Emergent ChaosThe Black Hat conference in Las Vegas always has its share of drama. This year, it's happened a month before the conference opens. The researcher Barnaby Jack had to cancel his talk. Risky.biz gives an account of this; his talk was to make an Automated Teller Machine spit out a "jackpot" of cash, in the style of a slot machine.
According to reports, the manufacturer of the ATM pressured Jack's employer, Juniper, to pressure him to withdraw the talk.
I certainly roll my eyes at this. It doesn't do a lot of good to pressure someone to withdraw their talk.
But even more so, if you're giving a talk, it behooves you to save the showmanship for the stage. I mean, come on.
Last year, the big cancellation was the team of MIT students who broke the Boston MBTA Charlie Card system. There was a legal injunction put against them that spoilt their presentation. The fault, in my opinion went to them for naming their talk, "How To Get Free Subway Rides For Life."
Imagine that you are a judge who is interrupted from an otherwise pleasant Saturday by panicky people who want an injunction against a talk with such a dramatic name, you'll at least listen to them. You decide that sure, no harm to society will come from an injunction from Saturday 'til Monday, and you'd be right. No harm came to society, DefCon was merely a little less interesting.
Now imagine that you are the same judge and you're asked for an injunction against the talk, "A Practical Cryptanalysis of the Mifare Chip as Implemented in the MBTA." That one can wait until Monday, and the talk goes on.
In a similar gedanken experiment, imagine that you are the VP of Corporate Communications for the XYZ ATM Corp. You learn that in a few weeks, someone is going to do "ATM Jackpot" with one of your ATMs in some show in Vegas. Despite the fact that someone else in the company approved it, what do you? You pressure them to cancel. Duh. If you don't, then you're going to spend most of August reassuring people about your products, your boss is going to be really ticked at you (after all, isn't it the job of Corporate Communications to control these things?), and it's just going to be no fun. This is also why you're paid the big bucks, to make embarrassments go away.
This is why if you are a researcher, you do not name your talk, "ATM Jackpot" you name it "Penetration Testing of Standalone Financial Services Systems." It is only on stage that you fire up the flashing lights and clanging bells and make the ATM spit out C-notes for minutes on end. That would get you all the publicity for your talk that you want, and you actually get to give it.
Remember, do as I say, not as I do. If you have a flashy Black Hat talk, put the punch line at the end of the joke.
Bookmark this post:
The crowd for the premiere seemed pleased. It wasn’t your typical Broadway musical audience, to judge from the number of smart-looking young people with interesting haircuts. A “lively counterpoint to Hollywood productions like ‘Valkyrie’ and ‘Defiance,’ with their impeccable Resistance heroes and clichés,” decided the reviewer for Spiegel Online.The Führer Returns to Berlin, This Time Saluted Only by Laughs." You have to appreciate the devotion of the New York Times in spelling Führer correctly.“The New York triumph was repeated in Berlin,” concluded the newspaper Tagesspiegel.
“Celebrated effusively by Berlin standards,” observed Stern magazine, the production nevertheless caused some theatergoers to wonder “whether it was really necessary to have so much Nazi paraphernalia onstage.” That’s not to mention the little Nazi flags with pretzels in lieu of swastikas that were handed out to everybody in the audience (including a troop of dirndled transvestites who waved them around like lost cheerleaders).
Photo by BillyPalooza.
Bookmark this post:
I just saw a link to someone who had broken Wolfram Alpha. Their breaking question was, "when is 5 trillion days from now?" The broken result is:
{DateString[{13689537044,5,13,16,57,18.5796},Hour12Short],:,
DateString[{13689537044,5,13,16,57,18.5796},Minute],:,
DateString[{13689537044,5,13,16,57,18.5796},Second],
,DateString[{13689537044,5,13,16,57,18.5796},
AMPMLowerCase]} |
{DateString[{13689537044,5,13,16,57,18.5796},DayName],, ,DateString[{13689537044,5,13,16,57,18.5796},MonthName], ,DateString[{13689537044,5,13,16,57,18.5796},DayShort],, ,13689537044}
Which is certainly amusing. A quick check shows that even one trillion days gives a similar error.
A bit of the old binary searching will yield that (today's -- 3 June 2009) maximum question is, when is 784 billion 351 million 562 thousand 378 days from now?
That's an odd number of days for the maximum to be, even while being even and finite. The source of the error can be found in that final displayable day: 31 December 2147483647.
That year happens to be the maximum signed 32-bit integer, which tells us the problem. The display code isn't using bignums for years (or even long longs).
The inverse question is, "how many days until 31 december 2147483647?" but sadly, Alpha doesn't know how to parse that. It does know how to parse "how many days until 31 december 9999" which is the furthest-out date it can answer. The year 10000 does not work.
I am amused at what this tells us about the guts of Alpha. In some display code, there's a signed 32-bit integer limiting output. In some input code, there's an assumption that years have four digits.
Bookmark this post:
I got the opportunity a couple days ago to get a demo of Wolfram Alpha from Stephen Wolfram himself. It's an impressive thing, and I can sympathize a bit with them on the overblown publicity. Wolfram said that they didn't expect the press reaction, which I both empathize with and cast a raised eyebrow at.
There's no difference, as you know, between an arbitrarily advanced technology and a rigged demo. And of course anyone whose spent a lot of time trying to create something grand is going to give you the good demo. It's hard to know what the difference is between a rigged demo and a good one.
The major problem right now with Alpha is the overblown publicity. The last time I remember such gaga effusiveness it was over the Segway before we knew it was a scooter.
Alpha has had to suffer through not only its creator's overblown assessments, but reviews from neophiles whose minds are so open that their occipital lobes face forward.
My short assessment is that it is the anti-Wikipedia and makes a huge splat on the fine line between clever and stupid, extending equally far in both directions. What they've done is create something very much like the computerized idiot savant. As much as that might sound like criticism, it isn't. Alpha is very, very, very cool. Jaw-droppingly cool. And it is also incredibly cringe-worthily dumb. Let me give some examples.
Stephen gave us a lot of things that it can compute and the way it can infer answers. You can type "gdp france / germany" and it will give you plots of that. A query like "who was the president of brazil in 1930" will get you the right answer and a smear of the surrounding Presidents of Brazil as well.
It also has lovely deductions it makes. It geolocates your IP address and so if you ask it something involving "cups" it will infer from your location whether that should be American cups or English cups and give you a quick little link to change the preference on that. Very, very, clever.
It will also use your location to make other nice deductions. Stephen asked it a question about the population of Springfield, and since he is in Massachusetts, it inferred that Springfield, and there's a little pop-up with a long list of other Springfields, as well. It's very, very clever.
That list, however, got me the first glimpse of the stupid. I scanned the list of Springfields and realized something. Nowhere in that list appeared the Springfield of The Simpsons. Yeah, it's fictional, and yeah that's in many ways a relief, but dammit, it's supposed to be a computational engine that can compute any fact that can be computed. While that Springfield is fictional, its population is a fact.
The group of us getting the demo got tired of Stephen's enthusiastic typing in this query and that query. Many of them are very cool but boring. Comparing stock prices, market caps, changes in portfolio whatevers is something that a zillion financial web sites can do. We wanted more. We wanted our queries.
My query, which I didn't ask because I thought it would be disruptive, is this: Which weighs more, a pound of gold or a pound of feathers? When I get to drive, that will be the first thing I ask.
The answer, in case you don't know this famous question is a pound of feathers. Amusingly, Google gets it on the first link. Wolfram emphasizes that Alpha computes and is smart as opposed to Google just dumbly searching and collating.
