Ramblings & ephemera

Problems with ID cards

From Bruce Schneier’s Crypto-Gram of 15 April 2004: My argument may not be obvious, but it’s not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails. It doesn’t really matter how well an ID card works when used by […]

The Pareto Principle & Temperament Dimensions

From David Brooks’ “More Tools For Thinking” (The New York Times: 29 March 2011): Clay Shirkey nominates the Pareto Principle. We have the idea in our heads that most distributions fall along a bell curve (most people are in the middle). But this is not how the world is organized in sphere after sphere. The […]

How male water striders blackmail females into sex

From Ed Yong’s “Male water striders summon predators to blackmail females into having sex” (Discover: 10 August 2010): Water strider sex begins unceremoniously: the male mounts the female without any courtship rituals or foreplay. She may resist but if she does, he starts to actively strum the water surface with his legs. Each vibration risks […]

RFID security problems

photo credit: sleepymyf 2005 From Brian Krebs’ “Leaving Las Vegas: So Long DefCon and Blackhat” (The Washington Post: 1 August 2005): DefCon 13 also was notable for being the location where two new world records were set — both involved shooting certain electronic signals unprecedented distances. Los Angeles-based Flexilis set the world record for transmitting […]

The limitations of Windows 7 on netbooks

From Farhad Manjoo’s “I, for One, Welcome Our New Android Overlords” (Slate: 5 June 2008): Microsoft promises that Windows 7 will be able to run on netbooks, but it has announced a risky strategy to squeeze profits from these machines. The company plans to cripple the cheapest versions of the new OS in order to […]

Open source & patents

From Liz Laffan’s “GPLv2 vs GPLv3: The two seminal open source licenses, their roots, consequences and repercussions” (VisionMobile: September 2007): Cumulatively patents have been doubling practically every year since 1990. Patents are now probably the most contentious issue in software-related intellectual property rights. … However we should also be aware that software written from scratch […]

US government makes unsafe RFID-laden passports even less safe through business practices

From Bill Gertz’s “Outsourced passports netting govt. profits, risking national security” (The Washington Times: 26 March 2008): The United States has outsourced the manufacturing of its electronic passports to overseas companies — including one in Thailand that was victimized by Chinese espionage — raising concerns that cost savings are being put ahead of national security, […]

Problems with airport security

From Jeffrey Goldberg’s “The Things He Carried” (The Atlantic: November 2008): Because the TSA’s security regimen seems to be mainly thing-based—most of its 44,500 airport officers are assigned to truffle through carry-on bags for things like guns, bombs, three-ounce tubes of anthrax, Crest toothpaste, nail clippers, Snapple, and so on—I focused my efforts on bringing […]

Bruce Schneier on security & crime economics

From Stephen J. Dubner’s interview with Bruce Schneier in “Bruce Schneier Blazes Through Your Questions” (The New York Times: 4 December 2007): Basically, you’re asking if crime pays. Most of the time, it doesn’t, and the problem is the different risk characteristics. If I make a computer security mistake — in a book, for a […]

50% of people infected with personality-changing brain parasites from cats

From Carl Zimmer’s “The Return of the Puppet Masters” (Corante: 17 January 2006): I was investigating the remarkable ability parasites have to manipulate the behavior of their hosts. The lancet fluke Dicrocoelium dendriticum, for example, forces its ant host to clamp itself to the tip of grass blades, where a grazing mammal might eat it. […]

Trusted insiders and how to protect against them

From Bruce Schneier’s “Basketball Referees and Single Points of Failure” (Crypto-Gram: 15 September 2007): What sorts of systems — IT, financial, NBA games, or whatever — are most at risk of being manipulated? The ones where the smallest change can have the greatest impact, and the ones where trusted insiders can make that change. … […]

If concerts bring money in for the music biz, what happens when concerts get smaller?

From Jillian Cohen’s “The Show Must Go On” (The American: March/April 2008): You can’t steal a concert. You can’t download the band—or the sweaty fans in the front row, or the merch guy, or the sound tech—to your laptop to take with you. Concerts are not like albums—easy to burn, copy, and give to your […]

Bush’s Manicheanism destroyed him

From Glenn Greenwald’s “A tragic legacy: How a good vs. evil mentality destroyed the Bush presidency” (Salon: 20 June 2007): One of the principal dangers of vesting power in a leader who is convinced of his own righteousness — who believes that, by virtue of his ascension to political power, he has been called to […]

Modern piracy on the high seas

From Charles Glass’ “The New Piracy: Charles Glass on the High Seas” (London Review of Books: 18 December 2003): Ninety-five per cent of the world’s cargo travels by sea. Without the merchant marine, the free market would collapse and take Wall Street’s dream of a global economy with it. Yet no one, apart from ship owners, […]

Do’s and don’ts for open source software development

From Jono DiCarlo’s “Ten Ways to Make More Humane Open Source Software” (5 October 2007): Do Get a Benevolent Dictator Someone who has a vision for the UI. Someone who can and will say “no” to features that don’t fit the vision. Make the Program Usable In Its Default State Don’t rely on configurable behavior. […]

5 reasons people exaggerate risks

From Bruce Schneier’s “Movie Plot Threat Contest: Status Report” (Crypto-Gram Newsletter: 15 May 2006): In my book, Beyond Fear, I discussed five different tendencies people have to exaggerate risks: to believe that something is more risky than it actually is. 1. People exaggerate spectacular but rare risks and downplay common risks. 2. People have trouble […]

5 reasons people exaggerate risk

From Bruce Schneier’s “Movie Plot Threat Contest: Status Report“: In my book, Beyond Fear, I discusse five different tendencies people have to exaggerate risks: to believe that something is more risky than it actually is. 1. People exaggerate spectacular but rare risks and downplay common risks. 2. People have trouble estimating risks for anything not […]

Risk compensation & homestasis

From Damn Interesting’s “The Balance of Risk“: What’s happening is a process known as risk compensation. It’s a tendency in humans to increase risky behavior proportionately as safeguards are introduced, and it’s very common. So common, in fact, as to render predictions of how well any given piece of safety equipment will work almost useless. […]

The growth in data & the problem of storage

From Technology Review‘s “The Fading Memory of the State“: Tom Hawk, general manager for enterprise storage at IBM, says that in the next three years, humanity will generate more data–from websites to digital photos and video–than it generated in the previous 1,000 years. … In 1996, companies spent 11 percent of their IT budgets on […]

Hear someone typing & know what was written

From Edward Felten’s “Acoustic Snooping on Typed Information“: Li Zhuang, Feng Zhou, and Doug Tygar have an interesting new paper showing that if you have an audio recording of somebody typing on an ordinary computer keyboard for fifteen minutes or so, you can figure out everything they typed. The idea is that different keys tend […]