Blog Archive: July 2013

Little Brother-themed team scavenger hunt coming to San Francisco!

Posted By Cory Doctorow

My novel Little Brother is the "One City One Book" pick for the San Francisco Public Library this year; and in its honor, they've put together an amazing city-wide scavenger hunt called "Rogue Agent." It features fiendish puzzles and awesome clues, and kicks off on September 14. It's a team-sport, so start thinking about your … [Read more]

The "They know it's a problem"-Syndrome

Posted By Tom Limoncelli

As a system administrator you hate to see it happen: A user has a problem. They don't report it to you (enter a bug report, file a ticket). They whine to their friends, or suffer in silence. Months later you find out and ask, "Why didn't you file a ticket? I could have fixed it!" They either didn't have time, didn't feel it would do any good, or whatever. Annoying right? What's 100 times more annoying? When sysadmins do it to each other. I've seen it many times. Walking through a process (say... setting up a new machine) and some of the steps require...

Brian Krebs Harassed

Posted By Bruce Schneier

This is what happens when you're a security writer and you piss off the wrong people: they conspire to have heroin mailed to you, and then to tip off the police. And that's after they've called in a fake hostage situation....

Wake on LAN: the rest

Posted By Greg Lehey

So yesterday I configured Wake on LAN on dxo, my Microsoft box. Modulo some unexpected behaviour (wake on any LAN event), it went remarkably smoothly. Today I had more photos to process, so I tried to wake up dxo again. Nothing. Further investigation showed that wake(1) wasn't working: === grog@eureka (/dev/pts/11) ~ 42 -> wake dxo wake: Cannot open bpf interface: Permission denied It worked fine as root. A clear case for setuid: === root@eureka (/dev/pts/20) ~ 7 -> chmod 4555 /usr/sbin/wake ...

Was the search for Evi botched?

Posted By Tom Limoncelli

http://www.stuff.co.nz/world/south-pacific/8972169/Search-for-missing-yacht-botched

Why Federate?

Posted By Tim Bray

Part of my job these days is convincing people to get out of the password business and start Federating; that is to say, outsource the login mechanics to an Identity Provider (IDP) like Facebook or Google or Microsoft or Twitter (and there are lots more). Ive given the sales pitch quite a few times now; here it is. Scenario Youre putting up a new app and need to sign in users, so you use whatevers popular with the package youre using: On Rails, typically Devise, on NodeJS Drywall or Passport, on PHP Usercake, and so on. These things will take care of storing and checking usernames and passwords for you.

Neighborhood Security: Feeling vs. Reality

Posted By Bruce Schneier

Research on why some neighborhoods feel safer: Salesses and collaborators Katja Schechtner and César A. Hidalgo built an online comparison tool using Google Street View images to identify these often unseen triggers of our perception of place. Have enough people compare paired images of streets in New York or Boston, for instance, for the scenes that look more "safe" or...

Really Clever Bank Card Fraud

Posted By Bruce Schneier

This is a really clever social engineering attack against a bank-card holder: It all started, according to the police, on the Saturday night where one of this gang will have watched me take money from the cash point. That's the details of my last transaction taken care of. Sinister enough, the thought of being spied on while you're trying to...

Theres no way to stop children viewing porn in Starbucks

Posted By Cory Doctorow

In honour of the Great Firewall of Cameron -- the UK government's plan to force ISPs to turn on network-level spying and censorship of "adult" material -- I've read aloud There's no way to stop children viewing porn in Starbucks, a column I wrote for the Guardian the last time the UK government floating this … [Read more]

My CookBook on Android

Posted By Greg Lehey

Gregory Orange reported back today. He had taken the original version of the recipe for tajine de bSuf aux pois chiches and put it on the My CookBook app on his Android device. It's difficult to get a screen shot, but what he saw was: How much use is that? I suppose it's about as good as the original recipe. But in the meantime I've changed it, and I wonder how long it would take Gregory to update it accordingly. At least it seems to be possible, unlike the web version.

Using wake on LAN

Posted By Greg Lehey

On Saturday evening Chris Bahlo were looking at the web site of her new employer, ruadvertising.com.au. First question: does it render correctly? Well, sort of, modulo overrun at the bottom, caused by guessing that I would use the standard character size. We were looking at the page on the TV, 58" diagonal, but some distance away. I've already noted that resolution isn't the issue: it's angle of view. At default sizes, it's illegible on the TV. Chris took that on board and then asked And what is it like under Internet Explorer?. I knew the answer, but of course the real challenge was getting Internet Explorer to display on the TV.

Obama's Continuing War Against Leakers

Posted By Bruce Schneier

The Obama Administration has a comprehensive "insider threat" program to detect leakers from within government. This is pre-Snowden. Not surprisingly, the combination of profiling and "see something, say something" is unlikely to work. In an initiative aimed at rooting out future leakers and other security violators, President Barack Obama has ordered federal employees to report suspicious actions of their colleagues...

Good Raw Files

Posted By Tim Bray

Ive been switching back and forth quite a bit between my two serious cameras, the Pentax K-5 (excellent late-2010 tech) and the Fujifilm X-E1 (same, late-2012). They both have important virtues, but Im starting to think the most important difference is raw-file quality. I have an example. People who know all about raw files and JPEG conversion and so on can hop on past the next section. Backgrounder: Formats and Spelling There are two ways a camera can save its captured images. First is JPEG, a file format that dates back to the early nineties, and still offers a pretty good ratio between data compression and perceived quality.

Enblend insider joke?

Posted By Greg Lehey

While looking at the enblend home page today, I noticed an interesting detail: That jaggy in the white stripe (which is part of a SVG image) is exactly the kind of thing that enblend is supposed to eliminate. I wonder what the thought processes behind it are. ACM only downloads articles once.

Enblend refuses to stitch more than 9 images

Posted By Greg Lehey

Some weeks ago Thomas Zenker reported a problem with the FreeBSD port of enblend, which I maintain: he couldn't get it to stitch more than 9 images at a time. It aborted with the messages: enblend: cannot load image "20120702-125206-125507-000009.tif" enblend: Precondition violation! did not find a matching file type. (/usr/ports/graphics/vigra/work/vigra-1.9.0/src/impex/codecmanager.cxx:234) He thought this was a general restriction, but of course I have been stitching many more than that, coincidentally with an almost identical configuration. He sent me his images and I was able to stitch them with no problems.

Friday Squid Blogging: Squid Song

Posted By Bruce Schneier

It's "Sparky the Giant Squid." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

OSCON 2013

Posted By Tim Bray

Ive been to this event a bunch of times over the years, always as a speaker I think. But if I couldnt speak Id probably pay real money to come anyway. It feels, for the moment, still essential. Sarah Novotny gets things going. Softwares open-source-ness (or not) seems hardly newsworthy these days. For you youngsters, there was a time when it was controversial, something that mattered, and there were businesses with no-OSS policies, and you felt like you were swimming upstream if you insisted on running GNU/Linux or Apache or MySQL or whatever. Missing a couple of years let me look at OSCON with fresh eyes, I think.

