00:00 UTC

Dads Ties

Posted By Tim Bray

My father died ten years ago. Still, its not surprising that we turned up a box in a corner with some of his old files inside, and a nice belt, and these. Dad also liked to wear cowboy boots, sometimes. I myself like a Western-wear shirt. The box had his University transcripts from the forties and fifties, record of employment, diaries, baby pictures; havent missed him so much in years.

Fri, 11 Jan 2013 23:27:18 UTC

DSE web site: worse than ever

Posted By Greg Lehey

Another bad bushfire danger day today, and spent some time monitoring the DSE web site. It works better than the corresponding CFA site, but it's still terminally broken. To access any real information, you need to click on a link, which launches a Javascript function such as loadSummaryPageFromParent(): And this function appears to be broken, or at least unreliable. It's not a browser-specific problem, though I wouldn't put it past them to write stuff that only displays on Internet Explorer. But I tried it with Internet Explorer, and it didn't work there either.

Fri, 11 Jan 2013 23:16:51 UTC

More network disconnect problems

Posted By Greg Lehey

I've had several network disconnects lately, more than usual. Are they due to the hot weather? Certainly my signal strength seems less than usual, and dropping back to GPRS must be some kind of emergency action. I have adapted the /usr/ports/net/e169-stats/ port to log various events, so today I spent some time extending it to report RSSI before and after a cell switch, and also to report low RSSI (< 3). Bingo! Jan 11 16:50:02 nerd-gw fstats: Cell change: 81e3 8fc48e8 (7) -> 81e3 8fc8e66 Jan 11 16:50:05 nerd-gw fstats: Cell change: 81e3 8fc8e66 (2) -> 81e3 8fc48e8 Jan 11 16:50:06 nerd-gw fstats: Low RSSI: 2 Jan 11 16:52:27 nerd-gw fstats: Cell lost: 81e3 8fc48e8 (3) Jan 11 16:52:27 nerd-gw fstats: Cell found: -> 8fc48e8 6bbd13 Jan 11 16:52:30 nerd-gw fstats: RSSI: 6 Jan 11 16:52:40 nerd-gw fstats: Cell change: 81e3 8fc48e8 (3) -> 81e3 8fc8e66 Jan 11 16:52:48 nerd-gw ...

Fri, 11 Jan 2013 23:02:26 UTC

DxO on Windows 8

Posted By Greg Lehey

So my experiments with running DxO Optics Pro in various configurations have shown that there's not much difference beyond what has proved to be DxO's complete inability to display the Customize window on a remote desktop. It's still glacially slow. But that's a 32 bit system, and they claim it's faster on 64 bits (why?) . I still have a few days before the Windows 8 preview expires, so installed that on a disk and tried it out. It came up with a 640×480 display resolution, and I wasn't able to set a 16:10 aspect ratio, so ended up running at 1600×1200.

Fri, 11 Jan 2013 22:55:39 UTC

Microsoft update hell

Posted By Greg Lehey

I suppose I'm in a pretty unique position, being a veteran of the computer industry but having almost no understanding of Microsoft. In the last few days, that has changed, of course, and now I'm learning things that even beginners take for granted. Today spent some time bringing my new machine up to date. First I had to wake it from sleep, which I thought was suspend to RAM, but based on the time and disk activity it took to come back, it seems to have been at least partial suspend to disk. But the run light stayed on and blinked the whole time, which wouldn't have been necessary for that.

Fri, 11 Jan 2013 21:59:07 UTC

Friday Squid Blogging: Giant Squid Video

Posted By Bruce Schneier

Last week, I blogged about an upcoming Discovery Channel program with actual video footage of a live giant squid. ABC News has a tantalizingly short sneak peak. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 11 Jan 2013 18:50:15 UTC

Goodbye PyBlosxom, Hello WordPress

Posted By Benjamin Mako Hill

Since 2004, I’ve used the blogging software PyBlosxom. Over that time, the software has served me well and I have even written a series of patches and plugins. PyBloxsom is blog software designed for hackers. It assumes you already have a text editor you love and relies on features of a POSIX filesystem instead of [...]

