Blog Archive: March 2013

Sat, 30 Mar 2013 23:33:10 UTC

Facebook thinks for you

Posted By Greg Lehey

I have a surprisingly diverse group of friends on Facebookmuch of what scrolls past is written in scripts or languages that I don't understand. But Facebook sifts through this information and comes up with suggestions. On the Dereel 2013 Fire Help Page I get the following suggested members: You'd think that this were random, but no, it's always the same group of people. David Yeardley lives around the corner and would make a good member. That's probably a complete coincidence, because the others are so far from appropriate members that the mind boggles.

Sat, 30 Mar 2013 21:15:05 UTC

Interview on NPRs Off-Topic

Posted By Cory Doctorow

The NPR show OffTopic aired an episode called Give and Take: Pirates, Profiteers, and Art in the Age of Appropriation, and spoke to me for it. It's a really interesting listen! MP3 link

Sat, 30 Mar 2013 19:00:00 UTC

Ingress Tourism

Posted By Tim Bray

The game still feels like a big story to me, and still under-reported; so herewith Ingress coverage, featuring tourism, community cancer, client controversy, and tactical tips. With pictures of places Ingress players see. Previously in this series: Ingress Weekly, Ingress, Month 3, Things About Ingress, and Ingress. Tourism Im still not a serious player; you cant be one of those with a job and family and so on. But I travel a lot. Last time out, I mentioned the fun Id had playing Ingress in London. Ditto for Tokyo, ditto ditto for the Big Island. I guess if theres an Ingress-photography genre, its gonna be mostly cellphone photos.

Sat, 30 Mar 2013 10:51:58 UTC

How to Fix the Sony MDR-W08L Headphones

Posted By Diomidis D. Spinellis

I love the Sony MDR-W08L headphones , because they are featherlight and the only ones that don't fall from my ears when I run. Sadly, there's no effective strain relief at the point where the cable leaves their body. As a result the cable can become internally severed, and the sound becomes intermittent. Here's how to fix this problem.

Fri, 29 Mar 2013 23:11:30 UTC

More TV stuff

Posted By Greg Lehey

Finally got round to installing the new TV properly. It's still in the middle of the room, because the wall to the hallway is missing, and it looks pretty terrible. If we don't move house soon we may reconsider the location. But it worksalmost. On one occasion I couldn't turn it on again. I had to power cycle it before it would turn on. I hope that doesn't happen too often. It's also clear that the screen illumination could be better: the corners are noticeably darker, though that's not obvious when viewing a film. Under the circumstances it's nice to know that I can take it back before the end of May with no questions asked.

Fri, 29 Mar 2013 22:30:00 UTC

Back-to-Basics Weekend Reading - Principles of Transaction-Oriented Database Recovery

Posted By Werner Vogels

I have been reading mainly newer papers in the beginning of this year, but it is time to get back to the basics and start reading some more historical papers again. From the time when researchers and engineers where laying the foundations for our current systems. A good early paper to start again is the Survey that Härder en Reuter did on Database Recovery in 1983. Principles of Transaction-Oriented Database Recovery, Theo Härder and Andreas Reuter, ACM Computing Surveys, Volume 15 Issue 4, December 1983, Pages 287-317

Fri, 29 Mar 2013 21:41:56 UTC

Sheeri Cabral's "When I Moved Abroad"

Posted By Tom Limoncelli

Over at the Mozilla IT blog is a new post by Sheeri Cabral that every sysadmin in our community should read. Blog post: When I Moved Abroad

Fri, 29 Mar 2013 21:19:59 UTC

Friday Squid Blogging: Bomb Discovered in Squid at Market

Posted By Bruce Schneier

Really: An unexploded bomb was found inside a squid when the fish was slaughtered at a fish market in Guangdong province. Oddly enough, this doesn't seem to be the work of terrorists: The stall owner, who has been selling fish for 10 years, told the newspaper the 1-meter-long squid might have mistaken the bomb for food. Clearly there's much to...

Fri, 29 Mar 2013 21:11:33 UTC

Boston Area Sysadmins: BBLISA Looking for Lightning Talks!

Posted By Tom Limoncelli

Would you like to do a lightning talk at the next BBLISA meeting? [ This message comes from Matt Simmons at the Standalone Sysadmin blog. ] Do you love lightning talks? Because I love lightning talks. When I found out that the DC DevOps group had an entire meeting dedicated to lightning talks, I was jealous. I mentioned the idea to John, Adam, and crew of BBLISA, and they liked it. Of course, when you volunteer an idea, you volunteer /for/ that idea, too, so if you look at the BBLISA Calendar (http://www.bblisa.org/calendar.html), you'll see my name organizing the April meeting.

Fri, 29 Mar 2013 17:25:11 UTC

The Dangers of Surveillance

Posted By Bruce Schneier

Interesting article, "The Dangers of Surveillance," by Neil M. Richards, Harvard Law Review, 2013. From the abstract: ....We need a better account of the dangers of surveillance. This article offers such an account. Drawing on law, history, literature, and the work of scholars in the emerging interdisciplinary field of "surveillance studies," I explain what those harms are and why they...

Fri, 29 Mar 2013 15:30:00 UTC

Back-to-Basics Weekend Reading - Principles of Transaction-Oriented Database Recovery

Posted By Werner Vogels

Fri, 29 Mar 2013 14:27:40 UTC

Stop. Take 5 minutes to save the internet

Posted By Tom Limoncelli

Hey fellow sysadmins! Please take 5 minutes to make sure your DNS servers aren't open to the world for recursive queries. They can be used as amplifiers in DDOS attacks. https://www.isc.org/wordpress/is-your-open-dns-resolver-part-of-a-criminal-conspiracy/ The short version of what you need to do is here.

Fri, 29 Mar 2013 11:59:08 UTC

New RC4 Attack

Posted By Bruce Schneier

This is a really clever attack on the RC4 encryption algorithm as used in TLS. We have found a new attack against TLS that allows an attacker to recover a limited amount of plaintext from a TLS connection when RC4 encryption is used. The attacks arise from statistical flaws in the keystream generated by the RC4 algorithm which become apparent...

Fri, 29 Mar 2013 08:36:49 UTC

Speaking in Bradford tomorrow

Posted By Cory Doctorow

Here's details of the public event I'm doing in Bradford while I'm in town for Eastercon: I'll be at the 1in12 Club, as part of an event called "Can Technology Save the City?" that runs from 12-6. I'll be there around 1430h. Hope you'll come out!

Fri, 29 Mar 2013 08:31:31 UTC

How the amazing UK cover for Rapture of the Nerds came to be

Posted By Cory Doctorow

I'm really impressed with the cover of the UK edition of Rapture of the Nerds, the novel I wrote with Charlie Stross. But it turns out that producing that cover was quite a journey. Designer Martin Stiff was kind enough to share his notes on the process, along with all the proto covers he produced … [Read more]

Fri, 29 Mar 2013 00:06:43 UTC

TV IP configuration

Posted By Greg Lehey

More playing around with my new TV today. This is the first I've ever had with an Internet connection, and I was interested in what it could do. It has a main menu reminiscent of a computer display: That white window at top left is a window in natural size into the X display, showing nothing useful. But it has a web browser with an emblem reminiscent of firefox. Tried that, but I couldn't communicate with the global Internet. It had obtained an IP address via DHCP, amusingly enough 192.109.197.224, flachmann.lemis.com, but it didn't get a valid default gateway.

Thu, 28 Mar 2013 23:56:41 UTC

Even more spam

Posted By Greg Lehey

Spam seems to be particularly bad at the moment. But when I started getting offers of Viagra (sent to an address that I only gave to Growmaster), I was puzzled. SpamAssassin should have filtered that out. Took a look at the headers: no headers from SpamAssassin. But it was running. What was wrong there? Decided to install the latest version, with some surprises: ===> p5-Mail-SpamAssassin-3.3.2_8 depends on package: p5-NetAddr-IP>=4.00.7 - found ===> p5-Mail-SpamAssassin-3.3.2_8 depends on package: p5-Net-DNS>=0.63 - found ===> p5-Mail-SpamAssassin-3.3.2_8 depends on package: p5-HTML-Parser>=3.46 - found ===> p5-Mail-SpamAssassin-3.3.2_8 depends on package: p5-libwww>=0 - found ===> p5-Mail-SpamAssassin-3.3.2_8 depends on package: p5-Encode-Detect>=0 - found ===> p5-Mail-SpamAssassin-3.3.2_8 depends on package: p5-Mail-Tools>=0 - found ===> p5-Mail-SpamAssassin-3.3.2_8 depends on file: /usr/local/bin/perl5.14.2 - found ===> Configuring for p5-Mail-SpamAssassin-3.3.2_8 NOTE: settings for "make test" are now controlled using "t/config.dist".