I also didn't really need to ask because one of the other people asked Alpha to plot swine flu in the the US, and it came up with -- nil. It knows nothing about swine flu. Stephen helpfully suggested, "I can show you colon cancer instead" and did.
And there it is, the line between clever and stupid, and being on both sides of it. Alpha can't tell you about swine flu because the data it works on is "curated," meaning they have experts vet it. I approve. I'm a Wikipedia-sneerer, and I like an anti-mob system. However, having experts curate the data means that there's nothing about the Springfield that pops to most people's minds (because it's pop culture) nor anything about swine flu. We asked Stephen about sources, and specifically about Wikipedia. He said that they use Wikipedia for some sorts of folk knowledge, like knowing that The Big Apple is a synonym for New York City but not for many things other than that.
Alpha is not a Google-killer. It is not ever going to compute anything that can be computed. It's a humorless idiot savant that has an impressive database (presently some ten terabytes, according to the Wolfram folks), and its Mathematica-on-steroids engine gives a lot of wows.
On the other hand, as one of the people in my demo pointed out, there's not anything beyond a spew of facts. Another of our queries was "17/hr" and Alpha told us what that is in terms of weekly, monthly, yearly salary. It did not tell us the sort of jobs that pay 17 per hour, which would be useful not only to people who need a job, but to socioeconomic researchers. It could tell us that, and very well might rather soon. But it doesn't.
Alpha is an impressive tool that I can hardly wait to use (supposedly it goes on line perhaps this week). It's something that will be a useful tool for many people and fills a much-needed niche. We need an anti-Wikipedia that has only curated facts. We need a computational engine that uses deductions and heuristics.
But we also need web resources that know about a fictional Springfield, and resources that can show you maps of the swine flu.
We also need tech reviewers who have critical faculties. Alpha is not a Google-killer. It's also not likely as useful as Google. The gushing, open-brained reviews do us and Alpha a disservice by uncritically watching the rigged demo and refusing to ask about its limits. Alpha may straddle the line between clever and stupid, but the present reviewers all stand proudly on stupid.
Bookmark this post:
As you probably know by now, the pattern of 1s and 0s on the cover of the 2009 Verizon Data Breach Investigations Report contains a hidden message. I decided to give it a whirl and eventually figured it out. No doubt plenty of people managed to beat me to it, as evidenced by the fact that I didn’t get my solution in early enough to win the cash prize — but so far, I haven’t seen anybody write up a walkthrough, so I thought I’d do one. (Chris Eng, "Decoding the Verizon DBIR 2009 Cover")
I remember a brainstorming session at a nearby bar (le Cheval Blanc?). We wanted something meaningful. We wanted something relating to privacy, anonymity and freedom. Something evocative and memorable. We kept running into that 40 character limit. The ads were expensive to produce, and we had already decided that we only wanted five, so that there would be recognition and people would see them repeatedly in Fast Company and Wired.
I don't remember who came up with "Who is John Galt" as the slogan. We had bounced around some 1984 references (too negative), but kept hitting that limit. When we decided we needed to get them out, we settled on the Ayn Rand reference, and Ian Goldberg encoded them as bar codes. He just happened to have some bar code fonts sitting around.
Even with those constraints, it was a lot of fun tossing ideas around and seeing them in print all over the place.
Like Verizon, we hinted at there being something there to get people to look. Maybe one of these days someone will manage to keep it a secret for a while, and get a second wave of publicity out of their secret messages.
Anyway, I had fun reminiscing about the posters. Thanks to Austin Hill and Jean Bernard for hooking me up with high quality images of the posters.
Bookmark this post:
At one point during the RSA party hopping last week, Adam, Alex and I ended up at the Executive Women's Forum event. I was feelng pretty punchy and decided that all three of us should have name tags that read "Adam Shostack". If anyone asked, I just explained that we were promoting the new blog. Eventually I wandered off to another party and some other folks decided that this was a really good idea as well. By the time I got back to the W, there was a whole slew of Adam's floating around. Those who subscribe to the "Pictures or It Didn't Happen" school of thought can find all the evidence over on fickr photostream.
Bookmark this post:
In 1999 Syse Data was converted to a limited liability company, and has since been trading under the name Syse Data AS[1]. As the names are so similar, searches for our company in the official Norwegian registry of just-about-anything (Brønnøysundregistrene) often resulted in potential customers looking up the wrong company. To prevent this confusion we recently changed the name of the old (non-LLC) company, and figured we'd use the opportunity for some harmless - or so we thought - fun.Apparently, the tax authorities noticed. You'll need to read their page for more details. (Scroll down for English.)The old company was renamed to:
';UPDATE TAXRATE SET RATE = 0 WHERE NAME = 'EDVIN SYSE'
As did Justin Mason.
Bookmark this post:
In no particular order, your friendly neighborhood Dept. of Pre-blogging hereby predictively reports on:
Bookmark this post:
So while Statebook is a pretty entertaining demo, "Database State" is a disturbing look at how real the underlying data collection is in the U.K.
Via Boingboing.
Bookmark this post:
Make your own at http://jamesholden.net/billboard/.
I was gonna wait for the weekend, but...via @alecmuffet
Bookmark this post:
Thousands of dollars worth of hundred dollar bills brought rush hour to an abrupt halt on two San Diego freeways.Drug suspects tossed the money from their car as they were chased by police. Other drivers saw the money and stopped their cars on the freeway to dash into traffic trying to get some of the cash.
Bookmark this post:
Bookmark this post:
My smart friend James Thomson of TLA Systems has created a new benchmark in iPhone applications, Twitkitteh. Not only is it the first Twitter client for cats, but it might also be the first iPhone app for cats, as well.
I've always accused my cats of playing the stereo when I'm not there, and it would be good to know what they're listening to. It would also be good to have in V1.1 hairball alerts, bird-outside-the-window, or there are squirrels on the fence.
It's one of the better 99¢ applications, and better dinner-table conversation than many others.
Bookmark this post:
The 110-story Sears Tower, tallest office building in the Western Hemisphere, will be renamed the Willis Tower, global insurance broker Willis Group Holdings said on Thursday.ReutersWillis said it was leasing multiple floors in the 1,451-foot (442-meter) structure in downtown Chicago to consolidate offices. As part of the deal, it will become the Willis Tower this summer when the move takes place, the company said.
Bookmark this post:
Thanks, Stepto!
Bookmark this post:
The BBC tells the tale of a Polish immigrant flouting traffic regulations across the emerald isle:
He had been wanted from counties Cork to Cavan after racking up scores of speeding tickets and parking fines. However, each time the serial offender was stopped he managed to evade justice by giving a different address.As it turns out, however, there was more (and less) to this dastardly villain's wild ride than meets the eye.
"Prawo Jazdy is actually the Polish for driving licence and not the first and surname on the licence," read a letter from June 2007 from an officer working within the Garda's traffic division. "Having noticed this, I decided to check and see how many times officers have made this mistake. "It is quite embarrassing to see that the system has created Prawo Jazdy as a person with over 50 identities."BBC News
And thus, the mystery was solved.
Public domain image via pl.wikipedia.org
Bookmark this post:
Okay, this is a rant.
Cut and paste is broken in most apps today. More specifically, it is paste that is broken. There are two choices in just about every application: "Paste" and "Paste correctly." Sometimes the latter one is labeled "Paste and Match Style" (Apple) and sometimes "Paste Special" (Microsoft).
However, they have it backwards. Usually, what you want to do is the latter one, which is why I called it "paste correctly." It is the exception that you want to preserve the fonts, formatting etc. Usually, you want to just paste the damned text in.
