Blog Archive: January 2014

Fri, 31 Jan 2014 22:41:41 UTC

Friday Squid Blogging: Squid T-Shirt

Posted By Bruce Schneier

A T-shirt with a drawing of a squid reading. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 31 Jan 2014 20:17:41 UTC

IRATEMONK: NSA Exploit of the Day

Posted By Bruce Schneier

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: IRATEMONK (TS//SI//REL) IRATEMONK provides software application persistence on desktop and laptop computers by implanting in the hard drive firmware to gain execution through Master Boot Record (MBR) substitution. (TS//SI//REL) This technique supports systems without RAID hardware that boot from a variety of Western Digital, Seagate, Maxtor, and Samsung...

Fri, 31 Jan 2014 20:00:00 UTC

Hot Mirrorless Fun

Posted By Tim Bray

The golden age of photography continues; now the mirrorlesses have banged through the saloon doors, looking for a throwdown with the SLRs. Its fun! Today I have loads of links, some to unmissable picture galleries (not mine) and a portrait of Fujifilm buyer paralysis. Basics If you already know all about the mirrorless thing, skip on ahead to the next section (but stop to check out the pic). Traditionally, good cameras were SLRs which means that you look at the picture youre gonna take through the lens youre gonna take it with, courtesy of an elaborate steampunk prism-and-mirror arrangement that sends the light rays to the viewfinder.

Fri, 31 Jan 2014 19:30:00 UTC

Seattle: CascadiaIT'14 hotel discount ends Feb 8!

Posted By Tom Limoncelli

The hotel discount ends on Feb 8th so book your room as soon as possible! CascadiaIT is an awesome regional conference for sysadmins and devops. If you look at the schedule you're sure to see talks and tutorials you won't want to miss. I'll be teaching "Evil Genius 101" (on how to influence your boss and team) and " Team Time Management & Collaboration". On Saturday I'll be giving a talk about how StackExchange works. While this is a "regional conference" it is drawing people from all over the West coast, Pacific North West, and more. You should be there too.

Fri, 31 Jan 2014 15:00:00 UTC

LOPSA NJ Chapter: Feb meeting is a dinner meetup

Posted By Tom Limoncelli

LOPSA NJ's February meeting is at two different restaurants, Northern NJ and Southern-ish NJ. The planned discussion topic is "What are some of the most challenging problems that have come up in the last 24 months?" Date: Thursday, February 6th, 2014 Time: 7:00pm Location details: http://www.lopsanj.org/archives/2014/01/lopsa-nj-cluster-meeting-2014.html In the past these "cluster meetings" have been really fun, full of interesting war stories as well as technical info. If you are in the area, I hope see see you there!

Fri, 31 Jan 2014 12:16:44 UTC

Another Credit-Card-as-Authentication Hack

Posted By Bruce Schneier

This is a pretty impressive social engineering story: an attacker compromised someone's GoDaddy domain registration in order to change his e-mail address and steal his Twitter handle. It's a complicated attack. My claim was refused because I am not the "current registrant." GoDaddy asked the attacker if it was ok to change account information, while they didn't bother asking me...

Fri, 31 Jan 2014 02:38:00 UTC

HOWLERMONKEY: NSA Exploit of the Day

Posted By Bruce Schneier

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: HOWLERMONKEY (TS//SI//REL) HOWLERMONKEY is a custom Short to Medium range impant RF Tranceiver. It is used in conjumction with a digital core to provide a complete implant. (TS//SI//REL) HOWLERMONKEY is a COTS-based transceiver deigned to be compatible with CONJECTURE/SPECULATION networks and STRIKEZONE devices running a HOWLERMONKEY personality. PCB...

Fri, 31 Jan 2014 02:17:56 UTC

Exetel tuning

Posted By Greg Lehey

Exetel has been investigating alternatives to traffic shaping on my National Broadband Network connection. Today Eroshan called and asked me to run Yet Another speed test.

Fri, 31 Jan 2014 01:46:13 UTC

Into town again

Posted By Greg Lehey

Phone call early in the morning, from Sue at Paper Freight to tell me that my package had finally arrived in Ballarat. In principle I had asked Chris Bahlo to pick it up for me, but based on the problems I've had so far, decided to go in and pick it up myself. My way took me directly past the CFA headquarters, so stopped in and asked for a Bushfire Management Statement form. Blank stare. They spent some time discussing where I could find it, and in the meantime I went to pick up my parcel. Picking up the parcel was interesting.

Thu, 30 Jan 2014 20:00:00 UTC

N5-cam IV: Brighter Bridges

Posted By Tim Bray

In the previous outings in this series, Ive been torturing the poor little camera in my Nexus 5 with extreme low light, and I suppose it deserves better. If you want light, point the camera at a light  in this case, the shade of the Ikea-style floor lamp in my office. Wow, lots of detail. This makes a heck of an Android wallpaper. I was at a dojo watching the judokas work out and wondered how the little guy would do with fast-moving bodies in basic interior light. I didnt actually catch any hot action, but I loved the ceiling. Anyhow, lets do some real sunshine.

Thu, 30 Jan 2014 18:08:19 UTC

Side-Channel Attacks on Frog Calls

Posted By Bruce Schneier

The male túngara frog Physalaemus pustulosus uses calls to attract females. But croaking also causes ripples in the water, which are eavesdropped on -- both by rival male frogs and frog-eating bats....

Thu, 30 Jan 2014 12:52:28 UTC

Catalog of Snowden Revelations

Posted By Bruce Schneier

This looks to be very good. Add that to these three indexes of NSA source material, and these two summaries. This excellent parody website has a good collection of all the leaks, too....

Wed, 29 Jan 2014 23:45:53 UTC

Aaron Swartz  A Year Later

Posted By Benjamin Mako Hill

My friend Aaron Swartz died a little more than a year ago. This time last year, I was spending much of my time speaking with journalists and reading what they were writing about Aaron. Since the anniversary of his death, I have tried to take time to remember Aaron. I’ve returned to the things I […]

Wed, 29 Jan 2014 21:55:18 UTC

Exetel performance issues rectified?

Posted By Greg Lehey

Yet Another support session with Exetel this afternoon. For testing purposes they gave me a /30 direct Ethernet connection, which made absolutely no difference to the performance. And once again they wanted to run tests with axel, which once again produced the same results. About the only difference was that I got up to 1 MB/s with ftp. As I pointed out, the real application that requires good bandwidth is streaming video, and that generally doesn't use multiple TCP connections. Some discussion on packet tracing: it seems they don't know what that means! They were talking in terms of traceroute and mtr, and I had to explain to them what tcpdump and wireshark were, and how they worked.

Wed, 29 Jan 2014 21:49:14 UTC

Fastway couriers: inappropriately named

Posted By Greg Lehey

The remaining components for my new computer were sent from Brisbane by Fastway a week ago. They should have been here yesterday at the latest. Where are they? Your parcel is currently in transit between our 'Geelong' and 'Geelong' depots. What does that mean? And why was it misdirected? Called up the Geelong franchise and spoke to Bob, who explained that the package had been sent to Ballarat by accident, and since Ballarat is not manned, the tracking information shows Your parcel is currently in transit between our 'Geelong' and 'Geelong' depots. And the next item?

Wed, 29 Jan 2014 20:28:56 UTC

GINSU: NSA Exploit of the Day

Posted By Bruce Schneier

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: GINSU (TS//SI//REL) GINSU provides software application persistence for the CNE implant, KONGUR, on target systems with the PCI bus hardware implant, BULLDOZER. (TS//SI//REL) This technique supports any desktop PC system that contains at least one PCI connector (for BULLDOZER installation) and Microsoft Windows 9x, 2000, 20003, XP, or...

Wed, 29 Jan 2014 18:26:19 UTC

Trying to Value Online Privacy

Posted By Bruce Schneier

Interesting paper: "The value of Online Privacy," by Scott Savage and Donald M. Waldman. Abstract: We estimate the value of online privacy with a differentiated products model of the demand for Smartphone apps. We study the apps market because it is typically necessary for the consumer to relinquish some personal information through "privacy permissions" to obtain the app and its...

Wed, 29 Jan 2014 12:24:23 UTC

The Politics of Fear

Posted By Bruce Schneier

This is very good: ...one might suppose that modern democratic states, with the lessons of history at hand, would seek to minimize fear ­ or at least minimize its effect on deliberative decision-making in both foreign and domestic policy. But today the opposite is frequently true. Even democracies founded in the principles of liberty and the common good often take...

Wed, 29 Jan 2014 02:23:22 UTC

More cvr2 pain

Posted By Greg Lehey

Once again cvr2 Just Shut Down. Is this a thermal issue? It was very hot again today, even over 30° inside, but the operating system (Linux) didn't say. But then, it seems that it only ever marks time. Possibly it's just the defaults that are so laconic, but the comparison with FreeBSD is particularly noticeable. In any case, once again it wouldn't come up. Took the opportunity to blow the dust out of the CPU cooler, and tried powering on again. Still nothing. Disconnect disk. Still nothing. Replace power supply. Still nothing. Remove tuners. Powers on. Replace tuners. Powers on. So what's going on?

Tue, 28 Jan 2014 20:13:13 UTC

TAWDRYYARD: NSA Exploit of the Day

Posted By Bruce Schneier

Back in December, Der Spiegel published a lot of information about the NSA's Tailored Access Operations (TAO) group, including a 2008 catalog of hardware and software "implants." Because there were so many items in the catalog, the individual items didn't get a lot of discussion. By highlighting an individual implant every day, my goal is to fix that. Today's item:...

Tue, 28 Jan 2014 20:00:00 UTC

Moving the Gender Needle

Posted By Tim Bray

Ive been moaning for years, in public forums and on this blog, about the horrible gender imbalance in the software tribe: the women are missing. Im depressed because, numerically, things havent gotten any better. But there are grounds for optimism, just maybe. Its the numbers, stupid Theyre horrible. If Wikipedias right, less than 20% of university grads entering the profession are female, and the number is falling. So, basically, any employer that can get their female headcount noticeably over 20% is apt to feel smug. Is that pathetic or what? I dont want to be all soulless here, but the numbers really matter.

Tue, 28 Jan 2014 18:39:12 UTC

US Privacy and Civil Liberties Oversight Board (PCLOB) Condems NSA Mass Surveillance

Posted By Bruce Schneier

Now we know why the president gave his speech on NSA surveillance last week; he wanted to get ahead of the Privacy and Civil Liberties Oversight Board. Last week, it issued a report saying that NSA mass surveillance of Americans is illegal and should end. Both EPIC and EFF have written about this. What frustrates me about all of this...