NSA Cracked the Kryptos Sculpture Years Before the CIA Did

Posted By Bruce Schneier

We interrupt this blog for some important inter-agency rivalry. The fourth part is still uncracked, though. Older links....

Secret Information Is More Trusted

Posted By Bruce Schneier

This is an interesting, if slightly disturbing, result: In one experiment, we had subjects read two government policy papers from 1995, one from the State Department and the other from the National Security Council, concerning United States intervention to stop the sale of fighter jets between foreign countries. The documents, both of which were real papers released through the Freedom...

Symlinks with Microsoft

Posted By Greg Lehey

One of the results of tidying up the house was that I found a whole lot of old photos that I need to scan in. And after my experience with SANE, I've decided to use my Microsoft box to do scanning. That works about as well as you can expect with a Microsoft box, but one irritating thing is that it saves the scanned data on the Microsoft machine, and I have to move it manually to eureka. What I need is a symlink. But doesn't Microsoft have symlink functionality? Does it work to external file systems? Asked on IRC and was told that it was called a shortcut (another modern joining of two words), and that I could make one by pushing mice between Windows Explorer windows.

Spammers getting even more stupid?

Posted By Greg Lehey

Spam is bad at the moment, and I'm continually wondering whether I shouldn't do something draconian like whitelists. But the spammers are not getting any cleverer. Or maybe they're catering to the toy MUA crowd who can't see the nonsense they're sending: From no-[email protected]  Fri Jul 25 00:30:25 2013 Return-Path: <no-[email protected]> ... Received: from mail.lemis.com [208.86.224.149]         by eureka.lemis.com with POP3 (fetchmail-6.3.21)         for <[email protected]> (single-drop); Fri, 25 Jul 2013 00:30:24 +1000 (EST) Received: from a81-84-240-48.static.cpe.netcabo.pt (a81-84-240-48.static.cpe.netcabo.pt [81.84.240.48])         by w3.lemis.com (Postfix) with ESMTP id D24B53B79C;         Thu, 24 Jul 2013 14:19:26 +0000 (UTC) Date: Thu, 24 Jul 2013 14:19:26 +0000 From: "Facebook" <no-[email protected]> To: <[email protected]>,         <[email protected]>,         <[email protected]> Subject: Kendall Carlson wants to be friends with you on Facebook.

Details on NSA/FBI Eavesdropping

Posted By Bruce Schneier

We're starting to see Internet companies talk about the mechanics of how the US government spies on their users. Here, a Utah ISP owner describes his experiences with NSA eavesdropping: We had to facilitate them to set up a duplicate port to tap in to monitor that customer's traffic. It was a 2U (two-unit) PC that we ran a mirrored...

Poached Eggs

Posted By Bruce Schneier

The story of people who poach and collect rare eggs, and the people who hunt them down. Securing wildlife against poachers is a difficult problem, especially when the defenders are poor countries with not a lot of resources....

Portability: Goodies vs. the hair shirt

Posted By Diomidis D. Spinellis

I dont know what the language of the year 2000 will look like, but I know it will be called Fortran  Tony Hoare Writing code that can run on any platform used to be a golden standard, as attested by the tens of books with the word portable in their title. Every day however staying true to the faith of portable code is becoming more challenging as mighty ecosystems amass resources to tempt us into their platform-specific version of heaven. We can write non-portable code out of laziness or ignorance, because we cant be bothered to verify or check that our code follows a standard.

Disk problems with a difference

Posted By Greg Lehey

Trying to back up my photos today, I ran into a problem I hadn't seen before: === root@eureka (/dev/pts/11) /home/grog 20 -> mount /dev/da2p1 /photobackup mount: /photobackup: Device not configured Huh? I had just plugged in the (USB) disk and confirmed that it had been probed successfully: Jul 24 15:38:13 eureka kernel: da2 at umass-sim3 bus 3 scbus11 target 0 lun 0 Jul 24 15:38:13 eureka kernel: da2: <ST ST2000DL003-9VT1 3.00> Fixed Direct Access SCSI-4 device Jul 24 15:38:13 eureka kernel: da2: 40.000MB/s transfers Jul 24 15:38:13 eureka kernel: da2: 1907729MB (3907029168 512 byte sectors: 255H 63S/T 243201C) Disk label problems?

Michael Hayden on the Effects of Snowden's Whistleblowing

Posted By Bruce Schneier

Former NSA director Michael Hayden lists three effects of the Snowden documents: "...the undeniable operational effect of informing adversaries of American intelligence's tactics, techniques and procedures." "...the undeniable economic punishment that will be inflicted on American businesses for simply complying with American law." "...the erosion of confidence in the ability of the United States to do anything discreetly or keep...

Appearing at the BSFA meeting tonight

Posted By Cory Doctorow

Hey, Londoners! I'm the speaker at tonight's British Science Fiction Association meeting in the Cellar Bar at the Argyle Public House (1 Greville Street EC1N 8PQ). Kicks off at 6PM -- I'll be interviewed by Tom Hunter from the Arthur C Clarke award.

NSA Implements Two-Man Control for Sysadmins

Posted By Bruce Schneier

In an effort to lock the barn door after the horse has escaped, the NSA is implementing two-man control for sysadmins: NSA chief Keith Alexander said his agency had implemented a "two-man rule," under which any system administrator like Snowden could only access or move key information with another administrator present. With some 15,000 sites to fix, Alexander said, it...

Blurring computer history

Posted By Greg Lehey

Seen on Pinterest while looking for something different and useful: Rear Admiral Grace Hopper. She worked for UNIVAC in 1949 who made some of the first computers ever. In 1951 she discovered the first computer bug.. In 1952 she had an operational compiler. Nobody believed that, she said. I had a running compiler and nobody would touch it. They told me computers could only do arithmetic. A compiler is the reason you have an Operating System with programs, a phone with apps.

More July anniversaries

Posted By Greg Lehey

I've just finished reading the end of my paper diaries, from January 1968 via the end of contiguous diaries on 1 October 1970 until the final isolated entry on 14 June 1977. It hasn't been as pleasant a reading as I had expectedyou remember the good things, but you tend to write down the bad things as well, and there's so much of that that I'll probably never type them in. But one thing I discovered was that my original assumptions about various anniversaries were wrong. I've already noted that a number of anniversaries fall in mid to late Julyin two days' time, for example, I will have known Yvonne for 31 yearsbut now I discover that the end of July seems to have been a good time to meet girls.

Tom speaking at SpiceWorld conference!