I mean, Jesus Hussein Christ, how hard is it to understand that when I go to a web page and copy something and then paste it into my document that I want to use MY fonts, formatting, color, and so on? Even if I do want to preserve those, I ESPECIALLY do not want you to leave my cursor sitting at the end of the paste switched out of whatever my setting I'm using. In the rare occasion that I want paste as it is done today, the keys I type are:
modifier-V ! Paste (modifier is either (ironically) command or control)
start typing ! Continue on my merry way
modifier-Z ! Oh, crap, I'm no longer in my font,
modifier-Z ! I'm in Web2.0Nerd Grotesque 10 light-grey
! undo the typing and the paste
space, back-arrow ! Get some room
modifier-V ! Paste
forward-arrow ! Get back to my formatting
(delete) ! Optionally delete the space
start typing again ! Now where was I? Oh, yeah....
Note the extra flourish at the end because pasting is so helpful.
The usual sequence I type is:
modifier-V ! Paste
modifier-Z ! %$#@*!
search Edit menu ! Gawd, where is it, what do they call it?
select Paste Correctly ! Oh, there
start typing again ! Now where was I? Oh, yeah....
This is much simpler, but has its own headaches. First of all, Microsoft binds their "Paste Special" to control-alt-V and brings up a modal dialog because there are lots of options you could conceivably want, and just wanting to paste the %$#@&* text is so, so special. Apple (whose devos must long for the Knight keyboard) binds it to command-option-shift-V, but at least doesn't make me deal with Clippy's dumber cousin. They put "Paste Style" on command-option-V, which pastes into place only the formatting. Oh, yeah, like I do that so often I need a keyboard shortcut.
The upshot is that the user experience here is so bad that the stupid blog editor I'm using here that actually makes me type in my own <p> tags is a more predictable editing experience. I can actually achieve flow while I'm writing.
Most tellingly, the most even, consistent, out-of-my way editing experience is getting to be LaTeX! Yeah, I have to type accents by hand, but at least I don't lose my train of thought every time I paste.
The solution is simple. Make modifier-V be paste. Just plain old paste. Put paste-with-frosting on control-meta-cokebottle-V and give it a helpful dialog box. Please?
Photo by adam.coulombe.
Bookmark this post:
Bookmark this post:
[Update: Click the picture. It's only funny if you click the picture with Flash enabled. The site requires Flash.]
Bookmark this post:
During a chat I had this afternoon, someone brought up an interesting situation to contemplate. The Presidency of George Bush fils ended today at noon EST, but Mr. Obama wasn't sworn in until 12:10. Who then, the question was, President during those ten minutes.
One mildly unsatisfactory answer is Ms. Pelosi. If there is neither a President nor Vice President, then the duty falls to the Speaker of the House.
An even less satisfactory answer is Mr. Biden. The way that was explained, he was sworn in at 11:58. I find it unsatisfactory for two reasons. The most important to me is that after conjuring up this inter-administration gap, this closes it before it started. The second reason follows from what I think the best answer is.
The best answer to my mind is the simplest: no one. The office doesn't magically fall to the next person in line, they actually have to be sworn in. When Mr. Kennedy was murdered, there was a short gap between his death and Mr. Johnson being sworn in and during that gap, there was no President. It's the swearing in that makes the President. Similarly, in the event that an election gets thrown into the House and they didn't decide until the 21st, there'd be no President for that day.
If there was indeed a gap (I could argue there was none), the person to whom the office fell was unequivocally Mr. Obama. He was at the time President-Elect. Even if Mr. Biden were somehow actually Veep, the obvious President-to-be is the President-Elect. Of course, this is also why the answer of Ms. Pelosi is unsatisfying. Even if we're running the Executive like a Swiss railway, we know who the incumbent executives are.
Nonetheless, it's fun to muse over. Feel free to spin your own argument for whomever.
The clever reader may also note that I said "today" despite it being past midnight server time. I have a personal rule that it's still today until one goes to bed; it's still night until one has breakfast; it's still morning until one has lunch. And besides, it's still the 20th in Hawaii, the President's home state.
Bookmark this post:
Bookmark this post:
All from the Strange Maps blog. You could click on the pictures, but this blog is perfect Saturday afternoon "hey look at this" material.
Bookmark this post:
In honor of Newton’s Birthday festival, I therefore propose the following song, to be sung to the tune of “The Twelve Days of Christmas.” For brevity, I include only the final verse. All together now!"The Ten Days of Newton, by Olivia Judson"On the tenth day of Newton,
My true love gave to me,
Ten drops of genius,
Nine silver co-oins,
Eight circling planets,
Seven shades of li-ight,
Six counterfeiters,
Cal-Cu-Lus!
Four telescopes,
Three Laws of Motion,
Two awful feuds,
And the discovery of gravity!
Bookmark this post:
The Gavle goat survived until the 27th this year, but as the BBC reports, " Festive goat up in flames again."
Previously: "Goat Security," "13 Meter Straw Goat Met His Match."
Bookmark this post:
Baydan has received orders for 300,000 pairs of the shoes since the attack, more than four times the number his company sold each year since the model was introduced in 1999. The company plans to employ 100 more staff to meet demand, he said.You can visit Baydan Shoes, and try to find them. Warning: Site plays bad music when you arrive, without an obvious off button.
Via Marginal Revolution.
Bookmark this post:
According to Ananova, a Swiss watch-ring has been found covered in dirt in a four-hundred year old Ming dynasty tomb. The watch was found, covered in dirt. It was stopped at the time 10:06 and has the word, "Swiss" engraved on the back.
The archaeologists on the dig have requested archaeologists from Beijing to help them unravel the mystery.
Emergent Chaos contacted the Hong Kong representatives of Allied Epochs, a time-travel law enforcement agency, who told us that an investigation into the matter is already ongoing, but no report on the incident is available yet.
Bookmark this post:
As I was listening to "Dave Birch interviewing Ben Laurie," I was reminded of this 1927 silent film:
Ben commented on people having difficulty with the CardSpace user interface, and it not being as intuitive as having your email address being a login identifier.
Anyway, fascinating interview. Worth a listen, even if takes twice as long as learning what a dial tone is.
Bookmark this post:
Bookmark this post:
Via Paul Kedrosky. Feel free to use this as an open thread.
Bookmark this post:
In "Tidying up Art" Ursus Wehrli tells the TED audience about not only how to tidy up art, but has a great example of how apparently simple instructions can very quickly lead chaos to emerge.
And it's pretty darn funny after the audience doesn't know how to respond to his first couple of jokes.
Bookmark this post:
And the reason it doesn't work is that just because you're allowed to own something doesn't mean you're allowed to export it. The use, ownership, production, etc. of crypto was never restricted, only its export. In an Intenet-enabled world, export control brings lots of hair with it, which is why it was important to fight export restrictions. I could go on, but I've already ruined an otherwise amusing strip.
Bookmark this post:
5S is a key concept of the lean manufacturing techniques that have made makers of everything from cars to candy bars more efficient. The S's stand for sort, straighten, shine, standardize and sustain. Lately, 5S has been moving from the plant floor to the cubicle at hundreds of offices around the country, adding desk cleaning to the growing list of demands on employees.In a hospital, I can see value in neatness in shared space, and knowing where the tool is in the nearest cube. For a hospital, crash carts are always bright red, and are organized pretty much the same everywhere. That doesn't mean you have to forbid pictures on the wall. For a knowledge worker, if you make the environment lifeless, you get lifeless output. World leading design companies like Ideo have offices which are personalized, chaotic and emergent.That means companies like Kyocera Corp., Mr. Scovie's employer, are patrolling to make sure that workers don't, for example, put knickknacks on file cabinets. To impress visitors, the company wants everything to be clean and neat. Meanwhile, doctors in Seattle are relearning where to stick their stethoscopes. And output from the printer at Toro Co., a Bloomington, Minn., lawn-mower maker, is sorted daily and tossed weekly.