Tue, 28 Jan 2014 12:47:48 UTC

EU Might Raise Fines for Data Breaches

Posted By Bruce Schneier

This makes a lot of sense. Viviane Reding dismissed recent fines for Google as "pocket money" and said the firm would have had to pay $1bn under her plans for privacy failings. Ms Reding said such punishments were necessary to ensure firms took the use of personal data seriously. And she questioned how Google was able to take so long...

Tue, 28 Jan 2014 02:06:31 UTC

SPARROW II: NSA Exploit of the Day

Posted By Bruce Schneier

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: SPARROW II (TS//SI//REL) An embedded computer system running BLINDDATE tools. Sparrow II is a fully functional WLAN collection system with integrated Mini PCI slots for added functionality such as GPS and multiple Wireless Network Interface Cards. (U//FOUO) System Specs Processor: IBM Power PC 405GPR Memory: 64MB (SDRAM), 16MB...

Mon, 27 Jan 2014 23:22:59 UTC

Ports pain: end in sight?

Posted By Greg Lehey

Into the office this morning to see how my ports build was getting on. Not well: ./Source/JavaScriptCore/wtf/Vector.h:58: error: invalid use of incomplete type 'struct WebCore::ScriptSourceCode' ./Source/WebCore/bindings/js/ScriptController.h:53: error: forward declaration of 'struct WebCore::ScriptSourceCode' gmake[1]: *** [Source/WebCore/page/libWebCore_la-Frame.lo] Error 1 Stop in /src/FreeBSD/svn/ports/www/webkit-gtk2.     19666.67 real      3425.40 user      1269.94 sys WebCore had built before. Why not now? Presumably because I had dug the perl installation out from under it and replaced it with something else. That's not the correct way to do it, of course, but given the time it has taken, it seemed a reasonable attempt.

Mon, 27 Jan 2014 16:08:41 UTC

Podcast: Cheap writing tricks

Posted By Cory Doctorow

Here's a reading of my latest Locus column, Cheap Writing Tricks, which discusses the mysterious business of why stories are satisfying, and how to make them so: Plots are funny things. In the real world, stuff is always happening, but its not a plot. People live. People die. People are made glorious or miserable. Things … [Read more]

Mon, 27 Jan 2014 12:32:08 UTC

New Security Risks for Windows XP Systems

Posted By Bruce Schneier

Microsoft is trying to stop supporting Windows XP. The problem is that a majority of ATMs still use that OS. And once Microsoft stops issuing security updates to XP, those machines will become increasingly vulnerable. Although I have to ask the question: how many of those ATMs have been keeping up with their patches so far? We have far to...

Mon, 27 Jan 2014 08:15:40 UTC

Makers review from high-school senior Rebecca Nguyen

Posted By Cory Doctorow

Rebecca Nguyen is a high-school senior who is a fan of my young adult novels. Recently, she read my book Makers and liked it so much that she wrote a great review of it, which she placed with the Poughkeepsie Journal. It's an incisive review, and I'm very grateful to Rebecca for it. Thank you, … [Read more]

Mon, 27 Jan 2014 03:27:13 UTC

My Geekhouse Bike Frame

Posted By Benjamin Mako Hill

In 2011, Mika and I bought in big at the Boston Red Bones party’s charity raffle  supporting MassBike and NEMBA  and came out huge. I won $500 off a custom frame at Geekouse Bikes. For years, Mika and I have been planning to do the Tour d’Afrique route (Capetown to Cairo), unsupported, on […]

Mon, 27 Jan 2014 01:03:29 UTC

Time for more HDR investigation

Posted By Greg Lehey

Yesterday it was windy, and the Bureau of Meteorology promised only light winds today, so I put off my house photos until today. They lied: it was quite windy. High time to find a better HDR solution. I'll start keeping thoughts on this page, though it'll be a while before it's finished. I intend to take this photo as an example: It shows significant ghosting on the yellow (Yellow King Umbert) cannas. There are various ways to address that, including masking that area from a suitably exposed component image, but it'll be interesting to see what the commercial products do.

Sun, 26 Jan 2014 23:28:09 UTC

Ports pain continues

Posted By Greg Lehey

After resolving yesterday's perl problem, things carried on building. GIMP started building last night at 19:20, and was still going this morning. The processor is an AMD Athlon 64 3500+, with 525 CPU marks roughly 5% the speed of my new machine. But part of the slowness is probably due to my decision to copy my photo disk across the Ethernet, and the test machine only has a 100 Mb/s interface. That also affected photo processing, presumably because of contention for the disk. Finally it finished: ===>  Installing for webkit-gtk2-1.8.3_2 ===>  Checking if www/webkit-gtk2 already installed pkg_add: could not find package perl5-5.16.3_6 !

Sun, 26 Jan 2014 20:00:00 UTC

Winterlong Tab Sweep

Posted By Tim Bray

Really long, I mean. But the organization is beyond criticism because there isnt any. Category: Other Item: Nadezhda Tolokonnikova of Pussy Riot's prison letters to Slavoj }i~ek (and she plays hard-ass music too). Item: David Weinbergers Pronouns were a mistake that we can fix. David Malki: Mortality record from 1665. Category: Wrong The egregious Evgeny Morozov got a slimepiece about the Maker movement published in The New Yorker. Remarkably, he apparently did not actually visit a Maker Faire or talk to an actual practitioner. What was The New Yorker thinking? Im not linking to it. Category: Fun Ars gives us The 20 best (and three most disappointing) video games of 2013; I only played one of them, because Ingress, and it is the most utter bullshit that thats not on Ars list.

Sun, 26 Jan 2014 16:00:00 UTC

We're hiring at StackExchange! SRE with Networking focus

Posted By Tom Limoncelli

Come join the team that runs ServerFault, StackOverflow, and over 100 other Q&A websites plus "Careers 2.0", the most awesome job site around. We have a great manager (I'm not just saying that because he reads my blog) and cool coworkers!

Sun, 26 Jan 2014 02:29:14 UTC

New photo backup disk

Posted By Greg Lehey

One of the things I got with my latest shipment of components was a new disk for my photos; the old one with a 2 TB file system is filling up, so this one has 4 TB. Hopefully disk capacity growth will outstrip my ability to produce images. Set it up as before, but things didn't quite work: === root@stable-amd64 (/dev/pts/0) /home/grog 19 -> gpart destroy -F ada1 ada1 destroyed === root@stable-amd64 (/dev/pts/0) /home/grog 21 -> gpart create -s GPT ada1 ada1 created === root@stable-amd64 (/dev/pts/0) /home/grog 25 -> gpart add -t freebsd-ufs ada1 ada1p1 added === root@stable-amd64 (/dev/pts/0) /home/grog 26 -> gpart show ada1 =>        34  7814037101  ada1  GPT  (3.7T)           34           6        - free -  (3.0k)           40  7814037088     1 ...

Sun, 26 Jan 2014 02:29:14 UTC

New photo backup disk

Posted By Greg Lehey

One of the things I got with my latest shipment of components was a new disk for my photos; the old one with a 2 TB file system is filling up, so this one has 4 TB. Hopefully disk capacity growth will outstrip my ability to produce images. Set it up as before, but things didn't quite work: === root@stable-amd64 (/dev/pts/0) /home/grog 19 -> gpart destroy -F ada1 ada1 destroyed === root@stable-amd64 (/dev/pts/0) /home/grog 21 -> gpart create -s GPT ada1 ada1 created === root@stable-amd64 (/dev/pts/0) /home/grog 25 -> gpart add -t freebsd-ufs ada1 ada1p1 added === root@stable-amd64 (/dev/pts/0) /home/grog 26 -> gpart show ada1 =>        34  7814037101  ada1  GPT  (3.7T)           34           6        - free -  (3.0k)           40  7814037088     1 ...

Sun, 26 Jan 2014 02:05:49 UTC

Ports pain, yet again

Posted By Greg Lehey

On with building ports today. My ports-try target completed, and I went back to look for the stragglers. Some I don't know about at all. What's mozplugger? According to /usr/ports/www/mozplugger/pkg-descr it's a small general purpose Mozilla plugin that displays various types of media formats found on the Internet in your browser. And it doesn't fetch, and the web site doesn't respond. Who cares? Maybe I do, but it's not exactly on the critical path. Then there's kdenlive, another package that I didn't recognize, though it seems to be a video editor. It died with a broken dependency: XML::Parser...

Sun, 26 Jan 2014 02:05:49 UTC

Ports pain, yet again

Posted By Greg Lehey

On with building ports today. My ports-try target completed, and I went back to look for the stragglers. Some I don't know about at all. What's mozplugger? According to /usr/ports/www/mozplugger/pkg-descr it's a small general purpose Mozilla plugin that displays various types of media formats found on the Internet in your browser. And it doesn't fetch, and the web site doesn't respond. Who cares? Maybe I do, but it's not exactly on the critical path. Then there's kdenlive, another package that I didn't recognize, though it seems to be a video editor. It died with a broken dependency: XML::Parser...

Sun, 26 Jan 2014 02:04:25 UTC

Optical Archival Storage Technology

Posted By James Hamilton

Its an unusual time in our industry where many of the most interesting server, storage, and networking advancements arent advertised, dont have a sales team, dont have price lists, and actually are often never even mentioned in public. The largest cloud providers build their own hardware designs and, since the equipment is not for sale, its typically not discussed publically.   A notable exception is Facebook. They are big enough that they do some custom gear but they dont view their hardware investments as differentiating. That may sound a bit strange -- why spend on something if it is not differentiating?

Sat, 25 Jan 2014 18:00:00 UTC

Seattle: CascadiaIT'14 Registration is OPEN

Posted By Tom Limoncelli

Tell your friends, tell your neighbors, tell your friends' neighbors and your neighbors' friends! http://casitconf.org/casitconf14/registration-is-now-open/ I'll be teaching "Evil Genius 101" and "Team Time Management & Collaboration" half-day tutorials. Plus I'll be giving a talk on Saturday about "The Stack at StackExchange". The conference is March 7-8, 2014 in Seattle, WA. While it is a regional conference, people come from all over. Hope to see you there!

Sat, 25 Jan 2014 15:00:00 UTC

LOPSA-East: CFP extended to Jan 31!