Posted By Tom Limoncelli

Just announced on the SpiceWorks website! SpiceWorld is a conference held by the fine people at SpiceWorks. Register here: http://www.spiceworks.com/spiceworld/2013/austin/register/

How the FISA Court Undermines Trust

Posted By Bruce Schneier

This is a succinct explanation of how the secrecy of the FISA court undermines trust. Surveillance types make a distinction between secrecy of laws, secrecy of procedures and secrecy of operations. The expectation is that the laws that empower or limit the government's surveillance powers are always public. The programs built atop those laws are often secret. And the individual...

Marc Rotenberg on the NSA Supreme Court Suit

Posted By Bruce Schneier

Marc Rotenberg of EPIC explains why he is suing the NSA in the Supreme Court. And USA Today has a back and forth on the topic....

Apps for cooking

Posted By Greg Lehey

A lot of discussion about cooking on IRC today. Does it make sense to use a tablet computer to view your recipes? That was one of the reasons I bought a tablet last year. My experience with this particular device was so negative that I didn't even try it in the kitchen: it went back. But that was that specific tablet, and potentially a tablet could be useful in the kitchen; it's just that it seems to be a lot of money for one small application. If I were to do that, a relatively modern laptop seems preferable. Then Gregory Orange came up singing the praises of My CookBook, a tablet App that he uses extensively in the kitchen.

Victory Lap for Ask Patents

Posted By Joel Spolsky

There are a lot of people complaining about lousy software patents these days. I say, stop complaining, and start killing them. It took me about fifteen minutes to stop a crappy Microsoft patent from being approved. Got fifteen minutes? You can do it too. In a minute, Ill tell you that story. But first, a little background. Software developers dont actually invent very much. The number of actually novel, non-obvious inventions in the software industry that maybe, in some universe, deserve a government-granted monopoly is, perhaps, two. The other 40,000-odd software patents issued every year are mostly garbage that any working programmer could invent three times before breakfast.

Prosecuting Snowden

Posted By Bruce Schneier

I generally don't like stories about Snowden as a person, because they distract from the real story of the NSA surveillance programs, but this article on the costs and benefits of the US government prosecuting Edward Snowden is worth reading....

Violence as a Source of Trust in Criminal Societies

Posted By Bruce Schneier

This is interesting: If I know that you have committed a violent act, and you know that I have committed a violent act, we each have information on each other that we might threaten to use if relations go sour (Schelling notes that one of the most valuable rights in business relations is the right to be sued -- this...

Victory Lap for Ask Patents

Posted By Joel Spolsky

There are a lot of people complaining about lousy software patents these days. I say, stop complaining, and start killing them. It took me about fifteen minutes… Read more "Victory Lap for Ask Patents"

The Wikipedia Gender Gap Revisited

Posted By Benjamin Mako Hill

In a new paper, recently published in the open access journal PLOSONE, Aaron Shaw and I build on new research in survey methodology to describe a method for estimating bias in opt-in surveys of contributors to online communities. We use the technique to reevaluate the most widely cited estimate of the gender gap in Wikipedia. [...]

Pacific Rim

Posted By Tim Bray

Hadnt actually gone out to a movie in a theater for a long time. Then I kept hearing kind words on this one from smart people with good taste. We sat a little too close to the really-big really-loud screen and still walked away smiling, albeit with mild headaches. I think this movie did a lot of things right and not much wrong. Yeah, its one of those movies about giant robots battling it out with giant reptilian aliens, and I recognize that some people wont be OK with that, but if you are, this is a really good one of those.

Pirate Cinema wins the Prometheus Award

Posted By Cory Doctorow

I could not be happier to announce that my novel Pirate Cinema has won the Libertarian Science Fiction Society's Prometheus Award, along with Neal Stephenson's Cryptonomicon. I won the Prometheus in 2008 for my novel Little Brother, and it's among my proudest honors. My sincere thanks to the judges and the members of the society … [Read more]

Linear algebra pain

Posted By Greg Lehey

Finally finished last week's assignments for my linear algebra course. Algebra? Statistical analysis using vectors. They're not due until next week, but the next assignments are there already, and I want to keep up to date. So on with the next week's lectures. No question, we're talking mathematics here. And I don't understand any of it! At the beginning of the series it seemed that they paid too much attention to things that were obvious; now it's very much the other way round. What's a vector space? I have a vague idea, but only a vague one, and the concept is central to the whole course.

Cameraccessories

Posted By Tim Bray

Words and pictures about add-ons, specifically the Luma Cinch (a new thing) and the Helios 44m-4 58mm f/2 lens (a very old thing). Soviet Lenses What happened was, since I got on board the Fujifilm soul train via the mighty Fuji X-E1 and the astoundingly-good little Fujinon XF35 35m f/1.4, Ive been tracking the Fuji-X-rated blogs, where I ran across Jonas Dyhr Rasks Vintage Standard Lens Shootout, where I heard about the Helios 44m-4 58mm F/2.0. I hated some of the more-garish pix in his review of the lens but was struck by its potential. A little research suggested that this product of the USSR-that-was falls into the vanishingly-small category of pretty-damn-good lenses you can EBay for cheap.

Turning Crucible Steel into a Wootz Seax

Posted By Niels Provos

Turning Crucible Steel into a Wootz Seax

Posted By Niels Provos

Turning Crucible Steel into a Wootz Seax

Posted By Niels Provos

Friday Squid Blogging: Paul Burke Giant Squid Sculpture

Posted By Bruce Schneier

The wood sculpture is part of an art exhibit at the VanDusen Botanical Garden in Vancouver....

TSA Considering Implementing Randomized Security

Posted By Bruce Schneier

For a change, here's a good idea by the TSA: TSA has just issued a Request for Information (RFI) to prospective vendors who could develop and supply such randomizers, which TSA expects to deploy at CAT X through CAT IV airports throughout the United States. "The Randomizers would be used to route passengers randomly to different checkpoint lines," says the...

Feeling the Customer Love for AWS

Posted By Werner Vogels

We work hard to meet our customers expectations and to innovate continuous on their behalf. This week at the Singapore AWS Summit we were fortunate that our customers Astro Radio from Kuala Lumpur were willing to join us on stage. Jayaram Gopinath Nagaraj and Kavitha Doraimaickam gave truly electrifying presentation about how AWS has transformed their radio stations. They also brought with them a video that showed their appreciation for how we enable them to innovate. It humbling and fun at the same time.

Counterterrorism Mission Creep

Posted By Bruce Schneier

One of the assurances I keep hearing about the U.S. government's spying on American citizens is that it's only used in cases of terrorism. Terrorism is, of course, an extraordinary crime, and its horrific nature is supposed to justify permitting all sorts of excesses to prevent it. But there's a problem with this line of reasoning: mission creep. The definitions...