Fri, 11 Jan 2013 14:10:17 UTC

Experimental Results: Liars and Outliers Trust Offer

Posted By Bruce Schneier

Last August, I offered to sell Liars and Outliers for $11 in exchange for a book review. This was much less than the $30 list price; less even than the $16 Amazon price. For readers outside the U.S., where books can be very expensive, it was a great price. I sold 800 books from this offer -- much more than...

Fri, 11 Jan 2013 00:35:25 UTC

DxO processing speed: further investigations

Posted By Greg Lehey

As planned, continued my experiments processing photos with DxO Optics Pro. There were a number of issues that might affect the processing speed. Clearly DxO is very inefficient in a number of areas, and the display in use (local or remote) and the file system in use (local or remote) were the most obvious ones. Yesterday I had tried with both remote, and today I tried the other combinations. Here the results: File system       Display       Time remote       remote       ...

Fri, 11 Jan 2013 00:06:06 UTC

Completing the Microsoft install

Posted By Greg Lehey

In principle everything works on my new Microsoft box, which in a break with tradition I have called (previous machine names were decidedly unflattering). In practice, though, I still have this issue with the display. I had these instructions to go by. They asked for safe mode, presumably because you couldn't see things otherwise. I expect they should work in normal mode too if you have a display. I had a display, but it was via rdesktop, and it only showed me details of the simulated display. So I had to reboot after all. What happened was rather unexpected: the machine came up with a GRUB boot menufor Windows 7 only!

Thu, 10 Jan 2013 20:00:00 UTC

Yasutomo Cuben Wallet

Posted By Tim Bray

In that disconnected time between Christmas and New Years, a famous person in my tweetstream recommended a Secure front-pocket-carry sciatica-preventing über-light wallet... The pointer was to; heres the intro page with some background. The website was lo-rent but still charmed me. I couldnt make out the color choices so tweeted back What color is the STD version? and the f.p. said Colorless, translucent, sort of like if NASA made waxed paper. Hes talking about the Cuben Fiber the Wa-ben wallet is made of, which I expect never to become intimate with since Im a motorboater. But the price was modest and there wasnt anything about shipping charges; generous since it comes from Hong Kong, but maybe not so much because its light as a feather.

Thu, 10 Jan 2013 18:54:15 UTC

Interview with Suicide Girls about Homeland, the sequel to Little Brother

Posted By Cory Doctorow

My next novel, Homeland (the sequel to Little Brother) is out in a few weeks, and I recently sat down with Nicole Powers from Suicide Girls for an interview about the book and the issues it raises, especially the student-debt bubble: When it was just rich people going, it wasnt about just getting a better … [Read more]

Thu, 10 Jan 2013 12:49:12 UTC

The Politics and Philosophy of National Security

Posted By Bruce Schneier

This essay explains why we're all living in failed Hobbesian states: What do these three implications -- states have a great deal of freedom to determine what threatens a people and how to respond to those threats, and in making those determinations, they are influenced by the interests and ideologies of their primary constituencies; states have strong incentives and have...

Thu, 10 Jan 2013 00:10:48 UTC

First DxO run on new machine

Posted By Greg Lehey

So, the big question: how fast is the new machine? I've already established three problem areas with DxO Optics Pro: running under a virtual machine, running with SMB shares, and running on a non-physical display. Time to time each of them. Started a long conversion run using the photos I took last Saturday, all 188 of them, with rdesktop and the photos on an SMB-mounted file system. Observing the conversion showed a number of things: The extreme file system behaviour I saw a couple of days ago is not typical.

Thu, 10 Jan 2013 00:06:30 UTC

New Microsoft box

Posted By Greg Lehey

My new Microsoft box arrived today, the very first machine I have ever bought to run Microsoft Windows. Nice looking little Lenovo ThinkCentre, much smaller than I had expected, but showing signs of less-than-careful treatment in the deep scratches on the lid and the faint smell of tobacco from inside. Setting up Microsoft boxen has always been a pain, but today just about everything Just Worked. The machine comes apart nicely without tools: took the disk out to back it up, then added another 2 GB of memory I have lying around. I could put in even more, but now it has 4 GB, and the 32 bit system can't handle more than that.