Posted By Tom Limoncelli

The LOPSA-East "call for participation" has extended the submission deadline to Fri, Jan 31. You have an extra week to send in your proposed talks. In particular, anything related to cutting edge operational issues ("devops") and new technology (wha t sysadmins should know about "new" things like SSDs, etc). Personally I'd like to see more "culture" talks. If you've done an awesome project in the last year and would like to talk about it, write it up and submit it soon! Interested in presenting? View the CFP: http://lopsa-east.org/2014/ Interested in helping? Email [email protected] Interested in attending? Save May 2-3, 2014 on your calendar!

Sat, 25 Jan 2014 02:12:15 UTC

Tracing the Exetel connection

Posted By Greg Lehey

It's now been over three weeks since I submitted my ticket to Exetel. Yesterday's tracing gave us some new information, but they still don't seem to have done the obvious thing and trace the connection. Instead a got a call from Exetel (Eroshan Jayaweera, if I got the name right) asking questions that I had answered several time in my speed test page.

Fri, 24 Jan 2014 22:15:05 UTC

Friday Squid Blogging: Giant Squid Caught by Japanese Fisherman

Posted By Bruce Schneier

It's big: 13 feet long. The fisherman was stunned to discover the giant squid trapped in his net, having been caught at a depth of around 70m, about two-thirds of a mile from the coast. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 24 Jan 2014 20:09:51 UTC

PHOTOANGLO: NSA Exploit of the Day

Posted By Bruce Schneier

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: PHOTOANGLO (TS//SI//REL TO USA,FVEY) PHOTOANGLO is a joint NSA/GCHQ project to develop a new radar system to take the place of the CTX4000. (U) Capabilities(TS//SI//REL TO USA,FVEY) The planned capabilities for this system are: Frequency range: 1 - 2 GHz, which will be later extended to 1 -...

Fri, 24 Jan 2014 18:43:47 UTC

Applied Cryptography Available Online

Posted By Bruce Schneier

I'm sure this is a pirated copy. Looking at it, it's amazing how long ago twenty years was....

Fri, 24 Jan 2014 12:51:15 UTC

Income Inequality as a Security Issue

Posted By Bruce Schneier

This is an interesting way to characterizing income inequality as a security issue: &growing inequality menaces vigorous societies. It is a proxy for how effectively an elite has constructed institutions that extract value from the rest of society. Professor Sam Bowles, also part of the INET network, goes further. He argues that inequality pulls production away from value creation to...

Fri, 24 Jan 2014 08:13:32 UTC

Announcing In Real Life: graphic novel about gold farming, kids and games

Posted By Cory Doctorow

Yesterday, FirstSecond formally announced the publication of In Real Life, a graphic novel about gaming and gold farming for young adults based on my award-winning story Anda's Game, adapted by Jen Wang, creator of the amazing graphic novel Koko Be Good. Jen did an incredible job with the adaptation. Kotaku conducted a Q&A with Jen … [Read more]

Fri, 24 Jan 2014 02:08:44 UTC

New computer arrivesalmost

Posted By Greg Lehey

Phone call from TNT this afternoon: they had attempted in vain to deliver my new computer, because the driver couldn't find the address in his GPS navigator. That's understandableI've ranted enough about the poor quality of the maps round herebut why didn't he call me? In any case, that proved not to be a problem, because Yvonne was just about to go into town, so she picked it up. But it's still missing memory, SSD and power supply. Maybe, if we're lucky, that will arrive tomorrow. ACM only downloads articles once.

Fri, 24 Jan 2014 01:36:49 UTC

Exetel problem, next chapter

Posted By Greg Lehey

Call from Exetel support today: they wanted access to a BSD machine. Why? They couldn't tell me. But after some discussion on IRC, where in particular Edwin Groothuis was very much in favour, set up an account on stable-amd64, the machine that I'm still in the process of building. How do you give access to somebody from outside when connected via NAT? The simplest solution, it seems, was not to do so. Instead set up PPPoE on the box and connected directly. That worked relatively well, and the tech (Glen) basically repeated Yet Again all the things that I had done before.

Thu, 23 Jan 2014 20:39:35 UTC

NIGHTWATCH: NSA Exploit of the Day

Posted By Bruce Schneier

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: NIGHTWATCH (TS//SI//REL TO USA,FVEY) NIGHTWATCH is a portable computer with specialized, internal hardware designed to process progressive-scan (non-interlaced VAGRANT signals. (U) Capability Summary (TS//SI//REL TO USA,FVEY) The current implementation of NIGHTWATCH consists of a general-purpose PC inside of a shielded case. The PC has PCI digitizing and clock...

Thu, 23 Jan 2014 13:03:05 UTC

Consumer Manipulation

Posted By Bruce Schneier

Tim Hartford talks about consumer manipulation: Consider, first, confusion by design: Las Vegas casinos are mazes, carefully crafted to draw players to the slot machines and to keep them there. Casino designers warn against the "yellow brick road" effect of having a clear route through the casino. (One side effect: it takes paramedics a long time to find gamblers in...

Thu, 23 Jan 2014 12:42:29 UTC

Pirate Cinema and Homeland covers shortlisted for the Kitschie for best cover

Posted By Cory Doctorow

The Kitschies are a British award for science fiction and fantasy; every year they choose some marvellous books to honour. This year, I'm proud and pleased announce that they've shortlisted the UK editions of my novels Pirate Cinema and Homeland for the "Inky Tentacle" award for best cover. Both covers were designed by the studio … [Read more]

Thu, 23 Jan 2014 12:42:06 UTC

Pirate Cinema and Homeland covers shortlisted for the Kitschie for best cover

Posted By Cory Doctorow

The Kitschies are a British award for science fiction and fantasy; every year they choose some marvellous books to honour. This year, I'm proud and pleased announce that they've shortlisted the UK editions of my novels Pirate Cinema and Homeland for the "Inky Tentacle" award for best cover. Both covers were designed by the studio … [Read more]

Thu, 23 Jan 2014 01:07:19 UTC

Raw images: Not with Ashampoo Commander

Posted By Greg Lehey

Since getting my new Olympus OM-D E-M1 my photo processing hasn't got any easier. I used to use DxO Optics Pro to convert the raw images and enhance them a little, then pass the images through Ashampoo photo optimizer. Now DxO no longer understands my combination of camera and lens, so I have to use Olympus Viewer to convert the images to JPEG. And now I have the new Photo Commander 11 to do the optimization for me. But Commander can also process raw images. In the cases where distortion correction isn't important, why not just use it as a one-stop conversion program?

Wed, 22 Jan 2014 23:57:33 UTC

FreeBSD 10.0: Not ready for prime time

Posted By Greg Lehey

Once again I've spent some considerable time installing the latest and greatest version of FreeBSD on a new disk in preparation for the new machine that is on its way. Coincidentally the FreeBSD project announced 10.0-RELEASE today, though I have been tracking it for some time. Yesterday I started a ports-try target, which tries to install every port in my list of ports. It doesn't have to succeed: if not, it just goes on and builds the next one. Then I can come back and look at the ports that fail to build. Why should a port fail to build? Hasn't it been tested?

Wed, 22 Jan 2014 20:15:32 UTC

NIGHTSTAND: NSA Exploit of the Day

Posted By Bruce Schneier

Today's device from the NSA's Tailored Access Operations (TAO) group implant catalog: NIGHTSTAND (TS//SI//REL) An active 802.11 wireless exploitation and injection tool for payload /exploit delivery into otherwise denied target space. NIGHTSTAND is typically used in operations where wired access to the target is not possible. (TS//SI//REL) NIGHTSTAND - Close Access Operations " Battlefield Tested " Windows Exploitation " Standalone...

Wed, 22 Jan 2014 18:19:17 UTC

Refrigerator Sending Spam Messages?

Posted By Bruce Schneier

Coming barely weeks after my essay on the security risks from embedded systems, the Proofpoint report of a span-sending refrigerator was just too good to be true. I was skeptical, so I didn't blog it. Now Ars Technica has a good analysis of the report, and is also skeptical. In any case: it could happen, and sooner or later it...

Wed, 22 Jan 2014 12:41:07 UTC

Questioning the Efficacy of NSA's Bulk-Collection Programs

Posted By Bruce Schneier

Two reports have recently been published questioning the efficacy of the NSA's bulk-collection programs. The first one is from the left-leaning New American Foundation (report here, and one-page tabular summary here). However, our review of the governments claims about the role that NSA bulk surveillance of phone and email communications records has had in keeping the United States safe from...

Wed, 22 Jan 2014 00:26:29 UTC

Preparing for the new machine

Posted By Greg Lehey

Another phone call to Umart today about my new machine. They promised to find an ETA for the still-missing components and get back to me with details. They were about the best I could expect: things have been shipped. In preparation, started building those ports that wouldn't install from the PKGng repository. First was just configuring the packages, which took an hour of pressing Return. How many packages did I configure? Hard to say, since all that information is stored in a database that doesn't easily (to me, anyway) show what packages it belongs to. But it must have been several hundred.

Tue, 21 Jan 2014 23:57:47 UTC

Coursera in the age of NBN

Posted By Greg Lehey

A few months ago I participated in a few courses from Coursera. Getting the videos was difficult, and it took me several hours each week to download them. They were taking up too much time, so I stopped for a while, but now there are a couple that are quite interesting: Programming Mobile Applications for Android Handheld Systems and Human Evolution: Past and Future. The second will presumably not take up too much time, and the first sounds interesting enough to expend some time on it if necessary. Today both courses started, and I loaded the videos. What a difference! All were done within a couple of minutes.

Tue, 21 Jan 2014 20:11:39 UTC

LOUDAUTO: NSA Exploit of the Day

Posted By Bruce Schneier

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: LOUDAUTO (TS//SI//REL TO USA,FVEY) Audio-based RF retro-reflector. Provides room audio from targeted space using radar and basic post-processing. (U) Capabilities (TS//SI//REL TO USA,FVEY) LOUDAUTO's current design maximizes the gain of the microphone. This makes it extremely useful for picking up room audio. It can pick up speech at...

Tue, 21 Jan 2014 16:14:07 UTC

Speaking at SXSW with Barton Gellman about Edward Snowden and NSA surveillance

Posted By Cory Doctorow

I'll be returning to SXSW Interactive this March for the first time in more than five years, to interview Pulitzer-winning journalist Barton Gellman, who is one of the journalists who's been entrusted with some of the Snowden NSA leaks. We're doing a presentation called "Snowden 2.0: A Field Report From the NSA Archives," which follows … [Read more]

Tue, 21 Jan 2014 12:33:41 UTC

Adware Vendors Buy and Abuse Chrome Extensions

Posted By Bruce Schneier

This is not a good development: To make matters worse, ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens. Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is...