The value of anything is the foregone alternative. These companies are spending money on, well, I'll just use this neat little anecdote:
When [Mr Brown of Kyocera] got to the accounting department, he discovered a hook on a door and told cash-management assistant Deanna Svehla that doors are supposed to be free of such accouterments. "But that's where I hang the Christmas decorations," she said.They do try to defend it a little:"C'mon, like there aren't plenty of places to put decorations," he said, nodding at the orange and black Halloween tinsel strung along the outside of her cubicle. That's OK, it turns out, because it isn't permanent.
While that may sound authoritarian, it's not the initiative that's important, it's how managers communicate it, says Gary Hayes, managing partner at Hayes Brunswick & Partners LLC, a leadership advisory firm in Bronxville, N.Y. "If managers clearly explain why they're doing something, I think most people will understand the rationale. But if you say, 'We're doing this because 14 efficiency experts say it increases productivity,' then it becomes kind of Dilbert," he says, referring to the comic strip of satirical office humor.No Gary, it never becomes kind of Dilbert. Dilbert-ness is the very core of 5S. 5S advocates, please call the outsourced layoff call center. Your 3 approved desk items will be sent to you.
(I was going to tie this to security, but I have to go change my password.)
Bookmark this post:
We're Sgt. Morris' lonely worm club band,
We hope you will enjoy the show,
We're Sgt. Morris' lonely worm club band,
Sit back and let security go.
Sgt. Morris' lonely, Sgt. Morris' lonely,
Sgt. Morris Lonely worm club band
It's wonderful to be here
It's certainly a thrill
You're such a lovely fingerd
We'd like to take you $HOME with us
We've love to take you home
I don't really want to stop the show
But I thought you might like to know
that the sendmail's gonna sing a song
and you're all gonna sing and sing along
So let me introduce to you
the one and only wiz mode bug
and Sgt. Morris Lonely worm club band!
Bookmark this post:
Bookmark this post:
A group of soldiers with the US Army's 304th Military Intelligence Battalion have managed to top previous military research on terrorist use of World of Warcraft.
Realizing that mentioning the word "terrorist" can allow researchers to acquire funding to play the popular MMOG, they turned attention to the popular, if architecturally unscalable micro-blogging system, Twitter.
Surpassing the threat-analysis skill of super-spy Chad Feldheimer from the recent documentary "Burn After Reading," they mention not only the threat of "socialists," "communists," and "anarchists," in using Twitter to "communicate with each other and to send messages to broader audiences," but the wider and more up-to-date threats from "religious communities," "atheists," "political enthusiasts," "human rights groups," "vegetarians," and last but not least, "hacktivists." They notably left out delinquent teenagers, so one presumes they don't use systems like Twitter.
The Military Intelligence group also discovered that people can use GPS in phones like the Nokia 6210 and Nokia Maps to know where they are. This could let terrorists who want to illegally cross a border know where that border is, or to know that a certain large triangular stone thing is the Pyramid of Cheops (category: Attraction).
The report's cutting edge thinking also discusses how terrorists could use voice-changing software such as AV Voice Changer Diamond to make prank phone calls and effectively hide under an abaya.
The full report, marked "For Official Use Only," can be found here. It also redacts with a dark gray splash of ink the email address of sarah.e.womer@ugov.gov, from whom you can get a copy of the report if you do not have access to INTELINK, Cryptome, or the Federation of American Scientists.
I think the report speaks for itself. I just can't make this stuff up, apart from the bit about hiding under an abaya.
Bookmark this post:
"It's been in the back of my mind since you first came in: How do you get the missile on the trailer into Manhattan?" federal Judge William Pauley III asked.So reports the New York Post, "Security Lapse Let in Naughty Fake Rocket."Sachs, from West Babylon, said cops just laughed as he passed through the Queens Midtown Tunnel on his way into the city Sept. 8.
Sachs also claimed he drove his "missile" through the Lincoln Tunnel five times, and was only stopped twice.
"They checked license and registration, but not the missile," he said.
"You're telling me that when you drove up to the Lincoln Tunnel -" Pauley said.
"They saluted," said Sachs, who is representing himself in court.
I was going to comment, but I think I'll just salute.
Bookmark this post:
I want one with the 4th amendment on it.
Bookmark this post:
It was Dopplr that drove me over the edge on this rant. I almost feel bad for starting off with them, because as you will see, they're just the bale of hay that broke the camel's back.
I was updating my travel schedule, which included a trip to St. Louis. It told me that by coincidence, one of my connections would also be there, and would I like the web site to send a message, because, you know, we might want to meet up or something.
To which I thought, "Yes, you scrofulous maroon, she's going to be there at the same time as me. It's not a coincidence, it because I'm married to her. And thank you for the offer to relay a message, but not only do I have her on speed-dial, but she'll be sitting in the window seat next to me, which means she's going to arrive at quite nearly the same time as I do."
That pretty much sums it up. You can't swing a tweet around here anymore without having it mashed up into some new social network, and none of them have even a junior-high school clue about human relationships. You can have friends and secretly rank them by how good a friend they are, but not indicate the relationship that is by definition a public declaration. You can say you're in a relationship and not looking for dates, but you can't put in a link to whom. You can give testimonials, but you can't use a joint checking account in two PayPal accounts.
This is all laughable, but not particularly funny. There are huge, gaping privacy issues all throughout these social networks, and who one is married to is something that is on the public record. You might be secretly married, but you can't be privately married. And the nigh universal absence of marriage from social networks makes the term risible.
How did this miss the requirements documents? Do all the product managers come from an alternate universe where there are only studio apartments with dorm beds? Do Javascript programmers think that only classes can have dependance, that only objects have hierarchies?
It can't be that they're all kids living in their parents' house, can it? I mean, surely not all their parents are divorced.
Why doesn't Dopplr ask, "Hey, I notice that you live in the same city, seem to end up in the same city at the same time when you travel. I don't mean to pry or anything, but, umm, is there a thing between you? Something social? Should I do anything?
The Identity Management people are just as bad, if not worse. They want to set up Identity Frameworks, but it's pretty obvious that while Infocardia begins and ends with a vowel, it is not a community property state. (It's also a land where no one ever hires a personal assistant, either. Mentioning this lack in the system will get you the most amazing dirty looks. Higginsopolis is a shiny egalitarian meritocracy where no one actually hires anyone else, because that's merely slavery by the hour.) There's no health insurance except for individuals, either, there.
Having constructed a system that is social but for some other culture than the one human beings live in, they wonder why there's been no Identity Big Bang, and ponder deep ponderings about why after having build it, people aren't flocking to it. I think I'm with you, Brain, but what if the chicken won't wear the nylons?
There are, however, a few rays of hope. American Airlines does a pretty good job. In my profile, there's a place to put another person, and when I buy two tickets it automatically fills out the second one for her. Even better, when she buys two tickets, it shows up in my profile, and I can dink the seating chart. It isn't particularly intrusive either, as the relationship is tacit. It's just set up so that there are defaults. If I buy a second ticket, it fills it out with her details.