Thu, 28 Mar 2013 19:00:00 UTC

Tropical Mirrorless Research

Posted By Tim Bray

I claim that watching people photograph the Big Island is effective camera-futures research; and camera futures are interesting now. So heres some research. Oh, and Big Island photos. Those camera futures became interesting with the arrival, this past few years, of mirrorless and other compact-format high-quality cameras (overview here). Check out I've Got Good News, I've Got Bad News for some data on sales trends; it suggests SLRs are doing well but compacts arent much of a factor. At the Pu»uhonua o HMnaunau (City of Refuge)park, a must-see on the Big Island. Why Hawaii? People go to the Big Island to see things.

Thu, 28 Mar 2013 16:14:47 UTC

Copyright wars are damaging the health of the internet

Posted By Cory Doctorow

The Guardian

Thu, 28 Mar 2013 16:14:35 UTC

What problem are we trying to solve in the copyright wars?

Posted By Cory Doctorow

My latest Guardian column is "Copyright wars are damaging the health of the internet" and it looks at what we really need from proposed solutions to the copyright wars: I've sat through more presentations about the way to solve the copyright wars than I've had hot dinners, and all of them has fallen short of … [Read more]

Thu, 28 Mar 2013 13:36:49 UTC

Unwitting Drug Smugglers

Posted By Bruce Schneier

This is a story about a physicist who got taken in by an imaginary Internet girlfriend and ended up being arrested in Argentina for drug smuggling. Readers of this blog will see it coming, of course, but it's a still a good read. I don't know whether the professor knew what he was doing -- it's pretty clear that the...

Thu, 28 Mar 2013 09:41:16 UTC

Schedule for EasterCon in Bradford

Posted By Cory Doctorow

I'm heading to Bradford tomorrow for Eight Squared Con, the 2013 Eastercon. I'm appearing on several programme items: * Friday, 17h: Reading, Hawthorn Room * Saturday, 12h: "On Twitter, Everyone Can Hear You Scream," Boardroom (panel) * Saturday, 13h: Book launch for RAPTURE OF THE NERDS, Conservatory * Saturday, 19h: "Genre Get-Together: Science Fiction," Conservatory … [Read more]

Wed, 27 Mar 2013 23:14:55 UTC

New TV

Posted By Greg Lehey

Up early this morning and off to ALDI in Sebastopol to buy their special offer 58" TV, arriving just before they opened. A good thing to: they had about 9 of them, and they were all gone within about 5 minutes. Back home after finally finding a way to transport it, and set it up. It's not just big, it's also heavy38 kg if you believe the statement on the package. An amazing number of connections: 4 HDMI, VGA, even an Internet connection.

Wed, 27 Mar 2013 15:00:00 UTC

Can you make the speed of light faster?

Posted By Tom Limoncelli

One technical issue that often plagues me is that you can't make the speed of light any faster. Network latency from NYC to Sydney is going to suck no matter what. Helping users understand this is difficult. Often it is equally difficult to make software developers understand this too. Many times people have asked me, sometimes seriously, if we could just make the speed of light faster. There is one obvious way to improve the latency between NYC and Sydney: Tunnel through the earth. A direct route would be much faster. However it looks like scientists are close to a more realistic alternative: use air instead of glass! "

Wed, 27 Mar 2013 14:53:53 UTC

The Institute for Cultural Diplomacy and Wikipedia

Posted By Benjamin Mako Hill

A month ago, Mark Donfried from the Institute for Cultural Diplomacy (ICD) an organization dedicated to promoting open dialogue sent me this letter threatening me with legal action because of contributions I’ve made to Wikipedia. Yesterday, he sent me this followup threat. According to the letters, Donfried has threatened me with legal action [...]

Wed, 27 Mar 2013 11:47:03 UTC

Security Awareness Training

Posted By Bruce Schneier

Should companies spend money on security awareness training for their employees? It's a contentious topic, with respected experts on both sides of the debate. I personally believe that training users in security is generally a waste of time, and that the money can be spent better elsewhere. Moreover, I believe that our industry's focus on training serves to obscure greater...

Wed, 27 Mar 2013 00:48:37 UTC

How the Maker of TurboTax Fought Free, Simple Tax Filing

Posted By Tom Limoncelli

This investigative report by propublica.org is what I thought was going on but had no proof. Basically I've always said that since the IRS gets all the data from our employers and financial institutions electronically, why can't they present our tax forms partially or completely filled out? We should be able to subtract our deductions and that's it. Obviously we should get all the data so we can examine it or hire a tax accountant to examine it. Anytime someone said "yeah, but the people that prepare tax returns would try to stop any legislation like that" I would say, "oh, don't be a conspiracy theory crazyperson".

Tue, 26 Mar 2013 19:15:35 UTC

The NSA's Cryptolog

Posted By Bruce Schneier

The NSA has published declassified versions of its Cryptolog newsletter. All the issues from Aug 1974 through Summer 1997 are on the web, although there are some pretty heavy redactions in places. (Here's a link to the documents on a non-government site, in case they disappear.) I haven't even begun to go through these yet. If you find anything good,...

Tue, 26 Mar 2013 19:00:00 UTC

Being Google

Posted By Tim Bray

This month saw my 3-year anniversary here, and I feel like one of my missions is to be a guide on this Magical Mystery Tour. So, here are some things about Google; without asking anyone first, because not asking first is best. Being Careful Startups are all damn-the-torpedos and ship-it-now. Been there, done that, loved it. Inappropriate with a user count on the order of a billion. My first-ever push to Googles webspace was a couple of paragraphs of documentation; the compulsory review process ended up with four rewrites involving input from three people. Not management-driven cover-your-ass rewrites, either; topics of debate included what is the actual failure mode? and Dont talk abstractly about developers, say You must... Code reviews are way fiercer.

Tue, 26 Mar 2013 19:00:00 UTC

Finite Surface Integral of the Earth

Posted By Tim Bray

I have watched the piecewise creation of the world; new pieces burn gold-red, creep into place like honey, lethally hot in the ocean-moist air. And of course took lots of pictures. Back Story I owe this experience to one of the many photographers on Google+, who posted on shooting lava. Since wed planned a vacation to the Big Island you can bet this caught my attention. Id visited the island and the volcano a couple of times, but live lava always seemed something that you had to be an extreme-hiking fanatic, and prepared to die in the attempt, to see.

Tue, 26 Mar 2013 11:38:14 UTC

Identifying People from Mobile Phone Location Data

Posted By Bruce Schneier

Turns out that it's pretty easy: Researchers at the Massachusetts Institute of Technology (MIT) and the Catholic University of Louvain studied 15 months' worth of anonymised mobile phone records for 1.5 million individuals. They found from the "mobility traces" - the evident paths of each mobile phone - that only four locations and times were enough to identify a particular...

Mon, 25 Mar 2013 21:30:00 UTC

Today is my last day at Google.

Posted By Tom Limoncelli

Today is my last day at Google. After 7 years I'm looking forward to doing nothing for a while, writing a book or two (oh yeah, I have a big announcement: I've signed 2 book contracts! More info soon!) , and I'm getting married. Please, no speculation on why I'm leaving. I was at Bell Labs 7 years too. It's just time. (FunFact: I found a draft of a "goodbye message" I wrote. The file's datestamp was Nov 10, 2010.) The annoying thing about job hunting is that usually you have to take random days off from your current job claiming "something came up" or taking vacation days or faking sick days.

Mon, 25 Mar 2013 18:33:44 UTC

Down and Out in the Magic Kingdom read-aloud part 02

Posted By Cory Doctorow

As I mentioned in my March Locus column, I'm celebrating the tenth anniversary of Down and Out in the Magic Kingdom by planning a prequel volume. As part of that planning, I'm going to read aloud the entire text of that first book into the podcast, making notes on the book as I go. Here's … [Read more]

Mon, 25 Mar 2013 17:00:44 UTC

MIT LaTeX Stationery

Posted By Benjamin Mako Hill

The MIT graphic identity website provides downloadable stationery templates for letterhead and envelopes. They provide both Microsoft Word and LaTeX templates. But although they provide both black and white and color templates for Word, they only provide the monochrome templates for LaTeX. When writing cover letters for the job market this year, I was not [...]

Mon, 25 Mar 2013 11:28:13 UTC

Our Internet Surveillance State

Posted By Bruce Schneier

I'm going to start with three data points. One: Some of the Chinese military hackers who were implicated in a broad set of attacks against the U.S. government and corporations were identified because they accessed Facebook from the same network infrastructure they used to carry out their attacks. Two: Hector Monsegur, one of the leaders of the LulzSac hacker movement,...