Tue, 21 Jan 2014 01:24:30 UTC

Ports pain all over again

Posted By Greg Lehey

The hardware for my new machine should arrive some time this week, so it's high time to have a system to put on it. I've already installed those packages that I could find in the FreeBSD repository, but that was a while back. PKGng has an upgrade command: type pkg upgrade and it should upgrade all installed packages. That's the theory. What I got was: pkg: Error while trying to install/upgrade packages, as there are unresolved dependencies: x11-drivers/xf86-input-keyboard: x11-servers/xorg-server Further investigation showed that xorg-server had failed to build on the build machine and had thus been removed from the repository.

Tue, 21 Jan 2014 00:47:46 UTC

Ashampoo Photo Commander

Posted By Greg Lehey

Last week I was considering buying Ashampoo Photo Commander 11, and gradually came to the conclusion that it wasn't worth it. But I bought it anyway. They had a special offer, and along with Movie Studio (explicitly not Pro) it cost me $20. Was it worth it? One problem is clear: in the documentation they claim to have exceptional customer service, but so far neither of my questions about the products have been answered. One thing that it can definitely do is optimize photos. I've been using an old version of their Optimizer program for some time, but it occasionally goes crazy and messes up photos, and it can't handle the size of images I've been generating lately.

Tue, 21 Jan 2014 00:33:22 UTC

Playing with DraftSight

Posted By Greg Lehey

Tom Tyler's email included an attachment with the name Not used for HTML emails.dwg. Apart from the silly name, what's that? Jürgen Lock came out with the discovery that it's an AutoCAD file format, and Jashank Jeremy was able to decode it: it's the site plan above. He also came up with the information that there's a free compatible CAD package called DraftSight that can process them. Installed that and took a bit of a look: yes, it seems to be relatively powerful. Now I just need the time to learn how to use it. ACM only downloads articles once.

Mon, 20 Jan 2014 20:20:46 UTC

CTX4000: NSA Exploit of the Day

Posted By Bruce Schneier

Today's device -- this one isn't an implant -- from the NSA's Tailored Access Operations (TAO) group implant catalog: CTX4000 (TS//SI//REL TO USA,FVEY) The CTX4000 is a portable continuous wave (CW) radar unit. It can be used to illuminate a target system to recover different off net information. Primary uses include VAGRANT and DROPMIRE collection. (TS//SI//REL TO USA,FVEY) The CTX4000...

Mon, 20 Jan 2014 18:28:40 UTC

Podcast: Digital failures are inevitable, but we need them to be graceful

Posted By Cory Doctorow

Here's a reading of my latest Guardian column, Digital failures are inevitable, but we need them to be graceful, about the social and political factors that make all the difference when choosing technologies. Banshee fails gracefully because its authors don't attempt any lock-in. When I find myself diverging from the design philosophy of Banshee to … [Read more]

Mon, 20 Jan 2014 12:18:58 UTC

DDOS Attacks Using NTP

Posted By Bruce Schneier

This is new: The NTP method first began to appear late last year. To bring down a server such as one running "League of Legends," the attackers trick NTP servers into thinking they've been queried by the "League of Legends" server. The NTP servers, thinking they're responding to a legitimate query, message the "League of Legends" server, overloading it with...

Sat, 18 Jan 2014 23:18:00 UTC

Time for better HDR software?

Posted By Greg Lehey

House photo day again today, and again I've tried making HDR images of all of them. And again things were less than perfect, with lots of ghosting: How do I fix that? Other software seems to be about the only way. Currently I'm using align_image_stack (part of Hugin) and enblend to merge the images. Here's the core of my HDR script: nice align_image_stack -a $TMP $* nice enfuse -o $RESULT $TMP* That works well for static images, but it has no provision at all for avoiding ghosting.

Sat, 18 Jan 2014 01:42:57 UTC

Domestic network woes

Posted By Greg Lehey

There's something funny in my domestic network infrastructure as well. I've reported various problems which seem to be related to the switch in Yvonne's office, and so far the only one I have identified beyond reasonable doubt are the two cables that Tanya chewed through. Today I tried to read in some photos from my camera. I do that on lagoon, Yvonne's machine because of the USB issues on my own (current) machine. And they get copied via NFS to my machine. The network topology involves a cable to a switch in the cupboard in Yvonne's office, then a cable under the house to my office, and thence into the main switch.

Sat, 18 Jan 2014 01:41:56 UTC

Tracking down the Exetel problems

Posted By Greg Lehey

Call from Theje of Exetel today to address the ongoing network problems. He claimed that they had changed the routing. I had expected something like this, and had already saved a traceroute output of what I currently had: === root@eureka (/dev/pts/5) /home/grog 5 -> traceroute cdn-edge1.mel4.internode.on.net traceroute to cdn-edge1.mel4.internode.on.net (150.101.208.62), 64 hops max, 52 byte packets  1  air-gw-2 (192.109.197.153)  0.722 ms  0.406 ms  0.402 ms  2  226.2.96.58.static.exetel.com.au (58.96.2.226)  30.126 ms  26.398 ms  17.908 ms  3  97.2.96.58.static.exetel.com.au (58.96.2.97)  27.108 ms  29.601 ms  34.935 ms ... (leaves Exetel network) So it was relatively easy to compare the new routing: === grog@eureka (/dev/pts/14) ~/Photos/20140114 4 -> traceroute cdn-edge1.mel4.internode.on.net traceroute to cdn-edge1.mel4.internode.on.net (150.101.208.62), 64 hops max, 52 byte packets  1  air-gw-2 (192.109.197.153)  1.231 ms  0.418 ms  0.410 ms  2  226.2.96.58.static.exetel.com.au ...

Sat, 18 Jan 2014 01:09:01 UTC

Reception problems: insights?

Posted By Greg Lehey

I've been puzzling about TV reception quality for years now, without coming to any obvious conclusions. Radio has also been very variable as well, and from time to time I've wondered if the issues are related. But today I had a surprise: just out of the shower, there was a power surge or similar, not enough to cause any devices to power cycle, but enough to make at least one UPS scream. And the radio reception went to hell! All I could hear was noise. So: is this a (or more than one) rogue UPS? Chasing that one down could be fun.

Fri, 17 Jan 2014 22:44:12 UTC

Friday Squid Blogging: Camouflage in Squid Eyes

Posted By Bruce Schneier

Interesting research: Cephalopods possess a sophisticated array of mechanisms to achieve camouflage in dynamic underwater environments. While active mechanisms such as chromatophore patterning and body posturing are well known, passive mechanisms such as manipulating light with highly evolved reflectors may also play an important role. To explore the contribution of passive mechanisms to cephalopod camouflage, we investigated the optical and...

Fri, 17 Jan 2014 20:57:43 UTC

PowerLocker uses Blowfish

Posted By Bruce Schneier

There's a new piece of ransomware out there, PowerLocker (also called PrisonLocker), that uses Blowfish: PowerLocker could prove an even more potent threat because it would be sold in underground forums as a DIY malware kit to anyone who can afford the $100 for a license, Friday's post warned. CryptoLocker, by contrast, was custom built for use by a single...

Fri, 17 Jan 2014 20:06:48 UTC

STUCCOMONTANA: NSA Exploit of the Day

Posted By Bruce Schneier

Today's implant from the NSA's Tailored Access Operations (TAO) group implant catalog: STUCCOMONTANA (TS//SI//REL) STUCCOMONTANA provides persistence for DNT implants. The DNT implant will survive an upgrade or replacement of the operating system -- including physically replacing the router's compact flash card. (TS//SI//REL) Currently, the intended DNT Implant to persist is VALIDATOR, which must be run as a user process...

Fri, 17 Jan 2014 20:00:00 UTC

N5-cam III: Toronto by Night

Posted By Tim Bray

I visited my brother in Toronto and we went out to drink & talk & eat on a cold evening; I didnt take an actual camera-as-such, but that didnt keep good pictures from arriving in front of me, so I snapped away with the Nexus 5. Thus, another test of the hypothesis that a mobilecam can replace a serious pocketcam. A challenging one too, since it was dark out and I keep the flash turned off. And the pictures are better than not having any; pleasant enough and a reminder of good time. On the one hand really not close to what the Sony or the Fuji could have captured; but on the other, I didnt have those with me.

Fri, 17 Jan 2014 18:53:57 UTC

NSA-O-Matic

Posted By Bruce Schneier

Generate your own fake NSA programs....

Fri, 17 Jan 2014 11:32:20 UTC

NSA Collects Hundreds of Millions of Text Messages Daily

Posted By Bruce Schneier

No surprise here. Although we some new codenames: DISHFIRE: The NSA's program to collect text messages and text-message metadata. PREFER: The NSA's program to perform automatic analysis on the text-message data and metadata. The documents talk about not just collecting chatty text messages, but VCards, SIM card changes, missed calls, roaming information indicating border crossings, travel itineraries, and financial transactions....

Fri, 17 Jan 2014 02:16:04 UTC

Still more network problems

Posted By Greg Lehey

I had put an Ethernet cable over the floor last week after Tanya had chewed through the other one. Somehow I wasn't expecting her to do it again, and to a certain extent I was right: Despite the appearance, it still works. But clearly we'll have to find an alternative. For the time being I have cut the old cable into 2 m lengths and spread them round the house; if she (or Niko) starts chewing on them, we're more likely to catch them and make it clear that it's not allowed.

Thu, 16 Jan 2014 20:00:21 UTC

SIERRAMONTANA: NSA Exploit of the Day

Posted By Bruce Schneier

Today's implant from the NSA's Tailored Access Operations (TAO) group implant catalog: SIERRAMONTANA (TS//SI//REL) SIERRAMONTANA provides persistence for DNT implants. The DNT implant will survive an upgrade or replacement of the operating system -- including physically replacing the router's compact flash card. (TS//SI//REL) Currently, the intended DNT Implant to persist is VALIDATOR, which must be run as a user process...

Thu, 16 Jan 2014 18:27:40 UTC

Today I Briefed Congress on the NSA

Posted By Bruce Schneier

This morning I spent an hour in a closed room with six Members of Congress: Rep. Logfren, Rep. Sensenbrenner, Rep. Scott, Rep. Goodlate, Rep Thompson, and Rep. Amash. No staffers, no public: just them. Lofgren asked me to brief her and a few Representatives on the NSA. She said that the NSA wasn't forthcoming about their activities, and they wanted...