While It is by no means perfect, we both like aisle seats, so it has this tendency to put us across the aisle rather than together. They need to improve this. It's okay, we're safe to sit together. We might get in each other's space, but you won't have to pull the plane over.
I know it's hard to figure out what to do with relationships. Sometimes it's easy. Dopplr could, for example, like the airline give people who travel a lot together the ability to declare for both. Sometimes it's hard to know what to do, but if it's any social web site that lets you say that you're in a relationship ought to have a protocol for saying you're in a relationship with a person. You can one-plus this to people as well as I can, for the Muslims and polyamorous.
And yeah, there are other shudder-to-think rough edges. What do you do about the guy or gal who is married and has someone on the side whom it's not exactly talked about but everyone knows? This is indeed a hard problem, but hey, if it were easy, they'd be coding this up in India. Oh, right, they are coding it up in India. Silly me. If this were easy, they'd be doing the requirements documents in India.
I realize that it might not be good for the monitization model to admit to the existence of either Muslims or polys on your social network, but Jesus Haploid Christ, Second Life lets you have a marriage, although they charge to break it up rather than create it.
Rough edges aside, why the heck can't I put the joint checking account on two PayPal accounts? It's not like you can't verify the names on the account. It's because -- it's because -- it's because you have no social skills. You don't understand people, those aren't really your friends, and your mother dresses you funny. Admit it.
Bookmark this post:
Bookmark this post:
GraphJam, via Information Aesthetics
Bookmark this post:
For those who haven't been listening closely to their NPR, it turns out that there are at least eight Barack Obamas running for election in Brazil this year. Yes, you heard that right. Under Brazilian law, it turns out, candidates are allowed to run for office under any name, as long as it's not offensive. So eight aspiring politicos, including a former air conditioner salesman and a man claiming a resemblance to Obama (but not actually bearing one), have officially changed their names in hope that it will bring them victory in October's municipal elections.Sorry to be getting political. We'll try to keep it chaotic, emergent and fun.
Via Concurring Opinions. Photo: AP
Bookmark this post:
9Wants to Know has uncovered a new policy that allows airport screeners at Denver International Airport to bypass the same security screening checkpoints that passengers have to go through. ... The new policy says screeners can arrive for work and walk behind security lines without any of their belongings examined or X-rayed. ... At DIA, 9NEWS videotaped a dozen TSA screeners walk through a side gate and enter the sterile area of the airport carrying backpacks, purses and lunch boxes. Nothing was screened.As Schneier points out, this isn't a big deal:Sources tell 9Wants to Know, the reason for the security change may be tied to the new uniforms and badges.
The old, white TSA uniforms had yellow cloth badges sewn on them. The new, blue uniforms have metal badges that set off alarms when screeners go through the checkpoints. Sources say the TSA is worried that the screeners will remove the badges while going through security and that they'll get lost or stolen. (Colorado's 9News.com, "Sirport Screeners bypassing security.")
Screeners have to go in and out of security all the time as they work. Yes, they can smuggle things in and out of the airport. But you have to remember that the airport screeners are trusted insiders for the system: there are a zillion ways they could break airport security.But, as we pointed out when they moved to metal badges, TSA badges are a bad idea. There's no reason to have metal badges at all, and they come at both a financial and operational cost. The operational cost is there's a group of people walking through the metal detectors who are allowed to set it off.
Do they really need metal badges?
This is really about a failure of judgement, about thinking through the effects of their decisions, and about how those decisions will be perceived.
Bookmark this post:
You might not be able to think like one, but today you should certainly talk like a pirate.
Yo ho ho, shiver me timbers, etc. etc.
Image credit: charliekwalker
Bookmark this post:
Such a choice of excellent Muhurta with Chrome release time may be coincidental, but it makes us strongly believe that Google may not have hesitated to utilize the valuable knowledge available in Vedic Astrology in decision making.This is a beautiful example of confirmation bias at work. Confirmation bias is when you believe something (say, Vedic astrology) and go looking for confirmation. This doesn't advance your knowledge in any way. You need to look for contradictory evidence. For example, if you think Google is using Vedic astrology, they have a decade of product launches with some obvious successes. Test the idea. I strongly believe that you haven't.
Bookmark this post:
Bookmark this post:
RFC 1918 is a best-current-practicies RFC that describes network address ranges that we all agree we won't use globally. They get used for private networks, NAT ranges and so on. There are three ranges:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
They are thus the Internet equivalent of the American phone system not using the exchange 555, only more useful. If you need to give an example IP address, you can use one of those without causing anyone consternation or irritation.
An example of why you want to use one of these addresses can be found (at least for the next few minutes) at Microsoft's site for the IE 8 beta. One of the IE 8 features is the "SmartScreen Filter" which can tell you IP addresses you're best not going to. An example is the picture accompanying my post.
If you check out that address, 207.68.196.170, at ARIN Whois, you find out that it's owned by Microsoft themselves.
I suppose that using one of your own addresses as a hazardous address is better than using someone else's, but immature people like Your Friendly Author will titter over it and point it out to other people as well.
There's a reason RFC 1918 exists, and this is one of them. Oh, by the way, be sure to look at RFC 2606, which reserves the domains example.com, example.net, and example.org. It also reserves the top-level domains .test, .example, .invalid, and .localhost. Remember them.
Bookmark this post:
A Christian Science church near the White House filed suit against the city on Thursday, accusing it of trammeling religious freedom by declaring the church a historic landmark and refusing to allow church leaders to tear it down.Me, I just think there's something between irony and schadenfreude in there not only being a "brutalist" style of architecture, but that Washington DC wants to preserve it, over the objections of those subjected to it.The building, a stark structure with walls that soar toward the sky, is an eyesore or a work of genius, depending on who is discussing it. The 37-year-old church was designed by Araldo A. Cossutta, who had been an architect in I. M. Pei’s firm, and declared a landmark in December.
Supporters of preserving the church, the Third Church of Christ, Scientist, say it is a sterling example of a style of architecture called brutalism, which is identified by repetitive geometric design and raw concrete. ("Church Sues over Landmark Status"="
(Not to mention the questionable justification for the government creating and keeping a list of historic landmarks which their owners then must maintain.)
Photo: Washington DC 3rd Church of Christ Scientist, Amy.Arch
Bookmark this post:
The Paper of Record has a hilarious article, "Literacy Debate: Online, R U Really Reading?" which asks important questions about what Those Darn Kids are doing -- spending their time using a mixture of hot media and cold media delivered to them over the internets.
I'll get right to the point before I start ridiculing the ridiculous, and answer the question. No. Of course not. It's not really reading. This is not text. It is not the product of hot lead type lovingly smearing a mix of kerosene and soot over wood pulp. It's a bunch of pixels, and those pixels are whispering directly into your brain. You are not reading, you're hearing my snarky voice directly massaging your neurons. That doesn't happen when you read. People don't see things or hear things when they read. Ask Anne Fadiman if you don't believe me. She knows.
Let's look at some of the statements in the article:
Few who believe in the potential of the Web deny the value of books. But they argue that it is unrealistic to expect all children to read “To Kill a Mockingbird� or “Pride and Prejudice� for fun.
It is unrealistic to expect any children to read Austen. Austen is arguably the second best writer in all of English, but she requires emotional experiences that children do not have. Pride and Prejudice is no more children's reading than 1984 is. Trust me on this, I know. I read 1984 when I was ten, and when I re-read it in college, I was gobsmacked to learn that there is sex in it.