Wed, 09 Jan 2013 20:00:00 UTC

Things About Ingress

Posted By Tim Bray

Im not even a serious player, I go out for a couple hours two or three times a week. But there are lots of stories to tell and lessons to learn; here are some of mine. [Warning: This post will be more or less completely incomprehensible to someone who hasnt played quite a bit.] Climate Protection This game is going to be another whole kettle of fish in the Northern hemisphere when its, you know, not so bloody cold and wet. Having said that: Theres a lot to be said for wrapping your device up in a good old-fashioned plastic zip-loc.

Wed, 09 Jan 2013 12:44:18 UTC

Denial-of-Service Attack Against Facebook

Posted By Bruce Schneier

Just claim the person is dead. All you need to do is fake an online obituary....

Wed, 09 Jan 2013 12:30:50 UTC

Nominations are open for the Hugo Awards

Posted By Cory Doctorow

Nominations are open again for science fiction's Hugo Awards -- if you attended last year's WorldCon or have supported/bought a membership for this year's con, you get a vote. There's a lively LJ group discussing potential nominees (I often wait for the annual Locus Magazine best-of list to use as a crib for my nominations). … [Read more]

Wed, 09 Jan 2013 03:52:57 UTC

New extension cards

Posted By Greg Lehey

I established some time ago that the new Ethernet card I bought for dereel needed to have the on-board (and defunct) chipset disabled before it would work. And then I discovered that I couldn't use the motherboard for cvr2 because of component placement. But I forgot to leave the Ethernet board in dereel. In the meantime I have also received a USB 3.0 adapter, so put them both in dereel to see what would happen. Not a success. The Ethernet board still doesn't work under FreeBSD.

Wed, 09 Jan 2013 00:36:48 UTC

Free Adobe Photoshop

Posted By Greg Lehey

I've heard from many different places that Adobe has released Photoshop CS2 for free. Just in time to try it with my new Microsoft box. Followed the link, but for some reason I couldn't access it. Then I found a statement from an Adobe employee: On behalf of Adobe Systems Incorporated ... You have heard wrong! Adobe is absolutely not providing free copies of CS2! What is true is that Adobe is terminating the activation servers for CS2 and that for existing licensed users of CS2 who need to reinstall their software, copies of CS2 that don't require activation but do require valid serial numbers are available.

Wed, 09 Jan 2013 00:22:42 UTC

Public Records Office Victoria wiki

Posted By Greg Lehey

One of the mailing lists that I am on receives regular informative mail messages from the Public Records Office Victoria. They continually release sensitive documents whose protection has expired, sometimes after as long as 99 years. My family has been in Victoria for 120 years, so I thought it might be interesting to take a look. To my surprise, they're running a wiki. It looked as if I had to sign up to have any access (misassumption on my part), so I tried that: Bloody Captchas!

Wed, 09 Jan 2013 00:01:38 UTC

More build machine issues

Posted By Greg Lehey

Into the office this morning to find my world and kernel build complete, so shut down, restarted the crashed version of the VM, installed and booted the new kernel, and tried to install the new world. No go: sys/conf/ dirname: not found I've seen that a couple of times before, always related to this kind of not-quite-normal installation. The last time I did a little research, which suggested that it only got run if sys/param.h was newer than osreldate.h.

Tue, 08 Jan 2013 19:36:53 UTC

Cat Smuggler

Posted By Bruce Schneier

Not a cat burglar, a cat smuggler. Guards thought there was something suspicious about a little white cat slipping through a prison gate in northeastern Brazil. A prison official says that when they caught the animal, they found a cellphone, drills, small saws and other contraband taped to its body. Another article, with video. A prison spokesperson was quoted by...