Sat, 23 Mar 2013 20:27:01 UTC

The perfect April Fools gift for the geek you love?

Posted By Tom Limoncelli

There are still a few copies left of the book of April Fools RFCs. http://www.rfc-humor.com They say if you have to explain a joke it wasn't funny. Well, this makes The Complete April Fools RFCs the least funny book in the world. Ok, maybe that's not 100 percent true but you have to be pretty darn technical to get some of these jokes. There are only a few left in stock. Why not pick one up today? Click here to see it on Amazon Tom

Sat, 23 Mar 2013 05:49:55 UTC

Launching the UK edition of Rapture of the Nerds TODAY at Forbidden Planet London

Posted By Cory Doctorow

Hey, Londoners! I'll be launching the UK edition of Rapture of the Nerds today at 1PM at Forbidden Planet. Although the book is available across the country at finer stores, this will be your only chance to stroke the marvellous 3D printed Space Marine Stross and have your picture taken with it.

Sat, 23 Mar 2013 05:19:36 UTC

Letter from a young reader about Little Brother

Posted By Cory Doctorow

A young man named Alex came out to my Decatur, GA Homeland tour-stop and we had a charming (if brief) conversation, and subsequently snapped this quite wonderful photo. One of Alex's teachers subsequently wrote to me to say that Alex had taken high academic honors in a Letters About Literature contest about Little Brother, and … [Read more]

Fri, 22 Mar 2013 21:12:38 UTC

Friday Squid Blogging: Giant Squid Genetics

Posted By Bruce Schneier

Despite looking very different from each other and being distributed across the world's oceans, all giant squid are the same species. There's also not a lot of genetic diversity. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 22 Mar 2013 20:46:55 UTC

Changes to the Blog

Posted By Bruce Schneier

I have made a few changes to my blog that I'd like to talk about. The first is the various buttons associated with each post: a Facebook Like button, a Retweet button, and so on. These buttons are ubiquitous on the Internet now. We publishers like them because it makes it easier for our readers to share our content. I...

Fri, 22 Mar 2013 16:16:07 UTC

What does Stack Exchange do when disaster strikes?

Posted By Tom Limoncelli

Find out at LOPSA-East (formerly PICC) May 3-4, 2013, New Brunswick, NJ (Early Bird Registration ends April 1st! http://lopsa-east.org Space is limited!) In late October of 2012, Hurricane Sandy was wreaking havoc on the east coast. It was the second costliest hurricane in US history causing widespread power and service disruptions. George Beech, a System Aministrator at Stack Overflow, will be presenting a talk at LOPSA-East 2013 about their successful failover to a backup datacenter and what it took to keep their primary New York City datacenter operational while implementing the Disaster Recovery plan. This talk will focus mostly on Disaster Recovery and migration for a primarily windows based shop.

Fri, 22 Mar 2013 12:10:57 UTC

FBI Secretly Spying on Cloud Computer Users

Posted By Bruce Schneier

Both Google and Microsoft have admitted it. Presumably every other major cloud service provider is getting these National Security Letters as well. If you've been following along, you know that a U.S. District Court recently ruled National Security Letters unconstitutional. Not that this changes anything yet....

Fri, 22 Mar 2013 07:56:10 UTC

Signing Rapture of the Nerds at Forbidden Planet London tomorrow

Posted By Cory Doctorow

Hey, Londoners! A reminder that I'll be signing the UK edition of Charlie Stross's and my novel Rapture of the Nerds, tomorrow at 1PM at Forbidden Planet. Charlie can't make it, so I have fashioned a cunning 3D printed Space Marine Stross to accompany me, which you may rub for good luck if you attend.

Thu, 21 Mar 2013 23:24:43 UTC

Ports: Upsetting the apple cart

Posted By Greg Lehey

Processing the photos of the stray dog proved to be a problem: exiftool had disappeared. I don't know why, but since it's a perl module, it's reasonable to assume that the reinstallation of the new perl version yesterday removed it. I wonder how many other ports have disappeared. I note also that the fonts used by wine seem to have changed. One more reason not to upgrade ports on a production machine until they've been tested elsewhere. On the other hand, it seems that I do have LibreOffice installed. No idea how that happened. I looked for an obvious executable yesterday, something like /usr/local/bin/libreofficeand that's exactly what was installed, admittedly a symlink.

Thu, 21 Mar 2013 19:59:04 UTC

WH Smith automatically adding DRM to DRM-free ebooks, but theres an interim solution while they fix it

Posted By Cory Doctorow

The UK Bookseller WH Smith has been experiencing some kind of bug in its ebook store, whereby it adds DRM to all of the Kobo ebooks it sells, even the ones that are supposed to be DRM-free (like mine). Apparently, this is a metadata-parsing issue. I spoke to my agent and publisher, and WH Smith/Kobo … [Read more]

Thu, 21 Mar 2013 18:17:25 UTC

Text Message Retention Policies

Posted By Bruce Schneier

The FBI wants cell phone carriers to store SMS messages for a long time, enabling them to conduct surveillance backwards in time. Nothing new there -- data retention laws are being debated in many countries around the world -- but this was something I did not know: Wireless providers' current SMS retention policies vary. An internal Justice Department document (PDF)...

Thu, 21 Mar 2013 17:00:07 UTC

Lookalikes

Posted By Benjamin Mako Hill

Is Croatian kiberkomunist (i.e., cyber-communist) artist and hacker Marcell Mars living a secret life as a Nantucket Reds -wearing preppie from the American northeast?

Thu, 21 Mar 2013 15:00:00 UTC

New video: Ganeti: Your Private Virtualization Cloud "the Way Google Does It"

Posted By Tom Limoncelli

My 60-minute talk on Ganeti from the Usenix LISA '12 conference has been posted: https://www.usenix.org/conference/lisa12/ganeti-your-private-virtualization-cloud-way-google-does-it Ganeti is a cluster virtual server management software tool built on top of existing virtualization technologies such as Xen or KVM and other Open Source software. Ganeti takes care of disk creation, migration, OS installation, shutdown, startup, and can be used to preemptively move a virtual machine off a physical machine that is starting to get sick. It doesn't require a big expensive SAN, complicated networking, or a lot of money. The project is used around the world by many organizations; it is sponsored by Google and hosted at http://code.google.com/p/ganeti.

Thu, 21 Mar 2013 12:02:28 UTC

When Technology Overtakes Security

Posted By Bruce Schneier

A core, not side, effect of technology is its ability to magnify power and multiply force -- for both attackers and defenders. One side creates ceramic handguns, laser-guided missiles, and new-identity theft techniques, while the other side creates anti-missile defense systems, fingerprint databases, and automatic facial recognition systems. The problem is that it's not balanced: Attackers generally benefit from new...

Thu, 21 Mar 2013 03:56:38 UTC

LibreOffice install

Posted By Greg Lehey

I don't use things like Microsoft Office or clones. But since I've started using a Microsoft box, I should maybe consider it, especially as I could do with a spreadsheet right now to calculate costs for the house. I don't want to spend money on it, of course, but then there's LibreOffice. Today was the last day of my billing month for Internet traffic, so I downloaded it both for Microsoft (after their page gave up trying to identify my Vista box as PPC MacOS X) and FreeBSD.

Thu, 21 Mar 2013 00:00:00 UTC

The Netflix OSS Cloud Prize

Posted By Werner Vogels

Netflix has over the years become one of the absolute best engineering powerhouses for building cloud-native applications. At AWS we are very proud to be their infrastructure partner and every day we learn from how they use our cloud services. Many of the observations I talk about in my 21st Century Application Architectures presentation come from seeing Netflix architects at work. Netflix has gone beyond just building great applications; they have made fundamental pieces of their cloud platform available as open source and many in the industry have responded to that with great enthusiasm, evidenced by the packed Netflix House in February where people came to hear more about NetflixOSS.

Wed, 20 Mar 2013 17:00:00 UTC

The Netflix OSS Cloud Prize

Posted By Werner Vogels

Wed, 20 Mar 2013 16:51:42 UTC

Lessons From the FBI's Insider Threat Program

Posted By Bruce Schneier

This article is worth reading. One bit: For a time the FBI put its back into coming up with predictive analytics to help predict insider behavior prior to malicious activity. Rather than coming up with a powerful tool to stop criminals before they did damage, the FBI ended up with a system that was statistically worse than random at ferreting...

Wed, 20 Mar 2013 15:57:50 UTC

Chatting with Techdirt about Pirate Cinema

Posted By Cory Doctorow

My novel Pirate Cinema is the current TechDirt Book Club selection, and we're kicking it off today with a Google+ hangout in about five minutes. I've never done a Hangout before -- I don't have a G+ account because I object to its "real names" policy, but I've created a throwaway account for the occasion. … [Read more]

Wed, 20 Mar 2013 15:00:00 UTC

Google hosted Xen Hackathon, May 16-17, Dublin

Posted By Tom Limoncelli

The next Xen Hackathon will be hosted by the Ganeti team at Google and takes place on May 16-17, 2013 at Google's offices in Dublin Ireland. I can't make it but many of my coworkers on the Ganeti project will be there. If you use the open source version of Xen and want to get your hack on, please sign up!