Some traditionalists warn that digital reading is the intellectual equivalent of empty calories. Often, they argue, writers on the Internet employ a cryptic argot that vexes teachers and parents. Zigzagging through a cornucopia of words, pictures, video and sounds, they say, distracts more than strengthens readers.
They said pretty much the same about Dickens. Until relatively recently, no serious scholar of literature (read college professor) would admit to reading Dickens. Personally, I agree. These days he's considered a classic, and the non-serious scholars won't admit to reading him.
Last fall the National Endowment for the Arts issued a sobering report linking flat or declining national reading test scores among teenagers with the slump in the proportion of adolescents who said they read for fun.
And of course we can fix this by denigrating what they do read, as opposed to finding things for them worth reading.
“Whatever the benefits of newer electronic media,� Dana Gioia, the chairman of the N.E.A., wrote in the report’s introduction, “they provide no measurable substitute for the intellectual and personal development initiated and sustained by frequent reading.�
I'll do my part. I resolve to start writing my blog posts, okay? Do you want them in printing or copperplate?
[Synopsis: Nadia's mother tries to instill a love of books in Nadia. Nadia does not respond until they get a computer, when Nadia gives up TV for fanfic.]Now [Nadia] regularly reads stories that run as long as 45 Web pages. Many of them have elliptical plots and are sprinkled with spelling and grammatical errors.
Which the masters of modern literature such as Pynchon and Joyce would never do. Austen never had elliptical plots, they were circular, and she was merely eccentric.
Nadia said she wanted to major in English at college and someday hopes to be published. She does not see a problem with reading few books. “No one’s ever said you should read more books to get into college,� she said.
And this is a problem?
Reading skills are also valued by employers. A 2006 survey by the Conference Board, which conducts research for business leaders, found that nearly 90 percent of employers rated “reading comprehension� as “very important� for workers with bachelor’s degrees.
I don't know about you, but I wonder what sort of people the 10+% of employers are who think that reading comprehension is not very important. What sort of Dilbert-refugees are they? I find that "nearly 90%" to be disturbing.
Some literacy experts say that reading itself should be redefined. Interpreting videos or pictures, they say, may be as important a skill as analyzing a novel or a poem.
Ah, the word "may." I've ranted about it before. It is true that interpreting pictures may be as important as analyzing a novel. It certainly is if you want to appreciate El Greco. But that's not the point. As much as I like sneering at moderns who think Dickens is literature, times change. It may, indeed. Joyce may have written grammatically. Austen may be suitable for children. Reading comprehension may be important for workers with bachelor's degrees. And Shakespeare's works may have been written by another man of the same name.
I am disdainful of hot media, but the Web is the rennaissance of cold media. It's an aberration in a slide to hotter and hotter media. Also realize that cold media is relatively recent. Most of human history had its literature in songs and pantomime.
Lastly, remember that kids have been no damned good for as long as we've been writing at all. The pinnacle of civilization was when we were in the caves, and it's been a long slow slide into perdition ever since. Every generation is worse than the previous one. It will continue to be that way. These kids are going to sigh with exasperation and not understand why their kids roll their eyes at Sailor Moon. And they just not going to understand the true art form of fanfic and slashfic. Tsk.
Bookmark this post:
The German Bundespolizei have announced what the BBC are calling a "bullet-proof bra".
It may sound like a joke, but this is a serious matter - the policewoman who came up with the idea said normal bras can be dangerous when worn in combination with a bullet-proof vest."The impact of a bullet can push the metal and plastic bits of the bra into an officer's body, causing serious injury," said Carmen Kibat, an adviser on equal opportunities for the Hamburg-based Bundespolizei - Germany's federal police force.
"I always thought normal bras posed a safety risk and I wanted to change that," she said.
Now, I'm sure Frau Kibat's heart is in the right place, and I would certainly not want it to be pierced by either a bullet or a brassiere clasp or underwire fragment, but I have to suggest here that "I always thought" doesn't suggest that the decision to develop this article was made based on empirical data.
While I admit it's interesting to see "Polizei" on a brassiere, it'd have been better to ask those that are concerned about the "risk posed by normal bras" to simply buy one that is made entirely of cloth, since they are readily available through non-governmental channels.
Photo: Reuters, via Die Welt
Bookmark this post:
According to The Daily Telegraph, the Knights Templar are suing the Vatican for all that money they lost in 1307. (The Telegraph has a companion article here as well.)
This adds up to a nice round €100 billion. The Telegraph didn't say whether that is American billions (thousand million, 109) or English billions (million million, 1012), and given that the Templars were The World Bank of the turn of the previous millennium and there's 700 years of interest involved, it's not obvious how many zeroes need to go at the end.
Last October, the Vatican released copies of the parchments documenting the Templar Trials after having them been "misfiled" for over three hundred years. (My house has nearly as many books as the Vatican, squished into a much smaller space, so I completely understand how that could happen.)
These parchments reveal that in fact the Templars were found to be not guilty of heresy at the time, but Pope Clement V let them be disbanded and burned at the stake anyway because King Philip IV of France was being really cranky about it. (If you follow US foreign policy, you should completely understand how that could happen, as well.)
The major dodgy thing about the suit is that the Spanish group claims that their suit is not to reclaim damages but only to restore the good name of the Templars. Yeah, uh huh, sure. Then why aren't you suing for a single Euro?
Perhaps the Freemasons will weigh in on this. Among the many Fun Templar Facts, there's a surprisingly good theory that they're founded by escaped Templars. Other Fun Templar Facts include that Friday the 13th is considered unlucky because that's when they were all rounded up; that the burned Templar Grand Master, Jacques de Molay, was the 23rd Grand Master; and that Jacques de Molay was the inventor of Molé sauce.
Photo is of Jacques de Molay being sent to burn at the stake, via the GETTY and the Daily Telegraph web site.
Bookmark this post:
Transport for London is trying to get as many people as possible to use Oyster Cards. They are cheaper -- and theoretically easier to use -- than traditional tube / bus tickets. However, using one means that TfL has a record of your journeys on the transport system, which is something that not everybody is comfortable with.Photo: Voyeur by Jeff VC
Bookmark this post:
Bookmark this post:
Adam comments on Dave Maynor commenting on Blizzard selling authentication tokens.
Since I have the ability to comment here, I shall.
This isn't the case of a game having better security than most banks (as Maynor says). This is a game company leaping ahead of some banks, because they realize they have bank-like security issues.
It's been a year or so since I read on El Reg that on the black market, a credit card number sells for (as I remember) £5, but a WoW account sells for £7. I would look up the exact reference, but I'm not in the mood. Your search skills are likely as good as mine.
The exact reasons for this are a bit of a mystery, but there are some non-mysterious ones. There is a black market for WoW gold and (to a lesser extent) artifacts. That black market is shuddering because Blizzard has done a lot to crack down on it. (Blizzard's countermeasures are one main reason that the artifact market is low. Most artifacts become bound to one character when used, and so are not transferrable and so are not salable.) Nonetheless, many WoW players have gold in their pockets that would sell for hundreds to thousands of dollars on this black market.
(If you think from this, that WoW can be a profitable hobby, think again. That many players have gold worth some real change says more about the time they have spent playing than anything else. If you live in a first-world country, you can earn far more flipping burgers than playing WoW. It is only if you are in a third-world country that WoW is a reasonable career choice.)
This means that by putting a keylogger on someone's system, you can steal a pretty penny from them and sell it on the black market. A not-insignificant number of WoW players have logged into their accounts to find their characters naked and penniless. However, there's an interesting twist on this. Blizzard can and does restore the lost gold and items.