Thu, 16 Jan 2014 18:03:27 UTC

Edward Elgar's Ciphers

Posted By Bruce Schneier

Elgar's cryptography puzzles from the late 1890s....

Thu, 16 Jan 2014 13:29:59 UTC

Cell Phone Tracking by Non-State Actors

Posted By Bruce Schneier

This is interesting: Adding credence to the theory that Brooklyn landlord Menachem Stark was kidnapped and murdered by professionals, a law enforcement source tells the Post that the NYPD found a cell phone attached to the bottom of his car, which could have been used to track his movements. This is interesting. Presumably the criminals installed one of those "track...

Thu, 16 Jan 2014 12:32:00 UTC

How to have a healthy relationship with technology

Posted By Cory Doctorow

My latest Guardian column, "Digital failures are inevitable, but we need them to be graceful," talks about evaluating technology based on more than its features -- rather, on how you relate to it, and how it relates to you. In particular, I try to make the case for giving especial care to what happens when … [Read more]

Wed, 15 Jan 2014 20:56:44 UTC

SCHOOLMONTANA: NSA Exploit of the Day

Posted By Bruce Schneier

Today's implant from the NSA's Tailored Access Operations (TAO) group implant catalog: SCHOOLMONTANA (TS//SI//REL) SCHOOLMONTANA provides persistence for DNT implants. The DNT implant will survive an upgrade or replacement of the operating system -- including physically replacing the router's compact flash card. (TS//SI//REL) Currently, the intended DNT Implant to persist is VALIDATOR, which must be run as a user process...

Wed, 15 Jan 2014 12:23:38 UTC

The Changing Cost of Surveillance

Posted By Bruce Schneier

From Ashkan Soltani's blog post: The Yale Law Journal Online (YLJO) just published an article that I co-authored with Kevin Bankston (first workshopped at the Privacy Law Scholars Conference last year) entitled "Tiny Constables and the Cost of Surveillance: Making Cents Out of United States v. Jones." In it, we discuss the drastic reduction in the cost of tracking an...

Wed, 15 Jan 2014 11:42:45 UTC

Bespoke Infrastructures

Posted By Diomidis D. Spinellis

In the 1920s, the Ford Motor Company embarked on an ill-fated attempt to establish an industrial town in an Amazon rainforest as a way to secure a cultivated rubber supply for its cars wheels. At the time, it already owned ore mines, forests, and a steel foundry to produce the raw materials for its cars; today, it buys from external suppliers, even its cars electronic control units. How do these two phases of the automotive industrys history relate to the way we currently develop and adopt infrastructure in our profession?

Wed, 15 Jan 2014 01:34:43 UTC

NBN: An NSA plot

Posted By Greg Lehey

For some reason Edwin Groothuis wanted to know about physical access to the Radiation Tower tower today, in particular whether there was a sign on the gate. No: But he meant the access to the immediate compound, and that's not accessible to the public. I had, however, taken a photo of the entrance to the Enfield tower last year: NSA?

Wed, 15 Jan 2014 00:16:26 UTC

Exetel: on the way out?

Posted By Greg Lehey

Exetel have still done nothing to fix my network throughput problems. Though they appear friendly and cooperative, they also appear to have no understanding of the issues or how to address them. On Sunday I gave them until the end of the week to fix the problem. So far they have done nothing. So I called up sales to tell them that I was about to terminate my contract because of breach of contract. Spoke to Paula, who didn't seem to understand the issue and told me I'd have to pay $100 early termination fee. Finally she suggested that it was a matter for support, and promised to connect me with a support manager.

Tue, 14 Jan 2014 23:59:41 UTC

USB says: time for a new system

Posted By Greg Lehey

Into the office this morning to find the keyboard and mouse dead again. Disconnecting and reconnecting didn't help: Jan 14 07:55:53 eureka kernel: usb_alloc_device: set address 4 failed (USB_ERR_STALLED, ignored) Jan 14 07:55:53 eureka kernel: usbd_setup_device_desc: getting device descriptor at addr 4 failed, USB_ERR_STALLED Jan 14 07:55:54 eureka kernel: usbd_req_re_enumerate: addr=4, set address failed! (USB_ERR_STALLED, ignored) Jan 14 07:55:54 eureka kernel: usbd_setup_device_desc: getting device descriptor at addr 4 failed, USB_ERR_STALLED Jan 14 07:55:55 eureka kernel: usbd_req_re_enumerate: addr=4, set address failed! (USB_ERR_STALLED, ignored) Jan 14 07:55:55 eureka kernel: usbd_setup_device_desc: getting device descriptor at addr 4 failed, USB_ERR_STALLED Jan 14 07:55:55 eureka kernel: ugen6.4: <Unknown> at usbus6 (disconnected) Jan 14 07:55:55 eureka kernel: uhub_reattach_port: could not allocate new device Finally, after removing everything and reconnecting it, I got things to work.

Tue, 14 Jan 2014 20:10:22 UTC

HEADWATER: NSA Exploit of the Day

Posted By Bruce Schneier

Today's implant from the NSA's Tailored Access Operations (TAO) group implant catalog: HEADWATER (TS//SI//REL) HEADWATER is a Persistent Backdoor (PDB) software implant for selected Huawei routers. The implant will enable covert functions to be remotely executed within the router via an Internet connection. (TS//SI//REL) HEADWATER PBD implant will be transferred remotely over the Internet to the selected target router by...

Tue, 14 Jan 2014 20:00:00 UTC

N5-cam II: Scrubbing Up

Posted By Tim Bray

In my last N5-cam outing, Low Light, I suggested contradictory things. First, that I was going to investigate using this as a serious pocket camera, and second, that since this is Just A Phone, theres no need for postprocessing. Then I ran across Craig Mods pieces Photography, hello and Goodbye, Cameras which assume, as part of the argument that cameras need to be, essentially, networked lenses, that youre going to process your mobile shots with serious tools like Lightroom as a matter of course. So I did. Metaphorical scrubbings My wife recently attended her nieces wedding; also in attendance was a nephew, something of a hobbledehoy in his late teens; but he looked remarkably presentable in wedding finery; Scrubs up well, doesnt he? she said as we reviewed the photos.

Tue, 14 Jan 2014 20:00:00 UTC

Standing In Line

Posted By Tim Bray

What happened was, I ran down the street to the grocery store for a couple of items, a spur-of-the-moment thing. Picked them up, and then there was a big line-up for the cashiers. I stared blankly for a moment and fished in my pocket... oops! Id left my phone at home. Wow... I was going to have to interact with reality, in the form of a supermarket queue. There are all these Net contrarians lamenting everyones constant escape into their mobile devices screen, and now my escape was cut off. So... screw the contrarians, it sucked. Everywhere I looked, I was looking at overaggressive marketing or celebrity tabloids.

Tue, 14 Jan 2014 16:55:10 UTC

GotW #96: Oversharing

Posted By Herb Sutter

Following on from #95, let’s consider reasons and methods to avoid mutable sharing in the first place&   Problem Consider the following code from GotW #95′s solution, where some_obj is a shared variable visible to multiple threads which then synchronize access to it. // thread 1{ lock_guard hold(mut_some_obj); // acquire lock code_that_reads_from( some_obj ); // […]

Tue, 14 Jan 2014 13:15:55 UTC

Debunking the "NSA Mass Surveillance Could Have Stopped 9/11" Myth

Posted By Bruce Schneier

It's something that we're hearing a lot, both from NSA Director General Keith Alexander and others: the NSA's mass surveillance programs could have stopped 9/11. It's not true, and recently two people have published good essays debunking this claim. The first is from Lawrence Wright, who wrote the best book (The Looming Tower) on the lead-up to 9/11: Judge Pauley...

Tue, 14 Jan 2014 11:02:14 UTC

When Sysadmins Ruled the Earth: .mobi and .epub

Posted By Cory Doctorow

Mikael Vejdemo-Johansson converted my story When Sysadmins Ruled the Earth (from the collection Overclocked) into .mobi and .epub for easy viewing on an e-reader or mobile device. I probably get more fan mail for Sysadmins than for any other story, and it won the Locus Award the year it came out (it was later adapted … [Read more]

Tue, 14 Jan 2014 06:37:10 UTC

Flowers From Al 02

Posted By Cory Doctorow

Here's the second, concluding part of my reading of my 2003 short story "Flowers From Al," written with Charlie Stross for New Voices in Science Fiction, a Mike Resnick anthology (Here's part one). It's a pervy, weird story of transhuman romance. Mastering by John Taylor Williams: [email protected] John Taylor Williams is a audiovisual and multimedia … [Read more]

Mon, 13 Jan 2014 23:34:06 UTC

Bluetooth audio

Posted By Greg Lehey

I've been listening to Radio Swiss Classic via the web for some time now. That meant moving the Android tablet to the fridge, where the mini-Hi-Fi system is located, and connecting it with a cable. It also meant that I couldn't do much else with the tablet while it was playing music. Clearly a case for a Bluetooth audio adapter. Do they exist? Yes, and they cost next to nothing, $6.50 including postage. I ordered one from eBay last week, and today it arrived. There's almost nothing to it: a USB connector at one end, for power, an audio jack at the other end, and very little in between: It even comes with a far-too-short cable, but no instructions.

Mon, 13 Jan 2014 20:45:09 UTC

SOUFFLETROUGH: NSA Exploit of the Day

Posted By Bruce Schneier

One of the top secret NSA documents published by Der Spiegel is a 50-page catalog of "implants" from the NSA's Tailored Access Group. Because the individual implants are so varied and we saw so many at once, most of them were never discussed in the security community. (Also, the pages were pds, which makes them harder to index and search.)...