Tue, 19 Mar 2013 18:34:57 UTC

FinSpy

Posted By Bruce Schneier

Twenty five countries are using the FinSpy surveillance software package (also called FinFisher) to spy on their own citizens: The list of countries with servers running FinSpy is now Australia, Bahrain, Bangladesh, Britain, Brunei, Canada, the Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, the United Arab Emirates, the United States...

Tue, 19 Mar 2013 17:11:56 UTC

My talk on copyright, ebooks and libraries for the Library of Congress

Posted By Cory Doctorow

Last fall, while on the Pirate Cinema tour, I stopped in at the Library of Congress to give a talk called "A Digital Shift: Libraries, Ebooks and Beyond," which was an amazing treat. The LoC people were delightful and the building and its collections were outstanding. Now, they've put the video online! A Digital Shift: … [Read more]

Tue, 19 Mar 2013 15:00:00 UTC

Save up to $197 on LOPSA-East registration, really?

Posted By Tom Limoncelli

Early bird pricing ends April 1st! Make sure you register before then to save up to $197! http://lopsa-east.org/ Best way to save money? Start talking with your boss NOW so all that purchasing department paperwork gets done in time!

Tue, 19 Mar 2013 11:44:17 UTC

Gauss

Posted By Bruce Schneier

Nice summary article on the state-sponsored Gauss malware....

Tue, 19 Mar 2013 00:24:58 UTC

End of an era: death after 3737 days

Posted By Greg Lehey

Somebody pointed me at this slashdot story today: a machine shut down after 3737 days of uptime (that's over 10 years, 2 months). It makes my "After running uninterrupted for 3737 days, this humble Sun 280R server running Solaris 9 was shut down. At the time of making the video it was idle, the last service it had was removed sometime last year. A tribute video was made with some feelings about Sun, Solaris, the walk to the data center and freeing a machine from internet-slavery."

Mon, 18 Mar 2013 18:29:17 UTC

Down and Out in the Magic Kingdom read-aloud part 01

Posted By Cory Doctorow

As I mentioned in my March Locus column, I'm celebrating the tenth anniversary of Down and Out in the Magic Kingdom by planning a prequel volume. As part of that planning, I'm going to read aloud the entire text of that first book into my podcast, making notes on the book as I go. Here's … [Read more]

Mon, 18 Mar 2013 18:00:52 UTC

A 1962 Speculative Essay on Computers and Intelligence

Posted By Bruce Schneier

From the CIA archives: Orrin Clotworthy, "Some Far-out Thoughts on Computers," Studies in Intelligence v. 6 (1962)....

Mon, 18 Mar 2013 15:34:50 UTC

Im at Forbidden Planet London with Rapture of the Nerds this Saturday!

Posted By Cory Doctorow

Hey, Londoners! A quick reminder that I'll be signing the new UK edition of Rapture of the Nerds this Saturday at Forbidden Planet on Shaftesbury Ave at 13h. Come on down and say hi!

Mon, 18 Mar 2013 15:00:00 UTC

Last night I had a nightmare...

Posted By Tom Limoncelli

...that I got caught in a "spear phishing attack". (A malware attack where they send an email specifically crafted to one or two people.) The email was a receipt from a hotel that I stay at occasionally but it listed the address as being in South Carolina instead of San Francisco. I clicked on the PDF to read it and then realized I was being phished because I haven't been to South Carolina in ages and the invoice mentioned a coworker that I've never traveled with. I started shutting down my computer and made plans to wipe the disks; glad I have good backups but not wanting to go through the pain of being without my laptop until I could do this.

Mon, 18 Mar 2013 14:38:00 UTC

Prison Escape

Posted By Bruce Schneier

Audacious daytime prison escape by helicopter. The escapees have since been recaptured....

Mon, 18 Mar 2013 10:01:40 UTC

SCARF ACE

Posted By Benjamin Mako Hill

I Although I don’t mean to brag… I have an really great scarf-hood-combination garment. I was wearing said awesome scarf in a rather cold apartment during my remote participation in the Learning Creative Learning class. I would like to think that I said some interesting and insightful things. But if I didn’t, I’m glad to [...]

Mon, 18 Mar 2013 06:31:39 UTC

Audio from my Homeland tour presentation

Posted By Cory Doctorow

Thomas "Command Line" Gideon came out for the DC stop on my Homeland tour, at Busboys and Poets, and mic'ed me up for the event. He's mastered the audio and posted it. It's a 40 minute talk about the promise of technology to improve our lives, the risks from allowing technology to be used to … [Read more]

Mon, 18 Mar 2013 01:08:39 UTC

Getting nanoseconds from stat(2)

Posted By Greg Lehey

The 0 in the nanoseconds from stat(1) puzzled me, so I went to take a look. And how about that: the stat(2) system call returns the fields set to 0: === gdb -> Return 336 rc = lstat(file, &st); === gdb -> Return 339 if (rc == -1) { === gdb -> p st $1 = { st_dev = 129, st_ino = 11732393, st_mode = 33188, st_nlink = 1, st_uid = 1004, st_gid = 1000, st_rdev = 47224992, st_atim = { tv_sec = 1363569201, tv_nsec = 0 }, st_mtim = { tv_sec = 1350666025, tv_nsec = 0 }, st_ctim = { tv_sec = 1350666025, tv_nsec = 0 }, st_size ...

Mon, 18 Mar 2013 00:45:33 UTC

Don't enhance test(1)

Posted By Greg Lehey

A couple of weeks ago Peter Jeremy made some modifications to test(1) and with approval of his mentors (John Baldwin and myself) committed them to the head of the FreeBSD source tree. The changes are summarized in the man page: file1 -nt file2 True if both file1 and file2 exist and file1 is newer than file2. file1 -ntXY file2 True if both file1 and file2 exist and file1 has a more recent last access time (X=a), inode creation time (X=B), change time (X=c), or modification time (X=m) than the last ...

Sun, 17 Mar 2013 16:17:32 UTC

Call For Proposals Extended: Open Source Bridge 2013

Posted By Tom Limoncelli

The "Call for Proposals" for Open Source Bridge 2013 has been extended 2 weeks (Sat, March 23). The current proposals so far are listed online. The conference itself is June 18-21, 2013 in Portland, Oregon. More info about submitting proposals is here: http://opensourcebridge.org/blog/2013/03/were-extending-our-call-for-proposals/

Sun, 17 Mar 2013 12:59:04 UTC

Cascadia IT Conference 2013 a big success!

Posted By Tom Limoncelli

Congrats to all involved! Save next year's date: 7 & 8 MAR, 2014. (It's already marked in the Sysadmin Event Calendar: http://everythingsysadmin.com/calendar.html )

Sun, 17 Mar 2013 10:01:50 UTC

Conversation on Freedom and Openness in Learning

Posted By Benjamin Mako Hill

On Monday, I was a visitor and guest speaker in a session on Open Learning in a class on Learning Creative Learning which aims to offer a course for designers, technologists, and educators. The class is being offered publicly by the combination surprising but very close to my heart of Peer 2 Peer [...]

Sat, 16 Mar 2013 15:00:00 UTC

Registration open for LOPSA-East 2013! (formerly PICC) May 3-4, 2013, New Brunswick, NJ

Posted By Tom Limoncelli

Register early and save! http://lopsa-east.org Space is limited! Registration opens at midnight for the 2013 LOPSA-East conference, May 3-4, 2013 at the Hyatt Regency hotel in New Brunswick, NJ. IT professionals from the tri-state area, as well as the entire east coast will be joining us for the most talked about community-driven conference of the year. You can find out more at http://lopsa-east.org LOPSA-East begins Friday with an entire day of training offered by world class instructors. We have half day sessions on Team Efficiency, Configuration Management, Basic and Advanced PowerShell, IPV6 migration, and much more! The conference continues on Saturday, with more half day training sessions along with 45 minute presentations from invited speakers, 5 minute lightning talks, and ‘birds of a feather’ discussions on participant selected topics.

Fri, 15 Mar 2013 21:10:46 UTC

Friday Squid Blogging: WTF, Evolution?

Posted By Bruce Schneier

WTF, Evolution? is a great blog, and they finally mentioned squid....

Fri, 15 Mar 2013 19:01:01 UTC

xkcd on PGP

Posted By Bruce Schneier

How security interacts with users....