Presumably, Blizzard has a transaction log and can rewind it. However, this is work for them and annoyance for the victim. Two-factor authentication will lower Blizzard's costs but fear of robbery is high enough among the players that they're snapping these things up and are willing to pay for them.
Bank customers rightly think that increased security is something that the bank should pay for. So in the banking world, the cost-benefit calculation of two-factor authentication is complex. In the gaming world, it's pretty straightforward. Since Blizzard can shift the cost of the device to the customer base, it's easier to justify.
Bookmark this post:
After having seen some footage of Amy Winehouse's performance at Glastonbury, I think she needs to immediately marry Shane Macgowan, preferably as part of a reality TV show.
Bookmark this post:
I love these boots, via "BoingBoing gadgets." They're transgressive on so many levels. Star Wars geek versus fashion. Military versus sexy.
I'm glad George Lucas isn't an obsessive control freak who hunts down anyone who adopts the visual language that he created.
Bookmark this post:
Bookmark this post:
Some time ago, I wrote about the absurdity of email disclaimers. It is therefore with great amusement I pass on the "Terms & conditions for acceptance of email messages by Andrews & Arnold Ltd" by a small ISP and IT company in Bracknell. The best part of it is the last term.
Check out their laser engraving, as well. I think I want a no-stabbing sign.
Bookmark this post:
Fifteen people have escaped unharmed in the US state of Indiana after a sky-diving plane lost power 7,000ft (2,100m) from the ground.And the pilot was un-injured, according to the AP story. From Skydiving plane fails at 7,000ft, BBC. The website of the company in question even asks "Want to jump out of a perfectly good airplane?" making one less joke for us to tell here.The pilot told the 14 skydivers on board to jump to safety, then crash-landed the plane.
Bookmark this post:
[Update: Securology posted " Sending Bobby Tables to the Moon," which is funnier, if more likely to be filtered out of the final database.
Bookmark this post:
Bookmark this post:
I would estimate that 2/3 of the calls I get are from people trying to sell me things I neither need nor want. Of those, over half are outsourcing services. Of the remainder, recruiters are over half.
There are also people who call me for their services once a week. There's one particular outsourcing firm whose name is burned into my brain because of the number of times I've been subjected to it. I don't know how to spell their name, but I can sure pronounce it. There's also a recruiting firm that I know well, too. Each of these people I have asked to take me off their list, asked to talk to supervisors, talked to supervisors, yelled at them, ranted at them, and finally sworn at them, and yet I still get my weekly call.
As I was doing office stuff a few moments ago, I played a voicemail, and it was from my friends at Hadron Infotech, letting me know about their services just in case I have (a) developed a need I didn't have last week and (b) forgot their name. (One of my rants included telling them that when I do need such services, they will be the last people I call and sadly for them, I have no trouble remembering their name.)
Since I was doing office stuff, I let the message drone on, and got the litany of things they can do for me including, Java, Jay-mumble-E, Dot-Net, Pee-Haitch-Pee, AJAX, Perl, Ruby on Trains, updating your web site, ....
Wait a minute. Did he say what I thought he said? Ruby on what? I ran over to my computer, backed up the player, and ... Yes! Ruby on Trains! How delightful!
I'm still laughing. I hope you are, too. Maybe I'll get another laugh next week.
Photo "Ruby on Train" by theresa_l_reed.
Bookmark this post:
You don't have much credibility looking for a publisher for a book on rum when you're sailing in the Caribbean drinking the best rums you can find in the name of research. Most people just didn't take me seriously that there was even a need for a book on rum. It took quite a while to get things rolling.See the Ministry of Rum FAQ.
Bookmark this post:
The starring role of Johnny Utah is selected from the audience each night, and reads their entire script off of cue-cards. This method manages to capture the rawness of a Keanu Reeves performance even from those who generally think themselves incapable of acting. The fun starts immediately with the "screen test" wherein the volunteer Keanus (usually 5-15 men and women vie for the role) go through a grueling audition process. The part is then cast via applaus-o-meter.Point Break Live. So very attitudinally mis-adjusted.. Via JWZ.
Bookmark this post:
Unfortunately, no progress on the "fake tape" issue:
The authenticity of the two-hour audio recording posted on an Islamic Web site could not be independently confirmed. But the voice sounded like past audiotapes from the terror leader, and the posting where it was found bore the logo of Al-Sahab, al-Qaida's official media arm.(Via Orin Kerr at Volokh.)
Bookmark this post:
We all know that ID theft and extortion bots are ubiquitous. Perhaps it is some consolation that a modicum of technical skill is needed to construct such things. That has changed.
I (a complete non-programmer) have just built not one but two "bots" using materials available here and here! With these templates, any 8 year-old can do the same!!!
Bookmark this post:
Bookmark this post:
UPDATE: This was a belated April Fools' from the Attrition people, which clearly suckered me in.
Attrition.org's Lyger has announced the end of Attrition's Dataloss project (presumably including both the DLDOS and Dataloss mailing list).
In the past few weeks, it has come to our attention that too many people are more concerned with making a profit off of our work without any offer of acknowledgement or compensation. For those who aren't familiar with Attrition, we're a non-profit hobby site that takes on "projects" as we see fit, when we want to, and when we have time. For those who *are* familiar with Attrition, you probably know that we don't take kindly to being dealt with unfairly. Commercial entities, including "identity-theft prevention" upstarts and book authors, will gladly contact us, ask for information and advice, and then not even offer us the equivalent of a reach-around when selling their materials. We don't pimp our resources to others; they come to us. Unfortunately, more often than not, they won't even send us a "thank you". We've mentioned it in the past, but we're not going to mention it in the future. This is the last mention.
It's too bad that leeches have spelled the end of this resource. Hopefully, others will step into the breach (pun intended), and offer something similar. Ideally, this would be done by an organization with the inclination and legal muscle to enforce a license requiring proper attribution from those using the material.
Bookmark this post:
Schneier is probably busy at RSA, so I'll handle this one, which comes courtesy of the Manitowoc Herald Times Reporter of April 9:
About 450 employees of Point Beach Nuclear Plant were evacuated Tuesday morning after a convenience store clerk reported a man had asked for directions to Nuclear Road, where the plant is located, and then said he "came to blow up the place," according to a press release from Capt. Robert Kappelman of the Two Rivers Police Department.The Federal Bureau of Investigation, Point Beach Nuclear Plant, the Manitowoc County Sheriff's Department and the Two Rivers Police Department conducted a joint investigation.
Information from the surveillance video at the gas station led authorities to a vehicle parked at the nuclear plant. A 23-year-old man from Hull, Mass., working as a contractor at the plant, had rented the car in Milwaukee.
In an interview with the FBI, the man admitted the conversation took place but said he had stated he "hoped he wouldn't blow up the place" as it was his first day working at the facility. He said he told the clerk "they don't allow (him) to push any buttons, anyway."
His vehicle was searched and no threats were found. No charges are being pursued, according to TR [Two Rivers, Wisconsin] police.
Not as good as the "going to LA to shoot a pilot" non-story, but not bad. Notice the Massachusetts connection. Good thing the guy wasn't working at Pilgrim, 'cause I am sure there were potentially lethal LEDs in that car :^).
Bookmark this post:
The New Scientist reports in, "Have peacock tails lost their sexual allure?"
A controversial study has found no evidence for the traditional view – practically enshrined in evolutionary lore – that peahens choose their partners depending on the quality of the peacocks' tails.
Obviously, traditionalists have many things to say about the quality of the study. Because, of course, everyone knows it's true.