Tue, 08 Jan 2013 12:28:14 UTC

DHS Gets to Spy on Everyone

Posted By Bruce Schneier

This Wall Street Journal investigative piece is a month old, but well worth reading. Basically, the Total Information Awareness program is back with a different name: The rules now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. That is a departure...

Tue, 08 Jan 2013 12:07:51 UTC

Positive Externalities

Posted By Cory Doctorow

The Guardian

Tue, 08 Jan 2013 12:07:35 UTC

Positive externalities thrive online

Posted By Cory Doctorow

My latest Guardian column is about positive externalities, the value that bystanders get from the stuff you're already doing (the Guardian has given it the unfortunate and misleading title of "Why trying to charge for everything will kill online creativity" -- please ignore that as it has nothing to do with the article, really): That's … [Read more]

Tue, 08 Jan 2013 02:20:15 UTC

Investigating DxO performance

Posted By Greg Lehey

My new Microsoft machine should be here shortly, so spent a bit of time investigating why DxO Optics Pro runs so slowly under VirtualBox, discussing with others on IRC. I've recently been noting the processing time estimates that DxO makes, and comparing them with actual elapsed time: Camera       Estimate       Actual       Ratio Canon       5:33       ...

Tue, 08 Jan 2013 02:13:52 UTC

Virtual Machine pain

Posted By Greg Lehey

Continued with my installation of a reference new machine under VirtualBox. It kept hanging, and after a while I got panics related to disk space allocation. What went wrong there? I see I'm now using journaled soft updates. Is there some issue there where the file system is left in a broken state after recovery? Went back to an earlier snapshotmuch earlier, as it turned out: it didn't have any ports installed. That ran, so I decided to bring userland and kernel up to date, after whichhopefullyI'll be able to reinstall them on the newer snapshot and continue from there.

Tue, 08 Jan 2013 02:07:34 UTC

Catastrophic TV reception

Posted By Greg Lehey

In mid-afternoon I record Al Jazeera news and then watch it. Today there was a problem: the normal recording is 2.1 GB. Today I got 48 MB. And of course there was no content. Previously I have had trouble on ABC, but this was SBS, normally not a problem. It also wasn't a problem of SBS getting as bad as ABC: ABC was so bad that I had no reception whatever. Did some further investigation and discovered that I could barely receive anything at all. Rebooted the machine, which of course didn't help, but in the process discovered that the tuners were running very hot.

Tue, 08 Jan 2013 01:54:20 UTC

Network problems recur

Posted By Greg Lehey

It's been nearly a week since my last network interruption, a relatively long time for my recent experience. And I didn't get disconnected today eitherI just fell back to GPRS and stayed there. Discovered that I can force a reconnect without stopping the PPP connection by disconnecting the antenna, and sure enough, it returned to UMTS modefor a few seconds: Jan  7 14:07:16 nerd-gw fstats: +CGREG  1  81E3  142 Disconnect antenna, reconnect Jan  7 14:31:18 nerd-gw fstats: +CGREG  1  81E3  8FC48E8 Jan  7 14:31:31 nerd-gw fstats: +CGREG  2 Jan  7 14:31:33 nerd-gw fstats: +CGREG  2 Jan  7 14:31:33 nerd-gw fstats: +CGREG  1  F40  142 Jan  7 14:32:19 nerd-gw fstats: +CGREG  2 Jan  7 14:32:25 nerd-gw fstats: +CGREG  1  F40  142 By observation, the 3-digit IDs at the end of those reports are for GPRS cells, while ...

Mon, 07 Jan 2013 20:00:00 UTC

Client + Server - Passwords

Posted By Tim Bray

This has been live on our servers for a while, but is now announced and open for general use. Heres the short version: If you have an Android app and a web-server back-end, you can authenticate the person using the app to your back-end securely, efficiently, and with no prompts or passwords. Im pretty happy with this, and think that app developers who can use this should. Because your server really has to know who its talking to, but there are few things less friendly to a person using a mobile device than making them type passwords. The long version is a multi-step recipe, but nothing about it is actually difficult.

Mon, 07 Jan 2013 12:31:33 UTC

Details of an Internet Scam

Posted By Bruce Schneier

Interesting details of an Amazon Marketplace scam. Worth reading. Most scams use a hook to cause a reaction. The idea being that if you are reacting, they get to control you. If you take the time to stop and think things through, you take control back and can usually spot the scam. Common hooks involve Urgency, Uncertainty, Sex, Fear or...

Sun, 06 Jan 2013 23:49:13 UTC

eBay conflict resolution

Posted By Greg Lehey

Last month I bought some horse accessories for Yvonne on eBay. They came from the USA, and the shipping cost an arm and a leg: $46.00. But that's (pretty much) what USPS Priority Mail International costs, so grudgingly I coughed up. The packet took a while to arrive. When it did, the reason was obvious: it was sent with First Class Mail, which only costs half the cost. OK, no worries. Contacted the seller and asked for a refund of the difference. But he (she?) came up with some cock-and-bull story about having to pay people to package the goods and take them to the post office, 20 miles away.

Sun, 06 Jan 2013 23:29:58 UTC

More work on system upgrades

Posted By Greg Lehey

Once again I've been dragging my heels on my system upgrade method. In principle amd64-stable now contains all the ports I asked for and a relatively recent version of FreeBSD 9-STABLE, but I still need to customize it, and then I'll be in a position for the first upgrade. Spent some time customizing /etc/group and /etc/master.passwd; the latter contains a lot of history, user IDs and passwords from people who must at at least one time in the last 20 years have accessed the machine. Should I remove them? It's somewhat nostalgic to have the IDs there, and they won't really do much harm.

Sun, 06 Jan 2013 20:00:00 UTC

The DI Opposition

Posted By Tim Bray

Another pile-on story; this time on David Heinemeier Hanssons Dependency injection is not a virtue. I agree with every word DHH writes here, but I think I have a better example. Tl;dr: Statically-typed languages can make unit testing hard, so People adopt dependency injection to work around this, and In a sort of Stockholm-syndrome effect, people argue that DI is A Good Thing and over-use it, to harmful effect. Another Example DHHs example is slick, but the publish! method includes enough deep-Ruby idioms that I bet its opaque to a lot of perfectly smart developers who think in Java or C# or ObjC or whatever.

Sat, 05 Jan 2013 20:00:00 UTC

Round Silver Things

Posted By Tim Bray

Compact Discs, remember them? I got one for Christmas, and you know, theyre not a terrible idea. First off, I have to plug the music: Vivaldi string concertos by Tafelmusik feat. Lamon & Bylsma, from 1992. Great music well played, and a beautiful-sounding recording; totally recommended. BTW, there seem to be lots of versions of this one for sale online here and there, some for less than the one I linked to (which I picked because its got the same cover art as mine). For the last couple of years, Ive bought music like this: (My favorite) By download direct from the artist, but only if they offer CD quality.

Fri, 04 Jan 2013 23:51:32 UTC

A computer for Microsoft

Posted By Greg Lehey

I had intended to change over dereel (test computer) and cvr2 (TV receiver) and then using the ex-cvr2 to run Microsoft for DxO Optics Pro. That idea failed for no better reason than that the tuners wouldn't both fit in the motherboard. But then it occurred to me: this would require me to buy a new version of Microsoft (Windows 7 or 8people recommend 7 because of the draconian licenses of 8) would cost me about $100. For that price I can buy a used computer with Microsoft on itcan't I? Did some enquiries and found that yes, I can. The cheapest machines on the market seem to come with Intel Core 2, 2 GB RAM and Windows Vista, and they start round $80.

Fri, 04 Jan 2013 21:36:32 UTC

Friday Squid Blogging: Giant Squid Finally Captured on Video

Posted By Bruce Schneier

We'll see it later this month. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 04 Jan 2013 21:32:38 UTC

Hacker theatre troupe in Berlin to stage When Sysadmins Ruled the Earth

Posted By Cory Doctorow

This is pretty cool: Berlin's C-base hackerspace has spawned a theatre troupe called C-artre. They've produced a theatrical adaptation of my short story "When Sysadmins Ruled the Earth" (from my collection Overclocked) and they're staging it later this month at Berlin's Transmediale festival.

Fri, 04 Jan 2013 14:00:38 UTC

Looking for a pilot in the southwest

Posted By Cory Doctorow

If you caught last month's post on my upcoming tour in February for Homeland, the sequel to Little Brother, you'll have seen that I'm meant to be speaking in Albuquerque, NM on the evening of Feb 11, and in NYC on the morning of Feb 12. This turns out to be a nearly impossible trick … [Read more]

Fri, 04 Jan 2013 13:48:22 UTC

What Facebook Gives the Police

Posted By Bruce Schneier

This is what Facebook gives the police in response to a subpoena. (Note that this isn't in response to a warrant; it's in response to a subpoena.) This might be the first one of these that has ever become public....

Thu, 03 Jan 2013 22:36:31 UTC

Where Characters Come From

Posted By Cory Doctorow


Thu, 03 Jan 2013 22:36:21 UTC

Where characters come from, and where they go

Posted By Cory Doctorow

My latest Locus column is "Where Characters Come From," and it advances a neurological theory for why fiction works, and where writers find their characters. As a writer, I know that theres a point in the writing when the engine of the story really seems to roar to life, and at that moment, the characters … [Read more]

Thu, 03 Jan 2013 20:00:00 UTC

Functional Programming Wisdom

Posted By Tim Bray

I dont often dedicate a blog entry to just a link, but this one is important. Important, that is, if youre a computer programmer; in particular a programmer who needs to make code run faster on existing real-world hardware. Which is a minority of a minority, since it excludes most Webfolk whose servers are fast enough and clients are running 90% idle time. But that minority really needs to be thinking about Functional Programming, and if youre not 100% sure you know what that means, you should drop everything and go read Uncle Bob Martins Functional Programming Basics. Its the best short explanation of what FP is about, and why its important, that Ive ever read anywhere.

Thu, 03 Jan 2013 20:00:00 UTC

Two Million Saved

Posted By Tim Bray

Back in April of last year, I noted that my LifeSaver 2 app had saved a million call records and SMS texts into the cloud. Now its two million, and by a much more useful measure. But theres more work to do and its going to be fun. First of all, people upload a lot more stuff than they download. Im betting its because they forget that LifeSaver only saves your data for an hour or two, and dont have the new device handy in the time window, so they have to re-upload. So, as of today, people have restored 2,033,635 phonecall records and SMS texts from the cloud to Android devices.

Thu, 03 Jan 2013 12:03:48 UTC

Classifying a Shape

Posted By Bruce Schneier

This is a great essay: Spheres are special shapes for nuclear weapons designers. Most nuclear weapons have, somewhere in them, that spheres-within-spheres arrangement of the implosion nuclear weapon design. You dont have to use spheres -- cylinders can be made to work, and there are lots of rumblings and rumors about non-spherical implosion designs around these here Internets -- but...

Thu, 03 Jan 2013 11:22:45 UTC

Pirate Cinema nominated for the Prometheus Award

Posted By Cory Doctorow

I'm delighted to announce that my novel Pirate Cinema is a finalist for this year's Prometheus Award, given by the Libertarian Futurist Society. Winning the Prometheus for Little Brother, and being nominated again for Makers was a major honor, and I've got my fingers crossed for this year.

Thu, 03 Jan 2013 04:33:22 UTC

Went to Epcot

Posted By Tom Limoncelli

Mission: Space is still the best ride ever invented. Here's a postcard: from spaaaaace How was your December break?

Thu, 03 Jan 2013 00:22:24 UTC

Did you use your credit card?

Posted By Greg Lehey

Renewed the registration for today, and paid by credit card. Within minutes I had a phone call: I'm Cindy from ANZ. Did you use your credit card to pay Gandi a while ago?. Should I answer? She didn't ask for any confidential details, and the fact that she knew at all suggested that she must have been well informed. But it's this kind of thing that lowers people's security thresholds. The banks should really have a way of authenticating themselves beyond knowledge of transactions (after all, somebody at Gandi could have done it too). But I was curious: why did she want to know?