Fri, 15 Mar 2013 18:51:49 UTC

The correct RSS feed for this site

Posted By Tom Limoncelli

I'm getting reports that some RSS reading software does not see the latest posts from this list. Please be sure to use this URL for your RSS reading pleasure: http://feeds.everythingsysadmin.com/EverythingSysadmin Of course, if you are using an old URL that has gone away, you'll never see this post (so tell your friends!). Thanks!

Fri, 15 Mar 2013 14:19:09 UTC

Legal issues in Pirate Cinema analyzed by IP lawyer

Posted By Cory Doctorow

IP lawyer Stuart Langley wrote a fantastic analysis of the legal issues raised in my novel Pirate Cinema a guest-article for the wonderful Law and the Multiverse site. Langley does a very thorough job of looking at the real laws and legal problems behind the plot points in the book. The McCauleys internet access has … [Read more]

Fri, 15 Mar 2013 10:46:12 UTC

Stuxnet is Much Older than We Thought

Posted By Bruce Schneier

Symantec has found evidence of Stuxnet variants from way back in 2005. That's much older than the 2009 creation date we originally thought it had. More here and here. What's impressive is how advanced the cyberattack capabilities of the U.S. and/or Israel were back then....

Fri, 15 Mar 2013 08:57:25 UTC

Aaron Swartz MIT Memorial

Posted By Benjamin Mako Hill

On Tuesday, there was a memorial for Aaron Swartz held at the MIT Media Lab. Unfortunately, I am traveling this week and was unable to attend. As I wrote recently, I was close to Aaron. I am also, more obviously, close to MIT and the lab. It was important to me to participate in the [...]

Thu, 14 Mar 2013 22:57:46 UTC

NBN: Yes, no, maybe

Posted By Greg Lehey

One of the good things about the new property is that it's only a stone's throw from the Enfield radiation tower. We could get good network coverage there immediately. Out of idle curiosity, went to the NBN rollout map to see what the coverage was like, and in the process discovered a link at the top overwriting another text and saying Find a service provider: Followed that, and discovered that the link forgot where I was: I was presented with a map of Australia.

Thu, 14 Mar 2013 22:20:19 UTC

More weather station flakiness

Posted By Greg Lehey

For some reason the wireless communication between the external and internal components of my weather station has been particularly flaky lately, and there have been long periods of time with no readings. Changed the batteries, but the old ones weren't particularly discharged, and it didn't help, so finally got down to complete some modifications I had started years ago to ensure that I don't try to save invalid readings. What a series of functions just to read a page of weather data from the unit: /* * Read routines. There are lots of these: * * read_station reads 8 bytes from the station, the maximum it can deliver.

Thu, 14 Mar 2013 19:41:23 UTC

Why oh why is Google canceling "reader"?

Posted By Tom Limoncelli

I can not confirm nor deny... @sheeri or it's a conspiracy by @yesthattom to improve TMFSA by removing a huge time sink... ;)— Nahum Shalman (@nahumshalman) March 14, 2013 If that makes you sad, maybe this will cheer you up... Wow. The heads of all major religions (iOS, Android, Windows, and the Catholic Church) have been replaced in a 6 month time period.— Brian Walsh (@thepartycow) March 13, 2013 @thepartycow maybe that's true of those minor religions, but the great religions of Vi and Emacs are eternal.— ghc (@xnomagichash) March 13, 2013

Thu, 14 Mar 2013 17:19:08 UTC

On Secrecy

Posted By Bruce Schneier

Interesting law paper: "The Implausibility of Secrecy," by Mark Fenster. Abstract: Government secrecy frequently fails. Despite the executive branchs obsessive hoarding of certain kinds of documents and its constitutional authority to do so, recent high-profile events among them the WikiLeaks episode, the Obama administrations celebrated leak prosecutions, and the widespread disclosure by high-level officials of flattering confidential information to...

Thu, 14 Mar 2013 15:50:07 UTC

Words of wisdom: Bjarne Stroustrup

Posted By Herb Sutter

Bjarne Stroustrup wrote the following a few minutes ago on the concepts mailing list: Let me take this opportunity to remind people that "being able to do something is not sufficient reason for doing it" and "being able to do every trick is not a feature but a bug" For the latter, remember Dijkstra’s famous [...]

Thu, 14 Mar 2013 12:21:15 UTC

Profile in Guardian Books

Posted By Cory Doctorow

Damien Walter's written a very kind article about me and my work in the Guardian's books section, discussing the role of science fiction in social criticism and activism. As technology becomes an ever bigger factor in day-to-day life, we need writers like Doctorow to help us direct it to support freedom over oppression. In his … [Read more]

Thu, 14 Mar 2013 11:11:56 UTC

Nationalism on the Internet

Posted By Bruce Schneier

For technology that was supposed to ignore borders, bring the world closer together, and sidestep the influence of national governments the Internet is fostering an awful lot of nationalism right now. We've started to see increased concern about the country of origin of IT products and services; U.S. companies are worried about hardware from China; European companies are worried about...

Thu, 14 Mar 2013 10:18:01 UTC

Software Tools Research: SPLASH Panel Discussion

Posted By Diomidis D. Spinellis

Written by Dennis Mancl and Steven Fraser At the recent SPLASH (Systems, Programming, Languages and Applications: Software for Humanity) conference, one of us (Steven Fraser) organized an international group of experts to discuss challenges in software tools research. 1 The panelists included Kendra Cooper (University of Texas, Dallas), Jim Cope Coplien (Gertrud & Cope), Junilu Lacar (Cisco Systems), Ruth Lennon (Letterkenny Institute of Technology), Diomidis Spinellis (Athens University of Economics and Business), and Giancarlo Succi (Free University of Bolzano-Bozen). The discussion interwove three threadstool use, development, and educationand the panelists took a critical look at how well tools serve the needs of software professionals, managers, and academics.

Thu, 14 Mar 2013 00:26:38 UTC

Microsoft update fun

Posted By Greg Lehey

Microsoft released patches for its operating systems today, apparently something they do every month. Now that I have a real Microsoft box, it seems to be right to upgrade. But of course my network link wasn't up to it, and rather than wait forever, decided to postpone. Clicked the stop download button, and got: Code 80244023 Windows Update encountered an unknown error. Get help with this error I've seen this one before, and at the time decided, presumably correctly, that it meant network connection interrupted.

Wed, 13 Mar 2013 22:59:23 UTC

Committing ports: the bureaucracy

Posted By Greg Lehey

Review of my new port from Edwin Groothuis this morning, suggesting a couple of modifications, including noting conflicts with the normal Hugin port. That required testing, including building both ports a couple of times, but finally I was ready to commit. Not quite what I expected: Path "head/graphics/hugin-devel/distinfo" is missing the svn:keywords property (or an fbsd:nokeywords override) What does that mean? No idea. Discovered a PortSubversionPrimer, resplendent in missing spaces, which told me about properties, and that I needed svn propset to set them. More careful reading showed that I needed to add entries to ~/.subversion/config, something that I had done years ago (coincidentally exactly 4 years ago today) for the src tree and then forgotten.

Wed, 13 Mar 2013 18:30:38 UTC

Security Theater on the Wells Fargo Website

Posted By Bruce Schneier

Click on the "Establishing secure connection" link at the top of this page. It's a Wells Fargo page that displays a progress bar with a bunch of security phrases -- "Establishing Secure Connection," "Sending credentials," "Building Secure Environment," and so on -- and closes after a few seconds. It's complete security theater; it doesn't actually do anything but make account...

Wed, 13 Mar 2013 12:24:27 UTC

Hacking Best-seller Lists

Posted By Bruce Schneier

It turns out that you can buy a position for your book on best-seller lists....

Tue, 12 Mar 2013 22:54:36 UTC

Network pain continues

Posted By Greg Lehey

I've more or less resigned myself to the fact that my network connectivity is barely acceptable. Roll on the radiation tower! It's hardly worth mentioning the disconnects any more, but they continue unabated. Each of these represents a successful reconnect after a dropout: === grog@eureka (/dev/pts/4) ~ 125 -> grep myaddr /var/log/ppp.log Feb 25 20:12:36 eureka ppp[1982]: tun0: IPCP: myaddr 118.209.58.27 hisaddr = 10.1.0.1 Feb 26 13:12:31 eureka ppp[1982]: tun0: IPCP: myaddr 118.209.82.100 hisaddr = 10.1.0.1 Feb 27 02:05:54 eureka ppp[1982]: tun0: IPCP: myaddr 118.209.127.130 hisaddr = 10.1.0.1 Feb 27 09:29:38 eureka ppp[2717]: tun0: IPCP: myaddr 118.209.61.68 hisaddr = 10.1.0.1 Feb 27 15:22:14 eureka ppp[2717]: tun0: IPCP: myaddr 118.209.116.108 hisaddr = 10.1.0.1 Feb 27 16:06:23 eureka ppp[2717]: tun0: IPCP: myaddr 121.44.113.98 hisaddr = 10.1.0.1 Feb 27 17:22:40 eureka ppp[2717]: tun0: IPCP: myaddr 121.44.86.185 hisaddr = 10.1.0.1 Feb 28 18:11:28 eureka ppp[2717]: ...

Tue, 12 Mar 2013 22:45:03 UTC

Polishing my ports commit bit

Posted By Greg Lehey

News from FreeBSD portmgr today: I have my ports commit bit back, after having given it up some years ago for safe keeping. It's a little tarnished, but nothing that a bit of cleaning won't fix. Some years ago I mentored Edwin Groothuis for a src commit bit. He has a ports commit bit, so I asked him to be my mentor while I did the cleaning. A week or two again a beta release of Hugin came out, so it seemed reasonable to add a new port, graphics/hugin-devel, for that: the FreeBSD port of Hugin has been lagging quite a bit lately.

Tue, 12 Mar 2013 19:00:00 UTC

X-E1@q¬: Still Water

Posted By Tim Bray

I bought a ticket on the Tokyo airport bus leaving from near the Google office and thought my fun with the new camera was over; but I was wrong. A half-hour wait provoked a random stroll which brought me to a little teeny shrine down a little teeny alley. I guess I should conclude this series with some more reportage on the camera, but hey, the most important thing isnt that, because theyre all pretty good these days. What matters is finding something worth pointing it at. Most times, all you really need is for the camera to get out of the way.

Tue, 12 Mar 2013 18:43:11 UTC

Cisco IP Phone Hack

Posted By Bruce Schneier

Nice work: All current Cisco IP phones, including the ones seen on desks in the White House and aboard Air Force One, have a vulnerability that allows hackers to take complete control of the devices....

Tue, 12 Mar 2013 15:14:44 UTC

Why Tim Berners-Lee is wrong about DRM in HTML5

Posted By Cory Doctorow

My latest Guardian column is "What I wish Tim Berners-Lee understood about DRM," a response to the Web inventor's remarks about DRM during the Q&A at his SXSW talk last week. Additionally, all DRM licence agreements come with a set of "robustness" rules that require manufacturers to design their equipment so that owners can't see … [Read more]

Tue, 12 Mar 2013 15:14:36 UTC

What I wish Tim Berners-Lee understood about DRM

Posted By Cory Doctorow

The Guardian

Tue, 12 Mar 2013 11:45:35 UTC

"The Logic of Surveillance"

Posted By Bruce Schneier

Interesting essay: Surveillance is part of the system of control. "The more surveillance, the more control" is the majority belief amongst the ruling elites. Automated surveillance requires fewer "watchers", and since the watchers cannot watch all the surveillance, long term storage increases the ability to find some "crime" anyone is guilty of. [...] This is one of the biggest problems...

Tue, 12 Mar 2013 01:34:31 UTC

Town Car Version Control

Posted By Joel Spolsky

The team at Fog Creek is releasing a major new version of Kiln today. Kiln is a distributed version control system. One of the biggest new features is Kiln Harmony, which lets you operate on Kiln repositories using either Git or Mercurial. So you can push changes to a Kiln repo using Git and then pull them using Mercurial. This means that you never have to decide whether you want to use Git or Mercurial. Religious war: averted. But, Im getting ahead of myself! For those of you that have been living under a rock, the single biggest change in developers lives in the last decade (besides Stack Overflow, natch) is Distributed Version Control.

Mon, 11 Mar 2013 23:00:00 UTC

Beanstalk a la Node

Posted By Werner Vogels

I spent a lot of time talking to AWS developers, many working in the gaming and mobile space, and most of them have been finding Node.js well suited for their web applications. With its asynchronous, event-driven programming model, Node.js allows these developers to handle a large number of concurrent connections with low latencies. These developers typically use EC2 instances combined with one of our database services to create web services used for data retrievals or to create dynamic mobile interfaces. Today, AWS Elastic Beanstalk just added support for Node.js to help developers easily deploy and manage these web applications on AWS.

Mon, 11 Mar 2013 19:00:00 UTC

X-E1@q¬: Wheels

Posted By Tim Bray

Ah, the camera and the motorized vehicle; both blossomed last century but are going strong. Lets apply the first to the second and do it with a new camera in Tokyo. Whats not to like? Shameless plug: Includes my personal favorite picture in this series. This is a random lucky capture in Shibuya, which has come to inhabit its own mythology. I dont make a point of going there any more when I visit Tokyo but somehow I always do anyhow, and then I smile because for a place featuring vertical concrete and a trillion or so watts of synthetic illumination, its awfully human.

Mon, 11 Mar 2013 19:00:00 UTC

Sex Education

Posted By Tim Bray

My turn in the carpool schedule. Girl and Boy in the back seat, my first-grade daughter and her classmate whos expecting a little sister any day now. Girl: Daddy, how do they know whether its a boy or a girl before its born? Me: [Tries to explain about ultrasound (as if I understood it) and how they can see a not-very-good picture of the baby, still in Mummys tummy.] [Silence] Girl: But how do they know if its a boy or a girl? Me: Well, they look to see if it has a penis! [Longer silence.] Boy: Did you know that when a babys born, its naked? [Still longer silence.]

Mon, 11 Mar 2013 17:58:40 UTC

Dead Drop from the 1870s

Posted By Bruce Schneier

Hats: De Blowitz was staying at the Kaiserhof. Each day his confederate went there for lunch and dinner. The two never acknowledged one another, but they hung their hats on neighboring pegs. At the end of the meal the confederate departed with de Blowitz's hat, and de Blowitz innocently took the confederate's. The communications were hidden in the hat's lining....

Mon, 11 Mar 2013 16:00:00 UTC

Elastic Beanstalk a la Node

Posted By Werner Vogels

Mon, 11 Mar 2013 15:00:00 UTC

Site Redesign Launched!

Posted By Tom Limoncelli

www.EverythingSysadmin.com is proud to announce our newly redesigned website! New design and color scheme. After nearly 10 years this new design has a more modern feel. New Feature: The sysadmin events calendar is now a tab for easier viewing. This calendar of events is a joint project with Matt Simmons' Standalone Sysadmin Blog. Updated: Author biographies and book descriptions. New feature: A spinning book carousel in the header! New automation for the "See us live", "Awesome Conferences", and "Best of Blog" boxes. Much improved navigation for older posts. And much much more! We expect to be making minor adjustments over the next few days.

Mon, 11 Mar 2013 14:45:52 UTC

Ten Years On

Posted By Cory Doctorow

Here's a reading of my recent Locus column, Ten Years On, in which I reflect on my first decade as a novelist and discuss a possible further volume related to Down and Out in the Magic Kingdom, my first-ever novel: I never thought Id write a sequel. The allure of writing books has always been … [Read more]

Mon, 11 Mar 2013 11:12:21 UTC

Is Software Security a Waste of Money?

Posted By Bruce Schneier

I worry that comments about the value of software security made at the RSA Conference last week will be taken out of context. John Viega did not say that software security wasn't important. He said: For large software companies or major corporations such as banks or health care firms with large custom software bases, investing in software security can prove...

Mon, 11 Mar 2013 00:14:20 UTC

Town Car Version Control

Posted By Joel Spolsky

The team at Fog Creek is releasing a major new version of Kiln today. Kiln is a distributed version control system. One of the biggest new features… Read more "Town Car Version Control"

Sun, 10 Mar 2013 19:18:25 UTC

Guidebook for Cascadia IT Conference open to all!

Posted By Tom Limoncelli

The Guidebook App (available for every smart-phone known to the planet) now lists all the events and talks for the Cascadia IT Conference, scheduled to start this Friday in Seattle, WA. You can download the app whether or not you are attending. I just read through all the talks and they look excellent. I wish I could be there! There is plenty of time to register! If you are local to Seattle there's no excuse. This has got to be the best "bang for your buck" of a conference the region will see all year.

Sun, 10 Mar 2013 19:00:00 UTC

X-E1@q¬: Shades of Grey

Posted By Tim Bray

Im a color guy; but some pictures cry out for B&W. These are both from Kitanomaru Park, which I recommend to anyone for a walk, whatever the weather. There are museums about, and the Budokan; if that name rings a bell in your head this is probably why. Also its just a nice garden; the botanically-inclined will appreciate the careful labeling. This first picture in among the trees at the center of this map, and while its not quite as magical as the picture looks, its a pretty nice bit of greenery, a rare thing in the heart of Tokyo.

Sun, 10 Mar 2013 00:23:59 UTC

Who needs swap?