Bookmark this post:
A year ago, I discussed stupid email disclaimers in, "If I Screw Up, It's Your Fault!" This week, Brian Krebs of the Washington Post comes over the same issue, indirectly, in his "They Told You Not To Reply."
Krebs tells the story of Chet Faliszek, who owns the domain donotreply.com, which he bought in 2000 as a lark. The interesting situation is that many otherwise sane people will send broadcast messages with a return address that has donotreply.com in it. And of course, people reply. When they reply, he gets the mail.
He gets customer service mail from Charbroil grills; financial service from Capital One and Merrill Lynch; network diagrams and vulnerabity data from Yardville National Bank; faxes from Iraq contractor and former subsidiary of Halliburton, Kellog Brown & Root; and of late very interesting mail from the Department of Homeland Security.
Krebs quotes Faliszek:
"I've had people yell at me, saying these e-mails are marked private and that I shouldn't read them.""They get all frantic like I've done something to them, particularly when you talk to the non-technical people at these companies."
The most delicious emails end up on his blog. He will remove them if you show proof of a donation to an animal protection league or humane society.
Note that if you send your email to Mr Faliszek, it becomes his email. No one suggests that there is anything untoward in owning donotreply.com. No one suggests that the disclaimer has any standing. No one suggests that there is anything wrong with his letting you ransom those emails through good works.
Certainly, it's stupid to use a domain like donotreply.com. It's a legal domain. There are some reserved domain names, and they are documented in RFC 2606. For Heaven's sake, use donotreply@yourdomain! However, it's worse to have the disclaimer. Non-expert, non-technical people might think that it has standing. Note what Mr Faliszek said, that people think that because they're marked private, he shouldn't read what's delivered to his domain. I have every sympathy with these people. They think they're protected, and they're not. Fortunately for us all, Mr Faliszek is a nice guy who loves animals. Take it away, bandleader.
Photo "its just sad" by Quiz....
Bookmark this post:
Bookmark this post:
Bookmark this post:
I saw the Pogues' show at Chicago's Riviera Theatre last night, exactly 22 years minus one day since the last time I saw them.
Spider Stacy seems to have fared a tad better than Shane :^). The show was good, but of course nothing can compare to nostalgia. A particularly enjoyable feature for me was the ecstatic reaction of a nearby woman who was a devoted fan -- she was loving every millisecond. I was bemused thinking that last time I stood 15 feet from Shane and company she was probably not even toilet-trained.
There were plenty of grey hairs in the audience, even up front. I was polite and let a shorter person in front of me, and as the band got into things I wound up a few feet back from the stage, where the crowd was younger and ethanol-fueled. Luckily my quads are as strong, and my elbows as sharp, as they were back in the day.
Photo courtesy of www.undergroundbee.com, who have many more great shots
Bookmark this post:
Bookmark this post:
Bookmark this post:
Bookmark this post:
Bookmark this post:
Raymond Chen has an amusing blog post, "When computer programmers dabble in economics: Paying parking tickets." This is further dabbling in economics, and I hope you find it amusing.
I believe that parking meters--the old fashioned kind where you put coins in and hope to not get a ticket--are precisely the opposite of slot machines. With a slot machine, you put money in, and you hope, money comes out. I like not putting money in parking meters, and hoping none comes out of my pocket.
Photo: "Downtown Phillipsburg, NJ," by Peachhead.
Bookmark this post:
Bookmark this post:
The Macquarie Dictionary of Australia has an annual contest for Word of the Year. The People's Choice Award goes to the term that is the title of this post:
password fatigue
noun a level of frustration reached by having too many different passwords to remember, resulting in an inability to remember even those most commonly used.
Macquarie notes:
Password fatigue was the most popular word in the online voting, clearly registering a widespread dilemma of the online world.
No kidding.
The selection committee, who no doubt spend less time on their own web site than their readers do, selected:
pod slurping
noun the downloading of large quantities of data to an MP3 player or memory stick from a computer.
The committee notes:
In this increasingly tech-savvy world we live in, it seems pod slurping really is the new memory bank for us busy bees. Why carry around vast reams of documents, or CDs or anything for that matter, when you can download absolutely everything!
Pod slurping has an inventive and sensuous appeal. The committee felt that the most important criterion for word of the year should be linguistic creativity and evocativeness, rather than simple worthiness or usefulness. Pod slurping also dips its lid to pod, a potent little word of our times.
Perhaps the committee slurps from places that don't need passwords.
Photo "pod slurp" courtesy of :: Meg ::.
Bookmark this post:
Bookmark this post:
Those geeks and their crazy jargon.
Context here.
Bookmark this post:
Bookmark this post:
Ekinoderm writes in "Who did Kill the Software Engineer?" that schools today are ruining software engineering by teaching people Java. He references Joel Spolsky's rant on the same.
I agree completely, except neither went far enough!
Java is just the replacement for Pascal, a pedagogical language designed because it was more fun and understandable than FORTRAN. So was BASIC, and APL. Heck, C is really just PDP-11 assembler code for people who can’t allocate stack variables by hand. Come on, it's just subtraction! Oh, and don’t get me started about how RATFOR screwed people up my making them not compute the gotos in their IF statements.
However, I have to sneer at their examples in Scheme. Scheme! That's also part of the problem. Scheme is a dumbed-down version of MACLISP for people who can't handle a real LISP, for Pete's sake! They should be doing their work in that, if not MDL or LISP 1.5.
The world has already gone to hell in a handbasket because of this continued coddling of the next generation of software engineers. Engineers need to learn how to twist transistors together to make flip-flops and make adders out of discrete components before they should go write computer programs. So-called high-level languages have been ruining the competitiveness of America since the mid 1950s!
Let's face it, when Jim Backus started on FORTRAN, that was compounding on the mistakes that Grace Hopper started with AUTOCODER, which made it so that you could use so-called "opcodes" in your machine language instead of typing in the binary, and worse, far worse to have macros. Macros make people fat and lazy. Transfats and sugar only make it worse. They stereotype of programmers being fat and unkempt is a product of macros, transfats and sugar over time.
Since I now realize that it's actually all the Commodore's fault, I'm going to throw away my nanosecond. Her use of tools that help people understand has ruined computer science. I also promise never to write another line of COBOL.
Photo Grace Hopper's nanosecond courtesy of Shiny Things.
Bookmark this post:
2008, for us, is a big change because up to now we have been more like a terrorist group, threatening to do something and making big claims.Nicholas Negroponte, of the One Laptop Per Child program, speaking on his own web site. Wow. There's a stunning analogy for you. Maybe "we've been more like a startup?"
Bookmark this post:
The Top Gear host revealed his account numbers after rubbishing the furore over the loss of 25 million people's personal details on two computer discs.It's easy to mock (fun too!), but I'm not sure it's the right response. Risk assessment is hard. Our instincts about how hard these things might be are often wrong. Criminals often live in places where it's worth weeks or a month of their time to steal £500. That's twice the average income in some places. Each risk assessment takes time and energy to perform.He wanted to prove the story was a fuss about nothing.
But Clarkson admitted he was "wrong" after he discovered a reader had used the details to create a £500 direct debit to the charity Diabetes UK.
Clarkson published details of his Barclays account in the Sun newspaper, including his account number and sort code. He even told people how to find out his address.
"All you'll be able to do with them is put money into my account. Not take it out. Honestly, I've never known such a palaver about nothing," he told readers.
As chaos is all around us, our ability to reasonably and quickly assess risk is stuck in another time.
Thanks to Phil Hallam-Baker and Ryan Singel for pointing this out. Phil has great video on his blog.
Bookmark this post:
