Ramblings & ephemera

Problems with ID cards

From Bruce Schneier’s Crypto-Gram of 15 April 2004: My argument may not be obvious, but it’s not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails. It doesn’t really matter how well an ID card works when used by […]

Errol Morris on film noir

From Errol Morris’s “Film Legend Errol Morris Salutes New Graduates At 2010 Commencement” (Berkeley Graduate School of Journalism: 10 May 2010): There are many things I liked about noir. But in particular, there are images of one benighted character after another struggling to make sense of the world – and sometimes failing in the effort. […]

A story of failed biometrics at a gym

photo credit: kevindooley From Jake Vinson’s “Cracking your Fingers” (The Daily WTF: 28 April 2009): A few days later, Ross stood proudly in the reception area, hands on his hips. A high-tech fingerprint scanner sat at the reception area near the turnstile and register, as the same scanner would be used for each, though the […]

What happens to IP when it’s easy to copy anything?

From Bruce Sterling’s “2009 Will Be a Year of Panic” (Seed: 29 January 2009): Let’s consider seven other massive reservoirs of potential popular dread. Any one of these could erupt, shattering the fragile social compact we maintain with one another in order to believe things contrary to fact. … 2. Intellectual property. More specifically, the […]

A single medium, with a single search engine, & a single info source

From Nicholas Carr’s “All hail the information triumvirate!” (Rough Type: 22 January 2009): Today, another year having passed, I did the searches [on Google] again. And guess what: World War II: #1 Israel: #1 George Washington: #1 Genome: #1 Agriculture: #1 Herman Melville: #1 Internet: #1 Magna Carta: #1 Evolution: #1 Epilepsy: #1 Yes, it’s […]

Trusted insiders and how to protect against them

From Bruce Schneier’s “Basketball Referees and Single Points of Failure” (Crypto-Gram: 15 September 2007): What sorts of systems — IT, financial, NBA games, or whatever — are most at risk of being manipulated? The ones where the smallest change can have the greatest impact, and the ones where trusted insiders can make that change. … […]

Do’s and don’ts for open source software development

From Jono DiCarlo’s “Ten Ways to Make More Humane Open Source Software” (5 October 2007): Do Get a Benevolent Dictator Someone who has a vision for the UI. Someone who can and will say “no” to features that don’t fit the vision. Make the Program Usable In Its Default State Don’t rely on configurable behavior. […]

More on Fordlandia

From Mary A. Dempsey’s “Fordlandia” (Michigan History: July/August 1994): Screens were just one of the Yankee customs transported to Fordlandia and Belterra. Detroit physician L. S. Fallis, Sr., the first doctor sent from Henry Ford Hospital to run the Fordlandia medical center, attempted to eradicate malaria and hookworm among Brazilian seringueiros (rubber gatherers) by distributing […]

Henry Ford’s debacle in the jungle

From Alan Bellows’s “The Ruins of Fordlândia” (Damn Interesting: 3 August 2006): On Villares’ advice, [Henry] Ford purchased a 25,000 square kilometer tract of land along the Amazon river, and immediately began to develop the area. … Scores of Ford employees were relocated to the site, and over the first few months an American-as-apple-pie community […]

A coup in Equatorial Guinea for fun

From Laura Miller’s “Rent-a-coup” (Salon: 17 August 2006): In March 2004, a group of men with a hired army of about 70 mercenary soldiers set out to topple the government of the tiny West African nation of Equatorial Guinea and install a new one. Ostensibly led by a political opposition leader but actually controlled by […]

How DVD encryption (CSS) works … or doesn’t

From Nate Anderson’s “Hacking Digital Rights Management” (Ars Technica: 18 July 2006): DVD players are factory-built with a set of keys. When a DVD is inserted, the player runs through every key it knows until one unlocks the disc. Once this disc key is known, the player uses it to retrieve a title key from […]

How to get 1 million MySpace friends

From Nate Mook’s “Cross-Site Scripting Worm Hits MySpace” (Beta News: 13 October 2005): One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, “Samy” had amassed over 1 […]

California’s wide-open educational software reveals personal info

From Nanette Asimov’s “Software glitch reveals private data for thousands of state’s students” (San Francisco Chronicle: 21 October 2005): The personal information of tens of thousands of California children — including their names, state achievement test scores, identification numbers and status in gifted or special-needs programs — is open to public view through a security […]

It’s alright to fail at a startup when you’re young

From Paul Graham’s “Hiring is Obsolete” (May 2005): The math is brutal. While perhaps 9 out of 10 startups fail, the one that succeeds will pay the founders more than 10 times what they would have made in an ordinary job. That’s the sense in which startups pay better “on average.” Remember that. If you […]

Why airport security fails constantly

From Bruce Schneier’s “Airport Passenger Screening” (Crypto-Gram Newsletter: 15 April 2006): It seems like every time someone tests airport security, airport security fails. In tests between November 2001 and February 2002, screeners missed 70 percent of knives, 30 percent of guns, and 60 percent of (fake) bombs. And recently, testers were able to smuggle bomb-making […]

Failure every 30 years produces better design

From The New York Times‘ “Form Follows Function. Now Go Out and Cut the Grass.“: Failure, [Henry] Petroski shows, works. Or rather, engineers only learn from things that fail: bridges that collapse, software that crashes, spacecraft that explode. Everything that is designed fails, and everything that fails leads to better design. Next time at least […]

Clay Shirky on why the Semantic Web will fail

From Clay Shirky’s “The Semantic Web, Syllogism, and Worldview“: What is the Semantic Web good for? The simple answer is this: The Semantic Web is a machine for creating syllogisms. A syllogism is a form of logic, first described by Aristotle, where “…certain things being stated, something other than what is stated follows of necessity […]

The difficulty of recovering from identity theft

From TechWeb News’s “One In Four Identity-Theft Victims Never Fully Recover“: Making things right after a stolen identity can take months and cost thousands, a survey of identity theft victims released Tuesday said. Worse, in more than one in four cases, victims haven’t been able to completely restore their good name. The survey, conducted by […]

John the Ripper makes password cracking easy

From Federico Biancuzzi’s “John the Ripper 1.7, by Solar Designer“: John the Ripper 1.7 also improves on the use of MMX on x86 and starts to use AltiVec on PowerPC processors when cracking DES-based hashes (that is, both Unix crypt(3) and Windows LM hashes). To my knowledge, John 1.7 (or rather, one of the development […]

Most expensive computer error ever

From Computerworld (13 October 1997), page 76: A computer glitch at a New York brokerage causes a half-million customer accounts to be credited with $19 million each for a brief period. At $9.975 trillion ($19 million times 525,000 accounts), it’s a record for a computer error.