Mon, 13 Jan 2014 19:00:16 UTC

GotW #95 Solution: Thread Safety and Synchronization

Posted By Herb Sutter

This GotW was written to answer a set of related frequently asked questions. So here’s a mini-FAQ on “thread safety and synchronization in a nutshell,” and the points we’ll cover apply to thread safety and synchronization in pretty much any mainstream language.   Problem JG Questions 1. What is a race condition, and how serious […]

Mon, 13 Jan 2014 18:23:53 UTC

Why fiction works

Posted By Cory Doctorow

In my latest Locus column, "Cheap Writing Tricks," I ruminate on what makes fiction work -- why we perceive stories as stories, why we care about characters, and how the construction of stories interacts with the human mind (and why How to Win Friends and Influence People is a great writing tool). There are lots … [Read more]

Mon, 13 Jan 2014 15:00:00 UTC

LOPSA-East - CFP deadline Jan 22, 2014

Posted By Tom Limoncelli

The call for participation deadline is Wednesday, January 22nd, 2014. LOPSA-East is looking for talks on system-administration related topics especially advanced techniques, DevOps stuff, and etc. I particularly enjoy hearing about project successes... if you have done something exciting where you work, propose a talk about it. That how I got my start! The full CFP is here: http://lopsa-east.org/2014/ If you haven't heard of LOPSA-East, it is our regional Linux/Sysadmin conference; we expect about 150 people. People come from all over the east coast (and often Europe!) . The event is May 2 - 3, 2014, in lovely New Brunswick, NJ, USA.

Mon, 13 Jan 2014 12:28:55 UTC

How the NSA Threatens National Security

Posted By Bruce Schneier

Secret NSA eavesdropping is still in the news. Details about once secret programs continue to leak. The Director of National Intelligence has recently declassified additional information, and the President's Review Group has just released its report and recommendations. With all this going on, it's easy to become inured to the breadth and depth of the NSA's activities. But through the...

Mon, 13 Jan 2014 02:03:57 UTC

Exetel througput problems: install new Windows!

Posted By Greg Lehey

So now I have demonstrated to Exetel beyond any reasonable doubt that they have a througput problem somewhere in their network. I've sent them comparisons with SkyMesh, they've tried their toy torrents personally, so there's really no doubt where the problem lies. So what's the next step? Please be informed that we have tested couple of services affected as yours and we were able to reach the correct speed according to their fibre plan. Therefore, we suggest you to test the service with a Windows 7 or 8 PC and check if the speeds are still failing. Do let us know if the issue is persisting.

Mon, 13 Jan 2014 01:47:07 UTC

Specifying the new system

Posted By Greg Lehey

I've been investigating components for my new computer for a week now, and it's been tough. Finally I'm getting there, mainly by eliminating possibilities that seem too hard. The big issues remain the motherboard and the memory. An article in c't suggests that the Asrock motherboards are a good choice, and that's what Jürgen Lock recently chose. It works for him, so there seems little reason to compare the others. And memory? There seem to be relatively few manufacturers to choose from: G.Skill, Corsair and Kingston. And almost all memory is dressed up for kiddies and has particularly violent names: Ripjaws, Sniper, Vengeance, Dominator.

Mon, 13 Jan 2014 01:27:50 UTC

Processing photos, continued

Posted By Greg Lehey

On with my photo processing today. The verandah panorama took all morning, over 2 hours for the normal panorama and 3½ hours for the interactive flash version. What's the cause? Clearly it was worth finding out before spending days converting the remaining images, so processed the images the way I have been doing previously: first convert the image to TIFF with Olympus Viewer 3, and then use DxO Optics Pro to convert the TIFF to JPEG. Externally there wasn't much to be seen. Here's one of the 20 input images for the panorama; the others are similar: === grog@eureka (/dev/pts/7) ~/Photos/20140111 11 -> l C*/verandah-centre-0.jpeg -rw-r--r--  1 grog  lemis  2,904,174 11 Jan 08:26 C-oly/verandah-centre-0.jpeg -rw-r--r--  1 grog  lemis  3,324,648 11 Jan 08:26 C/verandah-centre-0.jpeg === grog@eureka (/dev/pts/7) ~/Photos/20140111 12 -> identify C*/verandah-centre-0.jpeg C-oly/verandah-centre-0.jpeg JPEG 3456x4608 3456x4608+0+0 8-bit DirectClass 2.904MB 0.000u 0:00.000 C/verandah-centre-0.jpeg[1] ...

Sat, 11 Jan 2014 23:49:23 UTC

Fixing the enblend port

Posted By Greg Lehey

Some months ago a change to the FreeBSD port of vigra broke the build of anblen, which I maintain. When loading the final image, it produces voluminous can't find error messages, terminating in: enblend.cc:(.text._ZN5vigra6detail11exportImageIN9vigra_ext28ConstCachedFileImageIteratorINS_8RGBValueIhLj0ELj1ELj2EEEEENS_11RGBAccessorIS5_EEEEvT_S9_T0_RKNS_15ImageExportInfoENS_14VigraFalseTypeE[void vigra::detail::exportImage<vigra_ext::ConstCachedFileImageIterator<vigra::RGBValue<unsigned char, 0u, 1u, 2u> >,vigra::RGBAccessor<vigra::RGBValue<unsigned char, 0u, 1u, 2u> > >(vigra_ext::ConstCachedFileImageIterator<vigra::RGBValue<unsigned char, 0u, 1u, 2u> >, vigra_ext::ConstCachedFileImageIterator<vigra::RGBValue<unsigned char, 0u, 1u, 2u> >, vigra::RGBAccessor<vigra::RGBValue<unsigned char, 0u, 1u, 2u> >,vigra::ImageExportInfo const&, vigra::VigraFalseType)]+0x118): undefined reference to `vigra::isBandNumberSupported(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int)' enblend-enblend.o: In function `main': enblend.cc:(.text.startup+0x1ebd): undefined reference to `vigra::ImageExportInfo::setICCProfile(vigra::ArrayVector<unsigned char, std::allocator<unsigned char> > const&)' I must admit to being a little upset: this is not of my doing, and to fix it I need to look at the internals of vigra, which has given me pain in the past.

Sat, 11 Jan 2014 23:32:23 UTC

Photo processing at a snail's pace

Posted By Greg Lehey

House photo day again today. I've now migrated my Microsoft box dxo (Windows Vista 32 bit) to Windows 7 64 bit, and at Daniel O'Connor's suggestion I've renamed it dischord. Fired up the newly installed Olympus Viewer 3 and got a completely different view of the world. Suddenly I couldn't just select photos any more, I had to import them. Started doing that. I had 258 images, and after 5 minutes it had imported (copied across the network?) 20 of them. I can't handle that kind of pain, and decided to go back to the old dxo disk. But the system had more pain in store: Please do not power off or unplug your machine.

Sat, 11 Jan 2014 20:00:00 UTC

N5-cam I: Low Light

Posted By Tim Bray

I hear that pocket cams are over because phonecams have eaten that space; so lets see if my Nexus 5 can convince me one way or another. Back story Google gave me a Nexus 5 for the holidays; three days later I dropped it from a fair height onto a sidewalk; sob. Hey, an opportunity to try something different! I considered the iPhone 5c, the Moto X and G, and especially that groovy little waterproof Sony Z1. But up here in Canada its really hard to get any of the above in unlocked form except for the Apple, which felt overpriced.

Fri, 10 Jan 2014 23:29:13 UTC

More installation fun

Posted By Greg Lehey

On with my installation of FreeBSD 10 today, making a little progress. There are still rough edges and bits missing, though the result is still much better than things were 15 years ago, where I held installation workshops at conferences. But that's not enough. It's now lagging behind the competition. Hopefully Jordan Hubbard's return to the BSD fold will help there. Just to add to the fun, installed the new copy of Microsoft Windows 7 that I received today. A completely different experience. And on the whole it went well, but then that's just a base installation. I only really use Microsoft to run photographic processing software, and most of the problems I have are the fault of that software, not of Microsoft.

Fri, 10 Jan 2014 22:27:21 UTC

Friday Squid Blogging: Squid New Year

Posted By Bruce Schneier

Happy squid new year. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

Fri, 10 Jan 2014 14:56:51 UTC

awk. How I missed you.

Posted By Tom Limoncelli

awk </dev/null \ 'END { for (i=0; i <13 ;i++) \ { printf("%02d:00-%02d:30\n%02d:30-%02d:00\n", i, i, i, i+1) }}' The output was pasted into a spreadsheet. I don't think this is how the creators of the original spreadsheet imaged things.

Fri, 10 Jan 2014 12:45:35 UTC

1971 FBI Burglary

Posted By Bruce Schneier

Interesting story: ...burglars took a lock pick and a crowbar and broke into a Federal Bureau of Investigation office in a suburb of Philadelphia, making off with nearly every document inside. They were never caught, and the stolen documents that they mailed anonymously to newspaper reporters were the first trickle of what would become a flood of revelations about extensive...

Fri, 10 Jan 2014 00:48:33 UTC

System upgrade pain

Posted By Greg Lehey

So it's time once again to upgrade my system. When it comes to installing FreeBSD, I wrote the book, but there's a vast difference between installing an operating system for the first time and migrating a large installation to a newer version. I've been working on this forever, and I thought that maybe the PKGng would make things easier. Maybe it will, too, but it won't make them easy. Spent most of the day, and at the end had some semblance of installation, but first I need to fix my scripts to install the packages that I don't have. ACM only downloads articles once.

Thu, 09 Jan 2014 19:02:25 UTC

JETPLOW: NSA Exploit of the Day

Posted By Bruce Schneier

Today's implant from the NSA's Tailored Access Operations (TAO) group implant catalog: JETPLOW (TS//SI//REL) JETPLOW is a firmware persistence implant for Cisco PIX Series and ASA (Adaptive Security Appliance) firewalls. It persists DNT's BANANAGLEE software implant. JETPLOW also has a persistent back-door capability. (TS//SI//REL) JETPLOW is a firmware persistence impant for Cisco PIX Series and ASA (Adaptive Security Appliance) firewalls....

Thu, 09 Jan 2014 12:33:29 UTC

Security Risks of Embedded Systems

Posted By Bruce Schneier

We're at a crisis point now with regard to the security of embedded systems, where computing is embedded into the hardware itself -- as with the Internet of Things. These embedded computers are riddled with vulnerabilities, and there's no good way to patch them. It's not unlike what happened in the mid-1990s, when the insecurity of personal computers was reaching...

Wed, 08 Jan 2014 22:45:57 UTC

More network interruptions

Posted By Greg Lehey

Somehow I've had lots of trouble with the network connection to cvr2 lately. Only a couple of weeks ago I had to replace the network cable, but this morning it was off the net again. After a lot of searching, found this: Clearly Tanya has developed a taste for network cables. Surprisingly, I was able to find another cable and connect it to the switch in Yvonne's officeand it wouldn't work. Connected it to a switch in my office, and all was well.

Wed, 08 Jan 2014 22:40:57 UTC

Exetel addreses performance issues

Posted By Greg Lehey

Exetel was due to call me this morning to address the network performance issues, so I first checked the status quo. That was interesting: 32.22 Mb/s downlinkand that on a 25 Mb/s connection. Had they fixed things? Tried testing via SkyMesh and got 33.62 Mb/s. Is that possible? My first conclusion was that speedtest was broken. But of course this is an LTE connection, and it's capable of much more than that; it's just limited to 25 Mb/s, and if something goes wrong there, it could exceed the limit. More to the point, though: file transfer. There, too, things looked better than before.

Wed, 08 Jan 2014 19:48:29 UTC

HALLUXWATER: NSA Exploit of the Day

Posted By Bruce Schneier

Today's implant from the NSA's Tailored Access Operations (TAO) group implant catalog: HALLUXWATER (TS//SI//REL) The HALLUXWATER Persistence Back Door implant is installed on a target Huawei Eudemon firewall as a boot ROM upgrade. When the target reboots, the PBD installer software will find the needed patch points and install the back door in the inbound packet processing routine. Once installed,...

Wed, 08 Jan 2014 15:05:50 UTC

Great Firewall of Cameron: the worst of all worlds for British parents

Posted By Cory Doctorow

In my latest Guardian column, I explain how UK prime minister David Cameron's plan to opt the entire nation into a programme of Internet censorship is the worst of all worlds for kids and their parents. Cameron's version of the Iranian "Halal Internet" can't possibly filter out all the bad stuff, nor can it avoid … [Read more]

Wed, 08 Jan 2014 14:07:03 UTC

The Failure of Privacy Notices and Consumer Choice

Posted By Bruce Schneier

Paper from First Monday: "Transaction costs, privacy, and trust: The laudable goals and ultimate failure of notice and choice to respect privacy." Abstract: The goal of this paper is to outline the laudable goals and ultimate failure of notice and choice to respect privacy online and suggest an alternative framework to manage and research privacy. This paper suggests that the...

Wed, 08 Jan 2014 00:07:55 UTC

Ugly violent hardware

Posted By Greg Lehey

I'm in the process of choosing hardware for my next machine. It's not easy. Once upon a time you had a choice of two or three different processors, maybe different speeds, and any old motherboard. Now the choice of processor, motherboard and RAM is an order of magnitude more varied, and thus difficult. I've more or less settled on a Core i7 4771, the first Intel processor in over 20 years, and probably the Z87 chip set. But in the process of investigating the products, I came across a really ugly trend: violent names. So far I have seen Vengeance, Fatal1ty, Sniper, Killer, DOMINATOR and Ripjaws.

Tue, 07 Jan 2014 23:35:23 UTC

No Exetel

Posted By Greg Lehey

For reasons I still don't understand, Exetel support asked me to make a PC (read: running Microsoft) available to them for remote maintenance today, so I installed their software on an old laptop and agreed to a call some time after 10:30. The call came really quite some time after 10:30, in fact at 18:30 as we were preparing dinner. So we had to postpone it until tomorrow. At least it gave me the chance to say to the engineer that the issue was not at my end. We'll see what happens tomorrow. ACM only downloads articles once.

Tue, 07 Jan 2014 22:53:26 UTC

Twitter Users: Please Make Sure You're Following the Right Feed

Posted By Bruce Schneier

I have an official Twitter feed of my blog; it's @schneierblog. There's also an unofficial feed at @Bruce_Schneier. I have nothing to do with that one. I wouldn't mind the unofficial feed -- if people are reading my blog, who cares -- except that it isn't working right, and hasn't been for some time. It publishes some posts weeks late...

Tue, 07 Jan 2014 19:16:12 UTC

GOURMETTROUGH: NSA Exploit of the Day

Posted By Bruce Schneier

Continuing our walk through the NSA's Tailored Access Operations (TAO) group implant catalog: GOURMETTROUGH (TS//SI//REL) GOURMETTROUGH is a user configurable implant for certain Juniper firewalls. It persists DNT's BANANAGLEE implant across reboots and OS upgrades. For some platforms, it supports a minimal implant with beaconing for OS's unsupported by BANANAGLEE. (TS//SI//REL) For supported platforms, DNT may configure without ANT involvement....

Tue, 07 Jan 2014 14:22:45 UTC

Matt Blaze on TAO's Methods

Posted By Bruce Schneier

Matt Blaze makes a point that I have been saying for a while now: Don't get me wrong, as a security specialist, the NSA's Tailored Access Operations (TAO) scare the daylights of me. I would never want these capabilities used against me or any other innocent person. But these tools, as frightening and abusable as they are, represent far less...

Mon, 06 Jan 2014 22:16:18 UTC

Mouse crash

Posted By Greg Lehey

Nearly a year ago I bought a new mouse, a Logitech m705. I haven't been overly happy with it: of course, being modern, it doesn't have a middle button, and the side buttons don't fit well to my hand. I've assigned button 2 to one of them, and from time to time it vomits over my screen. The good news: it works. Or at least, it worked. Today I accidentally ran out of desk while moving it, and it fell onto the carpeted floor, from a height of about 70 cm. That shouldn't be an issue, but it bent the right button, really a long strip of plastic, so that it fouled the left button.

Mon, 06 Jan 2014 22:13:51 UTC

Eliminating Ashampoo

Posted By Greg Lehey

More investigation of Ashampoo Photo Commander 11 today. My fears are confirmed: it can't do perspective correction. And the real issue, clever automatic exposure adjustments, also seems to be inadequate. In fact, it doesn't do anything that GIMP can't do, costs money, and requires Microsoft to run. So, once again, it has nothing useful to offer. Maybe I should try to make friends with GIMP again, but it's such a pain to use. ACM only downloads articles once.

Mon, 06 Jan 2014 20:21:33 UTC

Flowers From Al 01

Posted By Cory Doctorow

Here's part one of my 2003 short story "Flowers From Al," written with Charlie Stross for New Voices in Science Fiction, a Mike Resnick anthology. It's a pervy, weird story of transhuman romance. Mastering by John Taylor Williams: [email protected] John Taylor Williams is a audiovisual and multimedia producer based in Washington, DC and the co-host … [Read more]

Mon, 06 Jan 2014 19:28:37 UTC

FEEDTROUGH: NSA Exploit of the Day

Posted By Bruce Schneier

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: FEEDTROUGH (TS//SI//REL) FEEDTROUGH is a persistence technique for two software implants, DNT's BANANAGLEE and CES's ZESTYLEAK used against Juniper Netscreen firewalls. (TS//SI//REL) FEEDTROUGH can be used to persist two implants, ZESTYLEAK and/or BANANAGLEE across reboots and software upgrades on known and covered OS's for the following Netscreen firewalls,...

Mon, 06 Jan 2014 16:00:09 UTC

GotW #95: Thread Safety and Synchronization

Posted By Herb Sutter

This GotW was written to answer a set of related frequently asked questions. So here’s a mini-FAQ on “thread safety and synchronization in a nutshell,” and the points we’ll cover apply to thread safety and synchronization in pretty much any mainstream language.   Problem JG Questions 1. What is a race condition, and how serious […]

Mon, 06 Jan 2014 15:58:39 UTC

GotW #7c Solution: Minimizing Compile-Time Dependencies, Part 3

Posted By Herb Sutter

Now the unnecessary headers have been removed, and avoidable dependencies on the internals of the class have been eliminated. Is there any further decoupling that can be done? The answer takes us back to basic principles of solid class design.   Problem JG Question 1. What is the tightest coupling you can express in C++? […]

Mon, 06 Jan 2014 15:00:00 UTC

DrupalCamp NJ, Princeton, Feb 1, 2014

Posted By Tom Limoncelli

Feb 1 will be the 3rd annual DrupalCamp NJ on the campus of Princeton University http://www.drupalcampnj.org/. This is the first year with a keynote speaker - Brian Kernighan! Tickets are only $25, which includes coffee, lunch, and an after-party. In addition, the day prior on Jan 31, there are 4 low-cost, full-day training sessions http://www.drupalcampnj.org/training.

Mon, 06 Jan 2014 12:18:30 UTC

I've Joined Co3 Systems

Posted By Bruce Schneier

For decades, I've said that good security is a combination of protection, detection, and response. In 1999, when I formed Counterpane Internet Security, I focused the company on what was then the nascent area of detection. Since then, there have been many products and services that focus on detection, and it's a huge part of the information security industry. Now,...

Sun, 05 Jan 2014 22:08:48 UTC

Another Ashampoo

Posted By Greg Lehey

I should be trying out the various photo processing packages that I have downloaded, but somehow I couldn't face it. In the process, I asked myself what functions I really needed. It's not much: mainly perspective adjustment and cropping. Even xv can do the latter. But wait. There's something more basic: automatic exposure correction. I've been using Ashampoo photo optimizer on most photos for years now, and it tends to improve the overall appearance of the images. What else do they have to offer? Took a look and came up with Photo Commander 11 (and not even Pro). It offers all the usual useless functions like backup and restore, and it's not even clear whether it can do perspective correction, but it seemed worth investigating.

Sun, 05 Jan 2014 21:46:17 UTC

More Viewer insights

Posted By Greg Lehey

One of the disappointments about the new Olympus Viewer 3 is that, although it saves the EXIF data, it appears not to save it all. In particular, the crop factor information that Hugin wants is not there, so once again I have to enter it manually in every panorama. But it has a function I hadn't noticed before: import photos from a camera. I have never connected an Olympus camera to that machine, but today I took a memory card from Yvonne's camera and put it in there. Up pops a Viewer screen and offers to do things with the images.

Sun, 05 Jan 2014 21:44:05 UTC

cvr2 crash

Posted By Greg Lehey

In mid-afternoon discovered that my recording of the news had failed: cvr2, the recording computer, had powered down. And it wouldn't come up. Dragged it into the office, where it powered up normally. And it did so again when I put it back in its cupboard. What caused that? No idea. Hopefully it was a one-off. For some reason, I've had more trouble with that machine (or the machine with that function) than with most of the others. ACM only downloads articles once.

Sun, 05 Jan 2014 20:00:00 UTC

Wiggly Reflection Improvement

Posted By Tim Bray

Not too long ago I stayed in a random hotel in a random downtown and took a picture out the window because the windows across the street were apparently curved and there was a sort of funhouse-mirror effect. This is moderately processed, mostly to remove color from the nonreflective bits. I thought it might look good in B&W so I fiddled and fiddled, then remembered Id taken advantage of working at Google to get a free copy of Silver Efex Pro; so I fired that up and heres what I got. You might want to enlarge it. The workflow is pretty simple.

Sun, 05 Jan 2014 16:30:00 UTC

bash: Restart bash if old version detected

Posted By Tom Limoncelli

I write a lot of small bash scripts. Many of them have to run on MacOS as well as FreeBSD and Linux. Sadly MacOS comes with a bash 3.x which doesn't have many of the cooler features of bash 4.x. Recently I wanted to use read's "-i" option, which doesn't exist in bash 3.x. My Mac does have bash 4.x but it is in /opt/local/bin because I install it using MacPorts. I didn't want to list anything but "#!/bin/bash" on the first line because the script has to work on other platforms and on other people's machines. " #!/opt/local/bin/bash" would have worked for me on my Mac but not on my Linux boxes, FreeBSD boxes, or friend's machines.

Sat, 04 Jan 2014 23:38:52 UTC

Running out of resources

Posted By Greg Lehey

Photo processing was interesting for other reasons. Everything was so slow! Viewer 3 took nearly a minute to process each image, speeds that I've only seen with DxO Optics Pro. And when I processed the output with DxO, it was also only half speed! I've seen inexplicable (to me, anyway) differences in Microsoft processing speed in the past, but with 300 photos to process, this was worth more investigation. What really surprised me was that the Viewer batch module was using 50% of CPU timewhen it should be idle. Once I stopped Viewer, DxO carried on at its normal speed, about 25 seconds per TIFF image.

Sat, 04 Jan 2014 20:00:00 UTC

5k: Jeff Beck Rock n Roll Party

Posted By Tim Bray

I saw the LP on the new-vinyl rack in a record store and was surprised, because Ive been a pretty big Jeff Beck fan for quite a few years now, but Id never heard of it. It turns out the Rock n Roll Party is a collection of traditional pop chestnuts with a super hot band, not like a Jeff Beck record at all, and excellent. This is happy, happy music. But maybe the YouTube version is all you need. (5k series introduction here; with an explanation of why the title may look broken.) The context Theres this jazz bar in New York called Iridium where Les Paul played most Monday nights for the last 13 years of his life, which ended in 2009.

Sat, 04 Jan 2014 19:00:00 UTC

SSH debugging sucks

Posted By Tom Limoncelli

How much human productivity is lost every day due to the horrible debugging messages in SSH? I bet it is thousands of hours world-wide. It isn't just sysadmins: programmers, web developers, and many non-technical users are frustrated by this. I'm pretty good at debugging ssh authentication problems. The sad fact is that most of my methodology involves ignoring the debug messages and just "knowing" what to check. That's a sad state of affairs. The debug messages for "ssh -v" should look like this: HELLO! I AM TRYING TO LOG IN. I'VE TOLD THE SERVER I CAN USE (method,method,method). I AM NOW TRYING TO LOG IN VIA (method).

Sat, 04 Jan 2014 18:53:08 UTC

The Cloud: Fastest Industry Transition Ever

Posted By James Hamilton

Its not often Im enthused about spending time in Las Vegas but this years AWS re:Invent conference was a good reason to be there. Its exciting getting a chance to meet with customers who have committed their business to the cloud or are wrestling with that decision.   The pace of growth since last years was startling but what really caught my attention was the number of companies that had made the transition between testing on the cloud to committing their most valuable workloads to run there. I fully expected this to happen but Ive seen these industry sweeping transitions before.

Sat, 04 Jan 2014 00:11:46 UTC

Goodbye Capture One, hello ACDSee

Posted By Greg Lehey

A little more playing around with Capture One Pro today, but not much. Like all such software, it seems to insist on looking at everything in a directory, whether I've told it to do so or not. In my test directory I had 302 images (from last week's house photos), and it had to go and make thumbnails of every one, using another 900 GB of disk and taking 8 minutes to do so. But this is release 6, and the current version has been release 7 for some time.

Fri, 03 Jan 2014 22:09:38 UTC

Friday Squid Blogging: Squid-Shaped Dog Toy

Posted By Bruce Schneier

Just the thing....

Fri, 03 Jan 2014 20:23:43 UTC

NSA Documents from the Spiegel Story

Posted By Bruce Schneier

There are more source documents from the recent Spiegel story on the NSA than I realized. Here is what I think is the complete list: "Tailored Access Operations" presentation, 14 pages. Lots of information about QUANTUM. "NSA QUANTUM Tasking Techniques for the R&T Analyst" presentation, 28 pages. Includes details about MARINA. "Getting Close to the Adversary: Forward-based Defense with QFIRE"...

Fri, 03 Jan 2014 18:20:47 UTC

NSA Exploit of the Day: IRONCHEF

Posted By Bruce Schneier

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog is IRONCHEF: IRONCHEF (TS//SI//REL) IRONCHEF provides access persistence to target systems by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to communicate with a hardware implant that provides two-way RF communication. (TS//SI//REL) This technique supports the HP Proliant 380DL G6 server, onto which a hardware implant...

Fri, 03 Jan 2014 12:10:49 UTC

Cost/Benefit Analysis of NSA's 215 Metadata Collection Program

Posted By Bruce Schneier

It has amazed me that the NSA doesn't seem to do any cost/benefit analyses on any of its surveillance programs. This seems particularly important for bulk surveillance programs, as they have significant costs aside from the obvious monetary costs. In this paper, John Mueller and Mark G. Stewart have done the analysis on one of these programs. Worth reading....

Fri, 03 Jan 2014 00:11:14 UTC

More CaptureOne pain

Posted By Greg Lehey

Spent some more time looking at Capture One Pro today. It's really hard to understand, and the documentation is nowhere near as good as that of DxO Optics Pro. By the end of the day I still didn't know how to process (sorry, export) an image. What I did find was that it creates enormous quantities of files in a subdirectory: === grog@eureka (/dev/pts/30) /Photos/00-Oly 3 -> l -R CaptureOne/ total 1 drwxr-xr-x  3 grog  lemis    512  2 Jan 18:26 Cache drwxr-xr-x  2 grog  lemis  1,024  2 Jan 18:30 Settings50 CaptureOne/Cache: total 1 drwxr-xr-x  2 grog  lemis  16,896  2 Jan 18:32 Proxies CaptureOne/Cache/Proxies: total 771 -rwxr--r--  1 grog  lemis      9,144  2 Jan 18:29 P1021059.tif.cof -rwxr--r--  1 grog  lemis  2,999,818  2 Jan 18:29 ...

Thu, 02 Jan 2014 23:22:37 UTC

More network throughput investigations

Posted By Greg Lehey

Talking about my network throughput issues on IRC today, and I went to prove some point with axel. To my surprise, I got good throughput: 2.2 MB/s, or about 17.6 Mb/s. That was with SkyMesh, so I tried it with Exetel. 1.1 MB/s. Clearly this difference has nothing to do with the National Broadband Network. It also implies that SkyMesh also has throughput issues, just that they weren't showing very much today. Sent off a ticket to Exetel, and got a reply asking for some strange tests: Please go through the test below and forward us the screen capture for further investigation.

Thu, 02 Jan 2014 21:25:27 UTC

NSA Exploit of the Day: DEITYBOUNCE

Posted By Bruce Schneier

Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog is DEITYBOUNCE: DEITYBOUNCE (TS//SI//REL) DEITYBOUNCE provides software application persistence on Dell PowerEdge servers by exploiting the motherboard BIOS and utilizing System Management Mode (SMM) to gain periodic execution while the Operating System loads. (TS//SI//REL) This technique supports multi-processor systems with RAID hardware and Microsoft Windows 2000, 2003, and...

Thu, 02 Jan 2014 12:40:02 UTC

"Military Style" Raid on California Power Station

Posted By Bruce Schneier

I don't know what to think about this: Around 1:00 AM on April 16, at least one individual (possibly two) entered two different manholes at the PG&E Metcalf power substation, southeast of San Jose, and cut fiber cables in the area around the substation. That knocked out some local 911 services, landline service to the substation, and cell phone service...

Thu, 02 Jan 2014 01:28:03 UTC

Network speeds revisited

Posted By Greg Lehey

I've been dragging my feet with network speed measurements, mainly because of the pain of analysing network traces. Tried setting some tuning parameters described in this file, in the process ignoring the warning: # IMPORTANT NOTE - that must be done BEFORE setting the values below, # otherwise You will run out of mbufs! But kern.ipc.nmbclusters was already set to 25600, so there didn't seem to be much danger, and of course it didn't cause any problems. So I applied it to my external server as well. Throughput not improved. Then Yvonne reported problems: her mail wasn't going out.

Thu, 02 Jan 2014 00:59:11 UTC

Capture One revisited

Posted By Greg Lehey

It's becoming increasingly clear that I made a mistake buying the latest version of DxO Optics Pro, since it no longer supports my camera hardware, and it doesn't look as if it ever will. Thus the interest in Olympus Viewer. But that's only part of the picture. Yes, Viewer can convert raw images to TIFF or JPEG and correct for lens distortion (but not for Chromatic aberration). At the moment I'm using DxO to process the output, and it's not well suited. Agreed, it's a little faster than processing the raw images, but not much. I tried Capture One Pro a year ago and basically came to the conclusion that, though it had some advantages, it wasn't much use because it couldn't correct for lens distortion.

Wed, 01 Jan 2014 22:30:13 UTC

Olympus Viewer revisited

Posted By Greg Lehey

So was yesterday's upgrade to Olympus Viewer 3 worth the effort? Reading the release notes (1 line to a paragraph, of course, and requiring reformatting even under Microsoft before they can be read) suggest that there's nothing much new. In fact, most of the document is boilerplate, including a prohibition of reproduction in whole or in parta rather silly restriction for something that's freely available on the web. But it says hardly anything about the changes, just what's on the web site. Punctuation is original, but I've fixed the markup to validate: OLYMPUS Viewer 3 ...

Wed, 01 Jan 2014 20:00:00 UTC

Software in 2014

Posted By Tim Bray

Were at an inflection point in the practice of constructing software. Our tools are good, our server developers are happy, but when it comes to building client-side software, we really dont know where were going or how to get there. Happy times upstream The art and science of building server-side code is just fine, thank you; the technologys breadth and polish has been ramping for years and still is. More or less everything is expected to talk HTTP, and its really easy to make things talk HTTP. More or less everything is built with an MVC-or-equivalent level of abstraction, and there are good frameworks to help us work sanely and cleanly.