Feeling the Customer Love for AWS

Posted By Werner Vogels

We work hard to meet our customer’s expectations and to continue to innovate on their behalf. This week at the Singapore AWS Summit we were fortunate that our customers Astro Radio from Kuala Lumpur were willing to join us on stage. Jayaram Gopinath Nagaraj and Kavitha Doraimaickam gave a truly electrifying presentation about how AWS has transformed their radio stations.

Paying for the NBN

Posted By Greg Lehey

It seems that yesterday Simon Hackett gave a presentation about issues with the Australian National Broadband Network, pointing to serious deficiencies. In recent times most criticism relating to the NBN has been directed at the Federal Opposition's planned castration of the network, as I've commented in the past. But no, while Simon disagrees with that too, this time he's talking about the cost. If his calculations are right, by 2040 the NBN will cost 5 times as much as ADSL (which, strangely, will cost exactly as much as it does now, a round $20 per month). He comes up with a number of suggestions about how to reduce the cost.

PRISM Q&A

Posted By Bruce Schneier

Mikko Hypponen and I answered questions about PRISM on the TED website....

Snowden's Dead Man's Switch

Posted By Bruce Schneier

Edward Snowden has set up a dead man's switch. He's distributed encrypted copies of his document trove to various people, and has set up some sort of automatic system to distribute the key, should something happen to him. Dead man's switches have a long history, both for safety (the machinery automatically stops if the operator's hand goes slack) and security...

Pirate Cinema shortlisted for Canadas Sunburst Award

Posted By Cory Doctorow

My novel Pirate Cinema has been shortlisted for this year's Sunburst Award, a juried prize for the best in Canadian science fiction. It's up in the Young Adult category, and is part of an exciting slate that is full of exciting books that deserve your attention.

New English

Posted By Greg Lehey

What's a namespace? A filesystem? How do they differ from name spaces and file systems? Is it just a difference in spelling, or is it a difference in meaning? My spelling check highlights both words as incorrect. Taking a step back: one of the biggest differences between English and German spelling is that in German nouns are written together, like Filmempfindlichkeitseinstellung, which looks terrifying until you split it up into Film Empfindlichkeits Einstellung (film sensitivity setting, which has the same number of syllables). There's a tendency in German to do this split, although it's a breach of spelling rules. And, it seems, there's the opposite tendency in English.

Goodbye ACM Queue

Posted By Greg Lehey

It's been some years since this diary was included in the ACM Queue RSS feed. As I noted at the time, the topics in the diary range far beyond the normal subject material for ACM Queue, so I quickly modified the structure of the diary to present the content as a series of articles on various topics. ACM Queue takes the ones with a computer topic. Last month that was 33 articles out of a total of 91. But somehow that's not restrictive enough. This is a diary, not a blog, and the main purpose is for me to make notes for myself.

AWS re:Invent 2013

Posted By Werner Vogels

The AWS re:Invent user conference last year in Las Vegas was by many described as the best technology conference they had been to in a long time. We had worked hard to give you great keynote sessions as well as deep technical content by AWS engineers, partners and customers. This year we will again work hard to create a conference that will exceed your expectations of a conference that is unique in its high quality content and engagement.You can choose from 175+ sessions, training bootcamps, hands-on labs, and hackathons to gain deeper skills and knowledge of the AWS Cloud. Bring your entire executive and technical teams and walk away with the skills and knowledge to refine your cloud strategy, improve developer productivity, increase application performance and security, and reduce infrastructure costs.

DHS Puts its Head in the Sand

Posted By Bruce Schneier

On the subject of the recent Washington Post Snowden document, the DHS sent this e-mail out to at least some of its employees: From: xxxxx Sent: Thursday, July 11, 2013 10:28 AM To: xxxxx Cc: xxx Security Reps; xxx SSO; xxxx;xxxx Subject: //// SECURITY ADVISORY//// NEW WASHINGTON POST WEBPAGE ARTICLE -- DO NOT CLICK ON THIS LINK I have been...

Tapping Undersea Cables

Posted By Bruce Schneier

Good article on the longstanding practice of secretly tapping undersea cables. This is news right now because of a new Snowden document....

AWS re:Invent 2013

Posted By Werner Vogels

The AWS re:Invent user conference last year in Las Vegas was by many described as the best technology conference they had been to in a long time. We had worked hard to give you great keynote sessions as well as deep technical content by AWS engineers, partners and customers. This year we will again work hard to create a conference that will exceed your expectations of a conference that is unique in its high quality content and engagement.

Erecting radiation tower?

Posted By Greg Lehey

The start of construction for the radiation tower is long past the estimate of four to five weeks that I got two months ago, and yesterday I asked my sources again. No, no problems, and construction should start within days. But when I went past today, I still didn't see anything. Well, not much. In the paddock next door there have been a number of old bales of hay. Now they're being removed and burnt (the smoke on the left): Are these the last preparations?

Counting Servers is Hard

Posted By James Hamilton

At the Microsoft World-Wide Partners Conference, Microsoft CEO Steve Ballmer announced that We have something over a million servers in our data center infrastructure. Google is bigger than we are. Amazon is a little bit smaller. You get Yahoo! and Facebook, and then everybody else is 100,000 units probably or less.   Thats a surprising data point for a variety of reasons. The most surprising is that the data point was released at all. Just about nobody at the top of the server world chooses to boast with the server count data point. Partly because its not all that useful a number but mostly because a single data point is open to a lot of misinterpretation by even skilled industry observers.

The Value of Breaking the Law

Posted By Bruce Schneier

Interesting essay on the impossibility of being entirely lawful all the time, the balance that results from the difficulty of law enforcement, and the societal value of being able to break the law. What's often overlooked, however, is that these legal victories would probably not have been possible without the ability to break the law. The state of Minnesota, for...

A Problem with the US Privacy and Civil Liberties Oversight Board

Posted By Bruce Schneier

I haven't heard much about the Privacy and Civil Liberties Oversight Board. They recently held hearings regarding the Snowden documents. This particular comment stood out: Rachel Brand, another seemingly unsympathetic board member, concluded: "There is nothing that is more harmful to civil liberties than terrorism. This discussion here has been quite sterile because we have not been talking about terrorism."...

Golang Diaries II

Posted By Tim Bray

I still havent written a thousand lines of Go; but what I have created does useful work and (considering I had to learn a language and a bunch of libraries along the way) didnt burn that much time. Herewith another batch of programming-permanoob reportage. Previously: Golang Diaries I. Illustrated Love Letter Im a Web guy, and this speaks for itself: resp, err := http.Get(uri) if err != nil { // horrible networking error, deal return failure } if resp.StatusCode != 200 { // grouchy server, deal return failure } mediaType := resp.Header.Get("Content-Type") if !strings.HasPrefix(mediaType, "application/json") { // bogus media type, deal return failure } defer resp.Body.Close() body, err := ioutil.ReadAll(resp.Body) // body is a byte array with the server response Isnt it pathetic that so ...