Wed, 02 Jan 2013 22:02:54 UTC

Interviews on the clean-slate design argument

Posted By Robert N. M. Watson

Over the past two years, Peter G. Neumann and I, along with a host of collaborators at SRI International and the University of Cambridge Computer Laboratory, have been pursuing CTSRD, a joint computer-security research project exploring fundamental revisions to CPU design, operating systems, and application program structure. Recently we’ve been talking about the social, economic, [...]

Wed, 02 Jan 2013 20:00:00 UTC

Blog 4 $

Posted By Tim Bray

Andrew Sullivan, one of the worlds most visible bloggers, is going indie and will try to make a living at it. I wish him luck, but I think maybe hes thinking about it wrong. If anyone can make it go, it ought to be Andrew. Hes erudite, passionate, articulate, and has managed, at one time or another, to piss off just about every demographic and politicocultural faction there is. Hes also, although British, a US resident, and member of a faction thats terribly important for Americas future: a conservative whos neither anti-sex nor anti-science. Disclosure I like my job at Google, but at some point Id like to support myself by blogging.

Wed, 02 Jan 2013 14:44:41 UTC

Apollo Robbins, Pickpocket

Posted By Bruce Schneier

Fascianting story: "Come on," Jillette said. "Steal something from me." Again, Robbins begged off, but he offered to do a trick instead. He instructed Jillette to place a ring that he was wearing on a piece of paper and trace its outline with a pen. By now, a small crowd had gathered. Jillette removed his ring, put it down on...

Wed, 02 Jan 2013 14:39:39 UTC

Links for Wednesday, January 2, 2013

Posted By Jeff Barr

Makeblock – “Makeblock is an aluminum extrusion based construct platform,provides integrated solution cover mechanical, electronic and software aspects. It can be used to bring your creations to life. With Makeblock you can make professional and stable robots, machines or even … Continue reading →

Wed, 02 Jan 2013 12:28:33 UTC

Interview in Prism Magazine

Posted By Cory Doctorow

Geoffrey Cole of Prism Magazine has posted the first part of a three-part interview we conducted in Vancouver, back when I was touring with Pirate Cinema. In this part, we talk about many subjects, notably Rapture of the Nerds: The Rapture in Rapture of the Nerds has many meanings. Foremost, it is the ascension of … [Read more]

Tue, 01 Jan 2013 20:00:00 UTC

Illustrated New Years Tab Sweep

Posted By Tim Bray

Welcome to 2013! If youre like me, you dont have too much planned for the day. So here are some goodies built up in tabs & bookmarks since sometime in mid-2012. Since words and links sans pictures are boring, I include pictures, mostly of snow, from our Christmas excursion to Saskatchewan. There was lots of snow! Ive mostly avoided things that everyone already linked to, and I hope that one or two tickle your mental palate. Hint: The best links are in the last section. The Technosphere Now that Im not doing Android full-time, I dont even have to think about telephone companies, and thats nice.

Tue, 01 Jan 2013 17:34:09 UTC

Video: You Dont Know const and mutable

Posted By Herb Sutter

At C++ and Beyond in August, I gave a 30 min talk on the changed meaning of const and mutable. The talk video is now online: You Dont Know [keyword] and [keyword] const means const. Bonus: mutable is useful and continues to mean already as good as const. This is another way C++ has become [...]

Tue, 01 Jan 2013 16:06:36 UTC

Jan 1 reminder:

Posted By Tom Limoncelli

If you use "The Cycle", today is the day you review your "long term goals" list. Cross out obsolete items or items that you now realize only seemed like a good idea at the time. Pick the 1-2 most important ones. Discuss them with your partner/wife/husband/spouse/family and set goals of the year. For each goal, come up with 5-6 milestones that will get you to that goal. Milestones should be measurable. Sprinkle the milestones on the todo lists throughout the next couple of months. (In The Cycle, you have a different todo list for each day of the year; incomplete items slide to the next day.)