Posted By Greg Lehey

An unexpected effect of the completed verandah panorama was that Hugin decided that the optimal size was considerably larger than before. Although it has always stitched a full 360°×180° panorama, even when the bottom was missing, today the calculated size increased considerably: === grog@eureka (/dev/pts/4) ~/Photos/20130309 105 -> identify ../20130303/Pano/verandah-centre.jpeg Pano/verandah-centre.jpeg ../20130303/Pano/verandah-centre.jpeg JPEG 13068x6534 13068x6534+0+0 8-bit DirectClass 21.2MB 0.000u 0:00.000 Pano/verandah-centre.jpeg[1] JPEG 21866x10933 21866x10933+0+0 8-bit DirectClass 44.21MB 0.000u 0:00.000 === grog@eureka (/dev/pts/4) ~/Photos/20130309 106 -> ls -l ../20130303/Pano/verandah-centre.jpeg Pano/verandah-centre.jpeg -rw-r--r-- 1 grog lemis 21200630 3 Mar 12:41 ../20130303/Pano/verandah-centre.jpeg -rw-r--r-- 1 grog lemis 44207375 9 Mar 16:23 Pano/verandah-centre.jpeg So instead of an 85 MP panorama, I ended up with a 239 MP panorama; surprisingly, the image sizes don't reflect that.

Sat, 09 Mar 2013 23:51:15 UTC

A nadir, finally

Posted By Greg Lehey

Last weekend's attempt at a full 360°×180° panorama of the verandah wasn't overly successful. One of the issues I had was finding appropriate control points: the floor was too uniform and repetitive. Today I tried the trick of putting a few flowerpots on the floor in the range both of the nadir and the lower row of the panorama. That worked nicely, though I still have issues with the alignment of the floorboards, probably relating to the accuracy of the positioning. Still, the result isn't too bad: How much work would it be to fix the remaining jaggies in the floor?

Sat, 09 Mar 2013 20:00:00 UTC

X-E1@q¬: Gates

Posted By Tim Bray

The event that took me to Tokyo with a new camera was in Chiyoda, which is to say right next to the Imperial palace. On two successive days, I took the opportunity to go visit; once to Kitanomaru Park, and once to the East Garden itself. Pictures today from the latter. The history of Japan is full of wars, mostly in a feudal flavor; all these walls and battlements and fortifications werent built for decoration. Doesnt mean they dont look good. These are the East gates. I confess, this photo had to be fixed up a little. The spring sun on the trees other side of the gate was overpowering, brilliant.

Sat, 09 Mar 2013 17:18:50 UTC

Registration open for LOPSA-East 2013! (formerly PICC) May 3-4, 2013, New Brunswick, NJ

Posted By Tom Limoncelli

Register early and save! http://lopsa-east.org Space is limited! Registration is open for the 2013 LOPSA-East conference, May 3-4, 2013 at the Hyatt Regency hotel in New Brunswick, NJ. IT professionals from the tri-state area, as well as the entire east coast will be joining us for the most talked about community-driven conference of the year. You can find out more at http://lopsa-east.org LOPSA-East begins Friday with an entire day of training offered by world class instructors. We have half day sessions on Team Efficiency, Configuration Management, Basic and Advanced PowerShell, IPV6 migration, and much more! The conference continues on Saturday, with more half day training sessions along with 45 minute presentations from invited speakers, 5 minute lightning talks, and ‘birds of a feather’ discussions on participant selected topics.

Fri, 08 Mar 2013 22:06:27 UTC

Friday Squid Blogging: Squid/Whale Yin-Yang

Posted By Bruce Schneier

Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 08 Mar 2013 20:00:00 UTC

X-E1@q¬: Cylinders

Posted By Tim Bray

On Day Two of the new-camera-in-Tokyo trail lets move gradually from people to geometry. Because any city has lots of that. This is from the 20th floor, at Hitotsubashi University looking down over the Mainichi building; in the background are some of the Imperial Palace gardens (more to come from there). I said gradually and yep, if you blow this up you will in fact spot a few people. I wonder what the guys on the rooftop are up to; on a really big screen with the full-rez photo, its clear that theyre pretty well-dressed, i.e. probably not maintenance folk. Maybe they just stepped outside for a smoke.

Fri, 08 Mar 2013 18:08:07 UTC

Ross Anderson's Security Engineering Online

Posted By Bruce Schneier

The second edition of Ross Anderson's fantastic book, Security Engineering, is now free online. Required reading for any security engineer....

Fri, 08 Mar 2013 12:23:16 UTC

Oxford University Blocks Google Docs

Posted By Bruce Schneier

Google Docs is being used for phishing. Oxford University felt that it had to block the service because Google isn't responding to takedown requests quickly enough. Think about this in light of my essay on feudal security. Oxford University has to trust that Google will act in its best interest, and has no other option if it doesn't....

Fri, 08 Mar 2013 11:13:22 UTC

Rapture of the Nerds hits London on Mar 23

Posted By Cory Doctorow

The UK edition of Rapture of the Nerds hits shelves on April 12, but we're having a sneaky early release at Forbidden Planet in London on Mar 23 at 1PM. Tell your friends! (I'm pretty sure that Forbidden Planet will take advance mail-orders for people who can't make it, and I'll sign and personalise every … [Read more]

Fri, 08 Mar 2013 04:00:00 UTC

DynamoDB One Year Later: Bigger, Better, and 85% Cheaper&

Posted By Werner Vogels

Time passes very quickly around here and I hadnt realized until recently that over a year has gone by since we launched DynamoDB. As I sat down with the DynamoDB team to review our progress over the last year, I realized that DynamoDB had surpassed even my own expectations for how easily applications could achieve massive scale and high availability with DynamoDB. Many of our customers have, with the click of a button, created DynamoDB deployments in a matter of minutes that are able to serve trillions of database requests per year. Ive written about it before, but I continue to be impressed by Shazams use of DynamoDB, which is an extreme example of how DynamoDBs fast and easy scalability can be quickly applied to building high scale applications.

Thu, 07 Mar 2013 20:00:00 UTC

DynamoDB One Year Later: Bigger, Better, and 85% Cheaper?

Posted By Werner Vogels

Time passes very quickly around here and I hadn?t realized until recently that over a year has gone by since we launched DynamoDB. As I sat down with the DynamoDB team to review our progress over the last year, I realized that DynamoDB had surpassed even my own expectations for how easily applications could achieve massive scale and high availability with DynamoDB.

Thu, 07 Mar 2013 20:00:00 UTC

X-E1@q¬: People

Posted By Tim Bray

So, I took the new camera to Tokyo and came back with pictures, which will inhabit this space for the next few days. For most, Im not gonna claim theyre typical; but these are. If youre going to show the truth about q¬, it has to be people. Because its buildings and cars and streets and so on are mostly nothing special, but the people who live among them are. Not far from Shimbashi station and its 10PM or so. I wont claim this is a good picture, but I will argue that its what Tokyo street-life is really, really like; do me a favor and enlarge it.

Thu, 07 Mar 2013 19:39:15 UTC

How the FBI Intercepts Cell Phone Data

Posted By Bruce Schneier

Good article on "Stingrays," which the FBI uses to monitor cell phone data. Basically, they trick the phone into joining a fake network. And, since cell phones inherently trust the network -- as opposed to computers which inherently do not trust the Internet -- it's easy to track people and collect data. There are lots of questions about whether or...

Thu, 07 Mar 2013 12:45:04 UTC

Browser Security

Posted By Bruce Schneier

Interesting discussion on browser security from Communications of the ACM. Also, an article on browser and web privacy from the same issue....

Wed, 06 Mar 2013 23:30:39 UTC

Wendy McClelland exposes scam

Posted By Greg Lehey

Yvonne pointed me at an article in the Hepburn Advocate today. Wendy McClelland has taken pity on all us poor souls who were conned by the NBN: NBN endeavoured to convince the public to want Wi-Fi radiation broadband via a proposed tower to deliver at speeds of 5-12 megabits per second. NBN staff stated it was faster than satellite broadband. Most residents who attended were duped by the con. Count me as one of the residents who was duped.

Wed, 06 Mar 2013 20:00:00 UTC

The Tragedy of the Re-Auth

Posted By Tim Bray

Were pushing the notion that sites should do Federated Identity; that those Sign in with Facebook/Google/Twitter/whoever badges you see everywhere are A Good Thing. And indeed they are. But its exposing a subtle problem. Background I spend a lot of time talking to people who are (in the jargon) RPs, where the initials stand for Relying Party and mean someone who relies on an Identity Provider (IDP in the jargon) to take care of login/logout. Its increasingly easy to set up Federated Login with an IDP, and as OpenID Connect stabilizes, therell be room for a real standards-based RP/IDP ecosystem.