Speaking in San Diego on Tuesday; Comic-Con on Thu and Fri

Posted By Cory Doctorow

Hey, San Diego! I'm in town, teaching the Clarion Writing Workshop, and tomorrow (Tuesday) night at 7PM, I'll be appearing at Mysterious Galaxy as part of Clarion's speaker series. And if you're coming to Comic-Con, you can catch me on Thursday and Friday.

Walls Around Nations

Posted By Bruce Schneier

A political history of walls: Roman walls such as Hadrian's Wall, the Great Wall of China, the Berlin Wall, and the wall between Mexico and the U.S. Moral: they solve the wrong problem....

PuppetConf ticket contest: Winners

Posted By Tom Limoncelli

If your last name is "Cole" or "Joy" you should have email waiting for you with some good news. Congrats! To everyone else that entered, thanks for entering. Please consider going to the conference. PuppetConf.com is a great way to learn about how to get more done by working less. PuppetConf 2013 takes place at the Fairmont Hotel, located in the heart of downtown SF. Puppet Labs has a block of hotel rooms on discount until July 16th, at which time the discount won't be offered anymore. A ton of other social events around the conference are planned. About 2,000 attendees are expected to attend.

Internode support?

Posted By Greg Lehey

My network connection has gone to hell again. After 5 days of relative peace (though not good throughput) it started again a couple of days ago: 3 disconnects on the 9th, 7 on the 10th, 3 on the 11th, 6 on the 12th, and 8 today. And in each case reconnecting my myriad TCP connections can take up to 5 minutes. I can no longer keep my MythTV programme information up to date, because the network link won't stay up long enough. What should I do? Report it to Internode Support? That way madness lies. Once they were good. Now they don't even bother to escalate things.

Fixing Emacs

Posted By Greg Lehey

I've been using Emacs for ever, to the point where the key bindings come so naturally that I couldn't describe them without looking at what I do on the keyboard. So every small change made in subsequent versions of Emacs is particularly irritating. I'm not the only one. Peter Jeremy was complaining about it on IRC recently, but unlike me, he did something about it.

My Fellowship at the Berkman Center

Posted By Bruce Schneier

I have been awarded a fellowship at the Berkman Center for Internet and Society at Harvard University, for the 20132014 academic year. I'm excited about this; Berkman and Harvard is where a lot of the cool kids hang out, and I'm looking forward to working with them this coming year. In particular, I have three goals for the year: I...

Lunch with the Financial Times

Posted By Cory Doctorow

The Financial Times's Tim Harford has a regular feature called Lunch with the FT in which he takes someone out for lunch and a long chat, and then reports on both the lunch and the talk. We sat down recently for very nice steaks and cheap wine, and Tim's just written it up: Doctorow is … [Read more]

Friday Squid Blogging: SquidBacteria Symbiotic Relationships

Posted By Bruce Schneier

This is really interesting research. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

F2P Monetization Tricks

Posted By Bruce Schneier

This is a really interesting article about something I never even thought about before: how games ("F2P" means "free to play") trick players into paying for stuff. For example: This is my favorite coercive monetization technique, because it is just so powerful. The technique involves giving the player some really huge reward, that makes them really happy, and then threatening...

Interview on hacktivism and Aaron Swartz

Posted By Cory Doctorow

Here's the second part of my interview with TVOntario's "The Agenda" (part one was posted earlier this week) in which we talk about hacktivism and Aaron Swartz.

I'm giving away 2 free admissions to PuppetConf 2013!

Posted By Tom Limoncelli

The fine folks at PuppetLabs have given me two tickets to give away! Puppet Labs wants to send two of my readers to PuppetConf this year in San Francisco (happening August 22 - 23rd). The two lucky winners will receive free admission (travel, hotel, meals is for you to provide... though super discounted hotel rates are available if you book by July 16). PuppetConf 2013 is set to host 2,000 attendees this year and include speakers from VMware & RedHat. It will take place at the Fairmont Hotel, located in the heart of downtown SF, where a ton of other social events around the conference are set to take place.

What's a vector?

Posted By Greg Lehey

On with my linear algebra course, which is getting easier. But it seems to come from a parallel universe. No wonder I was confused. I've known about vectors for over 50 years, and it's clear what they are: a magnitude and a direction. Just to be sure I dragged out my old university maths book, which showed exactly what I remember. But that's not what vectors are today, at least according to this course: they're a special kind of discrete function. That's part of the reason why this is taking me so long: a new student would just learn and accept, but I'm stopping on every corner looking for reasoning.

CL XXV: Work Week

Posted By Tim Bray

There were two nations birthdays in four days, thus a slow spell at work; so we decided on a solid week of Cottage Life. And we invited all our friends to come for lunch. Friends came, work got done, and photos got taken. Work We have pretty good cell coverage on the island from Telus Mobility and get 3 bars of HSPA+; Speedtest.net says 3.5M down/2.3 up, which is plenty enough for my job. We make a hotspot with a Galaxy Nexus; reliability is better out on the deck than in the cabin, which is a better place to work anyhow.

Im in a Reddit AMA NOW!

Posted By Cory Doctorow

Hey there! I'm doing a Reddit Ask Me Anything (AMA) right now with Peter Beagle, Connor Cochran, and Lois Bujold from the current Humble Ebook Bundle.

More NSA Code Names

Posted By Bruce Schneier

We don't know what they mean, but there are a bunch of NSA code names on LinkedIn profiles. ANCHORY, AMHS, NUCLEON, TRAFFICTHIEF, ARCMAP, SIGNAV, COASTLINE, DISHFIRE, FASTSCOPE, OCTAVE/CONTRAOCTAVE, PINWALE, UTT, WEBCANDID, MICHIGAN, PLUS, ASSOCIATION, MAINWAY, FASCIA, OCTSKYWARD, INTELINK, METRICS, BANYAN, MARINA...

Humble Ebook Bundle reveals second week bonus books: XKCD, Gaiman/McKean, Holly Black & Machine of Death!

Posted By Cory Doctorow

The Humble Ebook Bundle -- a two-week, pay-what-you-like, DRM-free ebook sale -- has just revealed the four bonus books in week two: XKCD Volume 0 by Randall Munrow; Signal to Noise by Neil Gaiman and Dave McKean; Poison Eaters and Other Stories by Holly Black and the bestselling Machine of Death anthology. To get these … [Read more]

The NSA's Project SHAMROCK

Posted By Bruce Schneier

Nice history of Project SHAMROCK, the NSA's illegal domestic surveillance program from the 1970s. It targeted telegrams....