Wed, 06 Mar 2013 20:00:00 UTC

Fujifilm X-E1

Posted By Tim Bray

What happened was, this month includes trips to Tokyo and the Big Island. And lately Ive been reading about cameras full of shiny new ideas. So I decided to indulge myself; here are way too many words about the state of cameras in general and in particular the one I bought. I suppose this is partly a review of the X-E1, but if you want to know the most important thing (what kind of pictures it takes) just follow the blog for the next week or two. Ill do a pictures-from-Tokyo series that covers a lot of different photographic styles.

Wed, 06 Mar 2013 19:24:15 UTC

The NSA's Ragtime Surveillance Program and the Need for Leaks

Posted By Bruce Schneier

A new book reveals details about the NSA's Ragtime surveillance program: A book published earlier this month, "Deep State: Inside the Government Secrecy Industry," contains revelations about the NSA's snooping efforts, based on information gleaned from NSA sources. According to a detailed summary by Shane Harris at the Washingtonian yesterday, the book discloses that a codename for a controversial NSA...

Wed, 06 Mar 2013 12:50:07 UTC

Al Qaeda Document on Avoiding Drone Strikes

Posted By Bruce Schneier

Interesting: 3 Spreading the reflective pieces of glass on a car or on the roof of the building. 4 Placing a group of skilled snipers to hunt the drone, especially the reconnaissance ones because they fly low, about six kilometers or less. 5 Jamming of and confusing of electronic communication using the ordinary water-lifting dynamo fitted with...

Wed, 06 Mar 2013 00:21:36 UTC

Thirty years of audio data storage

Posted By Greg Lehey

Edwin Groothuis pointed me at this image on the web today: Amazing how times change, and in particular how much content is now served by the Web.

Tue, 05 Mar 2013 19:58:04 UTC

Marketing at the RSA Conference

Posted By Bruce Schneier

Marcus Ranum has an interesting screed on "booth babes" in the RSA Conference exhibition hall: I'm not making a moral argument about sexism in our industry or the objectification of women. I could (and probably should) but it's easier to just point out the obvious: the only customers that will be impressed by anyone's ability to hire pretty models to...

Tue, 05 Mar 2013 15:00:00 UTC

Issue 34 "Hacker News Monthly" issue

Posted By Tom Limoncelli

My "4 Unix commands I abuse every day" blog post has been published in this month's Hacker News Monthly! Check it out: http://hackermonthly.com/issue-34.html Interestingly enough that post got more hits than any other that I posted last year. It got mentioned on HN (quite an honor) and then the print edition (Hacker News Monthly) contacted me about reprinting it. HNM is a pretty nice deal. If you don't have time to read HN every day, they pick out the best articles of the month and print them as an ebook (multiple formats) and an actual dead-trees printed version too!

Tue, 05 Mar 2013 12:28:50 UTC

Technologies of Surveillance

Posted By Bruce Schneier

It's a new day for the New York Police Department, with technology increasingly informing the way cops do their jobs. With innovation comes new possibilities but also new concerns. For one, the NYPD is testing a new type of security apparatus that uses terahertz radiation to detect guns under clothing from a distance. As Police Commissioner Ray Kelly explained to...

Tue, 05 Mar 2013 01:19:39 UTC

Homeland interviews

Posted By Cory Doctorow

A pair of nice interviews about my new novel Homeland hit the Web today: this fun chat with Rob "CmdrTaco" Malda on the Washington Post, and this one with David Klein at Las Vegas City Life: Its about conveying your enthusiasm. My readers like that enthusiastic voice. The dirty secret about geeking out is that … [Read more]

Mon, 04 Mar 2013 23:07:38 UTC

More weather station software

Posted By Greg Lehey

Peter Jeremy came up with this weather station software site today. It seems to do roughly what my software does (hopefully with fewer warts), but I haven't really looked at it yet.

Mon, 04 Mar 2013 20:04:34 UTC

New Internet Porn Scam

Posted By Bruce Schneier

I hadn't heard of this one before. In New Zealand, people viewing adult websites -- it's unclear whether these are honeypot sites, or malware that notices the site being viewed -- get a pop-up message claiming it's from the NZ Police and demanding payment of an instant fine for viewing illegal pornography....

Mon, 04 Mar 2013 15:55:05 UTC

Podcast with Beyond the Book

Posted By Cory Doctorow

The folks at Beyond the Book interviewed me for a recent podcast (MP3). We talked about computer control, DRM, publishing, and my latest book, Homeland.

Mon, 04 Mar 2013 13:57:19 UTC

How to tell if a site stores passwords in clear-text?

Posted By Tom Limoncelli

Click on the "I forgot my password" link. If they email you your password, you know they stored it in clear-text somewhere. You should complain. Sadly their first-tier support probably won't understand and will assure you that they take security seriously and you have nothing to fear. Oh well, at least you know and can choose to use a different company or at least use a password you aren't using anywhere else (which, you already do, right?) If they email you a code to reset your password or a temporary password, then either they stored a hash of the password (hopefully they did it right), or they're doing it wrong and their password-recovery system obscures this fact.

Mon, 04 Mar 2013 12:38:18 UTC

Getting Security Incentives Right

Posted By Bruce Schneier

One of the problems with motivating proper security behavior within an organization is that the incentives are all wrong. It doesn't matter how much management tells employees that security is important, employees know when it really isn't -- when getting the job done cheaply and on schedule is much more important. It seems to me that his co-workers understand the...

Mon, 04 Mar 2013 01:24:47 UTC

Whats the most utopian fiction of all?

Posted By Cory Doctorow

My latest column for Locus, "Ten Years On," looks back on my first decade as a novelist, and speculates about what a difficult utopia might be, and announces my next novel project: And then I realized I had no idea what novel Id write next. I have notes for about five books, but none of … [Read more]

Mon, 04 Mar 2013 01:24:43 UTC

Ten Years On

Posted By Cory Doctorow

Locus

Sat, 02 Mar 2013 22:38:24 UTC

No day for computing

Posted By Greg Lehey

Somehow things didn't go well today. It started when I came in and found a message from Wolfgang Riegler telling me of an incorrect dependency in the enblend port. Fixed that and got Edwin Groothuis to commit it, and he then discovered that removing the port left an empty directory behind. Normally that's handled by a @dirrm line in the pkg-plist file, but this port doesn't have a pkg-plist: it's all in the Makefile. Spent some time reading the porter's handbook without finding out how to remove a directory. Should I revert to a pkg-plist after all? It makes sense to minimize the number of files in a port, since they're all small, usually smaller than the minimum fragment size.

Fri, 01 Mar 2013 23:37:20 UTC

Real world adieu

Posted By Greg Lehey

Nearly 2 years ago I took over maintenance of the Friends of the Ballarat Botanical Gardens web site in hope of contributing something to the cause and getting a better understanding of the Real World. I suppose that I've been successful in those aims. But it's been a pain! Clearly gardeners aren't the most technical people in the world. And even more clearly I don't have the interpersonal skills to be a webmaster. But the site is still almost completely devoid of content, and what little content I get usually comes in forms that require much correction before they can be put up at all.

Fri, 01 Mar 2013 22:36:01 UTC

Friday Squid Blogging: Another Squid Cartoon.

Posted By Bruce Schneier

Another. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 01 Mar 2013 20:11:07 UTC

Me on "Virtually Speaking"

Posted By Bruce Schneier

Last week I was on "Virtually Speaking."...

Fri, 01 Mar 2013 11:05:22 UTC

Phishing Has Gotten Very Good

Posted By Bruce Schneier

This isn't phishing; it's not even spear phishing. It's laser-guided precision phishing: One of the leaked diplomatic cables referred to one attack via email on US officials who were on a trip in Copenhagen to debate issues surrounding climate change. "The message had the subject line 'China and Climate Change' and was spoofed to appear as if it were from...

Fri, 01 Mar 2013 03:23:12 UTC

Cascadia IT Conference: Discount extended! Don't miss out!

Posted By Tom Limoncelli

https://plus.google.com/u/0/101281951565093176572/posts/XALRuBSdgqP From the organizers: An impressive number of registrations over the past few days has prompted us to extend early bird pricing through Monday, March 4th. Save as much as $75 over at-the-door pricing by registering before 11:59pm Monday evening! If you're visiting Seattle from out of town, don't forget to make your hotel reservations by phone and be sure to mention the conference to receive a discounted room rate and parking: We also hope you'll join us Thursday, March 14th as the Seattle Area System Administrators Guild (SASAG) hosts a welcome reception sponsored by Silicon Mechanics in the Governors Room at the Hotel Deca.

Sign up for QueueNews

Upcoming Conferences

acmqueue app

Join ACM

Blog Archive: March 2013