Kids, science fiction, technology, democracy and surveillance

Posted By Cory Doctorow

I sat down in Toronto with Steve Paikin and The Agenda, a great TVOntario programme, and talked about liberty, technology, kids, and surveillance. Agenda Plus: Cory Doctorow on the Future of the Library

Interview about kids, hacking and democracy with NPRs Here and Now

Posted By Cory Doctorow

I recently recorded an interview with NRP's "Here and Now" about surveillance, kids, activism, and my novel Homeland. (MP3)

Musing on Secret Languages

Posted By Bruce Schneier

This is really interesting. It starts by talking about a "cant" dictionary of 16th-century thieves' argot, and ends up talking about secret languages in general. Incomprehension breeds fear. A secret language can be a threat: signifier has no need of signified in order to pack a punch. Hearing a conversation in a language we don't speak, we wonder whether were...

Linear algebra, finally

Posted By Greg Lehey

So I've finished my first two assignments for the linear algebra course, and finally we're getting to the subject of the course. Spent some time watching the video lectures, which are much easier than the assignments, probably because (so far) there's not much to learn. Still, it has taken a lot of time to get this far. Hopefully the assignments will become more understandable too.

More network hell

Posted By Greg Lehey

One of the most frustrating things about my wireless Internet connection is its variability. When it works well, it's better than a standard ADSL connectionI've had real-world transfer rates of up to 300 kB/s in both directions. But you can't rely on it, and since the beginning of the year even VoIP has become unreliable. And they still haven't started building the radiation tower. Today, after nearly 5 days of connection and acceptable signal quality, things went to hell again. It's not just slowness, it's the timeouts that irritate me. For some reason DNS is a particular problem. Spent some time playing with my named configuration, in particular increasing the query timeout to 30 seconds:  options {   directory "/etc/namedb"; + resolver-query-timeout 30;   forwarders { That's only of limited use, though, as Edwin Groothuis pointed out: many ...

An Arduino-Based Sump Monitor (Part 2: Arduino Software)

Posted By Eric Allman

This posting describes the Arduino software and protocol used for my sump monitor. The previous posting describes the hardware. I may do an additional one later for the FreeBSD-based host software. Full story »Original post blogged on b2evolution.

The Effectiveness of Privacy Audits

Posted By Bruce Schneier

This study concludes that there is a benefit to forcing companies to undergo privacy audits: "The results show that there are empirical regularities consistent with the privacy disclosures in the audited financial statements having some effect. Companies disclosing privacy risks are less likely to incur a breach of privacy related to unintentional disclosure of privacy information; while companies suffering a...

Recommended reading: Why mobile web apps are slow (Drew Crawford)

Posted By Herb Sutter

I don’t often link to other articles, but this one is worth reading. Why mobile web apps are slow by Drew Crawford & So if you are trying to figure out exactly what brand of crazy all your native developer friends are on for continuing to write the evil native applications on the cusp of […]

Another Perspective on the Value of Privacy

Posted By Bruce Schneier

A philosophical perspective: But while Descartes's overall view has been rightly rejected, there is something profoundly right about the connection between privacy and the self, something that recent events should cause us to appreciate. What is right about it, in my view, is that to be an autonomous person is to be capable of having privileged access (in the two...

Video from my Maker Faire Meetup keynote

Posted By Cory Doctorow

Last Sunday I gave the keynote speech at the Maker Meetup after the London mini Maker Faire. Make's write-up of the event includes a video of my speech, which came out well (I think!).

Appearances: Reddit AMA, San Diego Comic-Con, and Mysterious Galaxy in San Diego

Posted By Cory Doctorow

This Thursday, I'll be doing a Reddit AMA with a bunch of authors from the current Humble Ebook Bundle, at 1230h Eastern/0930h Pacific/1730h UK. Then I head to San Diego to teach the Clarion Workshop, and I'll be taking part in the instructor's lecture series at the Mysterious Galaxy bookstore, speaking on July 16 at … [Read more]

Are you old enough to drink?

Posted By Greg Lehey

While writing yesterday's diary, checked the Pilsner Urquell web site. What a catastrophe! You're not even allowed to read it if you're not of drinking age. And how do they check that? You have to enter your date of birth! And even that is difficult. Three drop-down choice menus: So if you're born in October to December, or after the 9th of any month, or before 2001 (i.e.

Another day of python

Posted By Greg Lehey

Revisited my inefficient python program today, and as expected got it much more efficient0.9 seconds instead of 140 minutes, just shy of a 1000-fold improvement in performance. It still wasn't easy, not because of program logic, but because of python strangenesses. The more I learn of python, the more I like LISP. How do you select from a composite object? It depends. Maybe there's a function to do it for you, maybe you can subscript them. Most of my modifications were related to finding the correct syntax for selecting what I wanted. Doubtless there are good reasons, but it seems so much easier just to keep everything as a list.

Remembering Evi Nemeth: The woman that saved "sudo"

Posted By Tom Limoncelli

Technology website The Register called it. With the search called off, we must presume that Evi Nemeth is no longer with us. Their obit, "Godmother of Unix admins Evi Nemeth presumed lost at sea", gives an excellent overview of her life and influence. In the coming months there will be many memorials and articles written about Evi, most by people that knew Evi better than I. That said, I'd like to share something that most people don't know. Evi saved "sudo". Sudo has joined popular culture (or at least popular geek culture) thanks to the famous XKCD cartoon: sudo make me a sandwich.

Big Data Surveillance Results in Bad Policy

Posted By Bruce Schneier

Evgeny Morozov makes a point about surveillance and big data: it just looks for useful correlations without worrying about causes, and leads people to implement "fixes" based simply on those correlations -- rather than understanding and correcting the underlying the causes. As the media academic Mark Andrejevic points out in Infoglut, his new book on the political implications of information...

The NSAs Prism: why we should care

Posted By Cory Doctorow

Here's a read-aloud of my recent Guardian column, "The NSA's Prism: why we should care, which sets out the reasons for caring about the recent revelations of bulk, warrantless, suspicionless, indiscriminate surveillance. Mastering by John Taylor Williams: [email protected] John Taylor Williams is a audiovisual and multimedia producer based in Washington, DC and the co-host of … [Read more]

Protecting E-Mail from Eavesdropping

Posted By Bruce Schneier

In the wake of the Snowden NSA documents, reporters have been asking me whether encryption can solve the problem. Leaving aside the fact that much of what the NSA is collecting can't be encrypted by the user -- telephone metadata, e-mail headers, phone calling records, e-mail you're reading from a phone or tablet or cloud provider, anything you post on...

Exerting Fine Grain Control Over Your Cloud Resources

Posted By Werner Vogels

I am thrilled that now both Amazon EC2 and Amazon RDS support resource-level permissions. As customers move increasing amounts of compute and database workloads over to AWS, they have expressed an increased desire for finer grain control over their underlying resources. You can now use these new features to define the permissions your AWS IAM users (and applications) have to perform actions on specific or groups of Amazon EC2 and Amazon RDS resources. You can apply user-defined tags to your EC2 and RDS resources to help organize resources according to whatever schema is most relevant for a particular organization  be it an application stack, an organization unit, a cost center, or any other schema that might be appropriate.

Python learning notes

Posted By Greg Lehey

I'm continuing with this supposed linear algebra course, though so far I've only been learning python, and even the exercises aren't obviously related to linear algebra. I've signed a declaration of honour that I won't tell people about itdesigned to ensure that people don't copy other people's results. So I can't give too much detail, but the current exercise is to build a reverse index for a text search engine. How do you do that? The assignment documentation gives just enough information for you to be able to infer what they mean.

Exerting Fine Grain Control Over Your Cloud Resources

Posted By Werner Vogels

I am thrilled that now both Amazon EC2 and Amazon RDS support resource-level permissions. As customers move increasing amounts of compute and database workloads over to AWS, they have expressed an increased desire for finer grain control over their underlying resources. You can now use these new features to define the permissions your AWS IAM users (and applications) have to perform actions on specific or groups of Amazon EC2 and Amazon RDS resources.

State of the art web infrastructure

Posted By Greg Lehey

Chris Bahlo along for dinner tonight, as usual on Saturdays. After dinner, while Yvonne went to sleep with boredom, we talked about her new job at a local web design company whose name I forgot to ask. We discussed again my incomprehension that Wordsworth had taken four days to move the Friends of the Ballarat Botanical Gardens web site from the existing, functional site to the new sitewhy couldn't they just have cut over the DNS when it was up and running? Chris said updating a page on our sites normally doesn't cause more than two minutes lack of access. WHAT?

More weather station problems

Posted By Greg Lehey

My weather station has never been very reliable, and over the course of time I've been putting more and more heuristics into my software to catch the more obvious errors, most recently three months ago. But once again it seems to be getting cleverer: it's generating less obvious errors, and I can't catch them. Do I care? Yes, but not enough to drop everything and think out Yet Another Way of catching errors. Why didn't they just put a checksum in the transmitted data?

IPv6 on a m0n0wall box using a Sonic.net-provided tunnel

Posted By Eric Allman

(I started this post in December 2011 but didn't finish it and then managed to forget about it. I figured I might as well finish it and get it out.) I recently returned from the LISA 2011 conference, which was very good. One of the recurring themes was IPv6. That fired me up enough to try to get IPv6 fully working when I got home. I have an IPv6 tunnel to Hurricane Electric which I used on World IPv6 Day to give it a try, but I never really finished setting that up, in part because it added a fair amount of latency.

Friday Squid Blogging: Giant Origami Squid

Posted By Bruce Schneier

Giant origami squid photo found -- without explanation -- on Reddit. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

How Apple Continues to Make Security Invisible

Posted By Bruce Schneier

Interesting article: Apple is famously focused on design and human experience as their top guiding principles. When it comes to security, that focus created a conundrum. Security is all about placing obstacles in the way of attackers, but (despite the claims of security vendors) those same obstacles can get in the way of users, too. [...] For many years, Apple...

Sixth Movie-Plot Threat Contest Winner

Posted By Bruce Schneier

On April 1, I announced the Sixth Mostly-Annual Movie-Plot Threat Contest: For this year's contest, I want a cyberwar movie-plot threat. (For those who don't know, a movie-plot threat is a scare story that would make a great movie plot, but is much too specific to build security policy around.) Not the Chinese attacking our power grid or shutting off...

Is Cryptography Engineering or Science?

Posted By Bruce Schneier

Responding to a tweet by Thomas Ptacek saying, "If you're not learning crypto by coding attacks, you might not actually be learning crypto," Colin Percival published a well-thought-out rebuttal, saying in part: If we were still in the 1990s, I would agree with Thomas. 1990s cryptography was full of holes, and the best you could hope for was to know...

Metadata  a wartime drama

Posted By Cory Doctorow

The Guardian

Explaining metadata collection with Alan Turing, Theresa May and Winston Churchill

Posted By Cory Doctorow

My latest Guardian column is a one-act historical drama about metadata, starring Winston Churchill, Alan Turing and UK Home Secretary Theresa May: May: Mr Turing and his colleagues have laboured hard with every hour that God has sent, but try as they might, they can extract nothing of use from the Enigma cipher. Churchill: (roaring) … [Read more]

Spies, Hypocrites, and Fools

Posted By Tim Bray

There are angry voices sounding in Europe over the NSAs large-scale indiscriminate information-gathering there. Its perfectly possible to be suspicious and cynical about the US spooks, a fan of Ed Snowden, and still think those voices are those of either Euro-hypocrites or Euro-fools. In general, I approve of espionage and yet intensely distrust law-enforcement organizations. I think a healthy civic society should: Aggressively regulate its own security establishment. Worry intensely about overreach and privacy abuse by security officials. Empower those officials to watch its enemies closely and its allies even more closely. Assume that foreign security establishments will routinely try to capture every word spoken and every picture taken.

Evi Nemeth update: stay optimistic

Posted By Tom Limoncelli

Evi Nemeth's son is still optimistic and so am I. Here's what I glean from this report on 3NewsNZ: The last txt message from Evi wasn't the last txt message. Another txt was sent but not received. The phone company was able to reveal the last txt and its geolocation. The last txt was from Danielle and said "Sails Shredded last night, now bare polies, going 4 knot 310 degrees will update course info at 6pm." Given that info, it should be possible to locate them. However, no update at 6pm tells me we should be prepared for the worst.

The Office of the Director of National Intelligence Defends NSA Surveillance Programs

Posted By Bruce Schneier

Here's a transcript of a panel discussion about NSA surveillance. There's a lot worth reading here, but I want to quote Bob Litt's opening remarks. He's the General Council for ODNI, and he has a lot to say about the programs revealed so far in the Snowden documents. I'm reminded a little bit of a quote that, like many quotes,...

Comprehending python

Posted By Greg Lehey

Most language courses are boringly simplistic. The one I'm going through for Python is not. One of the issues, of course, is the lack of description of the syntax, particularly since it's so baroque. But mainly the issue is that it requires a completely different approach to programming from what I've seen before. I hope it gets easier once I have accepted the basics.

Teaching Computers Shows Us How Little We Understand About Ourselves

Posted By Cory Doctorow

Locus

Teaching computers teaches us how little we understand about ourselves

Posted By Cory Doctorow

My latest Locus column is Teaching Computers Shows Us How Little We Understand About Ourselves, an essay about how ideas we think of as simple and well-understood -- names, families, fairness in games -- turn out to be transcendentally complicated when we try to define them in rule-based terms for computers. I'm especially happy with … [Read more]

Humble Ebook Bundle II: name your price for Last Unicorn, Wil Wheaton, Lois McMaster Bujold, Little Brother, Boneshaker, and Spin!

Posted By Cory Doctorow

It's time for another Humble Ebook Bundle! Once again, I was honored to serve as volunteer curator of the Humble Ebook Bundle, a project from the Humble Indie Bundle people who've made Internet history by bundling together awesome, DRM-free media and letting you name your price for it. We did the first Humble Ebook Bundle … [Read more]

Privacy Protests

Posted By Bruce Schneier

Interesting law journal article: "Privacy Protests: Surveillance Evasion and Fourth Amendment Suspicion," by Elizabeth E. Joh. Abstract: The police tend to think that those who evade surveillance are criminals. Yet the evasion may only be a protest against the surveillance itself. Faced with the growing surveillance capacities of the government, some people object. They buy "burners" (prepaid phones) or "freedom...

US Department of Defense Censors Snowden Story

Posted By Bruce Schneier

The US Department of Defense is blocking sites that are reporting about the Snowden documents. I presume they're not censoring sites that are smearing him personally. Note that the DoD is only blocking those sites on its own network, not on the Internet at large. The blocking is being done by automatic filters, presumably the same ones used to block...

Impact Factor of Computer Science Journals 2012

Posted By Diomidis D. Spinellis

The Thomson Reuters Web of Knowledge has published the 2012 Journal Citation Reports . Following similar studies I performed in the past six years ( 2007 , '08 , '09 , '10 , '11 , '12 ) here is my analysis of the current status and trends for the impact factor of computer science journals.

An Arduino-Based Sump Monitor (Part 1: Hardware)

Posted By Eric Allman

We have a below-grade basement. We have a sump, but we’ve had problems with the pumps, or more precisely, the pump switches. Note the use of the plural: several years ago we installed a second pump on a separate switch, but we have still had both of them fail. So, I decided to build a monitor for the sump to measure both the height of the water in the sump and when (and if!) the pumps turn on. This needs to be able to send us alerts when something goes wrong, and may give us an idea of whether our sumps should be upgraded to something higher power.

Learning Python, again

Posted By Greg Lehey

I never finished the computational photography course that I started a couple of months ago. I had started in mid-course, and it became apparent that both my linear algebra and python skills were lacking. I started a Python course a little later, but it was too elementary, so I gave up on that too. Now they're offering a course on linear algebra, coincidentally using Python, so I've enrolled in that. First issue: it requires python 3.3.2, but the version installed on my machine is 2.7.2.

Meta Meta Meta

Posted By Tim Bray

On Sunday I wrote On Medium about writing on Medium, after I posted a rewrite there of a piece I wrote about Texas politics. Now lets write about that. At the point I wrote On Medium, my blog had 1250 reads of the original piece, not counting those who mightve read it in my feed. The Medium version had had 455 reads. Today, the numbers are 1560 for my blog (feed-exclusive) and 1700 or so at Medium. But today, I glanced at the stats and got a shock: the meta-piece had 13.3K feed-exclusive reads. Huh? A bit of poking around reveals that those folks had mostly come from a Hacker News thread, where theres worthwhile discussion of blogging in general and Medium in particular.

The Kids and Miles

Posted By Tim Bray

It was my turn to do the dishes and I needed a little extra energy, so I cued up Spanish Key from Bitches Brew. The 7-year old was table-clearing, the 14-year-old drying, and after a bit they were both bopping along with Miles and the band. I just cant listen to that music in a simple way, my mind keeps going Wayne Shorter just did what? or Yow, 3 measures of pure hard-bop or Ease off on the wah-wah, John. But the kids are teaching me: You dont have to know the subtext or the context, nor need any pretexts, to want to shake your butt.

Security Analysis of Children

Posted By Bruce Schneier

This is a really good paper describing the unique threat model of children in the home, and the sorts of security philosophies that are effective in dealing with them. Stuart Schechter, "The User IS the Enemy, and (S)he Keeps Reaching for that Bright Shiny Power Button!" Definitely worth reading. Abstract: Children represent a unique challenge to the security and privacy...

NSA E-Mail Eavesdropping

Posted By Bruce Schneier

More Snowden documents analyzed by the Guardian -- two articles -- discuss how the NSA collected e-mails and data on Internet activity of both Americans and foreigners. The program might have ended in 2011, or it might have continued under a different name. This is the program that resulted in that bizarre tale of Bush officials confronting then-Attorney General John...

Direct delivery email problems

Posted By Greg Lehey

So a few days ago I unblocked port 25 and started delivering email directly to the destination MTA. And today I discovered: === grog@eureka (/dev/pts/12) ~ 35 -> mailq -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 2FFBAF76A4     3029 Sat Jun 29 13:09:19  [email protected] (host extmail.bigpond.com[61.9.168.122] refused to talk to me: 554 nskntcmgw02p BigPond Inbound IB105. Connection refused. 121.44.114.34 has a poor Sender Score reputation. See https://www.senderscore.org/blacklistlookup/ for more information.)                                          [email protected] The problem here is that the address that the remote MTA sees is a dynamic address from Internode's pool, and it might once really have been abused.

I've Joined the EFF Board

Posted By Bruce Schneier

I'm now on the board of directors of the EFF....

How the NSA Eavesdrops on Americans

Posted By Bruce Schneier

Two weeks ago, the Guardian published two new Snowden documents. These outline how the NSA's data-collection procedures allow it to collect lots of data on Americans, and how the FISA court fails to provide oversight over these procedures. The documents are complicated, but I strongly recommend that people read both the Guardian analysis and the EFF analysis -- and possibly...

SIMON and SPECK: New NSA Encryption Algorithms

Posted By Bruce Schneier

The NSA has published some new symmetric algorithms: Abstract: In this paper we propose two families of block ciphers, SIMON and SPECK, each of which comes in a variety of widths and key sizes. While many lightweight block ciphers exist, most were designed to perform well on a single platform and were not meant to provide high performance across a...

w3 lives!

Posted By Greg Lehey

Yesterday was the day when RootBSD moved their server room, taking with it w3.lemis.com, which had an uptime of 4¾ years: Fri Jun 28 00:55:04 UTC 2013 12:55AM  up 1733 days,  2:24, 1 user, load averages: 0.00, 0.00, 0.00 When I came into the office this morning, w3 was still up. Moved or not? Sun Jun 30 00:18:16 UTC 2013 12:18AM  up 1735 days, 9 mins, 1 user, load averages: 0.00, 0.00, 0.00 Clearly it hadn't been rebooted. But had it been moved?